Tweet Crunch

Back in July last year drop.io tried to address and petition Twitter about the potential security issues that they came across when making a new service tweet.io.

A new feature launched at drop.io on July 30th, 2008 will add the ability for individual drops to have an external service subscribed as a notification system. Over the course of developing this system we noticed that Twitter doesn’t provide a method for software developers (that’s us) to store their user’s information securely in an external database. The only public method for integrating drop.io with Twitter requires us to store and to send the user name and password in plain text. This offers little to no security for that user’s uniquely identifiable information. This means that it would be possible for an unknown user on a network to monitor your session and connect that twitter user name and password directly with that drop.

At the time Twitter was struggling to stay up, and with all the top blogs whale spotting I guess this issue got put to one side. Now with the recent phishing attacks the focus has once again turned back to the security of the service with the developers and Twitter currently engaged in heated discussions, all we can do as users is watch a wait to see what happens. As you can see from above, Twitter have known about it for some time and have a solution in the pipeline which will hopefully come very soon.

On a personal note before a site makes it to TweetCrunch we always read the terms of service, check the twitter account for the company, use twitter search to find out what people think and finally look on Google, if the service doesn’t have any one of these and I have no traceability then it doesn’t make it to the site, I guess it’s what everyone else does but you should also be checking these things out yourself, Twitter search is a really useful tool to get the latest information about anything.

Another thing that you maybe want to do is create a second Twitter account for testing these new services before you are ready to make the full leap over, maybe that’s a little bit extreme but it’s a potential quick fix for your piece of mind.

Moving back over to the Phishing problems, here are some basic tips to avoid becoming the bait;

• If you have it switched on remove the auto follow feature, if you don’t follow them they cant send you dm’s a lot of the people who would have had the phishing scam will have been people that auto follow.
• Always check the user out first by reading through previous tweets, making sure that all of them don’t come from rss to twitter if it is a spammer then you can report them to Twitter.
• If you do get a direct message from someone thats on your list check it out first before clicking, and never put your passwords into anything without reading the terms of service or doing a background check.

Lets hope these issues can be sorted out soon…