back to article Twitter cuts off two fat client apps

Twitter cut off two of its biggest client apps on Friday, only reconnecting them on Sunday after they had implemented unspecified changes to their code. UberTwitter and Twidroyd, both published by UberMedia, got cut off on Friday for violating Twitter policies with regard to respecting the privacy of users' messages, using the …

COMMENTS

This topic is closed for new posts.
  1. Jon Double Nice

    "using the Twitter name in vain"

    Haha, nice one Centurion.

  2. Anonymous Coward
    WTF?

    Badly handled

    As a Twidroyd user I wasn't overly impressed with how Twitter handled it, the first update from Twidroyd only returned a message about the client being suspended for unspecified TOS violations and a link to a blog post that didn't say much more. Then on each attempted update they returned adverts for their own Android client.

    I don't know the details of the situation but, to me as an end user, it came over that Twitter were the ones being asshats.

    1. Anonymous Coward
      Thumb Down

      Absolutely....

      ...abysmal on the part of Twitter.

      They told us that clients are expected to follow "simple rules", but then their head of "communications" said that the infringements "included, but were not limited to" the problems already discussed. UberMedia indicated that they had not changed any links in tweets, and that the privacy issue with the 3rd party was not of their making.

      Not a good weekend, if Twitter think that they can control their platform completely then they're going to have to learn that it probably won't fly.

      1. Seanie Ryan
        Pirate

        eh?

        " if Twitter think that they can control their platform completely then they're going to have to learn that it probably won't fly"

        yeah, how dare they think they can control their own products and services!!!! i mean, who in their right mind would start a business with the idea of being in control themselves.

        2 sides people, for all we know Twitter might have been asking for compliance for weeks/months and were being ignored... this might have been their last resort.

        but hey, ignore that, lets find guilty and shoot first

        Becasue WE know best right ! after all, we are Reg Readers !

        1. Anonymous Coward
          WTF?

          Whose side am I on?

          " ...for all we know Twitter might have been asking for compliance for weeks/months and were being ignored... this might have been their last resort."

          It might be, but that's not how it was presented to me as a user of one of these banned clients. Twitter may well have been in the right but - as I said - the way Twitter handled it made them look like the asshats. The way UberMedia responded made them look good.

        2. Anonymous Coward
          FAIL

          Twitter's API...

          ....is public and allows other people to use their service. Despite the claims from Twitter about being in discussion with UberMedia since April last year, the features in Twidroyd that appeared to be problematic (although UberMedia dispute this) were only released on Wednesday with v5.0.

          So, Twitter says "violations include, but are not limited to" about what was wrong, then provide three examples where one problem was due to the name of the client including the word Twitter. So, what were the other things that were wrong? If their rules are simple then either they should have provided accurate and precise reasons as to what was incorrect or they should have not suggested that there were extra things wrong that they had not listed. Can't have it both ways.

          Oh and UberMedia had fixes implemented in 3 hours but Twitter took the best part of 3 days before they allowed access again. Doesn't sound very reasonable to me.

          If Twitter want total control, then why allow 3rd party apps? It's lucky they do because their Android client is very poor in comparison with Twidroyd, Seesmic, Tweetdeck etc.

  3. DrXym

    TweetDeck

    I'd hate to see that run afoul of the rules as it's a nice client. But if Twitter's smackdown sends a message to apps and protects users from a double dose of spamverts or spying then that's fine by me.

  4. Bruce Hoult

    the problem is clear

    The privacy problem is obvious. When a message is too long for twitter it is further truncated and a URL is inserted to the full version stored elsewhere. Something like http://tweet.dk/x17dg for example. The problem is the URL is too easily guessed and thus accessed by people who can't see the tweet itself. It might even be listed under the user's name.

    They have chosen to fix this by simply not allowing long messages in private messages or if you have a locked profile.

    A better fix would be to use the MD5 or SHA1 of the long message as its URL. e.g. http://tweet.dk/8ed3f9c68c4313a70b3dce05391e805c.

    That's 48 characters but could be shortened to 38 if it used base64 instead of hex. Worse than the 20 or so now, but not too horrid and far harder to guess.

    1. Anonymous Coward
      Thumb Up

      Security by obscurity...

      Well done!

