A few days ago, the top news story on Techmeme was the fact that Google launched Google Friend Connect and Facebook announced the final version of Facebook Connect within minutes of each other. Reading up on both announcements it seems interesting to note how most of the coverage is about who will win the race to dominate the Web as opposed to what end user value is actually being created by these technologies.

It was somewhat depressing until I read Dave Winer's brilliant post Soon it will be time to start over, again which contains the following excerpt

We're now reaching the end of a cycle, we're seeing feature wars. That's what's going on between Facebook and Google, both perfectly timing the rollouts of their developer proposition to coincide with the others' -- on the very same day! I don't even have to look at them and I am sure that they're too complicated. Because I've been around this loop so many times. The solution to the problem these guys are supposedly working on won't come in this generation, it can only come when people start over. They are too mired in the complexities of the past to solve this one. Both companies are getting ready to shrink. It's the last gasp of this generation of technology.  Permalink to this paragraph

But the next one can't be far away now. It will be exhilirating!! Permalink to this paragraph

Remember how great Google was when it first appeared? Permalink to this paragraph

Remember how great Netscape was, and before that Apple, and I know you guys won't like this, but Microsoft offered us some great new places to play. I remember finding out that their OS address space in 1981 was 640K. That was a lot to guy who was spending huge amounts of time trying to cram a 256K app into 48K. Permalink to this paragraph

The trick in each cycle is to fight complexity, so the growth can keep going. But you can't keep it out, engineers like complexity, not just because it provides them job security, also because they really just like it. But once the stack gets too arcane, the next generation throws their hands up and says "We're not going to deal with that mess."  Permalink to this paragraph

We're almost there now. ;-> Permalink to this paragraph

The value of Facebook Connect to Facebook is obvious. They get to become a centralized identity provider for the Web including the benefit of tracking every single time one of their users logs-in on a partner which lets them build an even better advertising profile of their users. Similarly the value to the customers of the sites adopting it seem clear at first. Below are the claimed benefits of Facebook Connect to users from my initial perusal

  1. One login, multiple sites. No need to create a new account on partner sites.
  2. Account information such as profile picture, location and other fields on the partner site can be prepopulated from Facebook
  3. Bring your social graph with you to partner sites. 
  4. Let your friends on Facebook know what you are doing on partner sites. Updates show up on your profile but do not go in your friends' news feeds (they go in their live feed instead). 

Where things get interesting is that none of these benefits require a proprietary and centralized approach like Facebook has done. If Facebook implemented OpenID and OpenID attribute exchange, they could have given their users the benefits of #1 and #2 using widely adopted industry standards.  For #3, there is the burgeoning Portable Contacts effort to define a set of standard APIs for accessing the social graph that supports the key data portability principles around this information. As for broadcasting your updates from one site to another, FriendFeed has shown how that can be done using standard technologies like RSS, Atom and XMPP. 

Ignoring the fact that Facebook Connect is a proprietary and centralized approach instead of being based on open standards, there are still other points worthy of debate. When trying out sites like CitySearch beta with Facebook Connect, the experience is that I am connected with all of my Facebook friends who also use CitySearch. There is the genuine question of whether users really want to use one friends' list across every site regardless of context (e.g. interacting with the exact same people on LinkedIn, MySpace and XBox Live) or whether they want to have universal access to any of their friends lists and bridge them when necessary?

Yesterday on Twitter, I mentioned that Facebook Connect is the wrong direction to go on the Web for the reasons above. I also called Google Friend Connect a misguided "me too" effort for trying to copy Facebook's strategy and glomming an AJAX widget play on top of it. Kevin Marks, an evangelist at Google challenged by statement with the following response

@Carnage4Life the problem for users is re-entering data and restating friends for each app. For developers its becoming social without this

If that is truly the problem, how does the technology in the video below solve the problem any better than the combination of OpenID and Portable Contacts?

As with OpenSocial, Google has fallen in love with its role as a spoiler when it comes to Facebook's platform efforts without stopping to think whether it actually makes sense to be aping Facebook's strategies in the first place. Monkey see, monkey do.

This will be the death of them if they aren't careful. Once you become a follower and define yourself by reacting to others actions, it is hard to step back into a leadership role both in the industry and even within one's corporate culture.

Note Now Playing: Britney Spears - Circus Note


 

One feature that you will not find in Windows Live's What's New list, which shows a feed of a the activities from user's social network, is inline comments. A number of sites that provide users with activity feeds from their social network such as Facebook and Friendfeed allow comments to be made directly on news items in the feed. These comments end up showing up as part of the activity feed that are visible to anyone who can view the feed item.

When Rob and I were deciding upon the key functionality of the What's New feed for the current release of Windows Live, we voted against inline comments for two reasons.

The key reason is that we want the feed to be about what your people in your network are doing and not what people you don't know are doing or saying. However with the Facebook feed I often have lengthy threads from people I don't know in my feed taking up valuable space above the fold. For example,

 

In the above screenshot, I find it rather awkward that a huge chunk of my feed is being taken up by comments from people I don't know who are from Randy's network. Besides the social awkwardness it creates there is another issue with the above screenshot. Given that there is limited real estate for showing your feed it seems counter productive for it to be dominated by comments from people you don't know which are never as interesting as actual feed items.

For the second reason, let's look at a screenshot of an activity feed from FriendFeed

in the above screenshot there are 24 comments on the feed item representing Robert Scoble's blog post. These are 24 comments that could have been posted on his blog but aren't. The more sites Robert imports his blog feed into, the more it fractures and steals away the conversation from his blog post. This is in addition to the fact that there is some confusion as to where people should leave comments on his blog post. I've had people get confused about whether to respond to my posts as a comment on my blog, in Friendfeed or on Facebook and it didn't seem helpful for us to add yet another decision point to the mix.

For these reasons, we don't have inline commenting in the What's New list in Windows Live. This isn't to say this is an irreversible decision. It has been pointed out that for feed items that don't have their own comment threads (e.g. status messages) it might be useful to have inline commenting. In addition, I'm sure there are some people who believe that the benefits of inline commenting outweigh the drawbacks that we've mentioned above. I'd love to hear what users of Windows Live think about the above decision and thought process behind it. Let me know in the comments. 

PS: If you are interested in more behind the scenes looks at some of the big and small decisions around the What's New feature in Windows Live, you should read Rob Dolin's ongoing series of posts entitled Series: What New in Windows Live “What’s New” and Why.

Note Now Playing: Guns N' Roses - Chinese Democracy Note


 

Categories: Social Software | Windows Live

The place to find the most recent comments on your photos, blog posts, profile, files and shared favorites is http://profile.live.com/recentcomments.

If you are like me and prefer to navigate from a central place like http://home.live.com, the screenshot below shows where to find the link to recent comments on that page

Note Now Playing: Rihanna - Rehab (Album Version) Note


 

Categories: Windows Live

Giving users complete control of their online experience has always been a core tenet of Windows Live and this hasn't changed with the What's New list feature in Windows Live. This feature enables users to view an activity feed of what members of their social network are doing AND to provide an activity feed of what the user has done recently. You can see an example of the latter on my Windows Live profile.

Listed below are the various ways we keep users in control of their online experience related to this feature.

In Control of What You See

By default a user sees activities from members of their network and from groups they are in. However users can opt out of getting activities from any member of their network or from any group they are in without breaking their relationship with that user or group. In addition, users can also opt out of getting activities of a specific type (e.g. friend additions or Twitter updates) from members of their network.

We provide two entry points for managing what updates you get from your network. First of all, users can manage updates from a particular user or update type by hovering over the item in the dashboard and clicking on the gear icon. The users, groups and applications that are currently blocked can be viewed on the What's New settings page at http://profile.live.com/whatsnewsettings. This is what that page looks like for me at the current time. 

As you can see from the above screenshot, I haven't hidden any update types from my What's New list. I did add the "Paintballers" group to my list of hidden groups though. Although I like getting paintballing events in my calendar, I'm not interested in discussions or photos about paintball on a regular basis. Smile

In Control of What Others See About You

Some times, users may want to retract updates that have gone out to their social network. For example, a reference to inappropriate content that may offend people in their social network or pictures of streaking or similar nude pranks which inadvertently go out to the wrong people. For this reason, we give users the ability to delete such items from their profile which immediately deletes it from the what's new lists of their friends as shown below

It should also be noted that each update type typically has a permission associated with it. This means that a user can control who has access to a particular photo album, their shared favorites or even their Twitter stream (as shown below). That way you can still broadcast updates to your friends on Windows Live without worrying that you are accidentally sharing inappropriate content with your boss or coworkers. Wink

In addition there is an options page where users can completely opt out of broadcasting updates from Windows Live to members of their social network.  For example, I know someone who'd rather not have it broadcasted whenever he changes his status message in Messenger since he believes they should ephemeral thoughts and not captured for posterity. This options page also allows configuring updates from other web sites that are being aggregated on the user's profile. The What's New with you settings page can be found at http://profile.live.com/WhatsNewWithYouSettings.

