Comments on: The Curious Case of Twitter and Twply

By: Social Media Blog

Social Media Blog — Sun, 01 Mar 2009 22:11:18 +0000

Nice post. This is why I don’t use any service that relies on my credentials for another site. For example, I think TwitPic and Xoopit are probably great services that add value, but so much of our lives are online now that the risk of sharing your login info with another company is just too great. I understand that they’re trying to make our lives simpler by requiring one less password, but its still not worth it. If companies would opt to include AuthSub or OAuth in their API then we wouldn’t have to share our credentials.

By: Manuel

Manuel — Fri, 23 Jan 2009 03:43:58 +0000

The auction link does not work – seems you need to remove the blanks at the end of the url.

By: Russ

Russ — Tue, 13 Jan 2009 23:13:40 +0000

@Sarah: I was recently reading an article about the success and potential security issues with Twitter (sorry I cannot recall the URL). The author of the article mentioned that they should be able to identify higher profile/traffic accounts and add additional levels of security. Granted, those accounts might still be at risk of phishing, but other web services have taken steps to try to help them from being hijacked.

@Conrad: Hope this doesn’t hinder your potential success. I wonder if it would do more harm or good to mention this story somehow on your site and explain how you’re not like them.

By: People Still Give Out Passwords Like Fucking Candy « mylittlepwnage

People Still Give Out Passwords Like Fucking Candy « mylittlepwnage — Tue, 13 Jan 2009 04:46:37 +0000

[...] Interesting. [...]

By: Revisiting my Twitter Glossary « dale lane

Revisiting my Twitter Glossary « dale lane — Sun, 11 Jan 2009 21:00:39 +0000

[...] have a nice way of doing this without asking for someone’s twitter password. Given the recent uproar about Twply, that probably wouldn’t have been the best [...]

By: Conrad

Conrad — Sun, 11 Jan 2009 08:08:42 +0000

Well this just helps http://www.tweetreplies.com, we offer a real service that send emails and uses no password. The design might not bed as great but we work and dont need password.

By: Sarah Bourne

Sarah Bourne — Fri, 09 Jan 2009 20:08:26 +0000

I wouldn’t try to claim that we’re thought – much less action! – leaders, but there are a few of us looking a Twitter as an additional communication channel. Emergency communications seem promising, especially for situations where folks may not have access to desktop computers (for instance.) We’re also thinking about the social/conversational aspects of using Twitter as part of our efforts to foster civic engagement.

So far, we’ve only taken baby steps: a few of us are trying to embrace and learn about Twitter, and we’ve set up robo-feed accounts for both the state portal (@massgov) and the Governor’s Office (@massgovernor). And we’re trying to pull together what we’ve learned so we can start evangelizing.

By: zephyr

zephyr — Fri, 09 Jan 2009 19:53:48 +0000

I don’t know if them selling it in a hurry is confirmation of there evilness or just sheer panic. $1200 doesn’t seem worth the effort.

By: Josh

Josh — Fri, 09 Jan 2009 19:52:48 +0000

@Sarah thanks for mentioned the trust issues within government. Are you folks actively considering Twitter integration?

By: Josh

Josh — Fri, 09 Jan 2009 19:51:07 +0000

@Hugh: Yes. Changed. Thanks!

By: James Williams

James Williams — Fri, 09 Jan 2009 18:45:12 +0000

Awesome writeup, I have been very conscious of late, as I started to add services that the service was genuinely needed, but I think what is needed, is an interface on Twitter that third party apps can link into that does not give them control of the settings and profile of the user that hooks the app.

Keep up the vigilance, thanks for your work

By: Matthew Snodgrass

Matthew Snodgrass — Fri, 09 Jan 2009 18:44:05 +0000

Great article. I wonder how many people were twicked?

By: Hugh Briss

Hugh Briss — Fri, 09 Jan 2009 18:40:12 +0000

Shouldn’t that be “twead”?

By: Sarah Bourne

Sarah Bourne — Fri, 09 Jan 2009 16:33:40 +0000

Nice write-up, Josh. I was talking to one of our Security Gurus about this case the other day, especially about the “social engineering” aspect. We also talked about the “twishing” exploit this week and the doubt this throws on the viability of Twitter for any official government activities. Personally, I’ve decided that there is no web-based twitter service that could offer enough value to warrant relinquishing my password! Security may not seem Fun! but it is the guardian of trust.

By: Daniel

Daniel — Fri, 09 Jan 2009 15:56:22 +0000

Twitter could also help avoid the viral nature of these things by not setting source of posts from the API as “web”. That way people can tell if the tweet was handwritten via twitter.com or not. Right now, there is no way to know. I just submitted this suggestion to the Twitter Dev Group.