[twitter-dev] Re: OAuth:a disaster for Chinese twitter users

[yegle]

Hi Brian,
Thank you, I just noticed the new OAuth specification.
I'll read the specification first and see if there is any workaround
available :-)

On Feb 12, 5:40 pm, Brian Smith  wrote:
> yegle wrote:
> > Basically, a API proxy script works as a middleman between twitter and
> > twitter client, little like man-in-the-middle attack.It's possible to
> > do this if the authentication is made in HTTP basic auth.But there is
> > no way to do the same thing with OAuth. The base string of an OAuth
> > request contains the domain of the HTTP request, so all client
> > developers modify their code if they want to suite the need of API
> > proxy.
>
> > This is really a disaster for all Chinese twitter users.
>
> Read Raffi's post from a few hours ago entitled "What's up with OAuth?"
> where he describes xAuth. Also, look at the OAuth WRAP draft
> specification, which defines something very similar to xAuth. In the
> (near) future, Twitter-approved applications will be able to get OAuth
> authorized with just the user's username and password, without forcing
> the user to visit the Twitter website. After they are authorized, they
> can proxy their requests like before. The proxies will undoubtedly need
> to be modified, but the modifications will not be too bad.
>
> - Brian

Re: [twitter-dev] Sorting by date

[John Kalucki]

In short, today, yes. Soon, no, but it might not matter.

At the moment, status ids are strictly increasing. We can't keep generating
status ids from a single critical section forever though -- at some point
soon we'll have a loosely-coupled distributed id generation system and ids
will be k-sorted. Perhaps the most significant bits will be monotonically
increasing and the remainder of the precision will be opaque, and appear
random. With any luck, the monotonically increasing precision will map,
roughly, to time at a second resolution, so that the k-sorting will be
within a second quantum. This would allow collation order based on the 1
second created_at and a collation order based on the most significant bits
will produce a similar, but not identical, ordering. Largely speculation.

So, in the end, the date field remains the safest and the most future-proof
way to sort statuses.

-John Kalucki
http://twitter.com/jkalucki
Infrastructure, Twitter Inc.



On Thu, Feb 11, 2010 at 2:36 AM, Quy  wrote:

> When I am sorting tweets, can I just do a simple sort DESC on
> status_id instead of the creation date? I assume status_ids are
> created sequentially going up so sorting on status_id would be more
> efficient than trying to sort on the created_at field.
>

Re: [twitter-dev] OAuth:a disaster for Chinese twitter users

[Brian Smith]

yegle wrote:

Basically, a API proxy script works as a middleman between twitter and
twitter client, little like man-in-the-middle attack.It's possible to
do this if the authentication is made in HTTP basic auth.But there is
no way to do the same thing with OAuth. The base string of an OAuth
request contains the domain of the HTTP request, so all client
developers modify their code if they want to suite the need of API
proxy.

This is really a disaster for all Chinese twitter users.
   
Read Raffi's post from a few hours ago entitled "What's up with OAuth?" 
where he describes xAuth. Also, look at the OAuth WRAP draft 
specification, which defines something very similar to xAuth. In the 
(near) future, Twitter-approved applications will be able to get OAuth 
authorized with just the user's username and password, without forcing 
the user to visit the Twitter website. After they are authorized, they 
can proxy their requests like before. The proxies will undoubtedly need 
to be modified, but the modifications will not be too bad.


- Brian

Re: [twitter-dev] Using multiple whitelisted IP's to fetch data of a single user without break

[John Kalucki]

This is going to be tough with cursors. Parallel fetch has been well-aired
on the list, and the demand is well-understood within Twitter.

-John Kalucki
http://twitter.com/jkalucki
Infrastructure, Twitter Inc.


On Thu, Feb 11, 2010 at 7:07 AM, Rushikesh Bhanage
wrote:

> Hi,
>
> We are building a twitter application which fetches lot of follower data of
> particular user. Some users consume around 80,000 calls to complete the
> task. So how can we use 4-5 whitelisted ip's to perform single task without
> break. Is this possible? If so, how?
> Eagerly looking for help from your side.
>
> Thank you.
> Rushikesh!
>

Re: [twitter-dev] Re: OAuth:a disaster for Chinese twitter users

[Harshad RJ]

On Fri, Feb 12, 2010 at 12:17 PM, yegle  wrote:

> Nope, it doesn't work :-(
> All DNS queries to twitter.com inside China is poisoned and all
> twitter's available IP is blocked.
>


Ah, I hadn't implemented for the OAuth authorization page. Just done.

(Sorry for the spam, list. Last mail on the topic)

-- 
Harshad RJ
http://hrj.wikidot.com

[twitter-dev] Re: OAuth:a disaster for Chinese twitter users

[yegle]

Nope, it doesn't work :-(
All DNS queries to twitter.com inside China is poisoned and all
twitter's available IP is blocked.

Anyway, HTTPS should be enabled or at least provide an option :-)

On Feb 12, 2:38 pm, Harshad RJ  wrote:
> Made me realise that my app (tDash) should be using HTTPS for all API calls.
> Just made a new release now.
>
> Hoping that helps users behind a firewall.
>
> On Fri, Feb 12, 2010 at 11:12 AM, yegle  wrote:
> > Yes, but not all clients support HTTPS proxy, especially mobile
> > clients.
>
> > On Feb 12, 1:39 pm, Harshad RJ  wrote:
> > > Wouldn't a regular HTTPS proxy be sufficient?
>
> --
> Harshad RJhttp://hrj.wikidot.com

Re: [twitter-dev] Re: OAuth:a disaster for Chinese twitter users

[Harshad RJ]

Made me realise that my app (tDash) should be using HTTPS for all API calls.
Just made a new release now.

Hoping that helps users behind a firewall.


On Fri, Feb 12, 2010 at 11:12 AM, yegle  wrote:

> Yes, but not all clients support HTTPS proxy, especially mobile
> clients.
>
> On Feb 12, 1:39 pm, Harshad RJ  wrote:
> > Wouldn't a regular HTTPS proxy be sufficient?
> >
> >
> >
>

-- 
Harshad RJ
http://hrj.wikidot.com

[twitter-dev] Re: OAuth:a disaster for Chinese twitter users

[yegle]

Yes, but not all clients support HTTPS proxy, especially mobile
clients.

On Feb 12, 1:39 pm, Harshad RJ  wrote:
> Wouldn't a regular HTTPS proxy be sufficient?
>
>
>
>
>
>
>
>
>
> On Fri, Feb 12, 2010 at 11:00 AM, yegle  wrote:
> > Hi all,
> > This could be a long email.
>
> > I read Raffi's post today,the original post is here:
>
> >https://groups.google.com/group/twitter-development-talk/browse_threa...
>
> > I think the abandon of HTTP basic auth would be a disaster for all
> > Chinese twitter users.
>
> > The gov of China runs a big censorship system called GFW. Wikipedia
> > gives more information about GFW here:
> >http://en.wikipedia.org/wiki/Golden_Shield_Project
>
> > GFW blocked many websites like facebook, twitter, youtube, plurk and
> > so on. So how does Chinese users post tweets from twitter client? We
> > uses Twitter API proxy.
>
> > A twitter API proxy is a simple script which redirect all POST and GET
> > request it received to twitter.com. These scripts are written in PHP
> > or Python, so it can be set up on virtual host outside China or on
> > GAE.
>
> > Basically, a API proxy script works as a middleman between twitter and
> > twitter client, little like man-in-the-middle attack.It's possible to
> > do this if the authentication is made in HTTP basic auth.But there is
> > no way to do the same thing with OAuth. The base string of an OAuth
> > request contains the domain of the HTTP request, so all client
> > developers modify their code if they want to suite the need of API
> > proxy.
>
> > This is really a disaster for all Chinese twitter users.
>
> --
> Harshad RJhttp://hrj.wikidot.com

Re: [twitter-dev] OAuth:a disaster for Chinese twitter users

[Harshad RJ]

Wouldn't a regular HTTPS proxy be sufficient?

On Fri, Feb 12, 2010 at 11:00 AM, yegle  wrote:

> Hi all,
> This could be a long email.
>
> I read Raffi's post today,the original post is here:
>
> https://groups.google.com/group/twitter-development-talk/browse_thread/thread/c2c4963061422f28
>
> I think the abandon of HTTP basic auth would be a disaster for all
> Chinese twitter users.
>
> The gov of China runs a big censorship system called GFW. Wikipedia
> gives more information about GFW here:
> http://en.wikipedia.org/wiki/Golden_Shield_Project
>
> GFW blocked many websites like facebook, twitter, youtube, plurk and
> so on. So how does Chinese users post tweets from twitter client? We
> uses Twitter API proxy.
>
> A twitter API proxy is a simple script which redirect all POST and GET
> request it received to twitter.com. These scripts are written in PHP
> or Python, so it can be set up on virtual host outside China or on
> GAE.
>
> Basically, a API proxy script works as a middleman between twitter and
> twitter client, little like man-in-the-middle attack.It's possible to
> do this if the authentication is made in HTTP basic auth.But there is
> no way to do the same thing with OAuth. The base string of an OAuth
> request contains the domain of the HTTP request, so all client
> developers modify their code if they want to suite the need of API
> proxy.
>
> This is really a disaster for all Chinese twitter users.
>



-- 
Harshad RJ
http://hrj.wikidot.com

[twitter-dev] OAuth:a disaster for Chinese twitter users

[yegle]

Hi all,
This could be a long email.

I read Raffi's post today,the original post is here:
https://groups.google.com/group/twitter-development-talk/browse_thread/thread/c2c4963061422f28

I think the abandon of HTTP basic auth would be a disaster for all
Chinese twitter users.

The gov of China runs a big censorship system called GFW. Wikipedia
gives more information about GFW here:
http://en.wikipedia.org/wiki/Golden_Shield_Project

GFW blocked many websites like facebook, twitter, youtube, plurk and
so on. So how does Chinese users post tweets from twitter client? We
uses Twitter API proxy.

A twitter API proxy is a simple script which redirect all POST and GET
request it received to twitter.com. These scripts are written in PHP
or Python, so it can be set up on virtual host outside China or on
GAE.

Basically, a API proxy script works as a middleman between twitter and
twitter client, little like man-in-the-middle attack.It's possible to
do this if the authentication is made in HTTP basic auth.But there is
no way to do the same thing with OAuth. The base string of an OAuth
request contains the domain of the HTTP request, so all client
developers modify their code if they want to suite the need of API
proxy.

This is really a disaster for all Chinese twitter users.

[twitter-dev] Re: What's up with OAuth?

[Ivan]

This is good news. This has taken ages to solve though. We came up
with a solution at Tipjoy, told everyone about it, but no one
bothered. Clients are largely to blame for the continued commonness of
asking for passwords:
http://tipjoy.com/api/#authentication

Ivan
http://kirigin.com


On Feb 11, 8:36 pm, Ryan Alford  wrote:
> He specifically states the possibility for mobile apps to use xAuth.
>
> Ryan
>
> Sent from my DROID
>
> On Feb 11, 2010 11:27 PM, "kehers"  wrote:
>
> Talking xAuth, hope mobile apps count as 'applications except web
> applications'

Re: [twitter-dev] Building a 100 million word Twitter corpus

[M. Edward (Ed) Borasky]

On 02/10/2010 10:03 PM, mzap wrote:
> I am a linguist at the University of Sydney currently studying the
> language of microblogging. I would like to build a 100 million word
> corpus of tweets. I am trying to determine the best way of collecting
> such a corpus. Does Twitter make data available directly or is the
> only method scraping tweets using the API( I am not a programmer
> myself although I do have access to a programmer who is able to use
> the API)?
> 
> If I was to use the API would rate limiting mean that it is going to
> take ages to reach 100 million tweets?
> 
> cheers,
> Michele

If you're just collecting tweets to build a corpus, it's pretty easy to
do with the Streaming API. I've got Perl scripts that can do that,
either with Streaming or Search. With Streaming there's no "rate limit"
- just connect to the "Sample" stream and collect tweets until you have
a big enough corpus.

I don't have a good idea how long it will take you to get 100 million
words, but it should be easy to figure out how long it will take to get
100 million tweets - just see how many tweets per hour "sample" is sending.

--
M. Edward (Ed) Borasky
borasky-research.net/m-edward-ed-borasky

"A mathematician is a device for turning coffee into theorems." ~ Paul Erdős

Re: [twitter-dev] Re: What's up with OAuth?

[Ryan Alford]

He specifically states the possibility for mobile apps to use xAuth.

