People sharing Twitter passwords with rogue friend apps has been a problem for a few years – I have written quite a few posts warning people of the dangers of sharing passwords with insecure apps, and have also been critical of giant social networks continuing the practice of scraping data from other services using standard password authentication.
Thus I am glad to see Twitter will switch off access to their API using standard authentication of username and password, and providing access only by OAuth.
For that I applaud the Twitter team for taking a positive step for online security.
Do As I Say, Not As I Do?
Twitter are still scraping friend information from email accounts.
It doesn’t matter what they claim they scrape, or that they claim to not store the information
- Not using OAuth is now totally hypocritical
- Twitter have been hacked in the past
- A few hundred million people giving up their email passwords is quite a valuable target
I realise Facebook only fixed their Friend Finding / Tell-A-Friend system after they purchased Octazen (and shut it down to new customers), but if Twitter expect their developers to use OAuth, the least they should do is use it themselves.
Just saw this in Facebook – I know that Skype contacts are hardly the key to your online business like a Gmail account, but I thought they were finally past all this account scraping crap.
Facebook sucks for privacy again… well even more… well you know.