Quoting jmathai <jmat...@gmail.com>:

I haven't kept up on the streaming API but read about the new Site
Steam and it raised some privacy concerns.  Specifically the fact that
direct messages would be streamed from anyone that added your
application.  I understand this was always possible but the stream API
makes it fairly trivial to collect all that data.

It's also a privacy concern because of user intent.  When someone adds
an application my guess is that they're not intending on saying "yes,
gain access to my direct messages" much less "sign up to receive all
my direct messages via a stream".

That's part of an application developer's responsibility - to make it clear what your application *does* "on behalf of a user" and how users can detect when it does something it *shouldn't* do. And yes, very few applications fully document that during the oAuth dialog, but it *does* need to be done somewhere.

My assumption was, from the nature of the API as announced, that Twitter had developed this technology at the prompting of some existing partners. It doesn't seem generally applicable to new use cases by small shops such as myself. ;-)
--
M. Edward (Ed) Borasky
http://borasky-research.net http://twitter.com/znmeb

"A mathematician is a device for turning coffee into theorems." - Paul Erdos



--
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk?hl=en

Reply via email to