Ryan

Sent from my DROID

On Feb 11, 2010 11:27 PM, "kehers"  wrote:

Talking xAuth, hope mobile apps count as 'applications except web
applications'

Re: [twitter-dev] Building a 100 million word Twitter corpus

[Rolando Espinoza La Fuente]

With the sample stream I got roughly an average of 10 tweets/sec
and roughly 11 words/tweet, but take in count you get the tweets
in multiple languages.

Regards,

Rolando Espinoza La fuente
www.rolandoespinoza.info



On Thu, Feb 11, 2010 at 11:23 PM, Michael Ivey  wrote:
> Take a look at the Streaming
> API: http://apiwiki.twitter.com/Streaming-API-Documentation
> It's very easy to make a simple collection client to pull the
> statuses/sample stream and gather a decent sample of all the tweets.
> Tell your programmer to hop on the list and ask any questions that come
> up...we're (usually) a pretty helpful bunch.
>  -- ivey
>
>
> On Thu, Feb 11, 2010 at 12:03 AM, mzap  wrote:
>>
>> I am a linguist at the University of Sydney currently studying the
>> language of microblogging. I would like to build a 100 million word
>> corpus of tweets. I am trying to determine the best way of collecting
>> such a corpus. Does Twitter make data available directly or is the
>> only method scraping tweets using the API( I am not a programmer
>> myself although I do have access to a programmer who is able to use
>> the API)?
>>
>> If I was to use the API would rate limiting mean that it is going to
>> take ages to reach 100 million tweets?
>>
>> cheers,
>> Michele
>
>

Re: [twitter-dev] Re: What's up with OAuth?

[Cameron Kaiser]

> > Talking xAuth, hope mobile apps count as 'applications except web
> > applications'
>
> yup - they do :)

Already signed up (I think) for u/p -> OAuth Token. WRAPped, even better.

-- 
 personal: http://www.cameronkaiser.com/ --
  Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com
-- New political correctness is but old fascism writ large. -- Dr Digby James -

Re: [twitter-dev] Re: What's up with OAuth?

[Raffi Krikorian]

yup - they do :)

On Thu, Feb 11, 2010 at 8:12 PM, kehers  wrote:

> Talking xAuth, hope mobile apps count as 'applications except web
> applications'
>



-- 
Raffi Krikorian
Twitter Platform Team
http://twitter.com/raffi

[twitter-dev] Re: What's up with OAuth?

[kehers]

Talking xAuth, hope mobile apps count as 'applications except web
applications'

Re: [twitter-dev] A proposal for delegation in OAuth identity verification

[Raffi Krikorian]

>
> The subject does not want just **anybody** to verify his identity; he only
>> wants the **relying party** to be able to verify his identity.
>>
> If I understand correctly, a URL signed using OAuth can be accessed
> successfully only once, because of the oauth-nonce parameter. Or atleast, it
> is possible to implement such a restriction at the identity provider's end.
>

yup - that's the case.  the nonce prevents the call from being used twice,
and you can't delay verification (to an extent) because the timestamp on the
signature will fall out of bounds.

-- 
Raffi Krikorian
Twitter Platform Team
http://twitter.com/raffi

Re: [twitter-dev] A proposal for delegation in OAuth identity verification

[Harshad RJ]

On Wed, Feb 10, 2010 at 1:39 PM, Brian Smith  wrote:

> The subject does not want just **anybody** to verify his identity; he only
> wants the **relying party** to be able to verify his identity.
>

If I understand correctly, a URL signed using OAuth can be accessed
successfully only once, because of the oauth-nonce parameter. Or atleast, it
is possible to implement such a restriction at the identity provider's end.


-- 
Harshad RJ
http://hrj.wikidot.com

Re: [twitter-dev] Building a 100 million word Twitter corpus

[Michael Ivey]

Take a look at the Streaming API:
http://apiwiki.twitter.com/Streaming-API-Documentation

It's very easy to make a simple collection client to pull the
statuses/sample stream and gather a decent sample of all the tweets.

Tell your programmer to hop on the list and ask any questions that come
up...we're (usually) a pretty helpful bunch.

 -- ivey


On Thu, Feb 11, 2010 at 12:03 AM, mzap  wrote:

> I am a linguist at the University of Sydney currently studying the
> language of microblogging. I would like to build a 100 million word
> corpus of tweets. I am trying to determine the best way of collecting
> such a corpus. Does Twitter make data available directly or is the
> only method scraping tweets using the API( I am not a programmer
> myself although I do have access to a programmer who is able to use
> the API)?
>
> If I was to use the API would rate limiting mean that it is going to
> take ages to reach 100 million tweets?
>
> cheers,
> Michele
>

Re: [twitter-dev] Re: Find Location where tweet came from

[Raffi Krikorian]

each user has a location field associated with it - but that is self
reported.

On Thu, Feb 11, 2010 at 2:17 PM, don  wrote:

> Thanks for the reply. Thats what I was thinking.
>
> Would there be any way to return the location data of user with the
> search results for a word?
>
> So that I didn't need to make seperate calls for each user?
>
> thanks so much for your help.
>
> On Feb 12, 3:20 am, Raffi Krikorian  wrote:
> > twitter only returns data back in its "geo" field if the tweet has been
> > explicitly geotagged.
> >
> > search, however, attempts to use other signals to determine where the
> tweet
> > is, and will attempt to return "more" tweets when you use its "search"
> > parameter.  it does not, however, expose those signals in the search
> > results.
> >
> >
> >
> > On Wed, Feb 10, 2010 at 1:39 PM, don  wrote:
> > > Hi All,
> >
> > > I'm trying to determine the location where a tweet came from.
> >
> > > I know you can do a search specifying the location you want to look at
> > > and this checks againist any geo data and then against the location
> > > data. I'm guessing that twitter does a lot of error checking and
> > > transforms the location data into a geo coord on the backend when you
> > > do this search.
> >
> > > My question is: if I do a search for say a "word" and get my results
> > > back I want to be able to check where each of the returned tweets came
> > > from. Not just using the geo data that the user may have allowed but
> > > also the location data (just like the search for location based tweets
> > > does).
> >
> > > Essentially getting back a geo coord for each tweet if there is any
> > > releveant geo data or location data given by the tweeter.
> >
> > > this site would be doing something similar:http://trendsmap.com/
> >
> > > any ideas? sorry if this is really obvious, I have searched and just
> > > can't find it.
> >
> > > thanks
> > > don
> >
> > --
> > Raffi Krikorian
> > Twitter Platform Teamhttp://twitter.com/raffi
>



-- 
Raffi Krikorian
Twitter Platform Team
http://twitter.com/raffi

[twitter-dev] What's up with OAuth?

[Raffi Krikorian]

hi all.

this is a long overdue e-mail, but i wanted to tease out some of the
directions that Twitter is going with OAuth.  i want to touch upon four
topics: delegation, OAuth WRAP/2.0, username/password OAuth token exchange,
and basic authentication deprecation.

*DELEGATION - OAuth Echo*

twitter users love posting media on third-party sites, and delegation in
identity verification is one of the major hurdles for an OAuth-enabled
twitter client to succeed.  i started a series of blog posts around the
following problem:

You're an OAuth enabled Twitter client, and you've already authorized your
> user.  Your user wants to use a media providing service like TwitPic.
>  TwitPic, currently, asks for the username and password of your user so it
> can store the photo on behalf of the Twitter user.  You don't have that
> username and password, so how do you give the ability to TwitPic to verify
> the identity of your user?


check out the proposal for what we're calling "OAuth Echo" at
http://mehack.com/OAuth-echo-delegation-in-identity-verificatio.  please
feel free to comment there, or on the twitter development talk mailing
list(or, even
just reach out to me directly).  i think this experiment in
engaging the community around designing this security/identity workflow has
been definitely a success, and i feel we're rapidly converging on a solution
for identity verification delegation.  in parallel, we're going to start the
process to engage our media providers in the conversation as well, and we're
hopeful we can move this forward quickly.

*OAUTH WRAP/2.0*

OAuth is evolving, and we at Twitter are keeping up with it.  that being
said, we're keeping our eyes on OAuth WRAP and OAuth
2.0.
we like a lot about it:

   - it requires the use of SSL;
   - there is no custom signing mechanism -- you simply pass us a token, and
   that token is secured by SSL; and
   - it formalizes a bunch of "profiles" that we've been actively thinking
   about (e.g. a username/password exchange)

in general, we really like WRAP/2.0 because it's just *so* easy to implement
from the client side.  there are no longer questions around creating the
proper signature base string, etc.  we're sure that developers will like it
as well.  we've started work on an internal implementation of OAuth WRAP and
we envision that we'll simultaneously support both OAuth 1.0a and WRAP/2.0
for a while.  our hope is to get WRAP out the door soon (and before we
finally deprecate basic authentication).

*USERNAME/PASSWORD TO OAUTH TOKEN EXCHANGE - xAuth*

@rsarver and @noradio announced that we are going to support a mechanism
where a username and a password can be directly exchanged for an OAuth token
and secret -- we're calling this xAuth.  if you've been watching the mailing
list, Seesmic Look  has been a beta partner in
testing xAuth exchange (and @abraham has already detailed how it
works).


because we're moving everybody off basic authentication, we originally
envisioned this as a mechanism for developers to exchange all the username
and passwords they have in their databases for OAuth tokens en masse.
 that's still one of our use cases.  another use case is around environments
where software can't bring up a web browser (e.g. set top boxes, game
consoles, embedded devices).  we want to support those as well.

you're going to have to apply to get access to this exchange mechanism (by
sending e-mail to a...@twitter.com), but, in general, all applications except
web applications will get access.  we feel that the xAuth exchange allows
for the best mix of security and user experience for desktop and possibly
mobile applications.  web applications will simply have to use OAuth as it
was designed, and send their users through the web flow.

*BASIC AUTHENTICATION DEPRECATION*

yup - it's still happening.  we're targeting June 2010.  everybody,
including legacy applications, will have to move over.

for those who are building new applications, use OAuth.  save yourself the
transition time later, and start thinking about it now.  for those who have
applications already out there, it would be really beneficial to start
thinking about a migration path right now and we're here to help.  if you
need it, please feel free to reach out to us and we'll help you figure out
what you need to do.

to help entice you over, as you know:

   - we have increased rate limits on api.twitter.com to those who are using
   OAuth (350 calls to the REST API per hour -- and increasing towards
   1500/hour); and
   - (as some of you are painfully aware) you can only set a source
   parameter with OAuth calls to status/update.

we know some of you think there are hurdles in places to converting over to
OAuth -- suffice it to say, we're actively trying to address them.  some
potential hurdles

[twitter-dev] question regarding promoted apps

[wael orabi]

Dear twitter dev.
anyone knows how to add an app to this little gray box on twitter main page?
is it paid or random?
any info would be appreciated.
another thing I would love to hear some feedback on an app I developed, it
is still in beta but any feedback would be great here is the URL
http://mutweeps.com
thanks
--w43L

[twitter-dev] Re: Find Location where tweet came from

[don]

Thanks for the reply. Thats what I was thinking.

Would there be any way to return the location data of user with the
search results for a word?

So that I didn't need to make seperate calls for each user?

thanks so much for your help.

On Feb 12, 3:20 am, Raffi Krikorian  wrote:
> twitter only returns data back in its "geo" field if the tweet has been
> explicitly geotagged.
>
> search, however, attempts to use other signals to determine where the tweet
> is, and will attempt to return "more" tweets when you use its "search"
> parameter.  it does not, however, expose those signals in the search
> results.
>
>
>
> On Wed, Feb 10, 2010 at 1:39 PM, don  wrote:
> > Hi All,
>
> > I'm trying to determine the location where a tweet came from.
>
> > I know you can do a search specifying the location you want to look at
> > and this checks againist any geo data and then against the location
> > data. I'm guessing that twitter does a lot of error checking and
> > transforms the location data into a geo coord on the backend when you
> > do this search.
>
> > My question is: if I do a search for say a "word" and get my results
> > back I want to be able to check where each of the returned tweets came
> > from. Not just using the geo data that the user may have allowed but
> > also the location data (just like the search for location based tweets
> > does).
>
> > Essentially getting back a geo coord for each tweet if there is any
> > releveant geo data or location data given by the tweeter.
>
> > this site would be doing something similar:http://trendsmap.com/
>
> > any ideas? sorry if this is really obvious, I have searched and just
> > can't find it.
>
> > thanks
> > don
>
> --
> Raffi Krikorian
> Twitter Platform Teamhttp://twitter.com/raffi

[twitter-dev] Retweets not appearing in status/user_timeline when using JSON output

[Christian Joudrey]

Hello,

I have a bizarre issue with status/user_timeline.

When output is set to RSS, retweets appear in the output:

i.e. http://twitter.com/statuses/user_timeline/27691615.rss

However, if you set the output to JSON, retweets disapear:

http://twitter.com/statuses/user_timeline/27691615.json

Is this a known issue with the API?

Best regards,

Christian

[twitter-dev] Re: Looking for someone to help wiith oauth

[alexro]

Also check out LinqToTwitter, it includes a sample web application in
C#

On Feb 10, 10:33 pm, John Meyer  wrote:
> On 2/10/2010 7:48 AM, Merrows wrote:> I am seeking someone skilled in .NET 
> 3.5, C# to help with implementing
> > twitter oauth, and I would welcome any suggestions of how to find
> > someone.
>
> TwitterVB implemetns oAuth and can be used with any .NET compliant language:
>
> http://twittervb.codeplex.com

[twitter-dev] Re: OAuth & maintaining tokens?

[alexro]

The way I did it for my website is to store the tokens in a db and put
a custom persisting cookie on the user's browser. The user can 'sign-
off' removing the cookie and will have to authenticate with Twitter
next time she uses the protected functionality on my website. Or the
cookie can expire/be deleted locally. But if the cookie remains intact
user will be singed-in automatically.

I think this approach is quite secure and still convenient to all
parties involved.

Alex


On Feb 11, 4:53 pm, John Meyer  wrote:
> On 2/11/2010 9:30 AM, Paul wrote:
>
>
>
> > My question at last is then, what are good practices for the 3rd party
> > site?  Should the site request the user to reauthorize with Twitter
> > each&  every time he/she comes to the site?  Should the 3rd party site
> > have it's own login/username/password for users and store the token in
> > a database?  Should it offer to store the token as a cookie on the
> > user's computer?
>
> Different strokes for different folks.  Whatever you do, make it clear
> what your site is doing to the user  If you want to store a
> username/password for your own site and then store that authentication
> information in a MySQL database, tell them that.  And explain to them
> that they can revoke authentication at anytime through the Twitter website.

[twitter-dev] reaching daily update limits

[Tjaap]

Hi,

Using a few dozen separate accounts, our app sends personal tweets to
all followers of @twisst.

Most of those accounts were suspended on Tuesday, I suppose because
some spam-catching algorithm marked them as spam. Fortunaly, after I
sent an e-mail to Twitter, they were soon unsuspended. The problem is
that ever since, it seems impossible to send out a lot of tweets
without reaching daily update limits - even though I didn't send out
that many yet.

For instance I just got back a "403 - User is over daily status update
limit" for @twisst13 using http://twitter.com/statuses/update.json. My
system tells me I only sent 279 tweets through that account in the
last 24 hours.

Daily update limit is supposed to be at 1,000, according to the FAQ:
http://help.twitter.com/forums/10711/entries/15364-update-and-api-limits

I don't see any hourly limits being reached, as the maximum that was
sent was 107 tweets an hour through a few accounts.

In total our app sent 12.691 tweets in the last 24 hours, so I can't
image it has to do with any of the other alerts, since that's under
the whitelist 20.000.

So maybe this is a bug? Maybe it has to do with the suspending and
unsuspending? Anyone else seeing something like this?

Thanks,

Jaap


P.s.: sorry if this should have been posted somewhere else. I did
enter an issue in the issue list a while ago, but now it doesn't seem
possible because of maintenance.

[twitter-dev] Using multiple whitelisted IP's to fetch data of a single user without break

[Rushikesh Bhanage]

Hi,

We are building a twitter application which fetches lot of follower data of
particular user. Some users consume around 80,000 calls to complete the
task. So how can we use 4-5 whitelisted ip's to perform single task without
break. Is this possible? If so, how?
Eagerly looking for help from your side.

Thank you.
Rushikesh!

[twitter-dev] Re: Whitelist IP address in the event that a higher rate limit is needed

[federico]

Hi John,

The app allows users to search different sources simultaneously, eg:
Twitter, YouTube, Flickr. The problem is that all the searches are
being made from our corporate network, using the same IP address.
Unfortunately, the Streaming API doesn't provide the search
functionality we need.

Thanks


On Feb 10, 4:01 pm, John Kalucki  wrote:
> Federico,
>
> Perhaps you could describe your application in a little more detail? If your
> application is going to be performing automatic repetitive searches, you
> should be using the Streaming API:http://bit.ly/6JNdZc
>
> -John Kaluckihttp://twitter.com/jkalucki
> Infrastructure, Twitter Inc.
>
> On Wed, Feb 10, 2010 at 6:44 AM, federico  wrote:
> > Hi,
>
> > Does anyone know what the requirements are to get an IP address
> > whitelisted? I'm currently developing an application for our intranet
> > that uses the Search API. Thanks!
>
> > Federico

[twitter-dev] Sorting by date

[Quy]

When I am sorting tweets, can I just do a simple sort DESC on
status_id instead of the creation date? I assume status_ids are
created sequentially going up so sorting on status_id would be more
efficient than trying to sort on the created_at field.

[twitter-dev] Building a 100 million word Twitter corpus

[mzap]

I am a linguist at the University of Sydney currently studying the
language of microblogging. I would like to build a 100 million word
corpus of tweets. I am trying to determine the best way of collecting
such a corpus. Does Twitter make data available directly or is the
only method scraping tweets using the API( I am not a programmer
myself although I do have access to a programmer who is able to use
the API)?

If I was to use the API would rate limiting mean that it is going to
take ages to reach 100 million tweets?

cheers,
Michele

[twitter-dev] Re: oAuth and more users?

[_Bensn]

Ah, ok.
i think i understand it now... ;-) thanks!

On 10 Feb., 16:12, ryan alford  wrote:
> The user doesn't actually "create" their OAuth tokens manually.  The tokens
> are created automatically by Twitter and given to you through responses
> after the user has given your application permission to their account.
>
> Ryan
>
>
>
> On Wed, Feb 10, 2010 at 8:27 AM, _Bensn  wrote:
> > And where get the users there own keys to use the application with
> > there own twitter account? (e.g tweet deck)
>
> > On 9 Feb., 18:29, John Meyer  wrote:
> > > On 2/9/2010 10:03 AM, ryan alford wrote:
>
> > > > So you are saying that the user of a third party application must
> > > > register a completely new consumer key and consumer secret?
>
> > > Again, you have your terminology wrong.  They get a completely new set
> > > of oAuth tokens.  Same as the fact that every user of twitter has to
> > > register his or her own Twitter username/password
>
> > > > So when TweetDeck goes to OAuth, every user will create their own
> > > > consumer key and consumer secret, therefore, having 10s of thousands of
> > > > "TweetDeck" applications registered?
>
> > > No.  One TweetDeck application is registered.  Those users have just
> > > authorized TweetDeck to access their application.- Zitierten Text 
> > > ausblenden -
>
> - Zitierten Text anzeigen -

[twitter-dev] Strange behavior (bug?): statuses/user_timeline/ with count

[Christian Joudrey]

Hello all,

I have just ran into a strange behavior when retrieving the latest
tweet using statuses/user_timeline.

The following URL returns as expected my latest tweet:
http://twitter.com/statuses/user_timeline/cjoudrey.rss?count=1

However, when you change the output to JSON something very odd
happens:
http://twitter.com/statuses/user_timeline/cjoudrey.json?count=1

The API returns a blank array [].

What is even odder is when I poll the API with this URL:
http://twitter.com/statuses/user_timeline/cjoudrey.json?count=2

It only returns my 2nd newest tweet.

Somehow, the most latest tweet is nowhere to be found when using JSON
output.

Best regards,

Christian

Re: [twitter-dev] Re: A proposal for delegation in OAuth identity verification

[Ryan Sarver]

Thanks for sending this out.

I did want to send a note about having developers share consumer keys and
secrets with other applications. While we don't have an explicit policy yet
to block this we STRONGLY advise not to hand out your tokens to other
providers for a number of reasons. Most important of all is that if your
tokens get compromised and abuse is associated with those tokens, we have to
revoke access for the consumer. Obviously tokens can get compromised in a
number of ways, but the more services you share them with the more likely
they are to get compromised which could lead to revocation of your
application.

Raffi has proposed a way to do delegated identity using OAuth and we are
open to finding other models, but we strongly advise not promoting
applications to provide you with their tokens as there are always other ways
of solving that same problem.

Thanks, Ryan

On Thu, Feb 11, 2010 at 12:37 PM, Sean Callahan wrote:

> That is similar to what we are doing at TweetPhoto and it is working
> out fine.
>
> Feel free to check out what we are doing:
>
> http://groups.google.com/group/tweetphoto/web/oauth-signin
>
> Third-party apps share with us their app's consumer key and secret.
>
> We receive the same level of access to the third-party app using our
> photo sharing service.
>
> When two companies work together and are partners there needs to be a
> level of trust.
>
> Furthermore, developers can change their consumer secret at any time
> so their is no real issue with this method.
>
> There are a few integrations coming out soon with this method in
> place.
>
> Please let us know your thoughts and if you have any questions.
>
> Sean
>
>
> On Feb 11, 10:05 am, Brian Smith  wrote:
> > Raffi Krikorian wrote:
> >
> > > The term most frequently used for “delegator” is “relying party.”
> > > What you call the service provider is most frequently called the
> > > “identity provider.” What you call the consumer is usually called
> > > the “subject.” See OpenID, InfoCard, and other similar
> > > specifications for example usage of these terms.
> >
> > First, what I wrote about "subject" was misleading: the user--not the
> > consumer--is the subject.
> >
> > > i hear all this - it just gets a bit complicated with because we are
> > > conflating this with our oauth situation.
> >
> > This doesn't really have much to do with OAuth, because you are not
> > trying to allow delegation of credentials--that is, you are not trying
> > to allow the "consumer" app to let the relying party use the consumer
> > app's OAuth access token to read/write the user's account.> perhaps its
> time to move to an oauth + openID hybrid system.
> >
> > I don't know if OpenID really solves this problem well, especially for
> > apps that aren't webapps.
> >
> > > The subject doesn’t want the relying party to have access to the
> > > entire response from the account/verify_credentials request as if
> > > he had given the relying party read access to his account. I am
> > > not sure if account/verify_credentials returns sensitive
> > > information (information only available to apps that have been
> > > authorized by the user) yet, but I think it is likely in the
> > > future that it will do so. It would be prudent to have delegation
> > > use a different resource designed specifically for delegation.
> >
> > > i think this is again a general case vs a twitter case.  i think in
> > > the general case, the delegator would call some endpoint that would
> > > simply verify the identity through a HTTP code (2xx for success, 4xx
> > > for failure).  twitter, as a special case, sends along the user object
> > > [as] part of it?
> >
> > account/verify_credentials discloses information that is private. For
> > example, the HTTP header of account_verify_credentials discloses
> > information about how frequently the user accesses twitter (the rate
> > limit headers). If the user hasn't previously authorized (via OAuth) the
> > delegator (relying party) to have read access to his account, then the
> > delegator (relying party) shouldn't be able to get this information.
> > Also, I think you should plan ahead for the case where
> > account/verify_credentials returns even more sensitive information. If
> > you were going to reuse an existing resource, I'd reuse
> > users/show.format?user_id= instead. But, AFAICT, it's much
> > better to create a new resource for this purpose, and pretty easy to do
> so.
> >
> > I think the following would be a better protocol:
> >
> > Consumer to Relying Party: Give me , a nonce signed
> > with your OAuth credentials for the relying party'sidentity verification
> > service. Relying Party to Consumer: Here is the token .
> > (This is done using whatever protocol the consumer and the relying party
> > agree to use.)
> >
> > Consumer to Identity Provider: Here's . Give me
> > , which is (, screen_name) signed with
> > a signature that the relying party can verify

Re: [twitter-dev] Re: question regarding API FAQ: reclaim inactive username

[Ryan Sarver]

Aral,

Thanks for the thorough follow up. First of all we definitely care and we
try to show that as opposed to just saying it. The @username issue is a
really sticky one for us for a number of reasons. With that being said, I'm
going to meet with our team internally to review the process and see if we
can come up with better answers to your questions and see if we can improve
the process at all.

We want to support our developers the best way we can so we're totally open
to fixing the process if it's broken.

