Hacker News new | past | comments | ask | show | jobs | submit login
Show HN: Echelon – A safe way to manage your company’s Twitter accounts (echelon.io)
40 points by jalada on July 27, 2013 | hide | past | favorite | 41 comments



May I just suggest a different name (see http://en.wikipedia.org/wiki/ECHELON)


Forgot your password? Just visit our website http://itanimulli.com for convenient access to all records.


I must admit I didn't sign up yet - just read the homepage - but something that would be super useful on such a system is throttling tweets.

I've seen more than a few instances where an employee screws up or goes 'rogue' and either goes off on a rant or posts the same thing over and over. It'd be great to only allow employees to post, say, once per hour or whatever, so any problems could be contained.


Or an outbox that holds tweets for a time threshold or until approved by a second user. Both could help prevent issues from one employee.


Or perhaps an employee kill switch that deletes every tweet they've made in the last user-defined number of hours?


That is a great idea, thanks – will definitely add to the product ideas log.

-- Pete, founder, Pixie Labs


Interesting idea!


The invitation flow is very roundabout (even if you sheepishly admit it :-)), and the group account invitation doesn't seem to work at first. I tried to authorize a third-party account (inside of an anonymous tab) three times and the invitation didn't seem to be redeemed when I was redirected from Twitter to Echelon.

At first I thought something was wrong because, perhaps, you didn't set a "return to" URL to complete the invitation acceptance (which you should do if it's at all possible, to prevent your users from having to repeat an action). That was the behavior I expected since the invitation URL's log in prompt said "Sign in to accept".

What really happened is that the Twitter authorize call doesn't — in fact — trigger the acceptance of the invitation, it simply creates an Echelon account. I had to hunt down the "Notifications" section through the Menu while there was no sign where I had landed after the OAuth trip that there were any notifications waiting for me.

You should find a way to surface these notifications where you users are going to land after the Twitter authorize call, otherwise the experience is going to be as frustrating for them as it was for me — that is until they do the work your application should be doing for them: letting them know what actions they need to proceed with next in order to have a fully functioning account.

Now I have to say this is a cool app, I especially like the fact that individual user accounts are used and therefore everything can be logged so the whole team can be aware of the outgoing Twitter activity for each "group account".


This feedback is really useful; we've struggled to nail the process as it is generally very cumbersome having to sign in & out of Twitter accounts (but it's the most secure way, as opposed to XAuth, which would be a possible alternative).

The key thing here is showing the user they have a new invite/notification, which we will add ASAP.


Hi there, you're absolutely right, the invitation workflow isn't perfect yet. There's actually quite a lot of complex mechanics at play, given that a user can own a group, be an account IN a group and also a member OF a group.

We're working on some improved user journeys and they'll be rolled out soon. MVP, and all that ;)

Thanks,

-- Pete, founder, Pixie Labs


Working on something similar. A free Twitter manager for individuals/teams that includes analytics and scheduling. A couple of screens http://i.imgur.com/0bCOizS.png http://i.imgur.com/rYfCKdN.png Interesting to see how you've done things, good luck! :)


Echelon looks quite good, but needs to include Tweet scheduling before we would be able to make the switch.


Hi Polynomial, this feature is the one we're working on right now :)

-- Pete, founder, Pixie Labs


Most of our Tweets come from events where users are on iPhone or Android, so access to Echelon through a mobile app is essential.

HootSuite offers this already, and it's only a little bit more expensive than Echelon, so why should we switch? Genuine question as HootSuite has its own problems so I'm always looking for alternatives.


HootSuite is great, but it's also quite a hefty tool if all you need to do is let people tweet on behalf of n accounts. Also HootSuite works really well if you have a small team of people managing your social media but breaks down (or becomes expensive) if you need to give access to lots of people (this is where you end up with systems involving sharing lists of passwords!).

The idea behind Echelon (and its pricing model) is to promote sensible account security around the simplest of actions - tweeting. The bigger your team the more you pay but otherwise you can divide up your accounts however you want (different amounts of access for different people, etc).


What are the painpoints that you are suffering from hootsuite?


I don't have any use for this personally, but it sounds like a very good idea, congrats!


Thanks :)


Echelon is the name of a multi-country spy listening network that we here in NZ are part of. It includes the US.

"Safe" is the last thing I feel my data would be.


Erm, yeah, I think the name collision is a little too overwhelming, name change might be in order.


Yes I noticed this name collision too. At least we didn't call it ECHELON :)


Or PRISM.


Appreciate any feedback. We're only just getting started, there's a long way to go :)


The service seems counter intuitive. You advertise "The safe way to manage your company’s Twitter accounts." yet using the service would mean giving access to a third party. We all know that security is hard and you're creating online password manager - if it will be popular, it will gain unwanted attention.

Sure, you are using an access token and not a password for the accounts, but that's not explicitly said anywhere. I suggest you improve the trustworthiness of Echelon on the landing page.


The landing page mentions that you don't have to share passwords, which is what makes it inherently securer than...well...sharing passwords. Agreed that perhaps it could be clearer that by using access tokens, access can be revoked at any time via Twitter directly which removes the risk (compared to people stealing passwords).


See, I'm bit confused here. I understood it so, that as a user of Echelon, as I wouldn't have to give the Twitter account password to colleagues. But what about to Echelon itself? How can I be sure that the Echelon won't be compromised and all hell wouldn't break loose? Does the account have one Echelon app authorized which then works as a middleman to the users?


Since only the tokens are stored on Echelon's server, any compromise might do some damage (tweets, bio change, etc), but you will not lose the account's password.

So that's a pretty good tradeoff if you ask me.


They don't use https anywhere, not even on the oauth redirect back with the token in the header... isn't that.. bad?

How much you want to bet they are doing 0 encryption of the tokens they are storing on their servers.


Consider changing the sign in button to a contrasting colour (green?) - I'd wager you'll get more people clicking on it :-)


Well, you said any so: if I cancel Twitter sign-in on the homepage I get "The page you were looking for doesn't exist.".

Considering the image on the homepage is just a sketch, is the app actually built or not?


Thanks, I'll sort that.

Yes, it is. I agree that we probably need to add some real screenshots too :)


I've long thought there was a market for a product like this, but I figured it would be hard to get people to use it if they have to ditch their preferred twitter clients to post (if that assumption is correct).


We have some plans to address this so people can continue to use the clients they love.


Very nice, I like the flat design, but I don't think you're charging enough.


Agreed. Any company with enough employees to justify using this service can afford more than $10 a month.


I'll stick with HootSuite because of the functionality. It allows me to manage my Google+ pages, Facebook pages, and Twitter all in one place.

If you had the ability to do that, I may be interested.



How do you get rid of twitter's api limits, what if you have more than thousands accounts?


We don't...it's not particularly heavy on Twitter API usage. What are you thinking of?


I'm assuming he thinks of the token limit which is only for "traditional twitter clients" https://dev.twitter.com/docs/faq#10650





Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: