On 8/18/10 10:55 PM, Eric Marden - API Hacker wrote:
> On behalf of the Internet. Thank you.
>
> ~e
What it all boils down to is that once you Allow for Read, the
application can do *anything* in your account that the API can do with
a GET, and if you Allow for Read/Write, which most applications do
even if they only read, the application can also POST and DELETE. It
can follow, unfollow, block, report spammers, read your DMs, post DMs,
edit your lists, and, of course, tweet. And I'd also venture a guess
that most "typical Twitter end users" don't know how to get to
Connections/Settings and revoke access.
So I think another "developer principle" needs to be to clearly state
which of the many available actions an app can take "on behalf of the
user", how to detect if the app has taken other actions, and how to
revoke access. Twiffiency semi-clearly stated that it was going to
tweet, but it most certainly did not state what other actions it was
going to take to compute the "score."
--
M. Edward (Ed) Borasky
http://borasky-research.net http://twitter.com/znmeb
"A mathematician is a device for turning coffee into theorems." - Paul Erdos
"A mathematician is a device for turning coffee into theorems." - Paul Erdos
Quoting Daniel Ribeiro <dan...@gmail.com>:
> It would be nice to have something that make things clearer to the
> user that the requesting app is requesting write rights. Like a big
> red warning on the Deny/allow page.
>
> On Aug 18, 6:17 pm, Tom van der Woerdt <i...@tvdw.eu> wrote:
>> +1
>>
>> On 8/18/10 10:55 PM, Eric Marden - API Hacker wrote:
>>
>> > On behalf of the Internet. Thank you.
>>
>> > ~e
>>