Twitter Swears OAuth for User Safety, Expands Link Shortener


twitter_smallADOTAS – Chatting yesterday with Arnie Gullov-Singh — CEO of, which has built an endorsement ad network for third-party Twitter applications — he commented that the Twitter folks have been quite careful in rolling out their ad products because while revenue is awesome, the last thing they want is to alienate their users. Gullov-Singh has some good connections — he’s known Twitter COO Dick Costolo since he was heading up his baby Feedburner and Gullov-Singh help build the Fox Audience Network with new Twitter President of Revenue Adam Bain.

Huh, I thought, if only another highly popular social network put its concern for user experience above its revenue dreams… Or at least made it appear that way.

But Twitter is not your average social network as it’s encouraged developers to build third-party apps off of its microblogging stream (even though developers had a bit of a hissy fit when Twitter acquired Tweetie to be its eponymous mobile app). In a blog announcing the full embrace of app authenticater OAuth, the site even acknowledges (seemingly without envy) that most users have fooled around with third-party apps, which tend to offer more functions in terms of filtering (which also leads to some skewed search stats)

User experience trumps all, which is why Twitter informed developers last December that third-party apps would only be allowed to use OAuth to access the stream, a switch the company flipped on Aug. 31. Previously developers could choose between Basic Authentication and OAuth, but BA requires the user to supply a username and password, which would be stored in the cloud or on a device.

That’s not the safest route — OAuth offers increased security by authenticating apps without storing a user name or password, which will prevent malicious apps (or “Snidely Whipapps,” as I like to call them) from stealing Twitter credentials and tying them to the railroad tracks. Tweetdeck, Seesmic and other high-profile apps already use OAuth, which I am now picturing as a certain handsome mountie, as well as Facebook and Yahoo, which take advantage of the authenticater to allow users to share social content in several locations.

Apparently the transition has been a bit bumpy with user complaints of login troubles and a weird dialog box appearing on tech websites such as Wired and ReadWriteWeb asking for user name and password for API access. Enter the requested information and… Nothing happens — the dialog box remains.

It’s the OAuthcalypse! Repent Twitter sinners! Or quit whining and update your widget code.

For all those panicking and tweeting “The end is night,” Twitter sent out an email to users this morning explaining the switch to OAuth — and they didn’t use any big, confusing words! — as well as the expanded rollout of its link-wrapping feature.

Currently links in Direct Messages are converted to and go through Twitter, which checks for malware before sending the user to the destination. (It also will make sure that you’re wearing a helmet as well as knee and elbow pads.) Twitter is planning to roll out this feature to all users by the end of the year. Marketers should perk up their ears as will also be used to measure the number of clicks a link gets and incorporated into the Resonance algorithm that is used with the microblogger’s Promoted Suite of ad products.

“Ultimately, we want to display links in a way that removes the obscurity of shortened link and lets you know where a link will take you,” the company wrote.

Twitter board member and venture capitalist Fred Wilson wrote a blog post called “The Twitter Inflection Point” back in April ahead of the Chirp developer conference that caused a bit of a furor. Wilson suggested that while developers had performed a swell job filling in the gaps in services, Twitter the company should have supplied services such as link-shortening in the first place. Well, now big T is picking up the slack, which has some developers grumbling (louder than usual — I’m pretty sure developers are perpetual grumbling machines).

Wilson’s advice to developers at the time was “move on” — even politely phrased, that’s not something spurned partners appreciate hearing. But Twitter has developed a pretty extensive ecosystem and realizes the importance of third-party apps. The OAuth switch and rollout are first and foremost for user safety — it’s really refreshing to see that matters more than anything else to the Twitter folks.

Finally in Twitter news (sure has been a busy week for those kids), the iPad application has arrived and it looks good. The company added developer Loren Brichter, the brains behind Atebit and the winner of 2009 Apple Design Award, to the Twitter mobile team in April to design the iPad application, and seems like he lived up to the hype. The iPad app truly takes advantage of the tablet’s functions, employing planes for easy navigation as well as media. Check it out here.


Please enter your comment!
Please enter your name here