Twifficiency Shows How NOT To Use Twitter’s OAuth

Twitter, in common with other social networking sites and services, has an authentication system. In Twitter’s case it’s called OAuth and it allows you, as a user, to give applications and service access to your account. For an application or service to function correctly it might need to gather information from your Twitter stream. Maybe it needs to see who you follow and who follows you etc., etc., etc.

All quite innocent and boring really.

However some applications are badly written – either intentionally or accidentally, and you can easily end up giving a 3rd party far too much acess to your account.

In the case of Twifficiency as soon as you login via OAuth it will send a “tweet” to all your followers saying:

My Twifficiency score is xx%. Whats yours? http://twifficiency.com/

So basically publicising itself.

Needless to say it doesn’t ask you before it does this nor does it give you any warning or indication that it’s about to do it, so it basically spams your followers

The developer, meanwhile, is denying he did this intentionally (you’d think he’d have checked .. .. )

So what can you, as a user, do?

Change your settings and avoid badly coded services like Twifficiency.

UPDATE: The “service” now has a checkbox on its main screen allowing people to opt out of the automated tweeting of their “score”