DISQUS

louisgray.com: louisgray.com: Twitterank Can Have My Password, No Questions Asked

  • CyndyA · 1 year ago
    I always switch my password out after I try this stuff, anyway. And I don't use the same password on any two sites. I do prefer the key thing that FF does. Tragic that I know THAT by heart.
  • Louis Gray · 1 year ago
    If it turned out that this was a password sniffing site, I would have
    admitted defeat, and gone around switching a few passwords. But it
    doesn't look like that's the case. I do know my FriendFeed API key by
    heart as well, but the best part is that my iPhone has it saved as a
    previous address, so sending pics via e-mail from there is a cinch.
  • Edwin Khodabakchian · 1 year ago
    Hopefully the highest people at Twitter will hear this and decide to up the priority of OAuth support.
  • Jesse Luna · 1 year ago
    Other issues include the silliness of rankings/ratings and how easy it is to discredit a new service. I retweeted a message about it being a possible scam or phishing scheme based off of a couple of other tweets. This kind of viral messaging is a large part of Twitted but can also lead to dis-information.
    @jesseluna on Twitter.
  • nicefishfilms · 1 year ago
    I think you just gave me a post for tomorrow- If I Was Louis Gray For A Day. Sending you an email now for your Twitter password. Don't worry, It won't hurt that much.
  • Adam Ostrow · 1 year ago
    Really? Many people use the same password for everything. Once someone gets it, they can use it to login to far more serious stuff than Twitter.
  • Louis Gray · 1 year ago
    Adam, I mentioned that: "Another concern would be if you or I used the same login and password combination on other services."

    My issue is that what Twitterank is doing isn't too much different than other services, and it's not malicious. The author is here: http://twitter.com/ryochiji

    Get Twitter on OAuth and this issue all goes away.
  • miketempleton · 1 year ago
    I replied to your comment on our blog and I'll do so again over here. I believe, like you, that people are inherently good, and if you look at all of the other Twitter apps and services that have done this, none of them have turned out to be evil.

    However, this is a good situation for Twitter to take note of and to work on implementing OAuth so we don't have to worry about someone actually running off with data.
  • Bwana · 1 year ago
    Exactly. This is Twitter's shortcoming. They need to implement OAuth ASAP.
  • Bwana · 1 year ago
    I really don't see why this is an issue now? I mean there' a bajillion services that interface with Twitter that require your username and password. FriendFeed, BrightKite, geez, there's a ton. This is a non-issue and I can't fathom why anyone would think about their password NOW.
  • Louis Gray · 1 year ago
    Bwana, you are of course right. There are a bajillion services that
    require Twitter credentials. The issue here was that the service was
    unknown, new, and had some odd comments in the source page that had
    people uncomfortable. After that, it was just typical lemming behavior.

    What!!!! Neiman-Marcus sells cookies? Microsoft is going to pay me to
    surf the Web!!!
  • Oliver Ortega Chua · 1 year ago
    Another downside to Twitter not supporting OAuth is that if and when you do decide to change your password (or username), you have to remember every other place that has it and update them all!
  • Hutch Carpenter · 1 year ago
    So if someone steals my password...I'll be tweeting viagra ads. So be it.
  • Richard Cunningham · 1 year ago
    Or someone will delete all your tweet history and all your friends. Then you ask twitter and they say they don't have way to recover that just for you.
  • Beth · 1 year ago
    ZDNet called Twitter users gullible

    ...which is hilariously ironic, considering they bought some guy's JOKE tweet and immediately assumed it was the twitterank guy.

    All they had to do was a simple whois search on the domain, and they could have even called the guy who made the site.

    People are such sheep - everyone follows the herd first getting their "rank," then they all collectively go into a frenzy over ZDNet's paranoid and unresearched speculation. It took me about 30 seconds to find the guy, and I'm a complete n00b compared to what I'd expect from the people at ZDNet. Of course, that's just one guy on the blog - talking out of his arse, like most bloggers. ;)
  • @JoeHobot · 1 year ago
    Great post my friend, I just think that its part of the game. Twitter is probably soon going to release advertising feature as well, and rank will determinate how much your profile is worth and not advertising skills :)
  • sciencebase · 1 year ago
    I think the twitterank, whether it was a scam or not (it probably wasn't), should serve as a wake-up call to everyone who thinks they are immune to phish
  • CraigK · 1 year ago
    Seems like a dumb gimmick site that has no purpose and could potentially be harmful in some way.

    Craig
    www.budgetpulse.com
  • Mark Evans · 1 year ago
    I'm just as guilty as the next person when it comes to handing over my username and password to use new and interesting services. I need to be a lot more careful, and change my passwords more often.
  • Richard Cunningham · 1 year ago
    The problem is not if you just trust the author of the site - but do you trust them to keep the site secure that no one can hack in and get all the stored passwords?

    In my experience many web developers have a poor idea of security, after all even long established web apps have security flaws like the ones in WordPress or this one I found in phpMyAdmin ( http://www.phpmyadmin.net/home_page/security.ph... )
  • Deepak · 1 year ago
    Here's a list of some applications that may have your twitter credentials:

    http://techtantra.net/2008/11/10-applications-t...

    IMO the real take-away here are - Twitter needs to implement OAuth and users need to be a little more careful who they give their credential to.
  • Jonas · 1 year ago
    How much is your twitter profile worth? http://tweetvalue.com
  • centernetworks · 1 year ago
    hi cyndy hi louis
  • tweetip · 1 year ago
    1st Tweets Chart... http://tweetip.us/lkvhi