Thanks for the additional info, Dewald, I appreciate it. I haven't been
following very closely since my app only really uses a tiny bit of the
Twitter API.
>From the recent @twitterapi tweets, it's clear that Twitter is working on
oAuth WRAP (which is a great step forward) and I'm sure they're working on
making the flow as easy as possible. My gripe is that none of that is ready
_right now_. My app gets submitted to Apple tomorrow and – unless there's
some miracle – will get submitted without the source parameter token. This
policy is going to hurt my app and the reason is because I won't compromise
on UX given the _current state_ of Twitter's mobile oAuth experience.
I _know_, given the nature of my app, that not having the source parameter
_will_ hurt its sales. It just feels unfair.
I also can't understand how Ev Williamis cool with all this given his recent
quotes on how important user experience is ("User Experience is
everything"). I agree with Ev. This policy doesn't.
Aral
On Mon, Feb 1, 2010 at 11:10 PM, Dewald Pretorius <[email protected]> wrote:
> Aral,
>
> Not sure how in-depth you've been following developments and
> announcements of the Twitter API, but come this June you will have no
> choice but to put ScotchGuard on your Ferrari's seats. In other words,
> come June timeframe, usage of OAuth will become mandatory and Basic
> Auth will be deprecated.
>
> I'm sure Twitter is working on a more seamless mobile experience for
> their OAuth implementation. A lot of folks have already thrown their
> penalty flags onto the playing field over that issue.
>
> Dewald
>
> On Feb 1, 4:29 pm, Aral Balkan <[email protected]> wrote:
> > Raffi,
> >
> > Would you mind engaging me on this part of my email:
> >
> > I really don't understand Twitter's current strategy toward mobile and
> >
> > > desktop apps. Are you guys actually _trying_ to say to developers:
> "don't
> > > build new mobile/desktop apps because you won't be able to compete with
> > > existing ones?"
> > > What I mean by that is this: Existing desktop and mobile apps do _not_
> have
> > > to use oAuth _and_ get to keep their source parameter. The source
> parameter
> > > is probably the best means of organic marketing a Twitter app could
> have.
> > > OTOH, since these apps aren't using oAuth they don't have to worry
> about
> > > giving their apps a UX handicap (try setting up multiple Twitter
> accounts in
> > > a mobile/desktop app with oAuth, or using picture upload services and
> > > delegating your token... there are problems that haven't been solved
> yet.)
> > > Even though oAuth is not ready for mobile/desktop, Twitter is
> penalizing
> > > mobile/desktop applications that don't use it for UX reasons by not
> letting
> > > them take advantage of the organic marketing provided by the source
> > > parameter.
> > > I find this hugely unfair.
> >
> > I would really love to have a comment on from you guys for the blog post
> I'm
> > writing: is Twitter actively discouraging the creation of new mobile and
> > desktop apps?
> >
> > Personally, I am _not_ going to implement oAuth in my mobile app. This is
> > not because I lack the skills to do so or an understanding of exactly how
> > oAuth works and what it brings to the table. It's because I will not
> > sacrifice the UX of my iPhone application by sending people to a barely
> > legible, unusable, and not-optimized-for-iPhone oAuth page on Twitter.com
> as
> > part of their flow (the other objections I listed – which are harder to
> > tackle than making a mobile-friendly version of the oAuth page, which I
> > cannot believe Twitter still hasn't done – do not apply to my
> application.)
> >
> > Sending a user to Twitter's oAuth page after having slaved over every
> pixel
> > in your iPhone app is like giving someone a ride in a Ferrari and then
> > throwing them in a mud puddle before pulling them back in for the
> remainder
> > of their ride.
> >
> > I _really_ hope you can reconsider this as I see no logic whatsoever
> behind
> > this policy.
> >
> > Regardless, my app goes to Apple tomorrow; source parameter or no.
> >
> > All the best,
> > Aral
> >
> > On Mon, Feb 1, 2010 at 8:14 PM, Raffi Krikorian <[email protected]>
> wrote:
> > > hey aral.
> >
> > > sorry you didn't get an e-mail back yet! however, like it has been
> > > mentioned before on the mailing list, documented on the faq on our
> wiki,
> > > etc., we're unfortunately not allowing new registrations of source
> > > parameters. sorry.
> >
> > > it too has been all over the list, but i'm actively taking comments,
> etc.
> > > on how we can try to improve the oauth experience - just drop me a line
> > > personally.
