Twitter this week was abuzz around the launch of a new site that ostensibly provides you with a numerical ranking, based on your followers, those you follow, and their collective clout.

Twitterank, like Twitter Grader
and others, is trying to deliver some kind of service to separate the
influential from the less influential, as if we need more ways to do
that. But the piece that has everyone stirring about their goals is the
fact they ask for your Twitter user name and password. Today, I checked
out Twitterank, just like so many others, and gained a numerical score
that may have no value at all. In that process, I trusted the developer
and the site with my Twitter login data, and frankly, that’s of no
issue to me in any way. As I said the other day, I believe people are inherently good,
and if you’re trying to harvest a host of passwords, Twitter wouldn’t
be the place to do it in secret by any means. So I have no concerns.

The
whole concept of Twitterank is questionable. First, why would anybody
care what their rank was? Second, what would a numerical score of 50
mean? What about 100 or 200? No idea.

Additionally, the
service’s default checkbox that sent the results of your Twitterank
score to Twitter surprised many people, myself included. I was just
checking out the service to see what the fuss was about, only to find
people making comments on my Tweet, which had made its way to Facebook and FriendFeed as well. Sure enough, my Twitterank of 230.65 had been released in the wild.

So
the service itself has some oddities, even if it was my fault I left
the box checked. But in my opinion, that they ask for your login
credentials isn’t one of them. Many other third party services, from Twitter Karma to Social Too
ask for your Twitter login and password. According to developers at
those sites, the goal isn’t to load up on user names and passwords, to
start tweeting under your ID, but instead, they are forced to thanks to
Twitter not having implemented OAuth. Twitter Karma writes:

“Unfortunately,
until Twitter implements OAuth, applications that act on behalf of
Twitter users, such as Twitter Karma, require your Twitter username and
password to access your data.”

But the concern around such
a new service, which initially didn’t have a name associated to it, had
many wondering if its goals were nefarious. ZDNet called Twitter users gullible, and Mashable asked if the service was stealing your password.

The
downsides of somebody hacking into my Twitter account and getting my
credentials are low to begin with. In theory, if my account were
compromised, they could Tweet on my behalf and make me look like a fool
for some time, until I managed to get to Twitter support. In the
meantime, you’d be sure to hear about it, and I assume others would be
vocal in my favor. Another concern would be if you or I used the same
login and password combination on other services. The perpetrator could
then guess your ID on other services, or even access your financial
records or anything else sensitive. But again, given the other Twitter
developers’ comments in regards to OAuth, I tend to believe this is
something the coders are working around, and I don’t think this is a
mass account grab.

Late this afternoon, following the initial
voiced concerns, the author rapidly put together a blog post answering
some questions. See “Some follow up������
In that post, he, like Twitter Karma, points back to the microblogging
service’s limitations in terms of needing the user name and password
combo.

“There are ways for Twitter to make that data
available without requiring you to give out your password to 3rd party
sites (Facebook, Yahoo! and others have such systems) but Twitter
doesn������t yet offer those options to developers. As soon as Twitter
adds more secure authentication mechanisms, I������ll switch to that.”

As
right as we are to be smart about where we put our login data, I don’t
think we should be so quick as to raise questions about what people’s
negative motives could be. For every 1 bad apple, there are easily 99
good, and the bad apples don’t usually get away with nonsense for too
long. As for those of you who really do want to tweet on my behalf,
send me an e-mail, and just maybe I’ll give you my password. Or not.

Support VatorNews by Donating

Read more from related categories