Yes, which is why I think it's silly that I can change their email address but can't view it. I really think it should be the other way around, don't you?.
Dave. On Jul 8, 6:00 pm, JDG <[email protected]> wrote: > *Yes, I could also use it to send them spam, but that's why they should > block my app if they don't trust me.* > > Shouldn't you be applying the same logic to why they would trust you not to > update their email address? > > > > On Wed, Jul 8, 2009 at 15:47, Dave Hensley <[email protected]> wrote: > > > If a Twitter user has authenticated my app, is it possible for me to > > view their email address? > > > From what I can tell through the O'Reilly book and Google searches, > > the answer is currently "no" due to, I'm assuming, security > > concerns... But I can think of several reasons why the user may want > > to allow me to have this information. For example, they could use my > > app to set up email alerts for themselves that would be triggered by > > various events, or use it to send them compiled reports, etc. Being > > able to read their email address could be very useful, and I would > > love to have it as a feature in the API. > > > Yes, I could also use it to send them spam, but that's why they should > > block my app if they don't trust me. People put their email address > > into forms all over the Internet all the time, probably hundreds of > > times per year, so it seems silly for me not to be able to read it > > even with the user's permission. > > > One feature that should _definitely_ be removed, however, is the > > ability to _change_ the user's email addresss. For instance, if a > > person authorizes my app and I do this: > > > $to->OAuthRequest('https://twitter.com/account/update_profile.xml', > > array('email' => '[email protected]'), 'POST'); > > > then all I have to do is fill out the Forgotten Password form, check > > the confirmation code that gets sent to _my_ hotmail address, and then > > suddenly I've got full control over the poor user's account and the > > ability to spam all of their followers. Watch out, Ashton! > > > I can't believe that the Twitter API permits this, but doesn't allow > > me to do something simple and useful like emailing the person a list > > of their followers. Am I missing something? > > > Dave. > > -- > Internets. Serious business.
