Twitter reaches out to users over OAuth changes
by Steve Ragan - Sep 2 2010, 08:30Twitter sent an email to each one of its millions of users this week in an attempt to clear up some confusion and address the recent changes made to its API. In addition to the API changes, the micro-blogging service also confirmed that the shortened URL, 't.co', will be rolled out in the coming weeks.
The changes to Twitter’s API took effect on Tuesday. For the most part, many Twitter users will hardly have noticed them, this is because of the applications that allow them to use the service via the API - some 250,000 were prepared ahead of time.
Applications such as TweetDeck, Seesmic, Foursquare, Topsy, and others, each need Twitter’s API in order to connect. The changes to the API were announced with such a heads-up it allowed all but the most obscure Twitter applications to have updates available.
To the user, 'OAuth' means that a given application can access Twitter without asking for a password. What this means is that applications using OAuth will not be allowed to store passwords and will require authorization to work. Users can manage authorization from the 'settings' section of their Twitter profile. From there, applications can be added or removed at will.
“Desktop and mobile applications may still ask for your password once, but after that request, they are required to use OAuth in order to access your timeline or allow you to tweet,” Twitter’s email said.
In addition to OAuth information, the outreach email also included more information about the t.co shortened URL. The new URLs will allow links to be wrapped in an easier-to-understand link.
“Wrapped links are displayed in a way that is easier to read, with the actual domain and part of the URL showing, so that you know what you are clicking on,” Twitter explained.
“When you click on a wrapped link, your request will pass through the Twitter service to check if the destination site is known to contain Malware, and we then will forward you on to the destination URL,” it added. “All of that should happen in an instant.”
Some accounts are already using the t.co service, and everyone will be using them soon. While there is no hard roll-out date, Twitter’s email suggests it will be sooner rather than later - which is certainly a good thing.
Earlier this week, links from AltURL were used to push malicious TweetDeck downloads, taking advantage of the API changes to spread the TDSS rootkit. The malicious posts all warned users that TweetDeck would fail, and that downloading the patch would correct any API-related issues.
Commenting on the issue earlier in the week, TweetDeck said: “These tweets are from hacked accounts and this file does not come from us. Do not download it.”
If there is any question about Twitter's email to users, it comes from the last bullet point in the shortened URL section.
“When you click on these links from Twitter.com or a Twitter application, Twitter will log that click. We hope to use this data to provide better and more relevant content to you over time.”
Taking it at face value, this means Twitter could keep track of malicious links and prevent future posts containing them from appearing, dropping them before the post is fully sent.
On the other side of things, one could see this as an admission that Twitter will be tracking trends, using the link data to further advertising initiatives. If so, then that leads to the issue of privacy.
How will these logged clicks be stored? Who has access to them inside Twitter? Is this part of a business plan that includes advertisements and marketing? If so, will the logged data be shared with business partners and advertisers?
Granted, Twitter hinted at this in June, when it mentioned that the data collected from t.co links would “provide services that make use of this data, an example would be analytics within our eventual commercial accounts service.”
The Tech Herald has asked Twitter for confirmation and we’ll post its response as soon as we have it.
Comment on this Story