      Your degree is waiting for you at the universtiy of FAIL.

      1. Scott A. Brown

        Be fair...

        They said 'better' not 'good' :-)

        1. Anonymous Coward
          Stop

          @Be fair..

          Yes your right... pretend 'Security' is better than no security...

          </sarcasm>

          No! what would be better would be if there was not a link that could be FORWARDED or used by someone else, or RANDOMLY found...

          It's not private if it does not require a login or authentication of some kind, there is no way around this!!!

          It's stupid 'oh it'll be alright' decisions and impulses like this that lead to major fuckups.. go ask HBGary why they used the same passwords for all their media services... 'but the one password is seccure' and they are supposed to be security consious...

          1. Scott A. Brown
            WTF?

            @AC, RE: Be Fair

            Sorry, did you actually think that someone might have thought that an actual solution?

            If you want to get serious about my jokey comment, go for it mate!

            1. Anonymous Coward
              Anonymous Coward

              @Scott A. Brown re: @AC, RE: Be Fair

              I believe I was first with 'jokey' comment. (a degree from the university of Fail is not a real Degree..) but yes it is a serious situation, some people who work in IT read this site and might have thought that was real security! I am however relieved that you argree that it is not an Actual Solution. And I promise to pay more attention to the joke on joke stack up in future.

          2. Bruce Hoult

            say what?

            There is nothing to stop someone who gets a short tweet from passing that message on. Why should they be stopped from passing the URL of the full version on?

            1. Anonymous Coward
              FAIL

              @Bruce Holt

              Say someone like Bradly Manning per chance? Even the US govt cant stop that!!! but you are advocating no security instead?

      2. Anonymous Coward
        FAIL

        Cryptographically secure hashing

        and "security by obscurity" have absolutely nothing to do with each other. Sarcastic know-it-all PFY type comment FAIL.

        1. Anonymous Coward
          Alert

          @Cryptographically secure hashing

          Your right! they dont have anything to do with each other.

          Hence we should all point and laugh when someone thinks hiding a publicly accessible URL behind a random/hashed URL makes it in some way private or secure. Hiding a URL is called obscurity. believing it is secure is foolish.

          So yes you are right, its nothing to do with Cryptographically Secure anything.

    2. DrXym

      Too easily guessed?

      5 characters is enough to enable 62^5 combinations using alpha numeric chars. Nearly a billion combinations. I assume most url shortening services would have measures in place to stop brute force attacks in the space of a tries. e.g. put requesters in a timeout box if they ask for too many urls in too short a space of time or throw some kind of captcha at them.

  5. This post has been deleted by its author

  6. Stefan 6
    Alert

    Why would TweetDeck need to change it's name?

    Why would TweetDeck need to change it's name? Last i've heard is that the word "Tweet" can't be copyrighted. Twitter tried, but failed a couple of years ago.

    1. Anonymous Coward
      Anonymous Coward

      Tweet tweet

      Tweet can be *trademarked* either by just using it or registering it, but because it is an actual word it can only be protected in a specific context. Plus the software uses the services provided by Twitter so it can be cut off for arbitrary reasons. IANAL and all the usual commentard disclaimers apply of course.

    2. Nexox Enigma

      ToS

      """Why would TweetDeck need to change it's name?"""

      I'm sure Twitter can enforce just about anything they want, given that it's their service, and they dictate the terms of use of that service. I think it'd be most efficient (read: most entertaining to someone who doesn't use Twitter) if they restricted 3rd party client names to use only the last half of the alphabet, or require them to contain at least one number, one capital letter, and to not be based on a dictionary word.

  7. hardboiledphil
    FAIL

    who's to blame

    So why didn't UberTwitter tweet to say it was about to be removed until it had sorted things out.

    Their app worked reasonably well on the Blackberry but it put itself on every menu available and came across more as spam in that respect. Like trying to get a browser installed on windows and it also installing half a dozen other things you don't need.... At least the official app doesn't splatter itself all over the device.

    Anyway UberTwitter now removed and I doubt I'll have any reason to go back. I wonder how many people they lost this weekend.

  8. John 62

    Oh noes!

    my unofficial twitter client doesn't work! I'll have to tweet using the website!

    Surprising lack of failwhale involved here.

This topic is closed for new posts.

Other stories you might like