If geeks love it, we’re on it

I’m a bit bitter about everyone being a-titter about Twitter

I’m a bit bitter about everyone being a-titter about Twitter

Noooes!
Noooes!

Twitter is, as you probably know, a very popular microblogging service that asks one question that you can answer in under 140 characters: What are you doing right now?

There are various tools that help make Twitter much more useful, and then can turn it into a powerful platform for sharing content, PR work, keeping in touch with friends, and more. Creative programmers have come up with a variety of applications, both web-based as well as desktop software, to utilize the Twitter platform for some cool tricks.

The Twitter API is the interface used to connect to the Twitter “firehose”, the raw XML that contains everything in Twitterdom. In order for a programmer to do something useful with the Twitter API, the program needs your Twitter username and password to authenticate.

This has been understood since the first Twitter apps appeared on the scene, and until today, nobody seems to have had any problems with this simple system.

The Twitterverse was atitter and aflutter today about something called Twitterank. We started seeing tweets this afternoon that said “My Twitterank is 89.24!” with a URL to the Twitterank site, which then invites you to get your OWN TwitterRank.

Seems like many Twitter apps – harmless fun. People like to brag about numbers and influence – and other sites like Twitter Grader provide ample opportunity to show your friends up.

Everything seemed fine until a bit later on this afternoon – Suddenly the Twitterverse was lighting up like a christmas tree; “Scam!” they shouted. “Beware!” they cried. “Alert!” came the call.

ZDNet blogger Oliver Marks wrote a blog post calling Twitter users gullible. “WHAT?” I gasped… “SAY IT AIN’T SO!” I exclaimed.

Okay, okay I’m getting ahead of myself.

Let’s go back a bit – there’s this kid. His name is Ryo Chijiiwa. He works for a little web company called Google, based out on the west coast somewhere. You may have heard of it (they also require passwords for all kinds of things – watch your back.) Anyways, Chijiiwa-san seems like a cheeky kinda guy. He looks like he’d be fun to hang out with. He wears his long black hair in braided pigtails and has nerdy glasses. I’d definitely have a beer with the guy.

Anyways, he wrote Twitterrank. And he got cheeky on his site. His FAQ uses the big bad F-word, and he says his algorithm is vewy vewy secwet…. File this information for a second – it’ll be relevant.

Now, Mr ZDNet blogger guy gets a Tweet from some guy named Brian Oberkirch. Brian says:

“Twitterank is a vast conspiracy I created to steal all of ur passwords + shame Twitter into OAuthing. + make u look vain.”

Marks JUMPS INTO ACTION. “My gawsh!” he says “I think I broke a national security conspiracy here!” and writes his doomsday blog post. The big fat ZDNET logo on top adds 800 million tons of legitimacy, and the thing takes off like a rocket. Does he bother to do the most basic fact checking? Does he bother to find out that the author of Twitterank is Chijiiwa-san? No. He believes the random Tweet from Oberkirch and REPORTS IT.

People on Twitter see Marks’ blog post and go crazy. Now they are tweeting and retweeting to all their friends “TWITTERANK SCAM! #CHANGEPASSWORD YOU FOOLS! YOU FOOLS!” etc.

Here’s what I truly, from the bottom of my heart, fail to understand: People have been putting their Twitter username and password into all kinds of websites and desktop applications for months. TwitPic, for example, is a HUGELY popular service, sort of the defacto way to post pics in your Twitter stream. Nobody has ever once said “TwitPic is stealing your passwords.” Nobody suspects Tweetdeck (my personal favorite Twitter desktop app) of stealing information. Nobody gives a hoot about getting their Twitter Grade.

And why? Because no jokester took the time to say “Twitpic is an elaborate scame i rote to stel all ur passwords + shame twitter for using http auth lolz” and have that get reported by a major legitimate media outlet.

So let’s summarize, in true Twitter fashion. I’ll tweet the whole story:

  • Hay guys, Twitterank gives u a twit score. Mine is 110.23! Check it!
  • Looks like @brianoberkirch made a funneh. oops
  • Now Oliver Marks sez @brianoberkirch hacked twitter omgz
  • A MILLIONTY PEOPLE READ OLIVER MARKS AND RETWEETED IT
  • Everybody skurred nao

Listen people. Relax. Ryo is not going to steal your passwords.  You should be using unique passwords for every site you sign in to anyway. That’s just common sense for good security practice. Mr. Marks should do some fact checking before he irresponsibly claims the sky is falling and unwittingly making Mr. Chijiiwa the most evilest villain on Twitter for an evening.

As an unintentional social networking experiment, I find this whole episode fascinating. FUD (Fear, uncertainty, doubt) spreads SO QUICKLY on social media services, and made Twitter light up in a matter of four hours. Poor Ryo is probably unaware that any of this high drama even took place yet – I’ll probably wrap this up before he gets home from work.

