Twitter Authentication Upgrade and Native URL Shortening t.co
[ by Andy ]
Leave a Comment | This entry was posted on September 2nd 2010
What is OAuth?
OAuth is, as many of you have most likely already read from Twitters user announcement (sent to your inbox):
– OAuth is a technology that enables applications to access Twitter on your behalf with your approval without asking you directly for your password.
– Desktop and mobile applications may still ask for your password once, but after that request, they are required to use OAuth in order to access your timeline or allow you to tweet.
As you most likely also read, what this means to Twitter users is:
– Applications are no longer allowed to store your password.
– If you change your password, the applications will continue to work.
– Some applications you have been using may require you to reauthorize them or may stop functioning at the time of this change.
– All applications you have authorized will be listed at http://twitter.com/settings/connections.
– You can revoke access to any application at any time from the list.
This is a welcome advancement in Twitter account security. Third-party applications not storing your user account password is obviously a great thing, with less outlets for potential leakage of this secure information.
Coupled with that, the ability to see exactly which Twitter ‘applications’ you have granted access to your account is a step in the right direction. Many users, especially in the early days of Twitter, rather unknowingly granted a multitude of applications access to their Twitter account, only to forget about them and never use again. That account information still very much exists/existed in the databases of these third-party apps.
So with this new system users will be able to access an ‘iTunes machine authorization’ like functionality, within Twitter, whereby third-party Twitter applications can be authorized/de-authorized to access a users Twitter account.
It goes without saying that caution should still be taken when authorizing a third-party Twitter application to access your account. But now users have a lot more control to remove themselves from the application should they want to discontinue usage. ‘Opting out’ of some of these third-party apps in the past that had been granted access was less then straight forward, so this goes along way to rectifying that.
Can’t Log in to my Twitter applications..
Consensus here at Visual Blaze is the OAuth upgrade is definitely a good thing. Any Web system that allows for third-party application developers to really get under the hood and create cool apps that add to a software services core functionality is awesome. So any change that helps make this more secure, and also give users more confidence in allowing (legitimate) apps to communicate with their Twitter account is great news. However, notifying users about the change 2 days after it happens, on a change that caused many applications to stop being able to authenticate users without adjusting their accounts, was a bit of a short fall in customer relations. Sure if you follow @twitterapi you would have known about OAuth months ago, but that isn’t the regular user.
In short, t.co is Twitters own URL shortening service. Just like the services of bit.ly, budURL etc, t.co is a service for making URLs shorter. This new service will be coming in the next few weeks according to the Twitter development team.
Twitters own explanation of t.co reads:
t.co is our link wrapping service, which wraps links in Tweets with a new, simplified link. Wrapped links are displayed in a way that is easier to read, with the actual domain and part of the URL showing, so that you know what you are clicking on. When you click on a wrapped link, your request will pass through the Twitter service to check if the destination site is known to contain malware, and we then will forward you on to the destination URL. All of that should happen in an instant.
t.co Replaces bit.ly and Others?
t.co won’t ‘replace’ bit.ly and all the other URL shortening services per say, but it will have involvement in ALL URL shorten done within Twitter. Any link inserted into tweets will be wrapped by this service. So even if you shorten a URL at bit.ly first, then insert, t.co will still ‘wrap’ its own url around that link.
This does mean you can still use other URL shortening services like bit.ly, and the metrics and tracking that accompany these services will still work, but you will in essence be shortening your URL twice.
Reduced Obscurity and security
The positive implications of t.co are the reduced ‘obscurity’ of links. Most third-party Link shortening services made it very difficult (and in most cases impossible bar a few) to know anything about where you were going to end up when clicking a shortened link in a tweet. This obviously has security implications with malicious use.
Twitters shortening service t.co will add a ‘security layer’ if you will, which will better track and ‘tag’ malicious links. Links that have been reported as malicious will cause Twitter to warn the user of the potential for this link to be malicious and supply the option to view it, or navigate away from it.
Link characters wrapped with t.co are NOT included in the 140-character limit
Links wrapped by t.co won’t count towards your 140 character limit. Boom.
Development and Advancement Opportunities with more Data
Twitter will have a large amount of data about what people are doing/clicking on and viewing. This could provide new opportunities for application developers to create services, such as recommendation systems etc.
Potential Negative Implications
Development and Advancement Opportunities with more Data
Wait? wasn’t this just a positive implication? Remember the lessons of Spiderman ‘with great power comes great responsibility..’. Its the new-age old adage of 21st century tech. Twitter having a lot of information about you, and what you do online could have negative connotations.
Single point of Failure
One URL shortening service gateway, many links. As speculated upon by MG Siegler of TechCrunch back in June, Twitter has become known for its somewhat frequent downtime and ‘fail whale’ showings. If these kinds of stability issues creep into t.co, this could have serious implications for the availability of external media via t.co linkage.
Link Rot elsewhere?
t.co could be the axe that unceremoniously ends the life of many third-party URL shortening services. As touched upon in other Visual Blaze blog articles, the discontinuation of a URL shortening service, and what subsequently happens to links it has created, is always a concern for the health of Web linkage. t.co ‘could’ be the instigator of a large amount of ‘link rot’ on the Web.
On the whole, OAuth provides some necessary and positive advancement of Twitter account security. t.co also adds some positive advancement in link security and functional advancement, but also yields concerns about stability of links. Only time will tell how things will play out. Fingers crossed!
Have any feelings positive/negative about the new Twitter upgrades? Have any information to add? Love to hear your thoughts so post them in the comments form below.