A screenshot of the settings page is shown below

Conclusion

So you can see when it comes to activity feeds in Windows Live, our mantra is to keep users in control. Let me know what you think of our approach in the comments.

Note Now Playing: Kanye West - See You In My Nightmares (feat. Lil Wayne) Note


 

Categories: Windows Live

December 3, 2008
@ 04:54 AM

So I've been constantly refreshing Twitter search for "Windows Live" and so far the comments on our latest release have been super positive. Here is a sampling of tweets from the last two hours

slaguzman: @WindowsLiveWire I really like the new version of Windows Live! Keep up the good work.

paulsterling: new windows live looks really good - nice!

Bashmohandes: Windows Live Wave 3 is AWESOME !!!

benriga: New Windows Live is looking pretty sweet. It's come a long way with the new wave.

niceguyscott: The new windows live experience is doap.

MikeGalos: OK. After an hour. Windows Live Wave 3 is very, very cool.

Anchelspain: Loving the new and improved version of the Windows Live services. Mail, social network, blogging, picture uploading... everything's great!

sharepointing: I am liking the "Social Networking" refresh at Windows Live

Elepsis: The new Windows Live services are starting to roll out. They're looking pretty awesome. :)

joshpowell: The new Windows Live services are pretty cool. I'm adding in web services such as Twitter, Flickr, etc. to a central feed.

baxiabhishek: Sweet! Windows Live Wave 3 is rolled out for my account. Awesome!

Ingdawg: @majornelson Windows Live Home is awesome. Love how everything is in one place.

ScottTrepanier: Uploading photos to the new Windows Live...I love it.

Excited and proud doesn't even begin to cover what it feels like to get this release out there.

 Note Now Playing: Amy Winehouse - Love Is A Losing Game Note


 

Categories: Windows Live

As some of you know, last year I worked on the platform behind the What's New page on Windows Live Spaces which provides the similar functionality to the News Feed on Facebook.  That was just our first run at the feature and almost immediately after our release there was some great feedback from various corners. The most complete feedback I found online came from Jamie Thomson who wrote about the Spaces home page and gave the following suggestions

There's a lot of potential for this activity list given that it could capture any activity people commit using their Live ID. Every live property has the potential for being able to post activity on here so one day we may see notifications of:

  • change of messenger status
  • posting of photos on Live Space
  • addition of gadgets to Live Space
  • items placed for sale on Expo
  • questions asked or answered on QnA
  • collection shared from Live Maps
  • video posted on MSN video
  • changes to XBox gamer card
  • changes to Zune Social (after it launches)
  • items posted to the Live Gallery
  • an event being planned
  • purchased a song from Zune marketplace
  • posts in MSN groups (soon to be Live Groups)
  • posts to online forums (forums.microsoft.com)
  • downloads of public files from Skydrive

Its all pretty good but let's be honest, this is basically a clone of of what Facebook already have. Given Facebook's popularity though Microsoft didn't really have a choice but to copy them. If Microsoft really want to differentiate themselves in this arena then one option would be to provide avenues for interacting with other online services such as Flickr, Twitter, Jaiku, Pownce,  etc... This list could then become an aggregator for all online activity and that's a pretty compelling scenario. One really quick win in this area would be to capture any blog entry that is posted from Live Writer, regardless of whether it is posted to Live Spaces or not.

Turning the idea on its head...it would be cool to be able to publish the activity list on other sites such as MySpace, Bebo and (them again) Facebook.

It isn’t often that you can get such complete feedback from one of your customers and then turn around and say you implemented every feature they asked for. From the list of 15 suggested activities to add to the feed above, I’d say about half either now show up in the feed today or will soon show up. The rest won’t either because the service is being deprecated (e.g. Live Expo being wound down) or we explicitly decided that notifications on that change didn’t seem particularly relevant (e.g. notifications when someone you know downloads a file off of SkyDrive).

Besides the features Jamie asked for we added one more that seems obvious in hindsight; an Atom feed of the updates from your social network so you can keep up to date with your social network from your favorite feed reader. Thanks to this feature we satisfied another recent request from Jamie and there is now a Vista gadget that can be used to consume your What's New feed directly from your desktop. Both the gadget and Atom feed feature were the results of dev work by our 2008 summer interns. As I mentioned on Twitter a few months ago I suspect many of my readers will appreciate their output.

