

Tweeting on behalf of users is bad - julien
https://gist.github.com/4218760

======
droithomme
> I am not putting the blame on Prismatic, but on this crazy system that
> allows machines to post on my behalf.

I would put blame on Prismatic for sure.

It makes sense for Twitter to offer an API for me to authorize a third party
application to access my Twitter account to post. This is how we have various
twitter applications that post on our behalf. But we are in control of it.
Popular Twitter apps on the iPhone for example are used for posting and
managing accounts and are in control of the user. Because this API has a
useful, valid and ethical use, the blame can not be on Twitter for offering a
sensible functionality that benefits users.

What this article describes though is an unethical practice of misusing
Twitter's API, and abusing Twitter's auxilliary function as an identity
platform, in order to hijack random users' accounts and impersonate them for
the purposes of pushing unwanted advertisements towards fourth parties (their
friends and subscribers) under false pretenses.

The practice is clearly wrong, clearly fraudulent, and should be illegal,
under legal principles banning impersonation for fraudulent purposes. It is a
serious crime that should be punished not just with fines but with prison
time, as identity theft normally is. The fraudulent purpose of this practice
is inherent in posting on one's behalf without the person wanting or intending
that, regardless of whether the hapless and naive users were tricked with a
confusing and opaque 20 page long dubiously valid click-through legal
contract.

Whether it is illegal or not, it is unethical. Companies that indulge in such
fraudulent practices, regardless of the desirability of their products, should
be permanently shunned in order to punish unethical practices when there
exists a castrated corporate controlled legislature and judiciary that is
unable to properly regulate companies engaging in fraud.

------
btilly
There is a simpler way to put this.

Don't put words in my mouth. Ever. If you try, I will hate you. Even if you
think that I have given you permission, I will hate you if I do not get a
chance to review and approve those words. Because it is my mouth that they
will appear to come from. And I value my reputation.

------
arscan
_"We don’t tweet on behalf of our users."_

Then why do they explicitly ask for permission to do so when authorizing to
your twitter account?

I'd be a bit harder on Prismatic than Julien... their entire service is based
on trusting them with your social network data. This is a pretty serious
violation of that trust.

~~~
eternalban
Really wonder about people who see this and still click through:

    
    
       This application will be able to:
    
       * Read Tweets from your timeline.
       * See who you follow, and follow new people.
       * Update your profile.
       * Post Tweets for you.
      

This sort of intrusive access is really not even necessary, is it?

New people: DM the user that you think this is a good person to follow. (Link
to some samples that triggered the recommendation would be nice.)

Profile: can't even imagine what/why of this one, but again a private DM with
"suggest you use this profile because of ..." is perfectly serviceable.

Tweet on my behalf: No thank you.

~~~
jcomis
Whenever I see requirements like that it almost always changes my mind about
the app.

------
justinhj
Prismatic are doing something wrong with the way they message the sender or
the recipient because when I clicked a button saying 'invite these friends' I
didn't realize it was going to Tweet them all DMs. I got about 10 messages
varying from "have you been hacked" to "don't spam me".

------
tobyjsullivan
I agree this is a huge problem today. A classic symptom of wanting to see
short-term gains (a jump in sign ups when auto-posting is pushed live) with no
regard for long-term effect of a bad user experience.

Luckily good sites don't do this and I do like that social media permissions
are evolving. For example, usually when I authorize an app with Facebook, I
can separately choose to connect and who sees anything they post (which I have
defaulting to no one). I hope that trend continues on all fronts.

------
cdooh
I wouldn't have taken this as lightly as he has. I mean 100s of tweets in a
short while is not just a simple coding error. It was built in. Jullien is
right, great product don't need to auto-tweet to grow

~~~
bradfordcross
it's not a bug, its a setting. it's just evidently poorly designed. :\ we're
fixing it.

~~~
droithomme
You are very persistent in defending unethical behavior. This is not uncommon
among startups, the various companies that were stealing users Address Book a
few months ago were likewise claiming both "everybody else does it" and
"there's nothing wrong with this, we are justified".

