[twitter-dev] Re: Privacy issues with the proposed annotations feature
Brian, not to ignore privacy issues but just to simplify the situation a bit ... What currently protects a user from a malicious (desktop) application stealing all kinds of user data via submitting tweets through it's proxy? And even by submitting such information directly to it's website? On Apr 19, 2:03 am, Raffi Krikorian wrote: > > Right now the web UI exposes every piece of metadata in a tweet to > > end-users. That is, an end-user can use twitter.com to check the complete > > contents of tweet sent by an application. I didn’t see anything in the > > proposals regarding the annotation feature that says that users will be able > > to see all the annotations through the web UI. And, even if they could see > > them, chances are they couldn’t understand them. And, even if end-users > > could understand them, applications will be able to use encryption and other > > obfuscation to make them impossible to interpret. This reduces the amount of > > control users have over their tweets. > > this wasn't always true -- there was a period where the web client showed no > geo information at all. geo was an API only feature. at current time, it > is still a bit unknown how the twitter.com webclient will utilize > annotations (just like its unknown how the ecosystem will utilize > annotations). > > > I think there must be some kind of control mechanism in place for > > annotations, or the web UI must present all the annotations of a user’s > > tweets to that user, or both, in order to prevent the annotations feature > > from becoming a side channel for applications to communicate users’ private > > information without users’ knowledge or consent. I would like to know more > > about how this is going to be done. > > at this point, we're not planning to have any elaborate control mechanisms > over annotations, however, your point of being able to use twitter.com as a > "debugging" interface is an interesting one. > > -- > Raffi Krikorian > Twitter Platform Teamhttp://twitter.com/raffi > > -- > Subscription > settings:http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
[twitter-dev] Re: Introduce yourself!
Hi, I'm Alex. London-based. Currently working on a conversation tracking application. My tools are .Net specific, thanks Mayo for LinqToTwitter library! Thanks to all of you for providing great advice! On Feb 21, 11:03 pm, Anton Krasovsky wrote: > Hi Guys, > > @ak1394 Anton Krasovsky, Dublin, Ireland. Author of PavoMe (twitter > client for java mobiles). > > I've been working with twitter for about half a year, and my efforts > are split between working > on client application and backend server (which handles all > communication between handset and Twitter servers, and is written in > Erlang). > > So far the only twitter opensource released by me was an Erlang client > library. I don't think anyone except me actually uses it. > > I'm looking forward to see xAuth avaiable - few users in China will > appreciate not having to > struggle with GFW to get their oauth tokens. > > http://github.com/ak1394/twerl > > http://pavo.me > > Regards, > Anton > > > > On Fri, Feb 19, 2010 at 8:20 PM, Abraham Williams <4bra...@gmail.com> wrote: > > We have not had an introductions thread in a long time (or ever that I could > > find) so I'm starting one. Don't forget to add an answer to the tools thread > > [1](Gmail link [2]) as well. > > I'm Abraham Williams, I've been working with the Twitter API and this group > > since early 2008. I do mostly freelance Drupal and Twitter API integration > > and personal projects. I love seeing the creative projects developers build > > or integrate with the API and look forward to meeting many of you at Chirp. > > TwitterOAuth [3] the first PHP library to support OAuth is built and > > maintained by me, and will hopefully see a new release soon. I also built a > > fun Chrome extension [4] that integrates common friends and followers into > > Twitter profiles. > > The feature I would most like added to the API is a conversation method to > > get replies to a specific status. > > So. Who are you, what do you do, what have you built, and what feature do > > you most want to see added? > > @Abraham > > [1] http://groups.google.com/group/twitter-development-talk/browse_thread... > > [2] https://mail.google.com/mail/#inbox/12680cd0fa59011e > > [3] https://chrome.google.com/extensions/detail/npdjhmblakdjfnnajeomfbogo... > > [4] http://code.google.com/p/twitter-api/issues/detail?id=142 > > -- > > Abraham Williams | Community Advocate |http://abrah.am > > Project | Out Loud |http://outloud.labs.poseurtech.com > > This email is: [ ] shareable [x] ask first [ ] private. > > Sent from Seattle, WA, United States
[twitter-dev] Re: The XML for user settings would be helpful
Dmitri, I believe such request still counts against your usage limit. Just to remember to stay within the boundaries :) On Feb 18, 10:15 pm, Dmitri Snytkine wrote: > Sorry to bother you, but I found out that this feature is already > available > Turns out I can easily get user's profile as json or xml without > using oAuth or API > > Very simple, like this: > > http://api.twitter.com/1/users/show/MythBusters.json > This is just great! > > On Feb 18, 3:36 pm, Dmitri Snytkine wrote: > > > > > I just though of something that would be very helpful to developers: > > what if there was a url to get xml or json of user's profile, > > background image, color settings and avatar. > > I mean similar to regular RSS feed, only for the current user's > > settings. > > > This way we don't even need to use API if we want to generate a page > > that looks like user's own twitter page. And because it would be > > static files, they could be served from Twitter very fast and make use > > last-modified and etag headers. > > > Currently if I want to style a page to mimin user's twitter page, I > > have to access thehttps://twitter.com/account/verify_credentials.json > > and for that I have to use oAuth call. But this is an overkill. Why do > > I even need to have user's token and secret just to get his latest > > profile that is basically available on his twitter page, I just don't > > want to to and scrape it from the actual twitter page. > > > Why not give us the url to get these settings as json or xml the same > > way we can get the RSS for user's latest messages without having to > > use API
[twitter-dev] Re: Looking for someone to help wiith oauth
Also check out LinqToTwitter, it includes a sample web application in C# On Feb 10, 10:33 pm, John Meyer wrote: > On 2/10/2010 7:48 AM, Merrows wrote:> I am seeking someone skilled in .NET > 3.5, C# to help with implementing > > twitter oauth, and I would welcome any suggestions of how to find > > someone. > > TwitterVB implemetns oAuth and can be used with any .NET compliant language: > > http://twittervb.codeplex.com
[twitter-dev] Re: OAuth & maintaining tokens?
The way I did it for my website is to store the tokens in a db and put a custom persisting cookie on the user's browser. The user can 'sign- off' removing the cookie and will have to authenticate with Twitter next time she uses the protected functionality on my website. Or the cookie can expire/be deleted locally. But if the cookie remains intact user will be singed-in automatically. I think this approach is quite secure and still convenient to all parties involved. Alex On Feb 11, 4:53 pm, John Meyer wrote: > On 2/11/2010 9:30 AM, Paul wrote: > > > > > My question at last is then, what are good practices for the 3rd party > > site? Should the site request the user to reauthorize with Twitter > > each& every time he/she comes to the site? Should the 3rd party site > > have it's own login/username/password for users and store the token in > > a database? Should it offer to store the token as a cookie on the > > user's computer? > > Different strokes for different folks. Whatever you do, make it clear > what your site is doing to the user If you want to store a > username/password for your own site and then store that authentication > information in a MySQL database, tell them that. And explain to them > that they can revoke authentication at anytime through the Twitter website.
