On Mon, Feb 01, 2010 at 08:29:18PM +0000, Aral Balkan wrote: > I would really love to have a comment on from you guys for the blog post I'm > writing: is Twitter actively discouraging the creation of new mobile and > desktop apps?
I'm not Raffi. I don't even work for Twitter. But I am very confident that the purpose of their policy regarding source params has nothing to do with penalizing anyone or actively discouraging the creation of new applications. > I _really_ hope you can reconsider this as I see no logic whatsoever behind > this policy. The logic is very simple: OAuth provides Twitter with the ability to identify the sending application. Basic Auth does not. Therefore, Basic Auth source params are easily forged, allowing apps to trivially impersonate each other, which is clearly undesirable. (Unfortunately, this logic is not watertight, in that desktop/mobile apps are vulnerable to having their OAuth keys extracted from them, in which case they could still be impersonated, but that's the reasoning I've seen given previously for the policy.) -- Dave Sherohman
