Monday, September 26, 2011

Botamba Owns Your Twitter Account

Updated
Scroll to the bottom for the updates.


Botamba.com is a blog aggregator and it used to allow creation of users and then each user would link his/her blog(s).

I checked yesterday after a friend mentioned it redirects to twitter now, and it seems like they did changed their methodology to requiring Twitter and it asks to allow their application to access your Twitter account!!! It was based off a typical user/pass authentication previously.

What's worse is that their application gets the following permissions:
  • Read tweets from your timeline (even if it's private)
  • See who you follow, and follow new people
  • Update your profile
  • Post tweets for you
It can not do the following:
  • Access your direct messages
  • See your Twitter password

Why does a blog aggregator needs access to my Twitter account, see my timeline, post for me, update my profile & other privileges?! That's a massive privacy invasion, even if it provides certain ease of use for some users (to use their existing accounts).

If you did not know about this, and you've already allowed Botamba to access your account, you can deauthorize it by going to your profile settings, applications and deauhorize it from there.


So what could Botamba do?
They can get your tweets and follower list and sell that information to advertisers (currently sponsored by Zain). Advertisers can use the info to send you targeted advertisement by reading your tweets and seeing where you have been or what you liked and talked to with your friends.

How can I tell if Botamba posted on my timeline?
Some Twitter clients show the name of the program that posted on the timeline. In this picture you can see under the tweet the line "from TweetDeck." That's the name of the program and in case of Botamba, you'll see the line "from Botamba."

Solution?
Ask Botamba to NOT use Twitter for authentication & not invade your privacy (even if they *promise* they wouldn't), and ask them to put back the old user registration system, or use OpenID instead.

I'm waiting for a comment from Botamba on this issue to see what they have to say about this.

Update:
- Oct 4th: Botamba has deployed a user/pass authentication system. You can link your Twitter account but it gets read-only access to your timeline
- Oct 5th: Botamba's valid reasoning in using Twitter account-linking: If you own a public Twitter account that you'd like to be mentioned in Botamba's tweets/posts, you can link it to your account (read-only mode & only reads your public timeline). If you have a private account, you wouldn't want it to be public & tweet it, so you won't add it.

In the end, I'd like to thank Botamba for being responsive and understanding to the sensitivity of users' privacy!

14 comments:

Botamba said...

Thank you for contacting me and telling me about the post. You are absolutely correct on the above except that we don't sell or even give anyone any information related to the users.
When I started the twitter authentication I thought I could make a small twitter client inside botamba that a logged in user can use to send tweets. But I didn't start developing. Then I realized that the whole twitter authentication was a mistake. People were confused and some didn't want to add their twitter information.
I have worked for over a month to implement botamba's own user authentication system which took too long because it consists of all the authentication stuff that was handled by twitter. such as login, change password, sign up, ...etc.
I will release the new version soon but unfortunately that means removing all the user base (if you have any suggestion on how to convert the twitter users to botamba's users I will be glad to listen).
You can also revoke the access from botamba by removing it from the applications section on twitter but then you will not be able to log on botamba again.

MBH said...

Botamba,
Thanks for replying.

From this post, I see that you did have user based authentication in 2010 before using Twitter. So why did you change it?

You could have simply provided a plugin to allow users to link their twitter account to their user, if they wanted. (even if they linked it in that case, your app would still be able to access their timelines).

If you don't have everyone's emails, you'll have to force them to re-register, because the Twitter API doesn't provide you with their email.

Botamba said...

The site was running on Windows Server using ASP .NET. Now it is running on linux server on django. (I had to remake the whole site). I used twitter oauth because many people wanted to use the botamba twitter service (tweeting posts on twitter) but there was no automated way to add the twitter users in the old site and with the manual way I could not verify that the twitter account belongs to the user. But it passed my mind that some people don't want to use twitter or have concern about their privacy.

I will make sure to have read only access in the next version. I am already done with the function that links a twitter account to the user's account. And users will be able to add/remove many twitter accounts (And revoking the access will not change anything)

Oh, and the next version will have arabic localization :)

MBH said...

Botamba,
When you say users wanted to use Botamba Twitter service, how did they want to use it? Did they expect Botamba to retweet their posts?
If that's the case, then you could RT whatever you want using your account by only reading their blog feeds. You don't need access to their Twitter accounts!

I still don't see why you need authorization to their Twitter accounts.

Botamba said...

When I tweet a blog post I have the option to mention the blog owner's twitter account. I didn't want users to give me false twitter names, so I used twitters authentication to add the name to the blog. (As a verification) also, I thought of integrating twitter's services in botamba but didn't yet.

MBH said...

Botamba, Now I understand your reason behind this, but you've invaded people's privacy for that process.

Why not generate an "activation code" and have the user message it to your Twitter account from theirs instead?

This way you won't need access to their accounts, you won't need to follow each other.

Owners of private accounts can switch to public, message you, then switch to private, or add you as a follower.

This also saves you the headache of keeping Twitter's authentication up to date, as they do change their auth methods once in a while.

MBH said...

Botamba,
I forgot to add that using the verification code method, users would be able to add & verify multiple Twitter accounts, too!

Maybe then you could have an option for them to choose which one to mention by default.

Botamba said...

The new authentication system is live. Why don't you give it a try :)

MBH said...

Botamba,

Great work! but I still see that you require authorization to the Twitter account.

Why would you even need read access from the timeline?

Botamba said...

Have you tried the twitter API?

MBH said...

I have, and what I don't understand is why you want access to the account itself.

You said that you wanted to verify that the user is the actual owner of the Twitter account, correct?
I explained that you could achieve that without access to the user's account.

Quoting my previous comment:
"Why not generate an "activation code" and have the user message it to your Twitter account from theirs instead?

This way you won't need access to their accounts, you won't need to follow each other.

Owners of private accounts can switch to public, message you, then switch to private, or add you as a follower.

This also saves you the headache of keeping Twitter's authentication up to date, as they do change their auth methods once in a while."

Botamba said...

I think it is easier to just let the user log to his/her account instead of asking the user to send a message or status update. Since the user might already be logged and its a matter of one click to approve the access. The read access is OK because it does not give botamba more permission than what is already available (Public timeline and followers). And if the account is a private then the user would not want it to be mentioned next to his/her posts on twitter.

MBH said...

Quoting you: "The read access is OK because it does not give botamba more permission than what is already available (Public timeline and followers). And if the account is a private then the user would not want it to be mentioned next to his/her posts on twitter."

This is a very valid assumption & thinking :)

Thank you for responding and taking proper action into preserving the privacy of the users!

Botamba said...

:)