> I am not putting the blame on Prismatic, but on this crazy system that allows machines to post on my behalf.
I would put blame on Prismatic for sure.
It makes sense for Twitter to offer an API for me to authorize a third party application to access my Twitter account to post. This is how we have various twitter applications that post on our behalf. But we are in control of it. Popular Twitter apps on the iPhone for example are used for posting and managing accounts and are in control of the user. Because this API has a useful, valid and ethical use, the blame can not be on Twitter for offering a sensible functionality that benefits users.
What this article describes though is an unethical practice of misusing Twitter's API, and abusing Twitter's auxilliary function as an identity platform, in order to hijack random users' accounts and impersonate them for the purposes of pushing unwanted advertisements towards fourth parties (their friends and subscribers) under false pretenses.
The practice is clearly wrong, clearly fraudulent, and should be illegal, under legal principles banning impersonation for fraudulent purposes. It is a serious crime that should be punished not just with fines but with prison time, as identity theft normally is. The fraudulent purpose of this practice is inherent in posting on one's behalf without the person wanting or intending that, regardless of whether the hapless and naive users were tricked with a confusing and opaque 20 page long dubiously valid click-through legal contract.
Whether it is illegal or not, it is unethical. Companies that indulge in such fraudulent practices, regardless of the desirability of their products, should be permanently shunned in order to punish unethical practices when there exists a castrated corporate controlled legislature and judiciary that is unable to properly regulate companies engaging in fraud.
Don't put words in my mouth. Ever. If you try, I will hate you. Even if you think that I have given you permission, I will hate you if I do not get a chance to review and approve those words. Because it is my mouth that they will appear to come from. And I value my reputation.
Then why do they explicitly ask for permission to do so when authorizing to your twitter account?
I'd be a bit harder on Prismatic than Julien... their entire service is based on trusting them with your social network data. This is a pretty serious violation of that trust.
Really wonder about people who see this and still click through:
This application will be able to:
* Read Tweets from your timeline.
* See who you follow, and follow new people.
* Update your profile.
* Post Tweets for you.
This sort of intrusive access is really not even necessary, is it?
New people: DM the user that you think this is a good person to follow. (Link to some samples that triggered the recommendation would be nice.)
Profile: can't even imagine what/why of this one, but again a private DM with "suggest you use this profile because of ..." is perfectly serviceable.
Really wonder about people who see this and still click through
Agreed. Its crazy how many times I've passed up on using what I assume is otherwise a great app or service because I wasn't happy with accepting any of those permissions.
We don't tweet when you don't tell us to. This is a case where there was a UX fail in the profile publication settings so some people get confused and publish all their actions. it's infrequent and we're going to chance the ux.
Because there are three levels of permission an app can ask for:
* Read only
* Read and Write
* Read, Write and Access direct messages
I think you are missing the intent of your quote, which is they won't _automatically_ tweet on behalf of their users. Using their site for only a moment, it is clear they will require writing tweets, upon users actively marking a twitter icon and submitting a share form.
Prismatic are doing something wrong with the way they message the sender or the recipient because when I clicked a button saying 'invite these friends' I didn't realize it was going to Tweet them all DMs. I got about 10 messages varying from "have you been hacked" to "don't spam me".
I agree this is a huge problem today. A classic symptom of wanting to see short-term gains (a jump in sign ups when auto-posting is pushed live) with no regard for long-term effect of a bad user experience.
Luckily good sites don't do this and I do like that social media permissions are evolving. For example, usually when I authorize an app with Facebook, I can separately choose to connect and who sees anything they post (which I have defaulting to no one). I hope that trend continues on all fronts.
I wouldn't have taken this as lightly as he has. I mean 100s of tweets in a short while is not just a simple coding error. It was built in. Jullien is right, great product don't need to auto-tweet to grow
I understand that tweets were sent because a user opted-in and use some setting to elect to share activity on the site. As a developer I know how tempting it is to defensively declare "that's not a bug" when you feel that no error exists in the implementation itself. However I also think that is a weak excuse and one which you should stop using because it reads as you trying to pass off responsibility for what happened.
Yes, the system did what the user told it to. That doesn't matter. @julien51 seems to have sent 208 "I'm enjoying..." tweets between 10:31 and 10:34, more than a tweet per second for three minutes. To the product's user, and anyone following them on Twitter that's a bug. They don't care (though you certainly should) if the root cause was poor UI design or unclear documentation, or a poorly written background job, or a bad data migration, or whatever else could have gone wrong.
You really only have two options when communicating about your features to your users; either "its broken" or "its working as intended". If you're lucky you might have enough credit with them to be able to add "its working as intended for now but we have plans to improve it in the future".
I don't mean to be too harsh or attack bradfordcross or Prismatic specifically here. I've certainly been responsible for my share of bad user experiences through bugs or "not a bug"s. This just struck me as perhaps a poor way to represent a product to an audience that might trust it or be hearing about it for the first time.
I'm curious, if you had considered the root cause to be a bug what difference would that have made?
You are very persistent in defending unethical behavior. This is not uncommon among startups, the various companies that were stealing users Address Book a few months ago were likewise claiming both "everybody else does it" and "there's nothing wrong with this, we are justified".