Best, Ryan

On Thu, Feb 11, 2010 at 1:38 PM, Aral Balkan  wrote:

> Hi Ryan,
>
> My greatest issue with all this is that you appear to have a form response.
> Currently, you're just not handling account transfers at all. And that's the
> same policy for general users (of which you have gazillions) and developers
> (of which you have an order of magnitude or two less).
>
> The account I am asking about has not tweeted since 2007.
>
> It is not a request asking you to favor one person over another. It is a
> request to favor a new Twitter application over an account that hasn't been
> used in three years.
>
> If a human being looked at it, the decision would be clear and would
> probably take 1/10th the time to execute than all these emails have taken.
>
> My suggestion: expire accounts that haven't been used in over 12 months and
> don't have to deal with it.
>
> If that's too harsh, at least handle *trademark* requests. My app's name
> _is_ a trademark even if it isn't a _registered_ trademark. Forcing me to
> register my trademark (can I register it in the UK, where I live, or do I
> have to get a US registered trademark?) just adds more financial
> responsibility on my shoulders.
>
> I put in a trademark request as per the link Raffi gave but I haven't heard
> anything back – not even an automated response saying you guys received the
> email.
>
> On the whole, I just feel unloved because I've put a lot of time and effort
> into an app that I feel will make Twitter a bit more fun and I don't feel
> that the request to have the Twitter account with my app's name – one that
> hasn't been used in three years – is an unrealistic request to make.
>
> Let's say my app is called Dodo. I'm just sad that I am going to launch
> with the Twitter account @dodo or even @dodoapp – because both are taken and
> unused - but that I'm going to launch with @dodo_app.
>
> That you guys don't see this is a problem makes me think that you don't
> care.
>
> All the best,
> Aral
>
> On Thu, Feb 11, 2010 at 8:24 PM, Ryan Sarver  wrote:
>
>> Aral,
>>
>> I'm not sure where you get the idea that we don't care about developers
>> and that humans aren't involved in the process. Raffi and the rest of the
>> platform team actively respond to emails from developers at all hours of the
>> day on both weekdays and weekends.
>>
>> As for the issue of handing over @usernames we need to have a rational and
>> scalable approach to doing so. We can't just hand it out to one person
>> because we like them more than another user. So if there is a dispute over a
>> username we need to follow a standard procedure. We obviously love our
>> developers and work really hard to support them in all the ways that we can,
>> but there needs to be some process that works across the board. If you have
>> a constructive suggestion on how that can be done other than just badgering
>> the people trying to help you, then by all means work with us on it and we
>> are totally open to coming up with a better solution. But to date, this is
>> the best solution we have that scales to the number and complexity of the
>> requests that we receive.
>>
>> I've always stated that we are open to criticism and feedback on how we
>> can improve, but we ask that it be done constructively.
>>
>> Ryan
>>
>>
>> On Thu, Feb 11, 2010 at 7:45 AM, Aral Balkan wrote:
>>
>>> Ah, so Twitter wants to see a *registered* trademark number?
>>>
>>> (As an aside: why do you hate your developers, Twitter?) :)
>>>
>>> The thing is, a trademark does not _have to be_ registered to be a
>>> trademark. Products get trademark protection automatically.
>>>
>>> I guess if I don't hear back, I'll have the IP law firm I use to write a
>>> letter first. Cheaper than getting a registered trademark.
>>>
>>> Of course, the best thing would be for a _human being_ at Twitter to say:
>>> hey developer dude, we love you, sure we can do that... don't mention it!
>>> :)
>>>
>>> (I just don't get this impersonal "computer says NO" attitude towards
>>> developers. Is this just the corporate culture at Twitter or are you guys
>>> severely short-staffed? Thinking Twitter really needs to invest in developer
>>> relations. Maybe get someone whose job it is to handle developer relations
>>> and champion the needs of developers within Twitter?)
>>>
>>> Aral
>>>
>>> On Thu, Feb 11, 2010 at 3:28 PM, anilchawla  wrote:
>>>
 Raffi, thank you for the response, but it is disappointing. I have to
 agree completel

Re: [twitter-dev] A proposal for delegation in OAuth identity verification

[Brian Smith]

Raffi Krikorian wrote:
in general, i really like this mechanism.  from just a usability 
standpoint, however, it means that the consumer has to make a few 
calls simply to perform one action -- they have to call Twitter and 
then the service provider.  on top of that, a real world example would 
have them:


   1. call the delegator to get a token;
   2. send that token to twitter to get another token;
   3. call the delegator with that received token to perform the
  action; and then
   4. (outside this protocol) call twitter to post the status update
  after that action has been performed.

Step #3 would usually be "trade the Twitter-signed token with another 
token used for subsequent authentication to the delegator." In 
particular, if the consumer and delegator were using OAuth, then they'd 
probably use the OAuth WRAP assertion profile. Maybe that resultant 
token would have an expiration date; in that case, the consumer can keep 
using that token without doing steps #1 and #2 up to the expiration date 
of the delegator-issued ticket. It would be up to the delegator to 
decide how frequently he needs to verify that the consumer still is 
authorized to act on that account. Or, maybe other information provided 
in step #1 or #3 would be sufficient to allow the delegator to 
permanently link the Twitter account to a "native" account on the 
delegator's service, so that the consumer would not have to use the 
delegated authentication ever again.


another possible problem i have with it is that it assumes that the 
identity provider can sign something in a way that the delegator can 
verify it?  oh - i suppose that may be the case -- we could use the 
consumer secret of the protected resource/delegator.
Right, the delegator and the identity provider could have a shared HMAC 
key like that. Alternatively, you could skip step #1 all the time if you 
use have the identity provider sign the token with a RSA private key 
that corresponds to a public key that is shared with the delegators on 
some other channel. The scheme I outlined lets Twitter verify the 
delegator's identity for the consumer, as well as verifying the 
consumer's identity for the delegator. If you used the public key 
approach, then the consumer would have to verify the delegator's 
identity using a public key protocol too (probably via X.509 
certificates using TLS).


Cheers,
Brian

[twitter-dev] OAuth Nonce in PHP

[Dewald Pretorius]

Here's a hint for anyone who runs multiple concurrent processes, and
encounters those "401 invalid / used nonce" errors.

Calculate your nonce as:

md5(posix_getpid() . microtime() . mt_rand())

Re: [twitter-dev] OAuth & maintaining tokens?

[Raffi Krikorian]

one potential option is to use "sign in with twitter" -
http://apiwiki.twitter.com/Sign-in-with-Twitter

you will get oauth tokens for the user (which you could store in your
database), and it means that you may not need to build a sign in mechanism.

On Thu, Feb 11, 2010 at 8:30 AM, Paul  wrote:

> I'm just starting to develop a web-based Twitter api application (in
> PHP), which should allow multiple users to tweet through the website.
> I'm experienced developing websites with PHP, but I've never worked
> with the Twitter API, and I see that the preferred authorization
> method is with OAuth, which I've also never worked with before.
>
> I'm still getting into the conceptual stages now, and I know my
> terminology is fuzzy, but I understand that a user goes through the
> 3rd party website (which has a revocable key after registering with
> Twitter, which I've already done), and then the end user goes through
> the the 3rd party website to Twitter to authorize the 3rd party site
> to post for them, without ever revealing the user's ID or password to
> the 3rd party site, by returning an access token.  And according to
> the Twitter OAuth FAQ, the token never expires unless revoked by the
> user or the app itself is de-authorized by Twitter.
>
> My question at last is then, what are good practices for the 3rd party
> site?  Should the site request the user to reauthorize with Twitter
> each & every time he/she comes to the site?  Should the 3rd party site
> have it's own login/username/password for users and store the token in
> a database?  Should it offer to store the token as a cookie on the
> user's computer?
>
> I played with twitgoo.com, which asks a user to "Sign in & Update".
> If I authorize & close the browser, and then start the browser again
> and go to the site, I'm still "logged in"; without having asked if it
> should keep me logged in.  That doesn't seem so good if the user is on
> a shared computer.
>
> SO -- is there any common consensus on how maintaining user info/
> tokens should be done?
>
> Thanks for any feedback,
>
> Paul
>



-- 
Raffi Krikorian
Twitter Platform Team
http://twitter.com/raffi

Re: [twitter-dev] A proposal for delegation in OAuth identity verification

[Raffi Krikorian]

account/verify_credentials discloses information that is private. For
> example, the HTTP header of account_verify_credentials discloses information
> about how frequently the user accesses twitter (the rate limit headers). If
> the user hasn't previously authorized (via OAuth) the delegator (relying
> party) to have read access to his account, then the delegator (relying
> party) shouldn't be able to get this information. Also, I think you should
> plan ahead for the case where account/verify_credentials returns even more
> sensitive information. If you were going to reuse an existing resource, I'd
> reuse users/show.format?user_id= instead. But, AFAICT, it's much
> better to create a new resource for this purpose, and pretty easy to do so.
>

oh - most certainly.  at some point, or maybe with the launch of something
like oauth echo, we could have a different endpoint that just provided the
screen name, or something like that.

the endpoint that the delegator users on the service provider is up to
different implementations.  in the twitter case, we very may well deal with
account/verify_credentials -- we only show user objects there, which are
discoverable by other public means.


> I think the following would be a better protocol:
>
> Consumer to Relying Party: Give me , a nonce signed with
> your OAuth credentials for the relying party'sidentity verification service.
> Relying Party to Consumer: Here is the token . (This is
> done using whatever protocol the consumer and the relying party agree to
> use.)
>
> Consumer to Identity Provider: Here's . Give me
> , which is (, screen_name) signed with a
> signature that the relying party can verify is from the identity provider.
> Identity Provider to Consumer: I verified that the token was signed by the
> relying party identified by . Here is . (This is
> an OAuth-protected transaction using the consumer's credentials).
>
> Consumer to Relying Party: Here is .Relying Party to
> Consumer: OK, let's continue on with whatever we need to do. (This is done
> using whatever protocol the consumer and the relying party want to use.)
>
> Notice in particular: (a) each server only has to process one request, (b)
> the relying part and the identity provider never have to communicate
> directly with each other, (c) the consumer (user) can control the level of
> security used in all the communication (e.g. TLS for everything), (d)
> IP-RP-SIGNED-TOKEN> can be used as the assertion in the OAuth 2.0/WRAP
> assertion profile, if the relying party is using OAuth WRAP to authenticate
> the user, (e) the user and the identity provider can both restrict which
> consumers can sign into which relying parties for which users using this
> mechanism.
>

in general, i really like this mechanism.  from just a usability standpoint,
however, it means that the consumer has to make a few calls simply to
perform one action -- they have to call Twitter and then the service
provider.  on top of that, a real world example would have them:

   1. call the delegator to get a token;
   2. send that token to twitter to get another token;
   3. call the delegator with that received token to perform the action; and
   then
   4. (outside this protocol) call twitter to post the status update after
   that action has been performed.

another possible problem i have with it is that it assumes that the identity
provider can sign something in a way that the delegator can verify it?  oh -
i suppose that may be the case -- we could use the consumer secret of the
protected resource/delegator.

-- 
Raffi Krikorian
Twitter Platform Team
http://twitter.com/raffi

[twitter-dev] Re: question regarding API FAQ: reclaim inactive username

[Dewald Pretorius]

This reminds me. Not so long ago, also over a form response, I hurled
my toys out of the cot so violently that I'm still searching for my
favorite rubber duck.

There should be a lesson in here somewhere.

And the lesson is: Form responses are good __only__ for the
shareholders.

