Christian Heilmann

Posts Tagged ‘misunderstanding’

Twitter privacy, protected updates and TweetEffect

Thursday, January 29th, 2009

I just got a very concerned email (60 pixel font) telling me off for displaying protected updates in TweetEffect. The person was to say the least, very ticked off at seeing their protected updates in my application and threatened to do “something” about it.

TWEETEFFECT.COM MAKES MY PROTECTED UPDATES PUBLICLY ACCESSIBLE.
THIS IS ABSOLUTELY UNACCEPTABLE TO ME AND OTHER TWITTER USERS!
HOW WOULD YOU LIKE FOR ME TO MAKE YOUR LAST 200 E-MAILS PUBLICLY AVAILABLE?
YOU WOULDN’T I ASSUME.
STOP IT, STOP IT NOW!
I WILL TALK TO BIZ STONE ABOUT THIS TOO, SINCE THE TWITTER API SHOULDN’T LET YOU DO THIS IN FIRST PLACE.
THOUGHT THE DAYS OF WARRANT-LESS WIRE TAPPING WERE OVER.
DO NOT ANSWER THIS WITH ANY KIND OF MARKETING/PR FLUFF, SPARE ME.
IRATELY YOURS {censored}
p.s.: your answer might get published in one form or the other, fair warning.

I was pretty confused as to me there was no way to reach the updates and I wondered what all the hoohah was about. Then it came to me: when either you yourself or any of your friends (followers that are allowed to see your protected updates) are logged in to twitter, the protected updates are visible in the API. This is perfectly logical but it is also rather flaky in terms of privacy.

The security of the updates is dubious to say the least. In order to get to protected updates all I’d need to do is either lure you or any of your followers into following a link listing your updates from the user_timeline, populate a DOM element or hidden form field with it and send it to my server via Ajax or even with a dynamic script (in case of JSON output). There is simply no way to deny that as that would break every twitter client that supports protected updates – even the more secure Adobe Air ones. I can get the list of your followers even if you protect your updates – changing this would make the intrusion harder.

Personally I don’t get protecting your updates. If you want to keep things out of the public, use a direct message. Twitter is there to tell the world what you do and this is what it does damn well. I like the simplicity of Twitter and its various channels in and out – it is a tool to spread information – however mundane. The protected updates feature is a bit of a glass shield, better would be to offer a new Twitter feature and API that allows you to group contacts – much like any IM client does.

Now the question is: shall I stop supporting update analysis for users with protected updates in TweetEffect? Technically there is nothing that I do that you don’t allow Twitter themselves to do and if you allow your followers to see your updates why not the analysis of your updates. The only problematic part is that your followers can be phished to give people access to your updates, otherwise this wouldn’t be much more scary than the old “display C drive in IFRAME” trick.

Jeff Croft hates standards! Typical designer, eh?

Thursday, January 15th, 2009

I just had a wonderful time on the train home reading Jeff Croft’s Two Thousand Twenty Two post, following the whole trail of comments is like watching a TV show. I got to the end although there is a distinct lack of explosions, car chases, gracious nudity or even kittens!

In essence, Jeff (who is a top chap to meet in real life – let’s not let personal hygiene become an issue here) makes fun of an interview about HTML5 that he read:

Today, it was brought to my attention that HTML 5 Editor Ian Hickson, in an August 27 interview with TechRepublic outlined a timetable for the “new” spec, which began life back in 2003. Hixie suggests HTML 5 will reach the “Proposed Recommendation” stage sometime in 2022. Go ahead, read it again. It’s not a typo. Two thousand twenty two.

As a result, and mocking the, shall we say, adventurous outlook of seeing 2022 as an foreseeable goal young Jeff in his innocence managed to kick off a trail of comments that must have registered in some earthquake pre-warning centre in Southern California. He dared to say that he is done with reading specs and that today is more important:

I care about right fucking now. My clients care about right fucking now. Our users care about right fucking now. The only people that really give a damn about two thousand twenty two are people who write timetables for a living.

Potty mouth language aside, there is some truth to that. I was also pretty impressed with the following:

We’ve all learned a lot through this standards movement. We are now capable of identifying a good idea when we see it (like the namespacing of experimental CSS properties, for example). We are equally capable of knowing when something feels inelegant (like maintaining different code bases to achieve the same thing in multiple browsers). Our bullshit radar is strong these days. We don’t need a spec to tell us whether something is useful or not (XMLHttpRequest was incredibly useful, despite not being a ‘standard’).

Check out the post and especially the long trail of comments. It reads like the oh so classic misunderstandings we have to deal with every single day on the web: humour and sarcasm and irony do not translate in online reading unless you really lay it on thick. There’s the “oh I understand, I really have nothing against you personally”, there’s the “read the thing again, you missed the point”, there’s also the “people will quote this wrongly” which is sadly enough the case.

So, before you bring the pitchforks and torches: Jeff is not a traitor to the cause and he is not the “designer that doesn’t get standards as they want their own stuff all the time”. It was a funny sarcastic remark that shows just how inbred a lot of discussions around standards have become.

A standard to me is an agreement between several parties to deliver a certain task to make it easy for all parties involved to deliver to the best quality with the least effort. It is something to take out the random element of any delivery and battles having to learn the details before delivering a job we should be able to deliver easily as we’ve done it before. Not more and not less. It is about aiding working together, making handover very easy or even obsolete and making sure that what we build works where it is supposed to work.

What messes with our goal is that we are moving fast and innovating a lot whilst the market we cater for is less happy or able to keep up with our pace or doesn’t see the need for being up-to-date. This is the real issue that needs solving.