*Yes, I could also use it to send them spam, but that's why they should
block my app if they don't trust me.*

Shouldn't you be applying the same logic to why they would trust you not to
update their email address?

On Wed, Jul 8, 2009 at 15:47, Dave Hensley <davehens...@gmail.com> wrote:

>
> If a Twitter user has authenticated my app, is it possible for me to
> view their email address?
>
> From what I can tell through the O'Reilly book and Google searches,
> the answer is currently "no" due to, I'm assuming, security
> concerns...  But I can think of several reasons why the user may want
> to allow me to have this information. For example, they could use my
> app to set up email alerts for themselves that would be triggered by
> various events, or use it to send them compiled reports, etc. Being
> able to read their email address could be very useful, and I would
> love to have it as a feature in the API.
>
> Yes, I could also use it to send them spam, but that's why they should
> block my app if they don't trust me. People put their email address
> into forms all over the Internet all the time, probably hundreds of
> times per year, so it seems silly for me not to be able to read it
> even with the user's permission.
>
> One feature that should _definitely_ be removed, however, is the
> ability to _change_ the user's email addresss. For instance, if a
> person authorizes my app and I do this:
>
> $to->OAuthRequest('https://twitter.com/account/update_profile.xml',
> array('email' => 'iame...@hotmail.com'), 'POST');
>
> then all I have to do is fill out the Forgotten Password form, check
> the confirmation code that gets sent to _my_ hotmail address, and then
> suddenly I've got full control over the poor user's account and the
> ability to spam all of their followers. Watch out, Ashton!
>
> I can't believe that the Twitter API permits this, but doesn't allow
> me to do something simple and useful like emailing the person a list
> of their followers. Am I missing something?
>
> Dave.
>



-- 
Internets. Serious business.

Reply via email to