On Feb 11, 5:38 pm, Aral Balkan  wrote:
> Hi Ryan,
>
> My greatest issue with all this is that you appear to have a form response.
> Currently, you're just not handling account transfers at all. And that's the
> same policy for general users (of which you have gazillions) and developers
> (of which you have an order of magnitude or two less).
>
> The account I am asking about has not tweeted since 2007.
>
> It is not a request asking you to favor one person over another. It is a
> request to favor a new Twitter application over an account that hasn't been
> used in three years.
>
> If a human being looked at it, the decision would be clear and would
> probably take 1/10th the time to execute than all these emails have taken.
>
> My suggestion: expire accounts that haven't been used in over 12 months and
> don't have to deal with it.
>
> If that's too harsh, at least handle *trademark* requests. My app's name
> _is_ a trademark even if it isn't a _registered_ trademark. Forcing me to
> register my trademark (can I register it in the UK, where I live, or do I
> have to get a US registered trademark?) just adds more financial
> responsibility on my shoulders.
>
> I put in a trademark request as per the link Raffi gave but I haven't heard
> anything back – not even an automated response saying you guys received the
> email.
>
> On the whole, I just feel unloved because I've put a lot of time and effort
> into an app that I feel will make Twitter a bit more fun and I don't feel
> that the request to have the Twitter account with my app's name – one that
> hasn't been used in three years – is an unrealistic request to make.
>
> Let's say my app is called Dodo. I'm just sad that I am going to launch with
> the Twitter account @dodo or even @dodoapp – because both are taken and
> unused - but that I'm going to launch with @dodo_app.
>
> That you guys don't see this is a problem makes me think that you don't
> care.
>
> All the best,
> Aral
>
> On Thu, Feb 11, 2010 at 8:24 PM, Ryan Sarver  wrote:
> > Aral,
>
> > I'm not sure where you get the idea that we don't care about developers and
> > that humans aren't involved in the process. Raffi and the rest of the
> > platform team actively respond to emails from developers at all hours of the
> > day on both weekdays and weekends.
>
> > As for the issue of handing over @usernames we need to have a rational and
> > scalable approach to doing so. We can't just hand it out to one person
> > because we like them more than another user. So if there is a dispute over a
> > username we need to follow a standard procedure. We obviously love our
> > developers and work really hard to support them in all the ways that we can,
> > but there needs to be some process that works across the board. If you have
> > a constructive suggestion on how that can be done other than just badgering
> > the people trying to help you, then by all means work with us on it and we
> > are totally open to coming up with a better solution. But to date, this is
> > the best solution we have that scales to the number and complexity of the
> > requests that we receive.
>
> > I've always stated that we are open to criticism and feedback on how we can
> > improve, but we ask that it be done constructively.
>
> > Ryan
>
> > On Thu, Feb 11, 2010 at 7:45 AM, Aral Balkan  wrote:
>
> >> Ah, so Twitter wants to see a *registered* trademark number?
>
> >> (As an aside: why do you hate your developers, Twitter?) :)
>
> >> The thing is, a trademark does not _have to be_ registered to be a
> >> trademark. Products get trademark protection automatically.
>
> >> I guess if I don't hear back, I'll have the IP law firm I use to write a
> >> letter first. Cheaper than getting a registered trademark.
>
> >> Of course, the best thing would be for a _human being_ at Twitter to say:
> >> hey developer dude, we love you, sure we can do that... don't mention it!
> >> :)
>
> >> (I just don't get this impersonal "computer says NO" attitude towards
> >> developers. Is this just the corporate culture at Twitter or are you guys
> >> severely short-staffed? Thinking Twitter really needs to invest in 
> >> developer
> >> relations. Maybe get someone whose job it is to handle developer relations
> >> and champion the needs of developers within Twitter?)
>
> >> Aral
>
> >> On Thu, Feb 11, 2010 at 3:28 PM, anilchawla  wrote:
>
> >>> Raffi, thank you for the response, but it is disappointing. I have to
> >>> agree completely with Aral that these requests are not for "personal
> >>> use". Some of us have hundreds/thousands of users around the world who
> >>> use our apps as a means to participate on Twitter, and it is
> >>> ultimately those users who are affected

Re: [twitter-dev] Re: question regarding API FAQ: reclaim inactive username

[Aral Balkan]

Hi Ryan,

My greatest issue with all this is that you appear to have a form response.
Currently, you're just not handling account transfers at all. And that's the
same policy for general users (of which you have gazillions) and developers
(of which you have an order of magnitude or two less).

The account I am asking about has not tweeted since 2007.

It is not a request asking you to favor one person over another. It is a
request to favor a new Twitter application over an account that hasn't been
used in three years.

If a human being looked at it, the decision would be clear and would
probably take 1/10th the time to execute than all these emails have taken.

My suggestion: expire accounts that haven't been used in over 12 months and
don't have to deal with it.

If that's too harsh, at least handle *trademark* requests. My app's name
_is_ a trademark even if it isn't a _registered_ trademark. Forcing me to
register my trademark (can I register it in the UK, where I live, or do I
have to get a US registered trademark?) just adds more financial
responsibility on my shoulders.

I put in a trademark request as per the link Raffi gave but I haven't heard
anything back – not even an automated response saying you guys received the
email.

On the whole, I just feel unloved because I've put a lot of time and effort
into an app that I feel will make Twitter a bit more fun and I don't feel
that the request to have the Twitter account with my app's name – one that
hasn't been used in three years – is an unrealistic request to make.

Let's say my app is called Dodo. I'm just sad that I am going to launch with
the Twitter account @dodo or even @dodoapp – because both are taken and
unused - but that I'm going to launch with @dodo_app.

That you guys don't see this is a problem makes me think that you don't
care.

All the best,
Aral

On Thu, Feb 11, 2010 at 8:24 PM, Ryan Sarver  wrote:

> Aral,
>
> I'm not sure where you get the idea that we don't care about developers and
> that humans aren't involved in the process. Raffi and the rest of the
> platform team actively respond to emails from developers at all hours of the
> day on both weekdays and weekends.
>
> As for the issue of handing over @usernames we need to have a rational and
> scalable approach to doing so. We can't just hand it out to one person
> because we like them more than another user. So if there is a dispute over a
> username we need to follow a standard procedure. We obviously love our
> developers and work really hard to support them in all the ways that we can,
> but there needs to be some process that works across the board. If you have
> a constructive suggestion on how that can be done other than just badgering
> the people trying to help you, then by all means work with us on it and we
> are totally open to coming up with a better solution. But to date, this is
> the best solution we have that scales to the number and complexity of the
> requests that we receive.
>
> I've always stated that we are open to criticism and feedback on how we can
> improve, but we ask that it be done constructively.
>
> Ryan
>
>
> On Thu, Feb 11, 2010 at 7:45 AM, Aral Balkan  wrote:
>
>> Ah, so Twitter wants to see a *registered* trademark number?
>>
>> (As an aside: why do you hate your developers, Twitter?) :)
>>
>> The thing is, a trademark does not _have to be_ registered to be a
>> trademark. Products get trademark protection automatically.
>>
>> I guess if I don't hear back, I'll have the IP law firm I use to write a
>> letter first. Cheaper than getting a registered trademark.
>>
>> Of course, the best thing would be for a _human being_ at Twitter to say:
>> hey developer dude, we love you, sure we can do that... don't mention it!
>> :)
>>
>> (I just don't get this impersonal "computer says NO" attitude towards
>> developers. Is this just the corporate culture at Twitter or are you guys
>> severely short-staffed? Thinking Twitter really needs to invest in developer
>> relations. Maybe get someone whose job it is to handle developer relations
>> and champion the needs of developers within Twitter?)
>>
>> Aral
>>
>> On Thu, Feb 11, 2010 at 3:28 PM, anilchawla  wrote:
>>
>>> Raffi, thank you for the response, but it is disappointing. I have to
>>> agree completely with Aral that these requests are not for "personal
>>> use". Some of us have hundreds/thousands of users around the world who
>>> use our apps as a means to participate on Twitter, and it is
>>> ultimately those users who are affected. In my my case, I have had
>>> several users mistakingly mention or try to follow this inactive spam
>>> account (http://twitter.com/tweetymail) thinking that it was
>>> associated with my service. In the meantime, I am doing the best I can
>>> to communicate with these users using another account.
>>>
>>> FYI, I did not have any success opening support tickets for
>>> brandsquatting/impersonation. Originally, I was told to wait until
>>> 1/31/10 for the username to rema

[twitter-dev] Re: question regarding API FAQ: reclaim inactive username

[anilchawla]

Ryan, I appreciate your response. I cannot speak for Aral but I can
tell you that it has been very frustrating for us. I have been pulled
along by Twitter support for the last month by being told that "we may
be able to transfer the username when..." and then later being
rejected on the basis of not having a registered trademark (see
support tickets #807851 and #845485). I actually started this thread
because I came across the following information on your FAQ, and
realized that there are folks like you and Raffi who are working to
help app developers:


How can I reclaim an inactive Twitter account for my project or
application?

Email usern...@twitter.com and our support staff will get back to you.
Not all inactive usernames are available - we do give users a grace
period in which they can restore their accounts after they've deleted
them. Please be patient: these requests are not the top priority for
our support staff and it may take some time before you get a response.


When I followed these instructions, I was rejected immediately with
what seems like a standard automated reply. I think this is what Aral
was referring to about humans not being involved and not reviewing the
specific situation.

As for a constructive suggestion on how to evaluate transfers of user
names, how about criteria such as:

* User name was created but never used (0 tweets, etc) since account
was created X months ago
* User name has been inactive for atleast Y months (perhaps Y > X if
the account was once active)
* User name appears to be a name-squatting or spam attempt
(subjective, but perhaps you have criteria already)
* User name meeting the the above criteria is leading to brand/service
confusion among Twitter users
* User name meeting the above criteria violates "common law" trademark
(http://bit.ly/bYBuF3)

The point is that requiring a registered US trademark is very
unreasonable for the vast majority of us who develop applications for
Twitter. Please also understand that we are begging for the usernames
that correspond directly to our apps, and that this in turn will help
our users. I believe that Twitter Support has already spent as much
time evaluating and declining my tickets on the basis of "registered
trademark" as they could have spent on the criteria above. The only
difference is that they could have said 'yes', and there would be one
less inactive user name going to waste.

On Feb 11, 3:24 pm, Ryan Sarver  wrote:
> Aral,
>
> I'm not sure where you get the idea that we don't care about developers and
> that humans aren't involved in the process. Raffi and the rest of the
> platform team actively respond to emails from developers at all hours of the
> day on both weekdays and weekends.
>
> As for the issue of handing over @usernames we need to have a rational and
> scalable approach to doing so. We can't just hand it out to one person
> because we like them more than another user. So if there is a dispute over a
> username we need to follow a standard procedure. We obviously love our
> developers and work really hard to support them in all the ways that we can,
> but there needs to be some process that works across the board. If you have
> a constructive suggestion on how that can be done other than just badgering
> the people trying to help you, then by all means work with us on it and we
> are totally open to coming up with a better solution. But to date, this is
> the best solution we have that scales to the number and complexity of the
> requests that we receive.
>
> I've always stated that we are open to criticism and feedback on how we can
> improve, but we ask that it be done constructively.
>
> Ryan
>
>
>
> On Thu, Feb 11, 2010 at 7:45 AM, Aral Balkan  wrote:
> > Ah, so Twitter wants to see a *registered* trademark number?
>
> > (As an aside: why do you hate your developers, Twitter?) :)
>
> > The thing is, a trademark does not _have to be_ registered to be a
> > trademark. Products get trademark protection automatically.
>
> > I guess if I don't hear back, I'll have the IP law firm I use to write a
> > letter first. Cheaper than getting a registered trademark.
>
> > Of course, the best thing would be for a _human being_ at Twitter to say:
> > hey developer dude, we love you, sure we can do that... don't mention it!
> > :)
>
> > (I just don't get this impersonal "computer says NO" attitude towards
> > developers. Is this just the corporate culture at Twitter or are you guys
> > severely short-staffed? Thinking Twitter really needs to invest in developer
> > relations. Maybe get someone whose job it is to handle developer relations
> > and champion the needs of developers within Twitter?)
>
> > Aral
>
> > On Thu, Feb 11, 2010 at 3:28 PM, anilchawla  wrote:
>
> >> Raffi, thank you for the response, but it is disappointing. I have to
> >> agree completely with Aral that these requests are not for "personal
> >> use". Some of us have hundreds/thousands of users around the world who
> >> use our apps as a mea

[twitter-dev] TweetPhoto now setup for OAuth support

[Sean Callahan]

TweetPhoto now supports OAuth for photo sharing within third-party
applications.

http://groups.google.com/group/tweetphoto/web/authentication

Let me know if you have any questions whatsoever.

Sean

[twitter-dev] Re: A proposal for delegation in OAuth identity verification

[Sean Callahan]

That is similar to what we are doing at TweetPhoto and it is working
out fine.

Feel free to check out what we are doing:

http://groups.google.com/group/tweetphoto/web/oauth-signin

Third-party apps share with us their app's consumer key and secret.

We receive the same level of access to the third-party app using our
photo sharing service.

When two companies work together and are partners there needs to be a
level of trust.

Furthermore, developers can change their consumer secret at any time
so their is no real issue with this method.

There are a few integrations coming out soon with this method in
place.

Please let us know your thoughts and if you have any questions.