You should not be impersonating people, it's unethical, and should be a felony
when done without consent for monetary gain.

That you feel it is justified shows you are currently in a state of delusion,
blinded to ethics and respect for your customers.

~~~
azylman
Nowhere does he say that it's justified. Cut the man some slack.

My interpretation from reading this whole thread, the associated article, and
some comments is that there's an option for users to invite their Twitter
followers/share activity, but the messaging around it is unclear or something
(maybe a bug?) so people didn't realize they were doing it. And now it's being
fixed.

That's hardly intentional unethical behavior. Saying someone is "in a state of
delusion, blinded to ethics and respect" is WAY out of line for someone whose
product had either a UX or technical bug, who apologized for it, and who is
now trying to fix it.

~~~
droithomme
I actually read his Twitter feed before posting. It was massively vandalized
by Prismatic, who was clearly impersonating him.

The claimed bug is that the were not clear in getting permissions. That is
completely irrelevant to the core of the principle here. _They are
fraudulently impersonating him, using his own account._ That is a fact and it
is a verifiable fact.

Given that you feel motivated to justify it, I have added your company Clever
to my list of dodgy companies I will have nothing to do with. Thank you for
informing me of your questionable ethics.

~~~
azylman
To quote The Princess Bride: "You keep using that word. I do not think it
means what you think it means."

You say that both me and the guy from Prismatic are trying to "justify" his
actions, but that's completely false. Nowhere did I say that doing something
like that was acceptable behavior, nor did he. I agree that impersonating a
user and posting to their social media accounts without their approval is
unethical and immoral.

However, he said that it was an accident, a bug - that the intended behavior
was not this unethical and immoral action, but something else entirely. You
proceeded to accuse him of justifying it and being "in a state of delusion,
blinded to ethics and respect".

And now you said that same thing to me, more or less.

If anyone here has questionable ethics, it's you. You COMPLTELY MADE UP these
actions of other people, MALICIOUSLY, and used it to libel them.

------
pablasso
Actually federation would be really cool to implement features like last.fm
scrobblings on Twitter. You could just go to @user/music and see all the
scrobblings without actually spamming all my followers.

------
benjlang
Hate those tweets, that's why I check <http://mypermissions.org>
periodically...

And for Facebook I use <https://mypermissions.com/> which emails me each time
I connect with an app through FB.

------
marknutter
I got bit by this today too. It tweets a link to every article you read by
_default_. Big WTF.

------
molf
I don't understand.

Don't you have to explicitly allow an app/site to post tweets on your behalf?
Why not simply refuse to allow it? I see no reason a service has to rely on
this permission, and if they do it's a great reason not to use it. What am I
missing?

~~~
bradfordcross
yes you have to explicitly check this setting. but to be fair, it's on us to
make the UX flows extraordinarily clear for such a hot-button social feature.
we obviously need to redesign this and it sticks that we've caused a few users
to spam a bunch of friends unintentionally. :\

------
lukejduncan
Someone please tell fllwrs.com this

~~~
cdooh
Why'd you want to know who unfollowed you?

~~~
lukejduncan
Not sure, but for some reason there are a few friends who feel compelled to
pollute my twitter stream from this app.

------
rustc
What kind of tweets were they?

~~~
arscan
Hundred of tweets of the form "I'm enjoying <username>'s recommendations on
@Prismatic" on his behalf. So basically all of his followers got spammed.

~~~
julien
Exactly.

~~~
bradfordcross
We're working on a grid for publishing actions from one service (Prismatic) to
the other services that you connect. It's tricky and probably not a great
behavior to broadcast these actions to twitter where there are no
aggregations, like there are on facebook. publishing recommended actions to
facebook makes a lot more sense - i do it myself - because they roll up into
aggregations we've implemented and don't spam newsfeeds. it's probably fair to
say this is not a great setting for twitter period until they start to evolve
in this direction.

