Twitter Security Hypocrisy

 

If Twitter were really serious about the dangers of sharing access to Gmail accounts, and thus their personal documents on Google Apps, they wouldn’t continue to encourage people to hand over their email passwords just to tell their friends about Twitter or find existing friends on the service.

Allow Twitter to Scrape Your Personal Information In Gmail

Allow Twitter to Scrape Your Personal Information In Gmail

I have written extensively about the problems associated with Viral Tell-A-Friend systems. People are becoming careless with personal and business security, and soon adding an email and password to a box will be as common as handing over an email address… but with dire consequences.

My opinion, Techcrunch shouldn’t publish what they found in Twitter’s undie drawer… but only with the provision that they remove the hypocritical viral tell-a-friend, and encourage other startups to do the same… until they learn to use APIs correctly.

Dopplr manage  to use APIs for TAF without the massive funding, and Gigya seem to have some API support.

Let something good come of this, and get all major social sites to stop scraping 3rd party accounts as well.

 

Liked this post? Follow this blog to get more. Follow

Comments

  1. timacheson says

    Now Twitter's own internal systems have been hacked, along with the accounts of Twitter users including celebrities:

    http://www.timacheson.com/Blog/2009/jul/twitter

    The initial point of entry wasn't a gap in Twitter's security. The hacker(s) gained access through a Google Apps account. The worry with a Google account is, it's web-based and therefore only as secure as the rest of the Internet. If yuor Google account is compromised and you use Google Docs in a serious commercial setting, your Twitter account will be the least of your worries.

  2. says

    I think you have your facts wrong on what data was actually seen

    They didn't get access to celebrity accounts on this, but personal details such as direct email addresses possibly to agents etc.

  3. tampapestcontrol says

    Lately I've also been thinking about all of the various apps requesting access to your Twitter account in order to function. Sure they use the api, but what's stopping some of these sites from being malicious with the user/pass information? Not much, far as I can tell.

    Good point regarding the Viral TAF systems as well. A compromised Email addy is bad news.

  4. timacheson says

    Yes, the hacker had access to Twitter user accounts and took a screenshot of at least one of them. Twitter's blog claimed that only that one user account was compromised.

  5. says

    That is just a snippet from the PC World article which specifically doesn't mention any Twitter accounts being accessed, other than Twitter employees who had their Gmail compromised.

    http://www.pcworld.com/article/168462/twitter_h

    The only place you will find claims to people outside twitter being compromised (this time around) are are sensationalist headlines which are scraped together from other sources.
    Thing might appear in searches just due to keyword use, not because it actually happened.

  6. techfreakstuff says

    Recently heard that most of the Twitter private documents were hacked by Hackers by using Google and brought to notice of Common man! Is this what we call Security? Twitter needs to grow up…But anyways, I love twitter!

  7. nich says

    You are right. I would also not give my passwords to any site for meetings friends. My privacy means more to me.

  8. says

    Of course Twitter needs to be more cautious than before. Even otherwise, I am quite wary of entering my passwords to Viral Tell A Friend kind of applications.

  9. steveopti says

    Some other sites such as Blogspot also ask for Gmail login, does that mean it can be misused? Security level should be raised so as to provide better business services to consumers.

  10. says

    I think you have your facts wrong on what data was actually seen

    They didn't get access to celebrity accounts on this, but personal details such as direct email addresses possibly to agents etc.

  11. increasewebsitetraffic1 says

    Interesting!

    In the past, offline media was one of the major mediums to promote one’s business and brand awareness. However, with the increasing popularity of the online media and its positive results, more people are turning to online marketing techniques to build a strong business presence across the globe. The Internet provides great opportunities for entrepreneurs and small businesses, but doing business online presents unique challenges and requires new skills. Per my experience search engine optimization would be the best practice to improve your online business.

  12. lt_rudi says

    I personally don't like the idea of giving my email password. It just doesn't make sense to me.

  13. says

    I never use the “invite your friends” features. I can just as easily send a mass email myself without worrying about anyone else swipping my passwords.

  14. webriq says

    Hi everyone! I recently gone through a new site for creating free websites and I hope my suggestion could be useful for everyone who wish to have and create a website with their name as a domain. I created my website through webriq.com without any confusion and I am comfortable using it without any programming knowledge .Webriq is a tool that is easily editable and is using advanced drag and drop technology.

    The site is: http://webriq.com/home

  15. says

    @ frankcrccd If you have a website and your on twitter it does get you more traffic but you have to work at it etc. @ spanishinspain Twitter is there it just depends how you use it, I wouldn't say it played a major role. I would certainly avoid viral on twitter. For anyone on Twitter don't twit me MLM grrr

  16. cheapcoinsorterlei says

    2 of my twitter accounts, i can not logged in, says wrong password. i think mine was already hacked!

  17. acaijj says

    I never give password not only to twitter but also to other sites also. It is a bad one I think. So these sites should avoid to ask the password from the users.

  18. says

    It is slightly worrying the number of sites that you can feed into twitter using your twitter account details. If one of those was to experience a problem, then all your data could be at risk very quickly!

  19. says

    I am always suspicous about revealing my 'contact list' to any third party. As for twitter, it's important to take more precautions till we figgure out what is happening with the security holes discovered recently.

  20. firewallconfiguration says

    Hi! Its innovative one and the information on the which is given its very useful.Keep post cont.Sstay tune with us.Thank