You should not be impersonating people, it's unethical, and should be a felony when done without consent for monetary gain.
That you feel it is justified shows you are currently in a state of delusion, blinded to ethics and respect for your customers.
Nowhere does he say that it's justified. Cut the man some slack.
My interpretation from reading this whole thread, the associated article, and some comments is that there's an option for users to invite their Twitter followers/share activity, but the messaging around it is unclear or something (maybe a bug?) so people didn't realize they were doing it. And now it's being fixed.
That's hardly intentional unethical behavior. Saying someone is "in a state of delusion, blinded to ethics and respect" is WAY out of line for someone whose product had either a UX or technical bug, who apologized for it, and who is now trying to fix it.
I actually read his Twitter feed before posting. It was massively vandalized by Prismatic, who was clearly impersonating him.
The claimed bug is that the were not clear in getting permissions. That is completely irrelevant to the core of the principle here. They are fraudulently impersonating him, using his own account. That is a fact and it is a verifiable fact.
Given that you feel motivated to justify it, I have added your company Clever to my list of dodgy companies I will have nothing to do with. Thank you for informing me of your questionable ethics.
To quote The Princess Bride: "You keep using that word. I do not think it means what you think it means."
You say that both me and the guy from Prismatic are trying to "justify" his actions, but that's completely false. Nowhere did I say that doing something like that was acceptable behavior, nor did he. I agree that impersonating a user and posting to their social media accounts without their approval is unethical and immoral.
However, he said that it was an accident, a bug - that the intended behavior was not this unethical and immoral action, but something else entirely. You proceeded to accuse him of justifying it and being "in a state of delusion, blinded to ethics and respect".
And now you said that same thing to me, more or less.
If anyone here has questionable ethics, it's you. You COMPLTELY MADE UP these actions of other people, MALICIOUSLY, and used it to libel them.
Can you provide the verified facts? I've yet to see where a granted permission is _fraudulently_ used. I've yet to even see or see reproduced these supposed facts. In fact, the token granted from Twitter is a non-rate-limited permission to tweet indefinitely; the only abuse here is a user's trust; but that shouldn't preclude Prismatic from making good on a mistake before they are chastised forevermore.
Actually federation would be really cool to implement features like last.fm scrobblings on Twitter. You could just go to @user/music and see all the scrobblings without actually spamming all my followers.
Don't you have to explicitly allow an app/site to post tweets on your behalf? Why not simply refuse to allow it? I see no reason a service has to rely on this permission, and if they do it's a great reason not to use it. What am I missing?
yes you have to explicitly check this setting. but to be fair, it's on us to make the UX flows extraordinarily clear for such a hot-button social feature. we obviously need to redesign this and it sticks that we've caused a few users to spam a bunch of friends unintentionally. :\
Presumably the reason they changed it is becase "twttr" sounds stupid. :P
Every time I see a name like this, I think: Great, now what do you do when you tell someone to go to your domain? How do you pronounce Twttr or fllwrs in conversation? Do you say "Twitter without the i or the e. Followers without the o's or the e."? That's dumb. You shouldn't need to explain how to type your URL. Chances are I will forget. To complicated.
It's a stupid naming pattern. People need to stop it. -_-
Flickr I think was the original inspiration. Basically no one wanted to pay for the real domains like they did in the first bubble and it was basically a red flag to spend your money on one.
We're working on a grid for publishing actions from one service (Prismatic) to the other services that you connect. It's tricky and probably not a great behavior to broadcast these actions to twitter where there are no aggregations, like there are on facebook. publishing recommended actions to facebook makes a lot more sense - i do it myself - because they roll up into aggregations we've implemented and don't spam newsfeeds. it's probably fair to say this is not a great setting for twitter period until they start to evolve in this direction.
I would put blame on Prismatic for sure.
It makes sense for Twitter to offer an API for me to authorize a third party application to access my Twitter account to post. This is how we have various twitter applications that post on our behalf. But we are in control of it. Popular Twitter apps on the iPhone for example are used for posting and managing accounts and are in control of the user. Because this API has a useful, valid and ethical use, the blame can not be on Twitter for offering a sensible functionality that benefits users.
What this article describes though is an unethical practice of misusing Twitter's API, and abusing Twitter's auxilliary function as an identity platform, in order to hijack random users' accounts and impersonate them for the purposes of pushing unwanted advertisements towards fourth parties (their friends and subscribers) under false pretenses.
The practice is clearly wrong, clearly fraudulent, and should be illegal, under legal principles banning impersonation for fraudulent purposes. It is a serious crime that should be punished not just with fines but with prison time, as identity theft normally is. The fraudulent purpose of this practice is inherent in posting on one's behalf without the person wanting or intending that, regardless of whether the hapless and naive users were tricked with a confusing and opaque 20 page long dubiously valid click-through legal contract.
Whether it is illegal or not, it is unethical. Companies that indulge in such fraudulent practices, regardless of the desirability of their products, should be permanently shunned in order to punish unethical practices when there exists a castrated corporate controlled legislature and judiciary that is unable to properly regulate companies engaging in fraud.