We also enable our users to aggregate their online activity in a single place and then share it with their friends. For example, if you go to my Windows Live profile you’ll see that I’ve aggregated my activities from Twitter, Pandora, StumbleUpon,and my personal weblog onto my Windows Live profile which will then show up on the What’s New page of my friends in Windows Live. Activities can be aggregated from a number of other sites including Flickr, Flixster, PhotoBucket, Yelp, iLike, blogs hosted on Wordpress.com and a bunch of other sites with more to come in the future. Of course, you can just import a regular old RSS or Atom feed as well. 

Although this functionality started out as a feature of Windows Live Spaces, it soon became clear that this feature really should be a “Windows Live” feature. This means it is deeply integrated into all of the major Windows Live products including desktop applications like Windows Live Messenger and the Windows Live Toolbar. Also there are a ton of revamped Windows Live web experiences that pivot around the What's New list such as the Home, Photos, Groups and the Profile pages.

Now for the back story.

At the end of last year, the main problem it seemed we had to tackle was making it easier for other Windows Live and/or Microsoft product teams to plug into the What's New feed on Windows Live Spaces. However the list of teams interested in the feed continued to grow as did the number of feature requests we got the more we talked to people about it. Once we saw all the new requirements for the feature at the beginning of this year and started doing the math on what it would take to support on the order of hundreds of millions people using this feature and handling billions of transactions a day it quickly became clear we had to redesign from scratch. In the words of Frederick Brooks, build one to throw away – you will anyway. It has been a grueling but fun year getting the platform out and it feels great to see millions of people enjoying our handiwork. This should explain my interest in Twitter’s scaling problems earlier this year since a micro blogging service with a model of followers and an open API is in the same problem space as providing a news feed that supports activity aggregation on a social networking site. Building a system to support over 280 million Hotmail users, 260 million Messenger users and around 120 million Spaces users from scratch has been a helluva thing. We've definitely pulled all of the scaling tricks out of the bag including my favorite trio of Dark Launches, Gradual Ramps and Isolation.

Much love to everyone who made this happen; Hammad, Brad B, Austin, Derrick, Peter, Paul, Badriddine, John, and Kyle. You guys were a killer dev & test team (the interns included). We also had great support from our leads Mike P, Inder & Diego. Our ops folks were incredible, I owe you all a big hug; Srdjan, Curtis, David G (deserter!!! *smile* ),  Scott R, Keith, William, Eric, Ziad, Teri, Michael, and Edet. Props to Kerstin, Sharad, Suresh, Alpesh and everyone else who made the aggregation experience shine on the platform end. Thanks to all the UX folks who touched or were touched by this feature including Miriam, David L, Jeff, Lavinder, Douc, Hua, Stacey, Vlad, Alton, Chad, Edgar, Colin, Jennifer, Omar, Mike, Shu, Michelle, Chris, Jason, Scott S, Chuck, Ben, Khalid, Deepa, Rob (my partner in crime – we worked on this so closely I have him on speed dial on my cell phone) and a ton of other folks on the Windows Live Experience team,  you guys rock. And finally thanks to all the management folks that were super supportive; Ramesh, Russ, Chris, Tread, Ben and Debra. Without you guys none of this would have happened.

Damn, I love working here. Open-mouthed

PS: Brandon, I hope you like this release. 

PPS: By the way, we're hiring and are looking for a few good operations folks, developers and testers who wouldn't mind spending their days building services that are used by tens of millions of people every single day.  Send me your resume if interested.

Note Now Playing: Ice Cube - Gangsta Rap Made Me Do It Note


 

Categories: Windows Live

December 1, 2008
@ 01:58 PM

Over the weekend, Tim O'Reilly wrote a post Why I Love Twitter where he talks about some of the things he finds compelling about Twitter. Here's my list

  1. Thanks to APIs, Everyone Experiences the Service Differently: Great social software fits itself into the lifestyle and personality of its users instead of the other way around. Whenever I talk to Twitter users I am surprised to learn how differently they use the service. For example, I primarily read and write to Twitter from a Vista sidebar gadget (Twadget) which to many of my coworkers seems weird. Every time I talk to a coworker, I seem to learn a new way of using Twitter from desktop clients like Twhirl and Twitterrific to consuming it on your mobile phone via SMS or a dedicated app like TinyTwitter. Then there are people whose main interface to Twitter is other Web sites either via widgets such as the Facebook Twitter application or aggregators like FriendFeed. And so on...

