On Aug 30, 12:59 pm, "M. Edward (Ed) Borasky" <zn...@borasky- research.net> wrote: > That's part of an application developer's responsibility - to make it > clear what your application *does* "on behalf of a user" and how users > can detect when it does something it *shouldn't* do. And yes, very few > applications fully document that during the oAuth dialog, but it > *does* need to be done somewhere.
That's more my point and I'm not arguing that the Stream API shouldn't exist. I want to use it myself. I just don't believe users are really agreeing to this regardless if it's in the fine print or not. There's a fine line and it's being approached - that's all. I think it's a bigger issue with OAuth as a whole. Users don't really know what they're handing over since it's not their username and password. They continue under a false pretense that their information is still "secure" (citation needed). I don't think more words on the OAuth flow pages addresses this and the only way to solve this is to educate users (not an easy task). I hope in time users have a true understanding of what it means to "allow this app" because right now I don't believe they do. -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en