Third Party Twitter Apps Can Access Private Messages Without Your Authorization
Many third party apps ask your permission to access your Twitter account. If they are using OAuth, you might want to think twice. Most apps clearly state that they will not be able to access your private messages, when the truth is they actually can. With Wiener type stories in the news, this revelation is even more disconcerting. This privacy issue was outed by developer Simon Colijn who created a test application to prove that it exists.
Some would say that you shouldn't be sending confidential or damaging information via Twitter anyway. Regardless, until this gets resolved, we should all be a little more cautious about what we Tweet. Some believe this happened because Twitter postponed its release of a new authentication model. The updated model was originally planned for release on June 1st, and would have limited message access. Unfortunately programs utilizing the OAuth permissions were already live. Twitter has yet to make an official response to the accusations, which is understandable since this all surfaced early this morning.
We don't know if this is a simple scheduling oversight, or if this is a bigger software security fail. Whatever the reason, we are not comfortable giving access to third party companies so they can view, copy, or do anything else with our messages. What do you think? Is this something that Twitter should just ignore? Should they hire Coljin as a security consultant? Should we hold Twitter's feet to the fire, or are we better off in a world where personal privacy is just a thing of the past?