I agree with your disagreement. The other day I was playing with a service that made a background. When I clicked done, I thought it would prompt me to save the image and I would be on my own to upload it into my account.
That is not what happened. It auto replaced my background. I also did not have a backup of my original background, and now had a background I thought I was only testing, in live use. It also had a ridiculously large logo in the upper left corner.
This took me by surprise, I was not aware until then that the API allowed this. It makes sense now, but the developer should warn users. That was a destructive change.
If you want to say "welcome @user" I would go for it. I may be inclined to limit that to public accounts. If the account is blocked then they desire privacy. Holding an @username is holding something that is public outside the API.
Search google for site:Twitter.com and they have a database of all @usernames as well, and they certainly did not oauth those.
-- Scott Iphone says hello. On Aug 26, 2009, at 8:08 AM, JDG <ghil...@gmail.com> wrote:
I disagree. By granting the application access to my account, I tacitly accept the fact that they can access any information that the API provides. The API returns the user's screen name every time you fetch their posts. For crying out loud, a malicious app could go through and delete your last 3200 posts without your even realizing it. You're concerned about using a piece of readily available information -- one that does not actually accurately identify you on Twitter since you can change your username at will -- for something that could probably be relatively benign ("Welcome, @user!"). Yes, I know there are malicious ways to use it, but there are malicious ways to use any read/write API.