Sean


On Feb 11, 10:05 am, Brian Smith  wrote:
> Raffi Krikorian wrote:
>
> >     The term most frequently used for “delegator” is “relying party.”
> >     What you call the service provider is most frequently called the
> >     “identity provider.” What you call the consumer is usually called
> >     the “subject.” See OpenID, InfoCard, and other similar
> >     specifications for example usage of these terms.
>
> First, what I wrote about "subject" was misleading: the user--not the
> consumer--is the subject.
>
> > i hear all this - it just gets a bit complicated with because we are
> > conflating this with our oauth situation.
>
> This doesn't really have much to do with OAuth, because you are not
> trying to allow delegation of credentials--that is, you are not trying
> to allow the "consumer" app to let the relying party use the consumer
> app's OAuth access token to read/write the user's account.> perhaps its time 
> to move to an oauth + openID hybrid system.
>
> I don't know if OpenID really solves this problem well, especially for
> apps that aren't webapps.
>
> >     The subject doesn’t want the relying party to have access to the
> >     entire response from the account/verify_credentials request as if
> >     he had given the relying party read access to his account. I am
> >     not sure if account/verify_credentials returns sensitive
> >     information (information only available to apps that have been
> >     authorized by the user) yet, but I think it is likely in the
> >     future that it will do so. It would be prudent to have delegation
> >     use a different resource designed specifically for delegation.
>
> > i think this is again a general case vs a twitter case.  i think in
> > the general case, the delegator would call some endpoint that would
> > simply verify the identity through a HTTP code (2xx for success, 4xx
> > for failure).  twitter, as a special case, sends along the user object
> > [as] part of it?
>
> account/verify_credentials discloses information that is private. For
> example, the HTTP header of account_verify_credentials discloses
> information about how frequently the user accesses twitter (the rate
> limit headers). If the user hasn't previously authorized (via OAuth) the
> delegator (relying party) to have read access to his account, then the
> delegator (relying party) shouldn't be able to get this information.
> Also, I think you should plan ahead for the case where
> account/verify_credentials returns even more sensitive information. If
> you were going to reuse an existing resource, I'd reuse
> users/show.format?user_id= instead. But, AFAICT, it's much
> better to create a new resource for this purpose, and pretty easy to do so.
>
> I think the following would be a better protocol:
>
> Consumer to Relying Party: Give me , a nonce signed
> with your OAuth credentials for the relying party'sidentity verification
> service. Relying Party to Consumer: Here is the token .
> (This is done using whatever protocol the consumer and the relying party
> agree to use.)
>
> Consumer to Identity Provider: Here's . Give me
> , which is (, screen_name) signed with
> a signature that the relying party can verify is from the identity
> provider. Identity Provider to Consumer: I verified that the token was
> signed by the relying party identified by . Here is
> . (This is an OAuth-protected transaction using the
> consumer's credentials).
>
> Consumer to Relying Party: Here is .Relying Party to
> Consumer: OK, let's continue on with whatever we need to do. (This is
> done using whatever protocol the consumer and the relying party want to
> use.)
>
> Notice in particular: (a) each server only has to process one request,
> (b) the relying part and the identity provider never have to communicate
> directly with each other, (c) the consumer (user) can control the level
> of security used in all the communication (e.g. TLS for everything), (d)
> IP-RP-SIGNED-TOKEN> can be used as the assertion in the OAuth 2.0/WRAP
> assertion profile, if the relying party is using OAuth WRAP to
> authenticate the user, (e) the user and the identity provider can both
> restrict which consumers can sign into which relying parties for which
> users using this mechanism.
>
> Regards,
> Brian

Re: [twitter-dev] Re: question regarding API FAQ: reclaim inactive username

[Ryan Sarver]

Aral,

I'm not sure where you get the idea that we don't care about developers and
that humans aren't involved in the process. Raffi and the rest of the
platform team actively respond to emails from developers at all hours of the
day on both weekdays and weekends.

As for the issue of handing over @usernames we need to have a rational and
scalable approach to doing so. We can't just hand it out to one person
because we like them more than another user. So if there is a dispute over a
username we need to follow a standard procedure. We obviously love our
developers and work really hard to support them in all the ways that we can,
but there needs to be some process that works across the board. If you have
a constructive suggestion on how that can be done other than just badgering
the people trying to help you, then by all means work with us on it and we
are totally open to coming up with a better solution. But to date, this is
the best solution we have that scales to the number and complexity of the
requests that we receive.

I've always stated that we are open to criticism and feedback on how we can
improve, but we ask that it be done constructively.

Ryan

On Thu, Feb 11, 2010 at 7:45 AM, Aral Balkan  wrote:

> Ah, so Twitter wants to see a *registered* trademark number?
>
> (As an aside: why do you hate your developers, Twitter?) :)
>
> The thing is, a trademark does not _have to be_ registered to be a
> trademark. Products get trademark protection automatically.
>
> I guess if I don't hear back, I'll have the IP law firm I use to write a
> letter first. Cheaper than getting a registered trademark.
>
> Of course, the best thing would be for a _human being_ at Twitter to say:
> hey developer dude, we love you, sure we can do that... don't mention it!
> :)
>
> (I just don't get this impersonal "computer says NO" attitude towards
> developers. Is this just the corporate culture at Twitter or are you guys
> severely short-staffed? Thinking Twitter really needs to invest in developer
> relations. Maybe get someone whose job it is to handle developer relations
> and champion the needs of developers within Twitter?)
>
> Aral
>
> On Thu, Feb 11, 2010 at 3:28 PM, anilchawla  wrote:
>
>> Raffi, thank you for the response, but it is disappointing. I have to
>> agree completely with Aral that these requests are not for "personal
>> use". Some of us have hundreds/thousands of users around the world who
>> use our apps as a means to participate on Twitter, and it is
>> ultimately those users who are affected. In my my case, I have had
>> several users mistakingly mention or try to follow this inactive spam
>> account (http://twitter.com/tweetymail) thinking that it was
>> associated with my service. In the meantime, I am doing the best I can
>> to communicate with these users using another account.
>>
>> FYI, I did not have any success opening support tickets for
>> brandsquatting/impersonation. Originally, I was told to wait until
>> 1/31/10 for the username to remain inactive. When I complied and
>> opened a new request on 2/1, I was immediately denied. It seems that
>> brand-squatting/impersonation/brand-confusion are all irrelevant...
>> Twitter wants to see a trademark number. I am a hobby developer who
>> provides a free service completely out-of-pocket, and now I need to
>> spend hundreds of dollars to register a trademark just to get access
>> to a username that nobody ever used?
>>
>> I see that you have also replaced the text of the FAQ entry with the
>> more generic policy regarding trademark infringement. This is too bad,
>> but I guess it answers my original question -- the existing entry was
>> no longer valid. I certainly understand that Twitter can't always
>> transfer usernames to app developers who want them, but there are
>> certainly cases in which a username (inactive/never tweeted/created
>> for spam) could be put to better use. A blanket policy on trademark
>> infringement may make sense for companies and large brands, but it
>> does nothing at all to help the small-time hobby developers who
>> contribute so much to the Twitter ecosystem.
>>
>> On Feb 10, 7:34 pm, Raffi Krikorian  wrote:
>> > hi all, please refer to
>> >
>> > http://apiwiki.twitter.com/FAQ#HowcanIreclaimaninactiveTwitteraccount.
>> ..
>> >
>> > We are unable to transfer usernames for personal use at this time. If
>> you
>> > believe a Twitter account may be squatting on your trademark and
>> violating
>> > Twitter's Terms of Service, please file a ticket athttp://
>> help.twitter.com/requests/newregarding 'Trademark/Brand squatting'.
>> >
>> >
>> >
>> >
>> >
>> > On Wed, Feb 10, 2010 at 4:05 PM, Kyle Mulka 
>> wrote:
>> > > I also have this problem and have gotten no response whatsoever from
>> > > Twitter.
>> >
>> > > Here's the inactive account that I'd like to have:
>> > >http://twitter.com/twilk
>> >
>> > > --
>> > > Kyle Mulka
>> > > Founder, Congo Labs
>> > >http://twilk.com
>> >
>> > > On Feb 10, 6:41 pm, Anil Chawla  wrot

Re: [twitter-dev] OAuth & maintaining tokens?

[John Meyer]

On 2/11/2010 9:30 AM, Paul wrote:


My question at last is then, what are good practices for the 3rd party
site?  Should the site request the user to reauthorize with Twitter
each&  every time he/she comes to the site?  Should the 3rd party site
have it's own login/username/password for users and store the token in
a database?  Should it offer to store the token as a cookie on the
user's computer?




Different strokes for different folks.  Whatever you do, make it clear 
what your site is doing to the user  If you want to store a 
username/password for your own site and then store that authentication 
information in a MySQL database, tell them that.  And explain to them 
that they can revoke authentication at anytime through the Twitter website.

[twitter-dev] OAuth & maintaining tokens?

[Paul]

I'm just starting to develop a web-based Twitter api application (in
PHP), which should allow multiple users to tweet through the website.
I'm experienced developing websites with PHP, but I've never worked
with the Twitter API, and I see that the preferred authorization
method is with OAuth, which I've also never worked with before.

I'm still getting into the conceptual stages now, and I know my
terminology is fuzzy, but I understand that a user goes through the
3rd party website (which has a revocable key after registering with
Twitter, which I've already done), and then the end user goes through
the the 3rd party website to Twitter to authorize the 3rd party site
to post for them, without ever revealing the user's ID or password to
the 3rd party site, by returning an access token.  And according to
the Twitter OAuth FAQ, the token never expires unless revoked by the
user or the app itself is de-authorized by Twitter.

My question at last is then, what are good practices for the 3rd party
site?  Should the site request the user to reauthorize with Twitter
each & every time he/she comes to the site?  Should the 3rd party site
have it's own login/username/password for users and store the token in
a database?  Should it offer to store the token as a cookie on the
user's computer?

I played with twitgoo.com, which asks a user to "Sign in & Update".
If I authorize & close the browser, and then start the browser again
and go to the site, I'm still "logged in"; without having asked if it
should keep me logged in.  That doesn't seem so good if the user is on
a shared computer.

SO -- is there any common consensus on how maintaining user info/
tokens should be done?

Thanks for any feedback,

Paul

Re: [twitter-dev] Re: question regarding API FAQ: reclaim inactive username

[Aral Balkan]

I just tweeted the developer advocate position.

Aral

On Thu, Feb 11, 2010 at 4:17 PM, Raffi Krikorian  wrote:

> (I just don't get this impersonal "computer says NO" attitude towards
>> developers. Is this just the corporate culture at Twitter or are you guys
>> severely short-staffed? Thinking Twitter really needs to invest in developer
>> relations. Maybe get someone whose job it is to handle developer relations
>> and champion the needs of developers within Twitter?)
>>
>
> oh - and just to answer this.  no, its not the corporate culture at
> Twitter, and yes we are extremely short staffed.  http://twitter.com/jobs<- 
> please, people, apply to join our team.  trust me, its a blast.
> 
>

Re: [twitter-dev] Find Location where tweet came from

[Raffi Krikorian]

twitter only returns data back in its "geo" field if the tweet has been
explicitly geotagged.

search, however, attempts to use other signals to determine where the tweet
is, and will attempt to return "more" tweets when you use its "search"
parameter.  it does not, however, expose those signals in the search
results.

On Wed, Feb 10, 2010 at 1:39 PM, don  wrote:

> Hi All,
>
> I'm trying to determine the location where a tweet came from.
>
> I know you can do a search specifying the location you want to look at
> and this checks againist any geo data and then against the location
> data. I'm guessing that twitter does a lot of error checking and
> transforms the location data into a geo coord on the backend when you
> do this search.
>
> My question is: if I do a search for say a "word" and get my results
> back I want to be able to check where each of the returned tweets came
> from. Not just using the geo data that the user may have allowed but
> also the location data (just like the search for location based tweets
> does).
>
> Essentially getting back a geo coord for each tweet if there is any
> releveant geo data or location data given by the tweeter.
>
> this site would be doing something similar: http://trendsmap.com/
>
> any ideas? sorry if this is really obvious, I have searched and just
> can't find it.
>
> thanks
> don
>



-- 
Raffi Krikorian
Twitter Platform Team
http://twitter.com/raffi

Re: [twitter-dev] Re: question regarding API FAQ: reclaim inactive username

[Raffi Krikorian]

>
> (I just don't get this impersonal "computer says NO" attitude towards
> developers. Is this just the corporate culture at Twitter or are you guys
> severely short-staffed? Thinking Twitter really needs to invest in developer
> relations. Maybe get someone whose job it is to handle developer relations
> and champion the needs of developers within Twitter?)
>

oh - and just to answer this.  no, its not the corporate culture at Twitter,
and yes we are extremely short staffed.  http://twitter.com/jobs <- please,
people, apply to join our team.  trust me, its a blast.