Now, back to Twitter for more entertainment……

Comments

  1. Laurie Slade Giggle. Even if Ryo where evil incarnate, what is the worst he could do? Twitter as me and destroy my Twitter ranking? I'm sure he has better things to do than mess with my personal branding.
  2. Ryo Thanks for the great post! I think that's the first time I've been called a "cheeky kinda guy" :-)
  3. Isaac Z. Schlueter I've met Ryo. I inherited some of the code he wrote at Yahoo. He's a good guy.

    This FUD is silly.
  4. Brahm Windeler <cite>You should be using unique passwords for every site you sign in to anyway. That’s just common sense for good security practice.</cite>

    To quote <a href="http://www.dieselsweeties.com/print/?date=20080811"; title="Diesel Sweeties in print 2008.08.11" rel="nofollow">Diesel Sweeties</a>: "Have you <b>met</b> people?"

    That's exactly the problem. Given the myriad accounts people have these days, passwords are a pain to remember, while you or I may not reuse them, many people <i>do</i>. That <i>is</i> the reason OAuth and OpenID were created. That tweet regarding "shaming Twitter into OAuthing" may have been made tongue-in-cheek, but there's a grain of wisdom in that remark.

    And while the article is a bit sensationalistic - calling Twitter users "gullible" and focusing only on the newly Twitterank site - in reality all of these sites that use the Twitter API are just as guilty... and that actually makes the problem worse. The problem is bigger than just whether you know enough about all of the people behind each and every Twitter API based site to trust them. It's also encouraging the general practice of giving out a password for one site to a third party site. And just to be clear that I'm not singling Twitter out, sites that ask for your Yahoo/Google/Hotmail login and password to extract contacts from your address books to find potential nodes in a social network are just as guilty of this.

    Sorry if I'm coming across as being too pedantic. It's my paranoid nature and information security training coming through. Of course, as they say, it's not paranoia if they really are after you.
  5. Brahm Windeler Um. So, apparently your site doesn't like my markup. Sorry about that.
  6. primesuspect
    primesuspect @Laurieslade: I agree. That's my take on most of this stuff

    @Ryo: Thanks for commenting. As we say here in Detroit: Ryo Chijiiwa is good people. ;)

    @Brahm: Anybody who quotes Diesel Sweeties is okay in my book. I absolutely agree with you that the spotlight of shame should be brought on Twitter for not using an open authentication system. Hopefully when this all shakes out, that will be the good that comes out of this hilarity.

    Major sites such as Facebook, LinkedIn, and Myspace all do that - they'll ask for your gmail/hotmail/etc login so they can search your address book for friends. You are absolutely right. It's not acceptable.
  7. Thrax
    Thrax LOL Twitter drama. It never fails. People + melting pot = drama.
  8. pseudonym
    pseudonym Awesome. I'll buy Ryo a beer if he ever makes it to ICHQ.
  9. Linc
    Linc @Brahm: Sorry 'bout that, markup fixed. 'Twas a bug in the comment parser; platform is still new :)
  10. Jesse Luna I think this got started when a few people complained that the program had posted unauthorized tweets to their timeline. They didn't see the little checkbox perhaps? Then the next tweets started calling it a phishing scam. I was one of the guilty early retweeters of the alleged spamming so shame on me.
  11. BlackHawk
    BlackHawk
    @Laurieslade: I agree. That's my take on most of this stuff

    @Ryo: Thanks for commenting. As we say here in Detroit: Ryo Chijiiwa is good people. ;)

    @Brahm: Anybody who quotes Diesel Sweeties is okay in my book. I absolutely agree with you that the spotlight of shame should be brought on Twitter for not using an open authentication system. Hopefully when this all shakes out, that will be the good that comes out of this hilarity.

    Major sites such as Facebook, LinkedIn, and Myspace all do that - they'll ask for your gmail/hotmail/etc login so they can search your address book for friends. You are absolutely right. It's not acceptable.
    None of that @'s bs here on the forums. Use quotes like normal people.

    The nerve. :shakehead
  12. primesuspect
  13. Lucretia Pruitt Well said - sadly, he wasn't just villainized for a night. I used twitterank today and got 2 dozen "OMG!! that's a Phishing site! Quick! Change your password!" DMs.

    Seriously people... why check the facts?

    If Mr. Chijiiwa had monetized his site and Mr. Marks had done that? He could've faced a serious libel suit - because it did damage the reputation of the site and Mr. Marks didn't do any diligence or fact-checking whatsoever.

    Horrid.

    Personally, I'm saddened that there was no real repurcussion for Mr. Oliver Marks - if
  14. Ajax Jones If twitpic did steal usernames or passwords or if twitpic got pissed off when twitter release their picture service, would it be enough to harm twitter? How many of those people use the same ebay/paypal combo as well !!

Howdy, Stranger!

You found the friendliest gaming & tech geeks around. Say hello!