Welcome to WebmasterWorld Guest from

Forum Moderators: not2easy & rumbas

Message Too Old, No Replies

Twitter Privacy Risks - Serious Questions About 3rd Party Apps

12:22 am on Sep 17, 2010 (gmt 0)

Senior Member

WebmasterWorld Senior Member tedster is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:May 26, 2000
votes: 0

On the Twitter One Forty Developers Blog, some privacy concerns have been raised about API data access via 3rd party applications that use oAuth tokens.

Currently Twitter application developers are given 2 choices when registering their apps they can either request "read-only access" or "read & write" access. For Twitter "read & write" means being able to do anything through the API on a user's behalf...

Twitter's overly-broad permission structure amplifies the concern around OAuth token security because of what those tokens allow apps to do...

People increasingly use DMs like short emails or IMs and assume it is a private channel between two people. In reality any app you have granted access can read all of your DMs.

This developer is very clear that they don't WANT the full rights to read your DMs, or to accidentally unfollow your friends - but the possibility is there. Sounds to me like Twitter needs to tighten up their permissions system a lot.
4:21 am on Sept 17, 2010 (gmt 0)

Administrator from JP 

WebmasterWorld Administrator bill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Oct 12, 2000
votes: 180

I don't assume anything on Twitter is private, but sometimes it's easy to forget the more we use it as a communication medium. If people (or the tech press) become irked by this then I'll bet we'll see a quicker response from Twitter. They should take action before we get a malicious app that violates privacy on a larger scale.