I think Brian brings up some interesting points. What this reminds me of is the machine identification codes secretly being including in every page printed by personal use printers ( EFF article here: http://www.eff.org/wp/investigating-machine-identification-code-technology-color-laser-printers ). Annotations could potentially be used to add a lot of tracking information users might not be happy with. What happens when a developer decides to attach the user's OAuth info to their tweets for whatever dumb reason?
I think these are interesting questions, though I'm not sure Twitter can do too much about them in advance without severely restricting what annotations has the potential for. Twitter is taking a wait-and- see approach to what developers do with annotations and I think that it probably the right one for now. @orian On Apr 18, 8:23 pm, "Brian Smith" <[email protected]> wrote: > Right now the web UI exposes every piece of metadata in a tweet to > end-users. That is, an end-user can use twitter.com to check the complete > contents of tweet sent by an application. I didn't see anything in the > proposals regarding the annotation feature that says that users will be able > to see all the annotations through the web UI. And, even if they could see > them, chances are they couldn't understand them. And, even if end-users > could understand them, applications will be able to use encryption and other > obfuscation to make them impossible to interpret. This reduces the amount of > control users have over their tweets. > > Right now an application cannot disclose the user's location in a tweet, > except by putting the location information in the tweet text (which the user > can see very clearly), or by putting the location information in the > built-in geo feature. The ability for applications to expose the user's > information is controlled by a preference that can be controlled only by the > official web interface on twitter.com. However, with the annotations > feature, applications will be able to expose the user's location-again, > possibly encrypted or otherwise obfuscated-even when application access to > the location feature is disabled. It doesn't make sense to disable an > applications' access to the geo feature and then let it silently and > undetectably disclose the user's location-perhaps in even more detail than > the built-in geo feature allows. > > I think there must be some kind of control mechanism in place for > annotations, or the web UI must present all the annotations of a user's > tweets to that user, or both, in order to prevent the annotations feature > from becoming a side channel for applications to communicate users' private > information without users' knowledge or consent. I would like to know more > about how this is going to be done. > > Thanks, > > Brian > > -- > Subscription > settings:http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
