« Memento and negotiating on time | Main | On "Creating Linked Data" »

December 01, 2009

An increasingly common Twitter/OAuth scenario...

Twitter/OAuth challenge

An application would like to connect to your (Twitter) account?

Yeah, I know, I just clicked on the link, right?

The application _blah_ by _blah_ would like the ability to access and update your data on Twitter.

Err... OK. But why does it need access to update my data?

This application plans to use Twitter for logging you in in the future.

That's what I figured! But I still don't understand why it needs access to update my data? I think I'll pass... I'm not sure I want random applications being able to tweet on my behalf.

End of story :-(

The point is that there is a trust issue here and I don't think that current implementations are helping people to make sensible decisions. Why does the application need to update my data on Twitter? In this case, there appears to be a perfectly valid reason as far as I can tell, but even so...

  • What kinds of updates is it going to make?
  • How often is it going to make them?
  • Are any updates going to be under my control?

I just want to have some indication of these kinds of things before I click on the 'Allow' button. Thanks.


TrackBack URL for this entry:

Listed below are links to weblogs that reference An increasingly common Twitter/OAuth scenario...:


Applications ask for access and update because if they chose only access it is almost impossible to switch to access and update later. See: http://code.google.com/p/twitter-api/issues/detail?id=814

"Access and update" is misleading because it also provides delete permissions. Any application allowed with update level permissions and delete all of your updates.

The comments to this entry are closed.



eFoundations is powered by TypePad