It is not possible to view a user's email address. Additionally, it is not possible to perform a user lookup based on an email address. If you do not trust an application enough to not change your email address, we suggest you not use that application.
As always, please email [email protected] if you have found an application behaving poorly. Thanks, Doug On Wed, Jul 8, 2009 at 3:34 PM, JDG <[email protected]> wrote: > if we're going with "shoulds", i think it should be both or neither. > personally, i'd like it to be both, with the option that the user be able to > completely hide his or her email address from everyone except the twitter > DB. i can see the obvious benefit to the current architecture though. i may > be in a situation -- say, on a smartphone -- where the twitter site doesn't > necessarily render well in my browser, but still want to update my email > address right there and then, or maybe I've got a desktop application and I > just don't want to fire up a browser. In either situation, I like the fact > that the API gives me a way to change my email address. It also prevents an > app owner from getting my email address without my explicit permission -- > what is stopping you from simply asking users for their email address if > they want you to send them whatever data you want to send them? > > > On Wed, Jul 8, 2009 at 16:15, Dave Hensley <[email protected]> wrote: > >> >> Yes, which is why I think it's silly that I can change their email >> address but can't view it. I really think it should be the other way >> around, don't you?. >> >> Dave. >> >> On Jul 8, 6:00 pm, JDG <[email protected]> wrote: >> > *Yes, I could also use it to send them spam, but that's why they should >> > block my app if they don't trust me.* >> > >> > Shouldn't you be applying the same logic to why they would trust you not >> to >> > update their email address? >> > >> > >> > >> > On Wed, Jul 8, 2009 at 15:47, Dave Hensley <[email protected]> >> wrote: >> > >> > > If a Twitter user has authenticated my app, is it possible for me to >> > > view their email address? >> > >> > > From what I can tell through the O'Reilly book and Google searches, >> > > the answer is currently "no" due to, I'm assuming, security >> > > concerns... But I can think of several reasons why the user may want >> > > to allow me to have this information. For example, they could use my >> > > app to set up email alerts for themselves that would be triggered by >> > > various events, or use it to send them compiled reports, etc. Being >> > > able to read their email address could be very useful, and I would >> > > love to have it as a feature in the API. >> > >> > > Yes, I could also use it to send them spam, but that's why they should >> > > block my app if they don't trust me. People put their email address >> > > into forms all over the Internet all the time, probably hundreds of >> > > times per year, so it seems silly for me not to be able to read it >> > > even with the user's permission. >> > >> > > One feature that should _definitely_ be removed, however, is the >> > > ability to _change_ the user's email addresss. For instance, if a >> > > person authorizes my app and I do this: >> > >> > > $to->OAuthRequest('https://twitter.com/account/update_profile.xml', >> > > array('email' => '[email protected]'), 'POST'); >> > >> > > then all I have to do is fill out the Forgotten Password form, check >> > > the confirmation code that gets sent to _my_ hotmail address, and then >> > > suddenly I've got full control over the poor user's account and the >> > > ability to spam all of their followers. Watch out, Ashton! >> > >> > > I can't believe that the Twitter API permits this, but doesn't allow >> > > me to do something simple and useful like emailing the person a list >> > > of their followers. Am I missing something? >> > >> > > Dave. >> > >> > -- >> > Internets. Serious business. >> > > > > -- > Internets. Serious business. >