    The best experience is when you start chaining some of these tools together. I became sold on Twitter once I realized it gave me a simple way to provide status updates to my social network on Facebook (and soon on Windows Live) right from my desktop or my favorite RSS reader.

  2. Real Reactions to Real News in Real Time: I haven't found a better way than http://search.twitter.com to read people's reactions to breaking news as it unfolds.  I used to think that blog search engines like Technorati and Google Blog Search were the best way to keep on top of the Web in real time but Twitter has put them all to shame. It's no surprise that even CNN is now pointing out Twitter's ability to capture the Zeitgeist in articles like Tweeting the terror: How social media reacted to Mumbai.

  3. Protected Tweets for the Privacy Conscious: One thing I've found surprising is that there a large number of people who don't use Twitter as the cutting room floor for their blog like Tim O'Reilly or myself do. I know a bunch of people who follow a dozen or so of their close friends and use Twitter as a way to keep them updated on their daily lives and organize lunch/dinner/drinks. These people often have their tweets protected so only their friends can see them. This one feature makes Twitter less about micro-blogging and more about micro-social networking in my mind's eye. 

Now it's your turn. Why do you love Twitter?

Note Now Playing: Kanye West - Amazing (feat. Young Jeezy) Note


 

Categories: Social Software

My RSS reader is buzzing with a lot hype around Facebook's Connect this morning. The lead story seems to be the New York Times article entitled Facebook Aims to Extend Its Reach Across the Web which announces that a number of popular sites are about to adopt the technology. The article is excerpted below

Facebook Connect, as the company’s new feature is called, allows its members to log onto other Web sites using their Facebook identification and see their friends’ activities on those sites. Like Beacon, the controversial advertising program that Facebook introduced and then withdrew last year after it raised a hullabaloo over privacy, Connect also gives members the opportunity to broadcast their actions on those sites to their friends on Facebook.

In the next few weeks, a number of prominent Web sites will weave this service into their pages, including those of the Discovery Channel and The San Francisco Chronicle, the social news site Digg, the genealogy network Geni and the online video hub Hulu.

MySpace, Yahoo and Google have all announced similar programs this year, using common standards that will allow other Web sites to reduce the work needed to embrace each identity system. Facebook, which is using its own data-sharing technology, is slightly ahead of its rivals.

This set of partners is definitely higher profile than the last list of Facebook Connect adopters and yet I still have to wonder how this is eventually going to shake out. Even with this set of partners there are still two big hurdles Facebook has to surmount. The first is just getting users to connect their identities on different sites with their Facebook identity. Just having the ability to connect a Digg account and a Facebook account doesn't mean users will adopt the feature. I assume this is why the Facebook Beacon automatically linked a user's account on a partner site to their Facebook account in the first place. How this is presented to users on participating sites will be key to its adoption and this is mostly out of Facebook's control.

The other challenge that Facebook Connect will face is how to prevent it from tarred with the same "centralized identity service" brush that Microsoft's Passport got tarred with at the turn of the century. Back in the year 2000, Joel Spolsky wrote Does Issuing Passports Make Microsoft a Country? which began as follows

Am I the only one who is terrified about Microsoft Passport? It seems to me like a fairly blatant attempt to build the world's largest, richest consumer database, and then make fabulous profits mining it. It's a terrifying threat to everyone's personal privacy and it will make today's "cookies" seem positively tame by comparison. The scariest thing is that Microsoft is advertising Passport as if it were a benefit to consumers, and people seem to be falling for it! By the time you've read this article, I can guarantee that I'll scare you into turning off your Hotmail account and staying away from MSN web sites.

These sentiments never went away and by 2005 Microsoft had lost some of its most prominent Passport partner sites. The service has since been rebranded Windows Live ID and is now primarily a unified identity system for Microsoft sites as opposed to being a single-sign on service for the entire Web. It may be that Microsoft was ahead of its time (as I've argued it was with Hailstorm and other initiatives) but the arguments against centralized identity systems have seemed pretty convincing in the past. In addition, I suspect that developers will start asking questions when they realize that they have to support one proprietary technology for Facebook Connect, something different for MySpace Data Availability and yet another for Google Friend Connect. How many sign-in buttons will end up adorning these sites? http://beta.citysearch.com already has two sign-in links, will that expand to four as they move to support signing in with your MySpace account and your Google Friend Connect-enabled account? Or will services decide to pick a social network to side with to the exclusion of all others? It's beginning to remind me of the high definition DVD format wars and not in a good way.

