Source of Direct Messages
0 views
Skip to first unread message
Jesse Stay
Jan 5, 2009, 5:01:51 PM1/5/09
to twitter-deve...@googlegroups.com
In light of the current Phishing scheme, for the sake of my app and others, can Twitter include the source of the DM in the XML returned? At least this way I could start sending my App source id in the feeds so users know which apps DMs come from, and which ones are not identified. I recognize it's not a perfect solution, but it is one way I can prove to my users my own app is not compromised (yes, users are asking out there, and they're asking about many other apps as well). It's also one way my users can let me know if they find out for some reason it has been compromised (knock on wood).
Thanks,
Jesse
Thanks,
Jesse
Julio Biason
Jan 5, 2009, 10:22:37 PM1/5/09
to twitter-deve...@googlegroups.com
The source parameter means nothing. I can change Mitter to identify
itself as Twiterrifc, for example. If they take a road like that, some
spammer can change the parameter to, say, YOUR application and your
users will flock to something else (but, most probably, spammers won't
use any source, meaning the source it's the website itself -- which
proves nothing.)
itself as Twiterrifc, for example. If they take a road like that, some
spammer can change the parameter to, say, YOUR application and your
users will flock to something else (but, most probably, spammers won't
use any source, meaning the source it's the website itself -- which
proves nothing.)
--
Julio Biason <julio....@gmail.com>
Twitter: http://twitter.com/juliobiason
Jesse Stay
Jan 6, 2009, 12:47:07 AM1/6/09
to twitter-deve...@googlegroups.com
On Mon, Jan 5, 2009 at 8:22 PM, Julio Biason <julio....@gmail.com> wrote:
The source parameter means nothing. I can change Mitter to identify
itself as Twiterrifc, for example. If they take a road like that, some
spammer can change the parameter to, say, YOUR application and your
users will flock to something else (but, most probably, spammers won't
use any source, meaning the source it's the website itself -- which
proves nothing.)
It's no reliable source of identity, but it would allow my users to let me know if for some reason my own app has been hacked. Again, this is perhaps something OAuth could make even more authentic. I'd just be happy, in the meantime, to have the field and let apps use it as they please.
Jesse
fastest963
Jan 6, 2009, 10:13:11 AM1/6/09
to Twitter Development Talk
Apps should get an API-key or something and then if they wanted their
source name included then they would have to use their API-key and it
would do a lookup key -> name from there?
That would only apply for apps that want their name as the source.
Also, if that could be implemented, an optional, source for DMs would
be nice.
source name included then they would have to use their API-key and it
would do a lookup key -> name from there?
That would only apply for apps that want their name as the source.
Also, if that could be implemented, an optional, source for DMs would
be nice.
Julio Biason
Jan 6, 2009, 2:57:36 PM1/6/09
to twitter-deve...@googlegroups.com
On Wed, Jan 7, 2009 at 2:13 AM, fastest963 <faste...@gmail.com> wrote:
> Apps should get an API-key or something and then if they wanted their
> source name included then they would have to use their API-key and it
> would do a lookup key -> name from there?
> That would only apply for apps that want their name as the source.
> Apps should get an API-key or something and then if they wanted their
> source name included then they would have to use their API-key and it
> would do a lookup key -> name from there?
> That would only apply for apps that want their name as the source.
Again, not a proper solution. My client is open source and the app-key
would be visible to anyone very easily. And no, I do not intend to
make it close just for the sake of "protecting the key."
Reply all
Reply to author
Forward
0 new messages