A case against Twitter OAuth

It’s not a mystery that I have a problem with Twitter and their API. I never made that a “hidden agenda” of sorts: I always said publicly that they suck, plain and simple. Their API is full of holes, bad bad designs (like returning blocked content to the user and requiring applications to do their filtering) and they insist in aiming for new, stupid features while leaving a lot of bugs behind. Personally, I think their programme manager should be fired and get someone with at least half-brain to lead their development.

But there is one thing that is really annoying me as a user and they never tried to solve: Applications that require write access even when all they want is to read your data to do some calculation. Do they really need write access? No, they don’t. All they want is that access to spam your account without your consent. And don’t even tell you what they want to write on it.

Take, for example, this application (and I recommend you to not put your account info there). Simply put, it tells you who you’re following that are not following back (and who is following you and you’re not). All good and such but, in the end, it posts, on your timeline, a spam back to the site. In no point, the app told me that and in no point I was able to configure what kind of access I’d give to that app.

Not only they took away the user preferences over their own account, but the authorisation screen is so empty and devoid of information that it doesn’t even say what the application do, much less why it wants read or write permissions.

Unfortunately, I don’t think Twitter will ever fix that. Forcing applications to declare that they require write access to post spam (with any more “friendly” terms) would ruin their “ecosystem” and reduce the number of applications. At the same time, adding a preferences pane to the user account would be “unnecessary” ’cause applications should “behave”.