On Thu, Apr 16, 2009 at 3:03 PM, Chris Messina <[email protected]> wrote: > > 2. layer in social awareness into the authorization screen so people > have a better sense whether to trust an app > > Here's my mockup for #2: > > http://www.flickr.com/photos/factoryjoe/3448360090/
Oooh, I really like this a lot. Maybe even a total number of people that have authorized the app vs. revoked access (in addition to showing those in your friends/followers network). Not sure if you would want to track "denies" as well? Thinking along these lines... what if, in the "Connections" tab, each user were able to rate each app they've authorized on a 1-5 star scale? Then the auth page could show the average rating by users, or something like that...? Regarding my "buyer beware" comment: I do agree that some/most of the onus is on Twitter to communicate what exactly is happening (I'm also for stronger language), but users do have to use their brains at some point and quit blindly trusting everything that turns their mouse into a hand-pointer. Also, I don't condone sketchy activities like forcing an auto-follow without disclosure, so please don't think I'm defending this behavior. -Chad > > On Apr 16, 8:53 am, Matt Sanford <[email protected]> wrote: > > Hi there, > > > > My initial wording for the pages was much stronger and the > > biggest complaint during testing was that it scared people off … so I > > obviously side with stronger language. In the light of how people are > > using OAuth it seems like we need something more. I'll talk with the > > product folks and see if we can't find some middle-ground. Thanks for > > the feedback everybody. > > > > Thanks; > > — Matt Sanford / @mzsanford > > > > On Apr 15, 2009, at 08:27 PM, Rod Begbie wrote: > > > > > > > > > There are two separate questions here: > > > > > 1) Should Twitter make the language on the Authorization page > > > clearer as to exactly what an app can do if you click "Approve". > > > This gives the user some amount of a hint at what can happen. I'd > > > push wholeheartedly for this, as the current distinction of "read > > > and update" versus "read" are easy to miss. > > > > > 2) Should Twitter introduce a policy/TOS document on expected > > > behaviour for apps? I'd hope for at least a wiki page that can be > > > pointed to as "Things that will get your app deauthorized". This is > > > a policy/community change request, not a code one. > > > > > Rod. > > > > > On Wed, Apr 15, 2009 at 8:09 PM, Chad Etzel <[email protected]> > > > wrote: > > > > > Again with the "OAuth does not prevent a bad app form being bad" > > > point. All this same stuff can be done with Basic Auth apps. The > > > point here is that users can prevent further badness by going to their > > > "Connections" tab and revoking the access tokens. > > > > > No, this doesn't solve the "what happens when I initially authorize > > > this app" problem. > > > > > imho, "buyer beware". > > > -Chad > > > > > On Wed, Apr 15, 2009 at 10:51 PM, Abraham Williams > > > <[email protected]> wrote: > > > > My thoughts are not having a good enough notice is bad form and > > > users will > > > > start gravitating away from apps with bad form and better > > > competition comes > > > > out. > > > > > > But yes. I think it would be good for Twitter to make an official > > > statement > > > > and include it somewhere that that sort of misdirection is frowned > > > upon. > > > > > > Abraham > > > > > > On Wed, Apr 15, 2009 at 21:21, Cameron Kaiser > > > <[email protected]> wrote: > > > > > >> > From a user expectatins perspective, I'd suggest that the > > > Twitter OAuth > > > >> > dialog also add a bullet list of what "access and update your > > > data" > > > >> > means > > > >> > (like Flickr does) to prevent further surprises. I'm not sure > > > users > > > >> > appreciate that an authorised app can: > > > > > >> > * Post and delete tweets in your name > > > >> > * Add and remove users you are following > > > >> > * Block and unblock users > > > >> > * Change your name, email address, location, avatar or > > > description > > > > > >> > Thoughts? > > > > > >> This is an excellent point. > > > > > >> -- > > > >> ------------------------------------ personal: > > > >>http://www.cameronkaiser.com/-- > > > >> Cameron Kaiser * Floodgap Systems *www.floodgap.com* > > > >> [email protected] > > > >> -- Sarcasm is a spiritual gift. -- Paul Austin > > > >> -------------------------------- > > > > > > -- > > > > Abraham Williams |http://the.hackerconundrum.com > > > > Hacker |http://abrah.am|http://twitter.com/abraham > > > > Web608 | Community Evangelist |http://web608.org > > > > This email is: [ ] blogable [x] ask first [ ] private. > > > > Sent from Madison, Wisconsin, United States > > > > > -- > > > :: Rod Begbie ::http://groovymother.com/::
