Wednesday, 11 August 2010

I've been scammed! A follow-up to Twitter Auth Issues

This is a follow-up post to Social Network Authorisation Needs to Change.

Having written the above post over a month ago and considering myself to be quite net-savvy, I'm hugely embarrassed and mortified to admit that I've just been victim to a Twitter-related scam. This is the scam site that duped me: It's safe to browse to it - JUST DON'T LOG IN!

I received a Twitter Direct Message (DM) from a trusted friend that invited me to go to the site so that I could sign up to be an iPad tester. At the end of the test period I would get to keep the hardware. Superb! Yeh, right.

My spidey-senses were working well enough that I didn't complete the in-depth financial survey they put in front of me. What did happen, however, was their servers sent DMs to, presumably ALL, my friends inviting them to do the same. Needless to say that this was without my knowledge - let alone my consent.

Twitter, seriously guys, this needs to change quickly otherwise you're going to go the way of Facebook.

The access granted to my account for an application needs to be segmented and I need to have the ability to REVOKE any aspect I'm not entire happy with at login time. For instance, the shill application in question should have had to request DM read / write access during their registration with Twitter. This should then have appeared as a checkbox on the Twitter OAuth screen. I would then have unchecked it.

Feeling rather violated now but, hey, how was I to know? I currently just have to put my trust in the application developers and I don't think that's either fair or sustainable.

No comments:

Post a Comment