On Aug 30, 12:59 pm, "M. Edward (Ed) Borasky" <zn...@borasky-
research.net> wrote:
> That's part of an application developer's responsibility - to make it  
> clear what your application *does* "on behalf of a user" and how users  
> can detect when it does something it *shouldn't* do. And yes, very few  
> applications fully document that during the oAuth dialog, but it  
> *does* need to be done somewhere.

That's more my point and I'm not arguing that the Stream API shouldn't
exist.  I want to use it myself.  I just don't believe users are
really agreeing to this regardless if it's in the fine print or not.
There's a fine line and it's being approached - that's all.

I think it's a bigger issue with OAuth as a whole.  Users don't really
know what they're handing over since it's not their username and
password.  They continue under a false pretense that their information
is still "secure" (citation needed).  I don't think more words on the
OAuth flow pages addresses this and the only way to solve this is to
educate users (not an easy task).  I hope in time users have a true
understanding of what it means to "allow this app" because right now I
don't believe they do.

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk?hl=en

Reply via email to