Thus I am glad to see Twitter will switch off access to their API using standard authentication of username and password, and providing access only by OAuth.

For that I applaud the Twitter team for taking a positive step for online security.

Do As I Say, Not As I Do?

Twitter are still scraping friend information from email accounts.

It doesn’t matter what they claim they scrape, or that they claim to not store the information

• Not using OAuth is now totally hypocritical
• Twitter have been hacked in the past
• A few hundred million people giving up their email passwords is quite a valuable target

I realise Facebook only fixed their Friend Finding / Tell-A-Friend system after they purchased Octazen (and shut it down to new customers), but if Twitter expect their developers to use OAuth, the least they should do is use it themselves.

Update

Just saw this in Facebook – I know that Skype contacts are hardly the key to your online business like a Gmail account, but I thought they were finally past all this account scraping crap.

Facebook sucks for privacy again… well even more… well you know.

Now in the space of just a week I have been able to highlight a solution based upon one of my own blog posts that uses a slightly ghetto, but K.I.S.S method to achieve extremely effective viral tell-a-friend functionality, and now I want to mention another more sophisticated solution.

In my last post I mention that Stompernet currently have an offer to get their Stomping The Search Engines STSE2 SEO Course 100% Free with no credit card requirements.

Now if I am going to state that something is 100% free, I really want to be sure that there are no strings attached.

So I tested the signup procedure and created an account for my wife.

Stompernet Tell-A-Friend Process

As you can see, lots of import options, and whilst a few of them do require username/password, the most important business centric address for online marketers, Google, uses an API hosted by Google.

Remember, Google Account is Key To:-

• Gmail (Paypal, Domain registration, Hosting)
• Adwords
• Analytics
• Adsense
• Private Calendar

Entering your email and password into a form on a 3rd party site is a security liability.

Asking your customers to do it is a security liability for them, thus a business liability for you.

Stompernet are the first in the “Internet Marketing” niche that I am aware of to use a legitimate, safe process for gathering contacts for use with incentive based Tell-A-Friend, and do it better than Twitter, Facebook & LinkedIn.

Probably due to time constraints, one visible blooper is that they haven’t registered with Google (I am not sure of the procedure), and it might take a while to process.

Here is the email that gets sent to your friends.

It would be good if there was a way to edit it before sending

I Skipped Something

The observant will notice I skipped the import stage as I felt it wrong to crop the image, for impact. Whilst I am on a lot of email lists, and have a fair few contacts, I don’t think this situation is unusual.

This is going to be a usability issue with almost any primary email account used by an online marketer., unless they are ruthless with their email list pruning.
The more ghetto version doesn’t have this usability issue, because emails are filled out within the native email interface.

The script that Stompernet are using is Octazen which looks very capable, and they list lots of social networks among their customers. They also have a WordPress plugin though I am not sure of the capabilities – something I will be looking into myself.
I have no idea why so many sites still ask for passwords. Maybe they are using an old version of the script that doesn’t use the APIs for some reason.
I must admit that acted as a negative advert for them – I had been to the site previously, seen the logos for Twitter and LinkedIn – remembered how bad their systems were asking for Gmail passwords, and just ignored them.

Oh… that list of contacts – this rivalled John Reese’s 40 page Traffic Secrets sales letter… around 40 pages in this screenshot, though that only takes us up to letter “T” – my screengrab software was having problems with a file over 30,000 pixels high.

Gmail Imported Email Addresses

Allow Twitter to Scrape Your Personal Information In Gmail

I have written extensively about the problems associated with Viral Tell-A-Friend systems. People are becoming careless with personal and business security, and soon adding an email and password to a box will be as common as handing over an email address… but with dire consequences.

My opinion, Techcrunch shouldn’t publish what they found in Twitter’s undie drawer… but only with the provision that they remove the hypocritical viral tell-a-friend, and encourage other startups to do the same… until they learn to use APIs correctly.

Dopplr manage  to use APIs for TAF without the massive funding, and Gigya seem to have some API support.

Let something good come of this, and get all major social sites to stop scraping 3rd party accounts as well.