This is an excellent point.
--
------------------------------------ personal: http://www.cameronkaiser.com/ --
Cameron Kaiser * Floodgap Systems * www.floodgap.com * cka...@floodgap.com
-- Sarcasm is a spiritual gift. -- Paul Austin --------------------------------
No, this doesn't solve the "what happens when I initially authorize
this app" problem.
imho, "buyer beware".
-Chad
I also think it should require that reasonable terminology is used.
For example on twply.com the question "Support Twply on your first
login?" does not make it clear that this means they'll post a tweet as
you promoting themselves.
-Stuart
--
http://stut.net/projects/twitter
2009/4/16 Rod Begbie <rodb...@gmail.com>:
Oooh, I really like this a lot. Maybe even a total number of people
that have authorized the app vs. revoked access (in addition to
showing those in your friends/followers network). Not sure if you
would want to track "denies" as well?
Thinking along these lines... what if, in the "Connections" tab, each
user were able to rate each app they've authorized on a 1-5 star
scale? Then the auth page could show the average rating by users, or
something like that...?
Regarding my "buyer beware" comment:
I do agree that some/most of the onus is on Twitter to communicate
what exactly is happening (I'm also for stronger language), but users
do have to use their brains at some point and quit blindly trusting
everything that turns their mouse into a hand-pointer.
Also, I don't condone sketchy activities like forcing an auto-follow
without disclosure, so please don't think I'm defending this behavior.
-Chad
--
Alex Payne - API Lead, Twitter, Inc.
http://twitter.com/al3x
Thinking along these lines... what if, in the "Connections" tab, eachuser were able to rate each app they've authorized on a 1-5 star
scale? Then the auth page could show the average rating by users, or
something like that...?
Darn, you foiled my evil plot! :)
-chad
1. create a directory of known/good apps and promote the ones that are
"safe" (see Facebook)
2. layer in social awareness into the authorization screen so people
have a better sense whether to trust an app
Here's my mockup for #2:
http://www.flickr.com/photos/factoryjoe/3448360090/
Agreed.
> I would definitely support greater disclosure here, but would avoid
> the checkbox model of authorizing different levels of access (http://
> www.flickr.com/photos/factoryjoe/2601626420/sizes/o/).
Why is that? Do you have any evidence against it?
My own (limited, informal) testing tells me people feel more in
control with checkboxes.
> Instead, you should allow the application developer to pick the
> appropriate API access level it needs (read only, posting, friending,
> direct messaging, all access) and then provide that language to the
> user upon authorization.
You mean, like the Flickr example, yeah?
http://www.flickr.com/photos/factoryjoe/3295727080/sizes/o/
My preferred implementation would not have them as 'levels', but as
'options'. They're different components or aspects of the
functionality.
Some apps need to change your profile, but most don't. Some apps need
to send tweets but not do anything else. Some apps need access to
everything. I'm building an app at the moment where all I need is to
know you own the account. Anything else is superfluous to my needs,
but any user that authorises my app will be giving me the valet key to
the kingdom.
I want to be able to pick the options my app needs in order to work to
fullest effect, and display them to the user as checkboxes. In my
OAuth admin panel, I indicate which functionality is required and
which are just 'nice-to-haves'. Twitter presents the form to the user
as options and indicates which are required for the app. User picks
want they want and validation determines if they meet the minimum for
my app.
I think OAuth tends to have the exact opposite user experience problem
as OpenID. OpenID needs to be faster with less options, whereas OAuth
is rushed and doesn't offer the user enough involvement.
I realise the above is far more work than simply stronger wording on
authorisation form, but I think something of that nature offers a far
superior experience for our customers.
Lachlan Hardy
+1. As soon as I add another option/checkbox/knob to tweak in one of
my apps, there's an outcry of "it's too complicated" and they never
come back. I love checkboxes, and there are certainly those that like
to have super control over everything, but I'm afraid we are in the
very very small minority.
I think "Allow" or "Deny" is all that most people will be able to
handle, so having the appropriate copy surrounding those choices is
the key thing.
-Chad