Welcome to WebmasterWorld Guest from

Forum Moderators: not2easy & rumbas

Message Too Old, No Replies

Twitter Privacy Risks - Serious Questions About 3rd Party Apps



12:22 am on Sep 17, 2010 (gmt 0)

WebmasterWorld Senior Member tedster is a WebmasterWorld Top Contributor of All Time 10+ Year Member

On the Twitter One Forty Developers Blog, some privacy concerns have been raised about API data access via 3rd party applications that use oAuth tokens.

Currently Twitter application developers are given 2 choices when registering their apps they can either request "read-only access" or "read & write" access. For Twitter "read & write" means being able to do anything through the API on a user's behalf...

Twitter's overly-broad permission structure amplifies the concern around OAuth token security because of what those tokens allow apps to do...

People increasingly use DMs like short emails or IMs and assume it is a private channel between two people. In reality any app you have granted access can read all of your DMs.

This developer is very clear that they don't WANT the full rights to read your DMs, or to accidentally unfollow your friends - but the possibility is there. Sounds to me like Twitter needs to tighten up their permissions system a lot.


4:21 am on Sep 17, 2010 (gmt 0)

WebmasterWorld Administrator bill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

I don't assume anything on Twitter is private, but sometimes it's easy to forget the more we use it as a communication medium. If people (or the tech press) become irked by this then I'll bet we'll see a quicker response from Twitter. They should take action before we get a malicious app that violates privacy on a larger scale.

Featured Threads

Hot Threads This Week

Hot Threads This Month