Loading Profile...
Can We have Mashups without Phishing, Pls?
I contacted the developer of a 3rd party website that's asking for twitter usernames and passwords, in a context that seems completely unnecessary. This was his response:
"It's true that it is not absolutely necessary to get the password, but Twitter only allows 70 requests per hour for each user. So I could always use my information to retrieve everyone's friends lists, but after a few people view their friends, my account would not work for an hour. If you know that Twitter has changed their policy please let me know and I will get it changed. "
His tool displays an individual's friends' tweets in a creative way. For what it does, all he should be asking for is a username. Or at least, some kind of openID-style solution for validating the user.
The road to mashups should not be paved with password phishing. Twitter, what should he be doing differently?
"It's true that it is not absolutely necessary to get the password, but Twitter only allows 70 requests per hour for each user. So I could always use my information to retrieve everyone's friends lists, but after a few people view their friends, my account would not work for an hour. If you know that Twitter has changed their policy please let me know and I will get it changed. "
His tool displays an individual's friends' tweets in a creative way. For what it does, all he should be asking for is a username. Or at least, some kind of openID-style solution for validating the user.
The road to mashups should not be paved with password phishing. Twitter, what should he be doing differently?
I’m angry
2
people have this problem
I have this problem, too!
Tell me when someone solves it.
The more people who report this problem, the more it gets noticed.
The more people who report this problem, the more it gets noticed.
-
Inappropriate?Twitter really needs to start doing oAuth or something to prevent the typing of user passwords into other people's websites. It's really bad, and it discourages me from using services like BrightKite to the fullest because I refuse to compromise any of my online passwords.
I’m worried about phishing
