Whoa - couldn't disagree more. I think the implicit (or explicit, in ToS - havent't checked) understanding is that apps with read access can access DMs in order to return them to the current user. E.g. desktop clients or web apps with client-like functionality. They're clearly certainly not the most secure private channel possible but they are very much intended to be private.
As with a lot of other social services' APIs, the data returned might not be usable in all contexts. The goal of OAuth is to allow an app to make calls on a user's behalf, it does not enforce that data be used scrupulously or define what constitutes said scrupulous use. Even if a fine-grained permission were added for accessing DMs, this would not mean the user gave permission for the app developer to personally look at their DMs. On Sep 16, 3:48 pm, Ken <k...@cimas.ch> wrote: > Anyone reading this article? > > http://www.readwriteweb.com/archives/twitter_permissions_how_much_do_... > > my quick response - users need to understand that DMs aren't private, > they're just direct: one-to-one as opposed to one-to-many. > > please - keep privacy settings simple! > > my 2 cents.. yours? -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