Interesting times indeed.

Note Now Playing: Kanye West - Welcome To Heartbreak (feat. Kid Cudi) Note


 

Scott Watermasysk has a great high-level comparison of the cloud computing offerings from Amazon, Google and Microsoft in his post Cloud Options - Amazon, Google, & Microsoft. Below are some excerpts from his review

Amazon (AWS)
  • Most mature offering of the three.
Google (AppEngine)
  • I get the sense that Google is trying to appeal to a small and focused audience (well, as small as Google can). There is nothing wrong with this approach, but I think long term I would feel handcuffed on their platform.
Microsoft (Windows Azure)
  • Microsoft still has a lot of "execution" to complete, but overall I am thoroughly impressed with the total breadth of their offering.

If you are interested in this space you should read Scott's entire post. I was thinking of doing a similar comparison but Scott's post hits the highs and lows of each service. I completely agree with his analysis, Amazon provides a mature offering but I balk at the complexity of managing and deploying my own VM images. Google's offering seems incomplete and it is bothersome that they do not provide any Web services (SOAP or REST). Microsoft has an ambitious offering which combines the ease of use of Google's offering with a more complete set of services but the proof will be in the pudding since it isn't yet broadly available.

This is an excellent review by Scott Watermasysk and is definitely worth sharing.

Note Now Playing: Trey Songz - Can't Help But Wait (Remix) feat. Jay Read Note


 

…then don't do that.

I was somewhat amused by the following description of a "security flaw" in Twitter today from Brian Shaler in his post Twitter Security Issue where he writes

I recently discovered a serious security issue on Twitter. Let me tell you the story.

This is where it gets SERIOUS
Let’s imagine, hypothetically, that you give your password to a 3rd party application. If the application’s owner uses that password once and saves the session cookie, they can store the session cookie and re-create it at any time in the future even if you change your password (There are even browser plug-ins that allow you to read and write cookies).

This means they can get back into your account whenever they want, indefinitely. They can post tweets, read your DMs, follow other users on your behalf, etc.

How to stay safe
As far as I know, there is nothing you can do to prevent this from happening to you, aside from never giving anyone or any application your password.

Twitter needs to use a smarter session cookie that is in some way linked to the user’s password or have another way of killing other sessions if you log out. Twitter should also consider using per-user API keys for users to give to 3rd party applications, instead of authenticating with your password.

This is one of those posts I both agree and disagree with at the same time. I agree that the underlying problem is that Twitter encourages the the password anti-pattern with their APIs. Today, the Twitter API only supports HTTP Basic authentication which means that applications are expected to collect people's usernames and passwords if they want to interact with the API.

The problem with Twitter's approach is called out in Brian Shaler's blog post. It means every application that accesses a user's Twitter account on their behalf gets the keys to the kingdom in a non-revocable way, unless the user changes their password AND Twitter comes up with some scheme where they invalidate all session cookies that were authenticated with the old password. However this is a hack. The proper solution is for applications to not require a user's credentials to access their data or perform actions on their behalf.

There are many services that have implemented such solutions today including Google AuthSub, Yahoo! BBAuth, Windows Live DelAuth, AOL OpenAuth, the Flickr Authentication API, the Facebook Authentication API and others. There is also OAuth which is an attempt to create a standard protocol for delegating authority to an application so that apps don't have to learn a different scheme for each Web site they access.

So the bug isn't that Twitter doesn't have checks in place to invalidate session cookies after passwords have been changed (which is a good idea for defense in depth) but instead that Twitter encourages its users to hand out their credentials to any application that asks for them in the first place. The bottom line is that once you give your password to another entity, all bets are off. So don't do that.

PS: I'm rather stunned that Twitter plans to continue this practice indefinitely given the following excerpt from their developer wiki

At the time of writing, the Twitter engineers are working on an additional authentication scheme similar to Google’s AuthSub or Flickr’s API Authentication.  This will have the added benefit of registering third-party applications to better promote them on the site.  The Development Talk group will be notified when this authentication scheme is ready for testing.  Note that this new authentication scheme will be optional, not mandatory, once available.

Note Now Playing: John Legend - Can't Be My Lover Note


 

Categories: Web Development