not to ignore privacy issues but just to simplify the situation a
bit ...
What currently protects a user from a malicious (desktop) application
stealing all kinds of user data via submitting tweets through it's
proxy? And even by submitting such information directly to it's

On Apr 19, 2:03 am, Raffi Krikorian <> wrote:
> > Right now the web UI exposes every piece of metadata in a tweet to
> > end-users. That is, an end-user can use to check the complete
> > contents of tweet sent by an application. I didn’t see anything in the
> > proposals regarding the annotation feature that says that users will be able
> > to see all the annotations through the web UI. And, even if they could see
> > them, chances are they couldn’t understand them. And, even if end-users
> > could understand them, applications will be able to use encryption and other
> > obfuscation to make them impossible to interpret. This reduces the amount of
> > control users have over their tweets.
> this wasn't always true -- there was a period where the web client showed no
> geo information at all.  geo was an API only feature.  at current time, it
> is still a bit unknown how the webclient will utilize
> annotations (just like its unknown how the ecosystem will utilize
> annotations).
> > I think there must be some kind of control mechanism in place for
> > annotations, or the web UI must present all the annotations of a user’s
> > tweets to that user, or both, in order to prevent the annotations feature
> > from becoming a side channel for applications to communicate users’ private
> > information without users’ knowledge or consent. I would like to know more
> > about how this is going to be done.
> at this point, we're not planning to have any elaborate control mechanisms
> over annotations, however, your point of being able to use as a
> "debugging" interface is an interesting one.
> --
> Raffi Krikorian
> Twitter Platform Team
> --
> Subscription 
> settings:

Reply via email to