> Aral
>
> On Thu, Feb 11, 2010 at 3:28 PM, anilchawla  wrote:
>
>> Raffi, thank you for the response, but it is disappointing. I have to
>> agree completely with Aral that these requests are not for "personal
>> use". Some of us have hundreds/thousands of users around the world who
>> use our apps as a means to participate on Twitter, and it is
>> ultimately those users who are affected. In my my case, I have had
>> several users mistakingly mention or try to follow this inactive spam
>> account (http://twitter.com/tweetymail) thinking that it was
>> associated with my service. In the meantime, I am doing the best I can
>> to communicate with these users using another account.
>>
>> FYI, I did not have any success opening support tickets for
>> brandsquatting/impersonation. Originally, I was told to wait until
>> 1/31/10 for the username to remain inactive. When I complied and
>> opened a new request on 2/1, I was immediately denied. It seems that
>> brand-squatting/impersonation/brand-confusion are all irrelevant...
>> Twitter wants to see a trademark number. I am a hobby developer who
>> provides a free service completely out-of-pocket, and now I need to
>> spend hundreds of dollars to register a trademark just to get access
>> to a username that nobody ever used?
>>
>> I see that you have also replaced the text of the FAQ entry with the
>> more generic policy regarding trademark infringement. This is too bad,
>> but I guess it answers my original question -- the existing entry was
>> no longer valid. I certainly understand that Twitter can't always
>> transfer usernames to app developers who want them, but there are
>> certainly cases in which a username (inactive/never tweeted/created
>> for spam) could be put to better use. A blanket policy on trademark
>> infringement may make sense for companies and large brands, but it
>> does nothing at all to help the small-time hobby developers who
>> contribute so much to the Twitter ecosystem.
>>
>> On Feb 10, 7:34 pm, Raffi Krikorian  wrote:
>> > hi all, please refer to
>> >
>> > http://apiwiki.twitter.com/FAQ#HowcanIreclaimaninactiveTwitteraccount.
>> ..
>> >
>> > We are unable to transfer usernames for personal use at this time. If
>> you
>> > believe a Twitter account may be squatting on your trademark and
>> violating
>> > Twitter's Terms of Service, please file a ticket athttp://
>> help.twitter.com/requests/newregarding 'Trademark/Brand squatting'.
>> >
>> >
>> >
>> >
>> >
>> > On Wed, Feb 10, 2010 at 4:05 PM, Kyle Mulka 
>> wrote:
>> > > I also have this problem and have gotten no response whatsoever from
>> > > Twitter.
>> >
>> > > Here's the inactive account that I'd like to have:
>> > >http://twitter.com/twilk
>> >
>> > > --
>> > > Kyle Mulka
>> > > Founder, Congo Labs
>> > >http://twilk.com
>> >
>> > > On Feb 10, 6:41 pm, Anil Chawla  wrote:
>> > > > Thanks, glad to know I'm not alone on this. I've looked at filing a
>> > > > trademark but it is still frustrating to proceed through
>> > > > lengthy/costly legal process in order to reclaim an inactive/spam
>> > > > username -- especially for a completely free service. This entry in
>> > > > the Twitter API FAQ is a glimmer of hope for app developers. I hope
>> > > > someone at Twitter can help app developers get their specific
>> > > > situation reviewed. In some cases, such as mine, it is an
>> > > > all-around-win for the Twitter ecosystem to release these inactive
>> > > > usernames.
>> >
>> > > > -Anil
>> >
>> > > > On Wed, Feb 10, 2010 at 5:17 PM, Aral Balkan 
>> > > wrote:
>> > > > > I had the same response :(
>> > > > > Someone told me that the way to approach it may be to file a
>> trademark
>> > > > > dispute. This is what I'm going to be forced to do since it
>> doesn't
>> > > appear
>> > > > > possible to talk to a human being at Twitter about this issue.
>> > > > > All the best,
>> > > > > Aral
>> > > > > On Wed, Feb 10, 2010 at 6:04 PM, anilchawla 
>> wrote:
>> >
>> > > > >> I develop and maintain a free Twitter application (http://
>> > > > >> tweetymail.com) and I am desperately trying to reclaim the
>> inactive
>> > > > >> 'tweetymail' username because it is causing confusion among my
>> users.
>> > > > >> I was not able to get anywhere with Twitter support, but I came
>> across
>> > > > >> this entry in the API FAQ:
>> >
>> > > > >>
>> http://apiwiki.twitter.com/FAQ#HowcanIreclaimaninactiveTwitteraccount.
>> > > ..

Re: [twitter-dev] Re: question regarding API FAQ: reclaim inactive username

[Raffi Krikorian]

yeah - i hate to be the bearer of bad news.

On Thu, Feb 11, 2010 at 7:45 AM, Aral Balkan  wrote:

> Ah, so Twitter wants to see a *registered* trademark number?
>
> (As an aside: why do you hate your developers, Twitter?) :)
>
> The thing is, a trademark does not _have to be_ registered to be a
> trademark. Products get trademark protection automatically.
>
> I guess if I don't hear back, I'll have the IP law firm I use to write a
> letter first. Cheaper than getting a registered trademark.
>
> Of course, the best thing would be for a _human being_ at Twitter to say:
> hey developer dude, we love you, sure we can do that... don't mention it!
> :)
>
> (I just don't get this impersonal "computer says NO" attitude towards
> developers. Is this just the corporate culture at Twitter or are you guys
> severely short-staffed? Thinking Twitter really needs to invest in developer
> relations. Maybe get someone whose job it is to handle developer relations
> and champion the needs of developers within Twitter?)
>
> Aral
>
> On Thu, Feb 11, 2010 at 3:28 PM, anilchawla  wrote:
>
>> Raffi, thank you for the response, but it is disappointing. I have to
>> agree completely with Aral that these requests are not for "personal
>> use". Some of us have hundreds/thousands of users around the world who
>> use our apps as a means to participate on Twitter, and it is
>> ultimately those users who are affected. In my my case, I have had
>> several users mistakingly mention or try to follow this inactive spam
>> account (http://twitter.com/tweetymail) thinking that it was
>> associated with my service. In the meantime, I am doing the best I can
>> to communicate with these users using another account.
>>
>> FYI, I did not have any success opening support tickets for
>> brandsquatting/impersonation. Originally, I was told to wait until
>> 1/31/10 for the username to remain inactive. When I complied and
>> opened a new request on 2/1, I was immediately denied. It seems that
>> brand-squatting/impersonation/brand-confusion are all irrelevant...
>> Twitter wants to see a trademark number. I am a hobby developer who
>> provides a free service completely out-of-pocket, and now I need to
>> spend hundreds of dollars to register a trademark just to get access
>> to a username that nobody ever used?
>>
>> I see that you have also replaced the text of the FAQ entry with the
>> more generic policy regarding trademark infringement. This is too bad,
>> but I guess it answers my original question -- the existing entry was
>> no longer valid. I certainly understand that Twitter can't always
>> transfer usernames to app developers who want them, but there are
>> certainly cases in which a username (inactive/never tweeted/created
>> for spam) could be put to better use. A blanket policy on trademark
>> infringement may make sense for companies and large brands, but it
>> does nothing at all to help the small-time hobby developers who
>> contribute so much to the Twitter ecosystem.
>>
>> On Feb 10, 7:34 pm, Raffi Krikorian  wrote:
>> > hi all, please refer to
>> >
>> > http://apiwiki.twitter.com/FAQ#HowcanIreclaimaninactiveTwitteraccount.
>> ..
>> >
>> > We are unable to transfer usernames for personal use at this time. If
>> you
>> > believe a Twitter account may be squatting on your trademark and
>> violating
>> > Twitter's Terms of Service, please file a ticket athttp://
>> help.twitter.com/requests/newregarding 'Trademark/Brand squatting'.
>> >
>> >
>> >
>> >
>> >
>> > On Wed, Feb 10, 2010 at 4:05 PM, Kyle Mulka 
>> wrote:
>> > > I also have this problem and have gotten no response whatsoever from
>> > > Twitter.
>> >
>> > > Here's the inactive account that I'd like to have:
>> > >http://twitter.com/twilk
>> >
>> > > --
>> > > Kyle Mulka
>> > > Founder, Congo Labs
>> > >http://twilk.com
>> >
>> > > On Feb 10, 6:41 pm, Anil Chawla  wrote:
>> > > > Thanks, glad to know I'm not alone on this. I've looked at filing a
>> > > > trademark but it is still frustrating to proceed through
>> > > > lengthy/costly legal process in order to reclaim an inactive/spam
>> > > > username -- especially for a completely free service. This entry in
>> > > > the Twitter API FAQ is a glimmer of hope for app developers. I hope
>> > > > someone at Twitter can help app developers get their specific
>> > > > situation reviewed. In some cases, such as mine, it is an
>> > > > all-around-win for the Twitter ecosystem to release these inactive
>> > > > usernames.
>> >
>> > > > -Anil
>> >
>> > > > On Wed, Feb 10, 2010 at 5:17 PM, Aral Balkan 
>> > > wrote:
>> > > > > I had the same response :(
>> > > > > Someone told me that the way to approach it may be to file a
>> trademark
>> > > > > dispute. This is what I'm going to be forced to do since it
>> doesn't
>> > > appear
>> > > > > possible to talk to a human being at Twitter about this issue.
>> > > > > All the best,
>> > > > > Aral
>> > > > > On Wed, Feb 10, 2010 at 6:04 PM, anilchawla 
>> wrote:
>> >
>> > > > >> I develop 

Re: [twitter-dev] A proposal for delegation in OAuth identity verification

[Brian Smith]

Raffi Krikorian wrote:


The term most frequently used for “delegator” is “relying party.”
What you call the service provider is most frequently called the
“identity provider.” What you call the consumer is usually called
the “subject.” See OpenID, InfoCard, and other similar
specifications for example usage of these terms.

First, what I wrote about "subject" was misleading: the user--not the 
consumer--is the subject.


i hear all this - it just gets a bit complicated with because we are 
conflating this with our oauth situation.
This doesn't really have much to do with OAuth, because you are not 
trying to allow delegation of credentials--that is, you are not trying 
to allow the "consumer" app to let the relying party use the consumer 
app's OAuth access token to read/write the user's account.

perhaps its time to move to an oauth + openID hybrid system.
I don't know if OpenID really solves this problem well, especially for 
apps that aren't webapps.


The subject doesn’t want the relying party to have access to the
entire response from the account/verify_credentials request as if
he had given the relying party read access to his account. I am
not sure if account/verify_credentials returns sensitive
information (information only available to apps that have been
authorized by the user) yet, but I think it is likely in the
future that it will do so. It would be prudent to have delegation
use a different resource designed specifically for delegation.

i think this is again a general case vs a twitter case.  i think in 
the general case, the delegator would call some endpoint that would 
simply verify the identity through a HTTP code (2xx for success, 4xx 
for failure).  twitter, as a special case, sends along the user object 
[as] part of it?
account/verify_credentials discloses information that is private. For 
example, the HTTP header of account_verify_credentials discloses 
information about how frequently the user accesses twitter (the rate 
limit headers). If the user hasn't previously authorized (via OAuth) the 
delegator (relying party) to have read access to his account, then the 
delegator (relying party) shouldn't be able to get this information. 
Also, I think you should plan ahead for the case where 
account/verify_credentials returns even more sensitive information. If 
you were going to reuse an existing resource, I'd reuse 
users/show.format?user_id= instead. But, AFAICT, it's much 
better to create a new resource for this purpose, and pretty easy to do so.


I think the following would be a better protocol:

Consumer to Relying Party: Give me , a nonce signed 
with your OAuth credentials for the relying party'sidentity verification 
service. Relying Party to Consumer: Here is the token . 
(This is done using whatever protocol the consumer and the relying party 
agree to use.)


Consumer to Identity Provider: Here's . Give me 
, which is (, screen_name) signed with 
a signature that the relying party can verify is from the identity 
provider. Identity Provider to Consumer: I verified that the token was 
signed by the relying party identified by . Here is 
. (This is an OAuth-protected transaction using the 
consumer's credentials).


Consumer to Relying Party: Here is .Relying Party to 
Consumer: OK, let's continue on with whatever we need to do. (This is 
done using whatever protocol the consumer and the relying party want to 
use.)


Notice in particular: (a) each server only has to process one request, 
(b) the relying part and the identity provider never have to communicate 
directly with each other, (c) the consumer (user) can control the level 
of security used in all the communication (e.g. TLS for everything), (d) 
IP-RP-SIGNED-TOKEN> can be used as the assertion in the OAuth 2.0/WRAP 
assertion profile, if the relying party is using OAuth WRAP to 
authenticate the user, (e) the user and the identity provider can both 
restrict which consumers can sign into which relying parties for which 
users using this mechanism.


Regards,
Brian

Re: [twitter-dev] Re: question regarding API FAQ: reclaim inactive username

[Aral Balkan]

Ah, so Twitter wants to see a *registered* trademark number?

(As an aside: why do you hate your developers, Twitter?) :)

The thing is, a trademark does not _have to be_ registered to be a
trademark. Products get trademark protection automatically.

I guess if I don't hear back, I'll have the IP law firm I use to write a
letter first. Cheaper than getting a registered trademark.

Of course, the best thing would be for a _human being_ at Twitter to say:
hey developer dude, we love you, sure we can do that... don't mention it!
:)

(I just don't get this impersonal "computer says NO" attitude towards
developers. Is this just the corporate culture at Twitter or are you guys
severely short-staffed? Thinking Twitter really needs to invest in developer
relations. Maybe get someone whose job it is to handle developer relations
and champion the needs of developers within Twitter?)

