Dear Twitter, I appreciated your email this morning. It was the most concise update email I’ve ever received from a company, and it made perfect sense. OAuth is great, and it’s about time you’re using it. Because if I’m a fan of Twitter and the apps are there to make my life easy, the trust in giving away my password to a 3rd party site is based on existing Twitter-User trust. And this is better brand protection. Nice work.
[update: learned that Twitter OAuth does not support decentralized applications, so it’s not purely a beautiful thing for all developers or users, but it’s OK. since I only understand a part that scenario anyhow 😉 ]
Update 1: New authorization rules for applications
Starting August 31, all applications will be required to use “OAuth” to access your Twitter account.
- OAuth is a technology that enables applications to access Twitter on your behalf with your approval without asking you directly for your password.
- Desktop and mobile applications may still ask for your password once, but after that request, they are required to use OAuth in order to access your timeline or allow you to tweet.
What does this mean for me?
- Applications are no longer allowed to store your password.
- If you change your password, the applications will continue to work.
- Some applications you have been using may require you to reauthorize them or may stop functioning at the time of this change.
- All applications you have authorized will be listed at http://twitter.com/settings/connections.
- You can revoke access to any application at any time from the list.
Update 2: t.co URL wrapping
In the coming weeks, we will be expanding the roll-out of our link wrapping service t.co, which wraps links in Tweets with a new, simplified link. Wrapped links are displayed in a way that is easier to read, with the actual domain and part of the URL showing, so that you know what you are clicking on. When you click on a wrapped link, your request will pass through the Twitter service to check if the destination site is known to contain malware, and we then will forward you on to the destination URL. All of that should happen in an instant