What I'd actually like to see is some granularity in the oAuth permissions that go beyond binary "has complete access: DENY|ALLOW", and this would also solve this problem.
Surprising users when an app auto-tweets is one thing, but I'm more concerned about a given app reading my DM's, for example (which I wouldn't know about, thus no 'surprise' but still bad). I would urge Twitter to look at Flickr's oAuth (well 'oAuth style') auth which lets users dictate the level of access a given app is allowed and even let developers appropriately request only the right level they need. Twifficiency technically only needed read-only access to my public tweets (ok, it wouldn't have had the viral aspect). If when I oAuthed for it the twitter landing page said: Give app "Twifficiency" access to the following on your account? : [x] public tweets [ ] send tweets [ ] read direct messages This seems more appropriate but would also deal with the issue of surprising auto-tweets when the app developer doesn't highlight it up front. What do people think? Thanks, Ben Metcalfe On Aug 18, 1:45 pm, Brian Sutorius <bsutor...@twitter.com> wrote: > Hi all, > > Over the past 24 hours, we've received some questions about the > Twifficiency app, so we thought we'd use this as an opportunity to > quickly share some information around our Developer Principles. > > For background, the Twifficiency app computes a "Twifficiency score" > based on different aspects of your Twitter account and posts the score > as a Tweet. While the developer included a disclaimer that these > Tweets would be posted to Twitter, user feedback indicated that the > text was too far down on the page to be noticed before proceeding. As > a result, many users were surprised that their scores were being > tweeted automatically. > > Which brings us to our Developer Principles, one of which is "Don't > surprise users." Specifically, we require developers to get users' > permission before sending Tweets or other messages on their behalf. > Allowing an application to access your account does not constitute > consent for actions to automatically be taken on your behalf. > > Twifficiency violated this principle, so we suspended the app > yesterday afternoon while we worked with the developer to make sure > users were better informed about the application's actions and could > control whether or not a Tweet would be posted. With these changes > --which include a more prominent warning and a checkbox on the main > page-- the application has been re-enabled. > > Our developer principles can be found in our API Terms of > Service:http://dev.twitter.com/pages/api_terms > > Brian Sutorius > API Policy
