Twitblogs- There is no reason why any Twitter user should simply trust an app because *you* created it. Though I inherently trust you and there's no reason to believe you would create a malicious app, no one can *verify* that. Trust yet verify.
That's all we are asking for. Until there is a verify mechanism, yes, no app at all ever on the planet, including my favorite TweetDeck, should be trusted. Ever. I think that's what is being said here. And if that hurts business, well... blame Twitter. Or Bush. Or both. -- Aaron Brazell web:: www.technosailor.com phone:: 410-608-6620 skype:: technosailor twitter:: @technosailor On Mon, Jan 5, 2009 at 11:35 AM, Nicole Simon <nee...@gmail.com> wrote: > > Cameron's comment shows why a system like Oauth is important: > Making it easy for third party developpers. > Making it easier for users to build trust. > > Btw business idea, as it did work with summize: > Build an oauth service between third apps and twitter, > gain the trust from the users, "force" devs to use it. As > this can be switched on by twitter any moment: > take a small amount of money from the users > in the meantime until twitter implements it. > > I'd probably pay 10 dollars a year for such an intermediary > service (so make that 5 for six months) > > Business idea 2 for you so you don't canibalise yourself: > Let's use a pledge drive to put up money for you and > implement these. > > Alex: > >> Christopher St John's comments above accurately reflect my own >> concerns. OAuth is not a security magic bullet, and it only encourages >> phishing attacks. I feel bad for users that have given their >> credentials to a phishing site, and we'll do everything we can to >> educate them, but token-based authentication systems are not going to >> fix this particular security problem. > > > Of course it is not a magic bullet but let's not forget that having to > provide my > login data on third party apps because nothing else exists is really > stupid. > It may not be the magic bullet but in comparison that is miles between > those > too. > > >> Getting worked up into hysterics about boycotts is just, as security >> expert Bruce Schenier is fond of saying, "security theater". It's the >> equivalent of an apartment building's tenants telling their landlord >> they refuse to use keys because someone's place got broken into. > > > The equivilant you are looking for is that in order to have operations > done in my appartment all I can do is hand out my keys instead of > being able to use the trusted third party service which will watch > them just for a bit. > > Are users stupid and dont know what they do? Of course. Basically > it surprises me to see it took them phishers so long to go for it. > > But you can see a clear correlation with some of the recent news > with twitter news popping up on sites like digitalpoint and co. > > The ecosystem is one of the reasons why Twitter is succeeding, > interviews with users show that over and over again. > > > Nicole > > -- > Kontakt: > http://twitter.com/NicoleSimon // http://mit140zeichen.de/ > http://crueltobekind.org // http://beissholz.de > > skype: nicole.simon / mailto:nee...@gmail.com > phone: +49 451 899 75 03 / mobile: +49 179 499 7076 > > >