> >
> > > On Mon, Feb 1, 2010 at 12:04 PM, Aral Balkan <[email protected]>
> wrote:
> >
> > >> Dear Twitter peeps,
> >
> > >> I sent you an email 13 days ago to ask for a source parameter/token
> for
> > >> the mobile Twitter app that I'm developing for the iPhone. Since that
> time
> > >> I've had no response whatsoever to my email (which I'm including at
> the end
> > >> of this one). Not even a auto-response to say, "hey, we got your email
> –
> > >> we'll get back to you" or even, "no way, Jose!"
> >
> > >> I really don't understand Twitter's current strategy toward mobile and
> > >> desktop apps. Are you guys actually _trying_ to say to developers:
> "don't
> > >> build new mobile/desktop apps because you won't be able to compete
> with
> > >> existing ones?"
> >
> > >> What I mean by that is this: Existing desktop and mobile apps do _not_
> > >> have to use oAuth _and_ get to keep their source parameter. The source
> > >> parameter is probably the best means of organic marketing a Twitter
> app
> > >> could have. OTOH, since these apps aren't using oAuth they don't have
> to
> > >> worry about giving their apps a UX handicap (try setting up multiple
> Twitter
> > >> accounts in a mobile/desktop app with oAuth, or using picture upload
> > >> services and delegating your token... there are problems that haven't
> been
> > >> solved yet.)
> >
> > >> Even though oAuth is not ready for mobile/desktop, Twitter is
> penalizing
> > >> mobile/desktop applications that don't use it for UX reasons by not
> letting
> > >> them take advantage of the organic marketing provided by the source
> > >> parameter.
> >
> > >> I find this hugely unfair.
> >
> > >> As I stated in my original email, I will not sacrifice the UX of the
> app I
> > >> literally slaved over every pixel on due to this misguided policy.
> >
> > >> I would _really_ love it if someone from Twitter could look into this.
> The
> > >> message you are currently giving to mobile/desktop app developers is
> that
> > >> they shouldn't bother creating new Twitter apps because they will
> either
> > >> have a UX or marketing disadvantage when compared to existing apps.
> > >> Something tells me that's not the message you are trying to send out.
> >
> > >> I'm finishing off my app today and I'm hoping to submit it to the App
> > >> Store tomorrow. It would _really_ make my day if someone could get
> back to
> > >> me on this (hopefully with a token that I can use to set the source
> > >> parameter).
> >
> > >> It _is_ a really nifty little app and I really feel you guys are going
> to
> > >> love it. It is an app, furthermore, that could really benefit from
> having
> > >> the source parameter set.
> >
> > >> I apologize if any of ranting comes off as too strong: it's just that
> I'm
> > >> _really_ anal when it comes to the UX of the apps that I build. :)
> >
> > >> All the best,
> > >> Aral
> > >> PS. Really excited about Chirp + hope to see some of you there! :)
> >
> > >> * * *
> >
> > >> Original email, sent 13 days ago, follows:
> >
> > >> Hi guys,
> >
> > >> I've got a new iPhone app – one that I think you guys will find quite
> > >> original and fun – that I need to register the source parameter for.
> > >> However, my app doesn't use oAuth.
> >
> > >> As I stated earlier, it's a _mobile_ app. And currently oAuth on
> mobile is
> > >> a user experience nightmare and I've been slaving over the UX of this
> app to
> > >> the point where I will not diminish it by implementing oAuth. I don't
> think
> > >> it does my app or Twitter any favors to do so.
> >
> > >> Mobile and desktop apps are not the same as web apps. They run in a
> > >> trusted context (the user's mobile phone or PC) and the decision to
> trust
> > >> the app or not is made when the app is installed. If the app is
> malicious,
> > >> the user has far worse issues to worry about than what it's going to
> do with
> > >> their Twitter username and password (e.g., a desktop app could format
> their
> > >> hard-drive, etc.) I really feel that punishing mobile and desktop app
> > >> developers like this for not implementing a system that works like a
> charm
> > >> on the web but isn't suited to mobile/desktop is unjust.
> >
> > >> I'm very excited about this new app and I really hope that I can
> register
> > >> the source parameter for it even though I have made a UX decision to
> not use
> > >> oAuth for it. I'm sure you'll agree when you see it that it is an app
> that
> > >> will cause quite a bit of interest and the source parameter will not
> only
> > >> benefit me but users who want to find the app that the tweets were
> authored
> > >> in.
> >
> > >> Thank you for your time and I hope I'll hear from you soon.
> >
> > >> All the best,
> > >> Aral
> > >> --
> > >> Aral Balkan
> > >>http://aralbalkan.com
> > >>http://twitterformats.org
> > >>http://osflash.org
> > >>http://avitapp.com
> >
> > > --
> > > Raffi Krikorian
> > > Twitter Platform Team
> > >http://twitter.com/raffi
>
