One young Scottish web developer wanting to learn about Twitter development ended up learning some harsh lessons about Twitter users today.
“My Twifficiency score is 37% What’s yours?” – Tweets like this started as a trickle and in the space of an hour became a flood as the latest viral Twitter trend took off today. It soon became a source of great annoyance to some, as users discovered that Twifficiency auto-tweeted from their accounts without them realising.
So, what was going on? According to the website, “Twifficiency calculates your Twitter efficiency based upon your Twitter activity. This includes how many people you follow, how many people follow you, how often you tweet and how many tweets you read.” We’ve seen many apps like this before and they often become viral hits as users are keen to compare their score to those of their friends.
What made this a bit different was that there wasn’t an obvious enough notification that the service would auto-tweet your Twifficiency score. The app uses Twitter’s secure oAuth method to log you in and Twitter’s standard-issue warning that the app wants the ability to “Access and update” your Twitter account led to speculation from some that the app may be a scam that would at a later date send out spam tweets from your account.
According to the developer, the truth is much more mundane. Reading through his tweets, it appears that 17 year-old James Cunningham had developed the app to learn how oAuth worked. Little did he know that while his back was turned his app would become a controversial viral hit.
On discovering the sudden popularity of Twifficiency, his elation quickly faded and he began explaining himself: “OK. Twifficiency shouldn’t tweet your score automatically :/ Error on my behalf, I was just learning to use oAuth :( Up until now I had always used Basic Auth, and Twifficiency was my way to learn how to use oAuth.”
His efforts to improve the app with a clearer warning and an option for tweeting didn’t come quick enough for one individual who set up a NSFW spoof Twitter account for him (there’s some strong language in there).
Far from being a scammer, Cunningham appears to be a talented coder who a made small mistake that got out of control. As Paul Clarke, a well-known and respected UK Twitter user who has met Cunningham, says:
“Sure, James broke one of the Twitter etiquette rules (not tweeting from someone’s account without explicitly seeking consent). But this is the guy that created a Wolfram-type search demonstrator in just one week. At age 17. And within ten days created another innovative service out of the blue. And has probably done dozens more. I think we can regard his social network capital as firmly in the black, can’t we?”
Welcome to the world of Twitter where a teenager can go from obscurity to being an object of hatred in less than a day. It looks like James will be alright though – he’s clearly a talented individual and now we all his name. Another post in support of him points out he may even get a job out of it.
It will be interesting to see what he does next.
UPDATE: As a general safety tip, it’s always good practice to keep an eye on the Twitter apps you’ve approved. Simply go to your Twitter settings and revoke access to those you don’t use any more.
It’s great that he made interesting application when he studied oAuth. He is really talented but Twifficiency can be the start of user untrust for applications like this which connect into their Twitter profiles.
Dear Twitter, you really let yourself down today. Give James a break.
I don’t think for one second he meant it maliciously and he did all the right things when he found out what was going on, all be it a little bit later than he could have done.
Social media is a mirror and today a lot of people looked pretty ugly.
I appreciate that this may be naive lad making a mistake, but I’m not happy with the way OAuth is being dropped into the debate. Old-style apps asking for your password can make this faux pas just the same. His error was a failing of common sense and possibly a lack of understanding of the Twitter subculture. This, if it is genuine, is of course forgiveable.
For the record: OAuth does not protect app developers abusing the API. It does however mean that badly behaved apps can be more easily disabled, and it means that corrupt developers cannot store your password. I am quite sure that James is not such a person, but OAuth is not a valid excuse.
Notwithstanding all of this, I’m pleased to see how quickly he added a warning, although I would recommend an opt-in approach, ideally.
I agree.. this could just open up the flood gates to anyone wanting to game the system… of course, we all know the risks of allowing anything to access our twitter account, so we can’t throw all the blame on him.
… And still a very smart kid.
OAuth or not, this proves that a lot of people do not really care how and when they allow access. And as @timwhitlock was saying, good thing he was using OAuth
@Andre Leger
I don’t think it’s a lack of caring, but the presence of expectation.
There are plenty of like services which do not auto-tweet, even with OAuth. (Klout/Twadges) Most people who used Twifficiency expected the same non-auto-tweeting behavior. That’s all.
Im not sure how forgiving people are about this type of stuff… i dont think I would be very forgiving it my account had autoposted a tweet like this.
Makes me wonder how many people would have signed in using Basic Auth…
While on the subject, Twitter it was planning to turn off Basic Auth yesterday (http://dev.twitter.com/pages/oauth_faq), but I just tried and it still works.
s/alright/all right/g :)
Whatever. It SAYS on the authentication before you authenticate that it WILL auto-tweet the score.
All I did was keep +R on my twitter page…once I saw it pop up.. i clicked delete and pressed enter to confirm. None of my followers saw it.
Poor development sure…not RTFM is your own fault. Sorry you gave permission for a service to post to your twitter stream and got pissed off when it did?
Good on him for teaching us all a lesson. Oh and did you go to http://twitter.com/settings/connections and revoke access from the guy once you were done using the service? If not, shame on you again. He can use that OAuth data to post to your account as much as he wants now that you’ve granted access.
You’re dead on mate! Couldn’t have said it better myself. People should read more carefully and think about possible consequences themselves.
I have to say I just came across his site from a friend’s post on Twitter. When I went to the site, it looked a little suspicious so I checked his Twitter account from the link on the landing page, checked a few of his posts and found this article (among others). People shouldn’t complain later if they blindly agree to things on the web. Give the kid a break and take a smidge of responsibility people.
As a general safety tip, it would be for the best not to link to it :D
Best thing learnt is to think twice before we allow any app conect with our Twitter today. James’ Twifficiency was harmless, but it showed us a door that WE usually left open. Like inviting vampires, we’re the ones to blame.
i’m not sure how this service (which doesn’t explain the number) is “innovative.” spammy, yes, innovative? hardly.
Haha… people are pissed off by this kid;s application but the fact is, it is their fault, they approved his apps and that’s it. You gave the apps your permission to tweet your score. Now, tell me, it is his fault that you didn’t read well the instructions or its just plain dumbness on your part.
At least now he’s famous LOL! Maybe someday he would also be one of the richest person because of developing something. If he didn’t commit a mistake, the world would not have known him.
Delete the tweet, cancel the authorisation, get on with your life, its not a big deal!
Would be intersting to see how your twifficiency is calculated, I got 44% BTW, and then deleted the tweet.
It’s nice to know he wasn’t TRYING to be evil :)
Oh no a developer made a mistake!!!! Someone send out a press release as this has never happened before!!!!!
Social media can turn anyone into a hero in a matter of minutes. @jgwentworth