Aral

On Thu, Feb 11, 2010 at 3:28 PM, anilchawla  wrote:

> Raffi, thank you for the response, but it is disappointing. I have to
> agree completely with Aral that these requests are not for "personal
> use". Some of us have hundreds/thousands of users around the world who
> use our apps as a means to participate on Twitter, and it is
> ultimately those users who are affected. In my my case, I have had
> several users mistakingly mention or try to follow this inactive spam
> account (http://twitter.com/tweetymail) thinking that it was
> associated with my service. In the meantime, I am doing the best I can
> to communicate with these users using another account.
>
> FYI, I did not have any success opening support tickets for
> brandsquatting/impersonation. Originally, I was told to wait until
> 1/31/10 for the username to remain inactive. When I complied and
> opened a new request on 2/1, I was immediately denied. It seems that
> brand-squatting/impersonation/brand-confusion are all irrelevant...
> Twitter wants to see a trademark number. I am a hobby developer who
> provides a free service completely out-of-pocket, and now I need to
> spend hundreds of dollars to register a trademark just to get access
> to a username that nobody ever used?
>
> I see that you have also replaced the text of the FAQ entry with the
> more generic policy regarding trademark infringement. This is too bad,
> but I guess it answers my original question -- the existing entry was
> no longer valid. I certainly understand that Twitter can't always
> transfer usernames to app developers who want them, but there are
> certainly cases in which a username (inactive/never tweeted/created
> for spam) could be put to better use. A blanket policy on trademark
> infringement may make sense for companies and large brands, but it
> does nothing at all to help the small-time hobby developers who
> contribute so much to the Twitter ecosystem.
>
> On Feb 10, 7:34 pm, Raffi Krikorian  wrote:
> > hi all, please refer to
> >
> > http://apiwiki.twitter.com/FAQ#HowcanIreclaimaninactiveTwitteraccount...
> >
> > We are unable to transfer usernames for personal use at this time. If you
> > believe a Twitter account may be squatting on your trademark and
> violating
> > Twitter's Terms of Service, please file a ticket athttp://
> help.twitter.com/requests/newregarding 'Trademark/Brand squatting'.
> >
> >
> >
> >
> >
> > On Wed, Feb 10, 2010 at 4:05 PM, Kyle Mulka 
> wrote:
> > > I also have this problem and have gotten no response whatsoever from
> > > Twitter.
> >
> > > Here's the inactive account that I'd like to have:
> > >http://twitter.com/twilk
> >
> > > --
> > > Kyle Mulka
> > > Founder, Congo Labs
> > >http://twilk.com
> >
> > > On Feb 10, 6:41 pm, Anil Chawla  wrote:
> > > > Thanks, glad to know I'm not alone on this. I've looked at filing a
> > > > trademark but it is still frustrating to proceed through
> > > > lengthy/costly legal process in order to reclaim an inactive/spam
> > > > username -- especially for a completely free service. This entry in
> > > > the Twitter API FAQ is a glimmer of hope for app developers. I hope
> > > > someone at Twitter can help app developers get their specific
> > > > situation reviewed. In some cases, such as mine, it is an
> > > > all-around-win for the Twitter ecosystem to release these inactive
> > > > usernames.
> >
> > > > -Anil
> >
> > > > On Wed, Feb 10, 2010 at 5:17 PM, Aral Balkan 
> > > wrote:
> > > > > I had the same response :(
> > > > > Someone told me that the way to approach it may be to file a
> trademark
> > > > > dispute. This is what I'm going to be forced to do since it doesn't
> > > appear
> > > > > possible to talk to a human being at Twitter about this issue.
> > > > > All the best,
> > > > > Aral
> > > > > On Wed, Feb 10, 2010 at 6:04 PM, anilchawla 
> wrote:
> >
> > > > >> I develop and maintain a free Twitter application (http://
> > > > >> tweetymail.com) and I am desperately trying to reclaim the
> inactive
> > > > >> 'tweetymail' username because it is causing confusion among my
> users.
> > > > >> I was not a

[twitter-dev] Re: question regarding API FAQ: reclaim inactive username

[anilchawla]

Raffi, thank you for the response, but it is disappointing. I have to
agree completely with Aral that these requests are not for "personal
use". Some of us have hundreds/thousands of users around the world who
use our apps as a means to participate on Twitter, and it is
ultimately those users who are affected. In my my case, I have had
several users mistakingly mention or try to follow this inactive spam
account (http://twitter.com/tweetymail) thinking that it was
associated with my service. In the meantime, I am doing the best I can
to communicate with these users using another account.

FYI, I did not have any success opening support tickets for
brandsquatting/impersonation. Originally, I was told to wait until
1/31/10 for the username to remain inactive. When I complied and
opened a new request on 2/1, I was immediately denied. It seems that
brand-squatting/impersonation/brand-confusion are all irrelevant...
Twitter wants to see a trademark number. I am a hobby developer who
provides a free service completely out-of-pocket, and now I need to
spend hundreds of dollars to register a trademark just to get access
to a username that nobody ever used?

I see that you have also replaced the text of the FAQ entry with the
more generic policy regarding trademark infringement. This is too bad,
but I guess it answers my original question -- the existing entry was
no longer valid. I certainly understand that Twitter can't always
transfer usernames to app developers who want them, but there are
certainly cases in which a username (inactive/never tweeted/created
for spam) could be put to better use. A blanket policy on trademark
infringement may make sense for companies and large brands, but it
does nothing at all to help the small-time hobby developers who
contribute so much to the Twitter ecosystem.

On Feb 10, 7:34 pm, Raffi Krikorian  wrote:
> hi all, please refer to
>
> http://apiwiki.twitter.com/FAQ#HowcanIreclaimaninactiveTwitteraccount...
>
> We are unable to transfer usernames for personal use at this time. If you
> believe a Twitter account may be squatting on your trademark and violating
> Twitter's Terms of Service, please file a ticket 
> athttp://help.twitter.com/requests/newregarding 'Trademark/Brand squatting'.
>
>
>
>
>
> On Wed, Feb 10, 2010 at 4:05 PM, Kyle Mulka  wrote:
> > I also have this problem and have gotten no response whatsoever from
> > Twitter.
>
> > Here's the inactive account that I'd like to have:
> >http://twitter.com/twilk
>
> > --
> > Kyle Mulka
> > Founder, Congo Labs
> >http://twilk.com
>
> > On Feb 10, 6:41 pm, Anil Chawla  wrote:
> > > Thanks, glad to know I'm not alone on this. I've looked at filing a
> > > trademark but it is still frustrating to proceed through
> > > lengthy/costly legal process in order to reclaim an inactive/spam
> > > username -- especially for a completely free service. This entry in
> > > the Twitter API FAQ is a glimmer of hope for app developers. I hope
> > > someone at Twitter can help app developers get their specific
> > > situation reviewed. In some cases, such as mine, it is an
> > > all-around-win for the Twitter ecosystem to release these inactive
> > > usernames.
>
> > > -Anil
>
> > > On Wed, Feb 10, 2010 at 5:17 PM, Aral Balkan 
> > wrote:
> > > > I had the same response :(
> > > > Someone told me that the way to approach it may be to file a trademark
> > > > dispute. This is what I'm going to be forced to do since it doesn't
> > appear
> > > > possible to talk to a human being at Twitter about this issue.
> > > > All the best,
> > > > Aral
> > > > On Wed, Feb 10, 2010 at 6:04 PM, anilchawla  wrote:
>
> > > >> I develop and maintain a free Twitter application (http://
> > > >> tweetymail.com) and I am desperately trying to reclaim the inactive
> > > >> 'tweetymail' username because it is causing confusion among my users.
> > > >> I was not able to get anywhere with Twitter support, but I came across
> > > >> this entry in the API FAQ:
>
> > > >>http://apiwiki.twitter.com/FAQ#HowcanIreclaimaninactiveTwitteraccount.
> > ..
>
> > > >> I followed the instructions and emailed usern...@twitter.com. Five
> > > >> minutes later, I received two simultaneous emails: 1) An automatic
> > > >> notice indicating that support received my request, 2) An automatic
> > > >> rejection indicating that Twitter is not releasing inactive usernames
> > > >> at this time.
>
> > > >> Have any other app developers had success with this process? Is the
> > > >> information on the FAQ still valid? Can someone from Twitter provide
> > > >> an alternate avenue for app developers to have a request such as this
> > > >> heard?
>
> > > >> The account I am seeking (http://twitter.com/tweetymail) has never
> > > >> tweeted and has been inactive for at least 6 months.
>
> > > >> Thank  you.
>
> --
> Raffi Krikorian
> Twitter Platform Teamhttp://twitter.com/raffi

Re: [twitter-dev] Re: question regarding API FAQ: reclaim inactive username

[Aral Balkan]

Hey Raffi,

I don't think these requests fall into "personal use" – they're requests by
Twitter app developers for their Twitter apps. It would go a long way for
Twitter to show that it cares for its developers if they didn't treat their
requests like requests from general users.

I've put in a "Trademark/Brand squatting" request as you suggested – I'm
hopeful that it will have an effect.

On a positive note: my app was approved by Apple yesterday and I'm working
feverishly to get it launched tomorrow.

It would be a really nice gesture if I could have the Twitter account to go
with my app. Especially since it has been dormant since 2007. Here's hoping.
I'd love to feel that Twitter treats its developers a little differently
than its users.

All the best,
Aral

On Thu, Feb 11, 2010 at 12:34 AM, Raffi Krikorian  wrote:

> hi all, please refer to
>
>
> http://apiwiki.twitter.com/FAQ#HowcanIreclaimaninactiveTwitteraccountformyprojectorapplication
>
> We are unable to transfer usernames for personal use at this time. If you
> believe a Twitter account may be squatting on your trademark and violating
> Twitter's Terms of Service, please file a ticket at
> http://help.twitter.com/requests/new regarding 'Trademark/Brand
> squatting'.
>
>
> On Wed, Feb 10, 2010 at 4:05 PM, Kyle Mulka wrote:
>
>> I also have this problem and have gotten no response whatsoever from
>> Twitter.
>>
>> Here's the inactive account that I'd like to have:
>> http://twitter.com/twilk
>>
>> --
>> Kyle Mulka
>> Founder, Congo Labs
>> http://twilk.com
>>
>> On Feb 10, 6:41 pm, Anil Chawla  wrote:
>> > Thanks, glad to know I'm not alone on this. I've looked at filing a
>> > trademark but it is still frustrating to proceed through
>> > lengthy/costly legal process in order to reclaim an inactive/spam
>> > username -- especially for a completely free service. This entry in
>> > the Twitter API FAQ is a glimmer of hope for app developers. I hope
>> > someone at Twitter can help app developers get their specific
>> > situation reviewed. In some cases, such as mine, it is an
>> > all-around-win for the Twitter ecosystem to release these inactive
>> > usernames.
>> >
>> > -Anil
>> >
>> > On Wed, Feb 10, 2010 at 5:17 PM, Aral Balkan 
>> wrote:
>> > > I had the same response :(
>> > > Someone told me that the way to approach it may be to file a trademark
>> > > dispute. This is what I'm going to be forced to do since it doesn't
>> appear
>> > > possible to talk to a human being at Twitter about this issue.
>> > > All the best,
>> > > Aral
>> > > On Wed, Feb 10, 2010 at 6:04 PM, anilchawla  wrote:
>> >
>> > >> I develop and maintain a free Twitter application (http://
>> > >> tweetymail.com) and I am desperately trying to reclaim the inactive
>> > >> 'tweetymail' username because it is causing confusion among my users.
>> > >> I was not able to get anywhere with Twitter support, but I came
>> across
>> > >> this entry in the API FAQ:
>> >
>> > >>
>> http://apiwiki.twitter.com/FAQ#HowcanIreclaimaninactiveTwitteraccount...
>> >
>> > >> I followed the instructions and emailed usern...@twitter.com. Five
>> > >> minutes later, I received two simultaneous emails: 1) An automatic
>> > >> notice indicating that support received my request, 2) An automatic
>> > >> rejection indicating that Twitter is not releasing inactive usernames
>> > >> at this time.
>> >
>> > >> Have any other app developers had success with this process? Is the
>> > >> information on the FAQ still valid? Can someone from Twitter provide
>> > >> an alternate avenue for app developers to have a request such as this
>> > >> heard?
>> >
>> > >> The account I am seeking (http://twitter.com/tweetymail) has never
>> > >> tweeted and has been inactive for at least 6 months.
>> >
>> > >> Thank  you.
>>
>
>
>
> --
> Raffi Krikorian
> Twitter Platform Team
> http://twitter.com/raffi
>