An excellent point that some of us at work were discussing a few weeks ago, there are SO many dodgy looking sites asking for twitter credentials to do who knows what with it's scary!! It's like phishing attacks without even pretending to look like something else :)
Will definitely aim to talk about this in our next Instantiate Podcast. JM On Jan 4, 5:06 pm, Elias Bizannes <elias.bizan...@gmail.com> wrote: > Hi everyone, > > I personally believe Twitter is being irresponsible by creating an > ecosystem off their API without creating appropriate safeguards to > protect users like us. I am looking for some Aussie bloggers to help > me make some noise. The silicon beach community literally turned the > fight against the clean feed to a whole new level, so I'm looking for > us do it again by creating a better Internet through example. > > Quick background: > For you to give access to things like third party apps (like Twhirl), > you need to give up your login and password. As has been reported in > the tech news this last week, there have been security breaches of > people taking your Twitter password and selling it and the like. A > simple change to their API can avoid this bad password anti-pattern. > > With delegated authunentication or through the use of an open standard > called "oAuth" you can actually allow websites to access your data > without you needing to give up your password (by simply giving them > permission through the Twitter interface). What happens is that > instead of you punching in your password, and giving some random your > personal details which they can then take advantage of, you can > instead have them request Twitter for authorisation, and you can > simply click a button saying "approved". > > I will be posting something on the DataPortability Project's blog > about the issue and hope to give it some attention. The more people we > have posting a synchronised blog post, the better chances we can turn > this into news and get them to pull out their finger out. I know for a > fact the only reason they are not doing this is because they don't > give it a high enough priority - but of course they don't, as it's not > them hurting but us. With a bit of awareness, we can make people > realise there is a simple way to fix a very serious issue, which is > comprimising your online identity. > > I've already had to change my passwords a few times due to third party > apps, and I am sick of doing it, and it annoys me when I know I don't > need to do it! > > Please contact me if you are willing to participate. For those looking > to get a bit more exposure of their blogs, this is a good way to do > it :) > > Thanks! > Elias --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Silicon Beach Australia" group. To post to this group, send email to silicon-beach-australia@googlegroups.com To unsubscribe from this group, send email to silicon-beach-australia+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/silicon-beach-australia?hl=en -~----------~----~----~----~------~----~------~--~---
