I think you're missing my point. A signed agreement does not prevent
anything for the evil-minded. At best it establishes the parameters
for damage control by Twitter (revoking access, banning, etc.), except
in this case Twitter won't have the forensics to determine who did the
damage.

On Aug 30, 5:44 pm, "M. Edward (Ed) Borasky" <zn...@borasky-
research.net> wrote:
> Try getting access to Site Streams without a signed agreement between  
> your organization and Twitter prohibiting such shenanigans. ;-)
>
> --
> M. Edward (Ed) Boraskyhttp://borasky-research.nethttp://twitter.com/znmeb
>
> "A mathematician is a device for turning coffee into theorems." - Paul Erdos
>
> Quoting Dewald Pretorius <dpr...@gmail.com>:
>
>
>
> > Ed,
>
> > Developer responsibilities and developer agreements mean absolutely
> > nothing to that person who wants to abuse users' DMs.
>
> > In fact, they will probably trick users to authorize their app with a
> > neat feature, and then in the background collect received and sent
> > DMs.
>
> > Twitter will not have the foggiest idea of which service it could be,
> > because they will have no record of API requests, or pattern of
> > requests, for received and sent DMs.
>
> > On Aug 30, 5:15 pm, "M. Edward (Ed) Borasky" <zn...@borasky-
> > research.net> wrote:
> >> Quoting Dewald Pretorius <dpr...@gmail.com>:
>
> >> > Here's another issue that probably needs to be considered.
>
> >> > It applies mostly to DMs, because people will tend to use DMs for
> >> > sensitive information, and would expect a certain level of privacy.
>
> >> > Right now, an OAuth authorized site can query a user's DMs and do with
> >> > that info what it likes. It could present privacy issues, but at least
> >> > you have an audit trail of the DM request by the authorized site in
> >> > your logs/system.
>
> >> > You lose that audit trail with Site Streams. The DMs are
> >> > indiscriminately distributed out to all OAuth authorized sites that
> >> > subscribe to the user's stream.
>
> >> > It may not seem like a big deal, because it's status quo minus the
> >> > audit trail. Until you're hit with a multi-million dollar class-action
> >> > lawsuit for indiscriminately distributing potentially sensitive
> >> > information. Then it is a big deal. It's not only the lawsuit, it's a
> >> > privacy PR disaster as well.
>
> >> Ayup - *Twitter* loses an audit trail - they can track sends / TCP  
> >> acknowledgements but have no idea what the receiver is doing with the  
> >> packets. The consuming site must maintain an audit trail, though, right?
>
> >> Something like this happened at Facebook when they changed their  
> >> developer TOS. Here's the wording they used:
>
> >> ?You must give users control over their data by posting a privacy  
> >> policy that explains what data you collect, and how you will use,  
> >> store, and/or transfer their data. You may cache data you receive from  
> >> the Facebook API in order to improve your application?s user  
> >> experience, but you should try to keep the data up to date. You will  
> >> delete all data you receive from us concerning a user if the user asks  
> >> you to do so, and will provide a mechanism for users to make such a  
> >> request.?
>
> >> I'm assuming Twitter will want to do something similar, and I'd think  
> >> it would also include honoring the "delete" messages that come down  
> >> the streams. That could be *very* interesting if the service was doing  
> >> indexing. ;-)
> >> --
> >> M. Edward (Ed) Boraskyhttp://borasky-research.nethttp://twitter.com/znmeb
>
> >> "A mathematician is a device for turning coffee into theorems." - Paul 
> >> Erdos
>
> > --
> > Twitter developer documentation and resources:http://dev.twitter.com/doc
> > API updates via Twitter:http://twitter.com/twitterapi
> > Issues/Enhancements Tracker:http://code.google.com/p/twitter-api/issues/list
> > Change your membership to this group:  
> >http://groups.google.com/group/twitter-development-talk?hl=en

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk?hl=en

Reply via email to