Hi there,
My initial wording for the pages was much stronger and the
biggest complaint during testing was that it scared people off … so I
obviously side with stronger language. In the light of how people are
using OAuth it seems like we need something more. I'll talk with the
product folks and see if we can't find some middle-ground. Thanks for
the feedback everybody.
Thanks;
— Matt Sanford / @mzsanford
On Apr 15, 2009, at 08:27 PM, Rod Begbie wrote:
There are two separate questions here:
1) Should Twitter make the language on the Authorization page
clearer as to exactly what an app can do if you click "Approve".
This gives the user some amount of a hint at what can happen. I'd
push wholeheartedly for this, as the current distinction of "read
and update" versus "read" are easy to miss.
2) Should Twitter introduce a policy/TOS document on expected
behaviour for apps? I'd hope for at least a wiki page that can be
pointed to as "Things that will get your app deauthorized". This is
a policy/community change request, not a code one.
Rod.
On Wed, Apr 15, 2009 at 8:09 PM, Chad Etzel <jazzyc...@gmail.com>
wrote:
Again with the "OAuth does not prevent a bad app form being bad"
point. All this same stuff can be done with Basic Auth apps. The
point here is that users can prevent further badness by going to their
"Connections" tab and revoking the access tokens.
No, this doesn't solve the "what happens when I initially authorize
this app" problem.
imho, "buyer beware".
-Chad
On Wed, Apr 15, 2009 at 10:51 PM, Abraham Williams
<4bra...@gmail.com> wrote:
> My thoughts are not having a good enough notice is bad form and
users will
> start gravitating away from apps with bad form and better
competition comes
> out.
>
> But yes. I think it would be good for Twitter to make an official
statement
> and include it somewhere that that sort of misdirection is frowned
upon.
>
> Abraham
>
> On Wed, Apr 15, 2009 at 21:21, Cameron Kaiser
<spec...@floodgap.com> wrote:
>>
>> > From a user expectatins perspective, I'd suggest that the
Twitter OAuth
>> > dialog also add a bullet list of what "access and update your
data"
>> > means
>> > (like Flickr does) to prevent further surprises. I'm not sure
users
>> > appreciate that an authorised app can:
>> >
>> > * Post and delete tweets in your name
>> > * Add and remove users you are following
>> > * Block and unblock users
>> > * Change your name, email address, location, avatar or
description
>> >
>> > Thoughts?
>>
>> This is an excellent point.
>>
>> --
>> ------------------------------------ personal:
>> http://www.cameronkaiser.com/ --
>> Cameron Kaiser * Floodgap Systems * www.floodgap.com *
>> ckai...@floodgap.com
>> -- Sarcasm is a spiritual gift. -- Paul Austin
>> --------------------------------
>
>
>
> --
> Abraham Williams | http://the.hackerconundrum.com
> Hacker | http://abrah.am | http://twitter.com/abraham
> Web608 | Community Evangelist | http://web608.org
> This email is: [ ] blogable [x] ask first [ ] private.
> Sent from Madison, Wisconsin, United States
--
:: Rod Begbie :: http://groovymother.com/ ::
