On Apr 29, 2011, at 15:56 , Jeremy Dunck wrote:
> On Fri, Apr 29, 2011 at 8:55 AM, Andrew W. Donoho
> <andrew.don...@gmail.com> wrote:
>> Matt,
>>
>> I'm speaking as a user but I would like for the user to be able to
>> separately deny write access to my account. I don't frankly care if the
>> developer "requires" it. I think most developers just ask for the moon and
>> get it. Only Twitter can give the user the ability to deny impersonation
>> access on a per application basis. If the app cannot just run with just read
>> access, then the user should really know why. In my experience, most
>> developers just use write access as a mechanism to spread their brand.
>>
>
> There are a few problems here --
>
> 1) Some applications legitimately need write access to do their work -
> for example, an auto-unfollower. You seem to discount this example.
Jeremy,
Bear in mind that I wrote my note from the perspective of the user, not
the developer. As we've recently seen, developers, at minimum, can get hacked
and lose control over all of these credentials. There are other reasons for a
user to want to limit that access and Twitter doesn't actually give the user
the ability to veto write access.
If an app must have write access, they should tell me why. Most apps
I've used don't.
> 2) It is basically not possible to upgrade privileges (with the user's
> permissions) later, so if an application author thinks they may ever
> need the privileges, they will ask for write, even if they don't
> currently need it.
What exists now is not carved in stone. Witness that Twitter just
changed the login screens and can, obviously, make other changes in the future.
You also make my point that app authors ask for privileges they may not
currently need. That is not a good policy for users. Twitter's permissions
model though encourages developers to ask for more permissions than they need.
Twitter should, IMO, change this to protect users. (Yes, Twitter does currently
try to protect their users. This is another method they could use.)
> 3) You seem to feel that the app author is working against you -- if
> you really feel that's the case, you, the user, are ultimately in
> control -- you choose whether to allow the application to have access.
Actually, the app author is frequently operating at cross purposes to
the user. They see the user as a product to monetize. Now you may not view
users that way, that doesn't mean every developer behaves as you do. Twitter
does ban, as I understand it, many apps every day due to spamming.
> Twitter can not reasonably be the arbiter of which apps have
> legitimate write access -- it depends on the utility to you, the user,
> and so is a personal decision. (There are examples where apps are
> malicious and misleading, but that is a very small minority of all
> applications.)
You further make my point. I, the user, only get to make the
permissions decision when the app is first engaged. Because of this, there is
no trial opportunity before I give the app full authority to act on my behalf.
I cannot even find out if an app is valuable before giving it full authority to
act on my behalf. This is not good for users and is a capability which appears
to have been abused by app developers.
Anon,
Andrew
____________________________________
Andrew W. Donoho
Donoho Design Group, L.L.C.
a...@ddg.com, +1 (512) 750-7596, twitter.com/adonoho
"We did not come to fear the future.
We came here to shape it."
-- President Barack Obama, Sept. 2009
--
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group:
http://groups.google.com/group/twitter-development-talk
