On Feb 2, 2010, at 8:14 AM, Aral Balkan wrote:

My app is not going to sell as well because I cannot get the source parameter because I will not use a technology that is not ready for prime time on my mobile app.

You’re complaining that your app will not sell well because the twitter API, which you use for free, will not provide you with a blessed source parameter? I think there are other problems with your business plan than whether or not you can convince the API guys to choose horribly-bad-security over inconvenient-and-not-really- practical-for-desktop-but-there-you-go security.

Look, twitter have made a business decision to kill basic auth. Basic Auth has been the source of numerous attacks on twitter’s users which, because of the way it works and psychology it promotes, twitter have no serious way to prevent.

Criticize oAuth, sure. Suggest improvements to the experience, certainly. Find, document and demonstrate alternatives that are at least as good if not better than oAuth, fantastic. But continuing to beat up the API guys here is unlikely to win you support or alter twitter’s API to suit your business needs.

-ed costello

Reply via email to