Christopher S. Penn – Marketing AI Keynote Speaker

Are you ready for the Twitpocalypse?

Written by

Christopher S Penn

in

,
Warning: this content is older than 365 days. It may be out of date and no longer relevant.

UPDATED: Twitpocalypse postponed to August 31, 2010

Original:

Are you ready for the Twitpocalypse?

WhaleOn June 30, 2010, Twitter will change forever. For many of you, your favorite widgets, sites, clients, and applications will shatter. Twitter will simply stop working for you in the way you’re used to.

Why?

Twitter announced a really, really long time ago that on June 30, 2010, they’re ending support for basic HTTP authentication, and requiring that all applications that access Twitter via the API change to OAuth authentication. This is being done for security purposes, to make Twitter more secure and accounts less vulnerable to hijacking.

How do you know if you’ll be affected?

Simple. Any application, site, widget, etc. that requires you to type in your Twitter username and password will stop working once Twitter flips the switch. This includes software like popular desktop clients, iPhone apps, and services like TwitPic and many others.

Any application, site, widget, etc. that requires you to “authorize” an application will continue to work as intended.

What can you do if you will be affected?

Plan for a short time to use the Twitter web site until your favorite tools convert over to OAuth if they’re not already on OAuth. Contact the manufacturers of your favorite tools to let them know to switch over to OAuth if they still ask you to type in a username and password today. Find alternatives to your favorites on sites like OneForty.com by searching for applications which specifically use OAuth. If you’re highly dependent on an application or service that uses Basic Authentication and there’s no sign it’ll be ready for the switchover, let your friends and followers know where to find you besides Twitter.

Ultimately, the switch to OAuth is an important one and a good one, but there will definitely be some pain along the way. Be ready now.

Did you enjoy this blog post? If so, please subscribe right now!

Are you ready for the Twitpocalypse? 1 Are you ready for the Twitpocalypse? 2 Are you ready for the Twitpocalypse? 3

Get this and other great articles from the source at www.ChristopherSPenn.com! Want to take your conference or event to the next level? Book me to speak and get the same quality information on stage as you do on this blog.

Comments

24 responses to “Are you ready for the Twitpocalypse?”

  1. Motownmutt Avatar
    Motownmutt

    love the stuffed whale! good post. (I think twitpic is already oauth.)

    Reply
  2. Justin Lukasavige Avatar
    Justin Lukasavige

    Does anyone remember how to use the Twitter website? Might be time for a refresher.

    Reply
  3. Motownmutt Avatar
    Motownmutt

    love the stuffed whale! good post. (I think twitpic is already oauth.)

    Reply
  4. Justin Lukasavige Avatar
    Justin Lukasavige

    Does anyone remember how to use the Twitter website? Might be time for a refresher.

    Reply
  5. jlbraaten Avatar
    jlbraaten

    Finally a good reason to jettison half the crummy Twitter companion apps out there. Just the idea of building your business on a third party API for Twitter makes me cringe. There are no guarantees that your app-breaking change is just a Twitter announcement away.

    Reply
  6. Dez Avatar
    Dez

    Twitpic switched over to OAuth a few weeks after Twitter made the announcement. I agree with jbraaten about half of the crummy apps starting to fail.

    What is going to be more interesting is the collaboration between apps. My Twitdroid no longer works with Twitpic because of separate OAuth tokens required for using both applications. Twitpic holds your oauth credentials in a 2-week cookie in your browser which makes it difficult to transfer that token to another application.

    What we will start seeing is more apps like Hootsuite that require you to have an account with them (to verify your identity) so that they have an account to tie a Twitter OAuth cookie to. I feel that twitpic should have moved in this direction since it seems a lot of apps that normally work with it no longer function correctly or at all.

    Reply
  7. MeerkatMac Avatar
    MeerkatMac

    Actually, what an app asks for in terms of username and password is irrelevant and has nothing to do with its Twitter OAuth compliance status. Apps may store this and other user information as a convenience method so the user doesn't have to reenter them if they're ever needed again. Most Twitter client apps are already OAuth compliant.

    The real problem is with so-called “Twitter Ecosystem Partners”, specifically media hosting services. While TwitPic and yFrog are two that have implemented OAuth, the state of this technology has caused them to forfeit their “Upload & Post” capabilities. They will now only be able to “Host” your media for you, not post for you as well. This will likely be a huge disappointment for hosting services such as Posterous, who rely on being able to post for their clients as part of their value proposition.

    One last thing, OAuth has absolutely nothing to do with enhancing user security. If anything, it makes it worse by sending users to enter their credentials over the open Internet with no certificate security exchanged with the sites requesting their credentials (they could be anybody, including phishers). What OAuth DOES is allow Twitter to exchange your data with other services without having to exchange your username & password, and it allows Twitter and others to have absolute control over what applications and users can access their resources at any given point in time. In other words, with OAuth, Twitter can now block you and/or your app from accessing Twitter anytime they want. They could only block individual users with the Basic Auth currently in place.

    Reply
  8. Jason Evanish Avatar
    Jason Evanish

    Chris,

    Thanks for pointing this key information out and mention us. Over here at oneforty.com, we're starting a tag system on our site; anything tagged “oauth” is safe (see here: http://oneforty.com/tag/oauth).

    Anyone can tag, so if you're a user and know that the app is ok, feel free to add the tag. We'll be doing a lot of it ourselves over the next 2 weeks, but with thousands of apps it will take awhile, so any help is appreciated!

    Thanks,
    Jason

    Reply
  9. David Beckemeyer Avatar
    David Beckemeyer

    For small scripts and such where OAuth is too much hassle or impossible, there's life after Twitpocalypse at http://supertweet.net – Basic Auth to OAuth proxy service – free to use.

    Reply
  10. jlbraaten Avatar
    jlbraaten

    Finally a good reason to jettison half the crummy Twitter companion apps out there. Just the idea of building your business on a third party API for Twitter makes me cringe. There are no guarantees that your app-breaking change is just a Twitter announcement away.

    Reply
  11. Dez Avatar
    Dez

    Twitpic switched over to OAuth a few weeks after Twitter made the announcement. I agree with jbraaten about half of the crummy apps starting to fail.

    What is going to be more interesting is the collaboration between apps. My Twitdroid no longer works with Twitpic because of separate OAuth tokens required for using both applications. Twitpic holds your oauth credentials in a 2-week cookie in your browser which makes it difficult to transfer that token to another application.

    What we will start seeing is more apps like Hootsuite that require you to have an account with them (to verify your identity) so that they have an account to tie a Twitter OAuth cookie to. I feel that twitpic should have moved in this direction since it seems a lot of apps that normally work with it no longer function correctly or at all.

    Reply
  12. MeerkatMac Avatar
    MeerkatMac

    Actually, what an app asks for in terms of username and password is irrelevant and has nothing to do with its Twitter OAuth compliance status. Apps may store this and other user information as a convenience method so the user doesn't have to reenter them if they're ever needed again. Most Twitter client apps are already OAuth compliant.

    The real problem is with so-called “Twitter Ecosystem Partners”, specifically media hosting services. While TwitPic and yFrog are two that have implemented OAuth, the state of this technology has caused them to forfeit their “Upload & Post” capabilities. They will now only be able to “Host” your media for you, not post for you as well. This will likely be a huge disappointment for hosting services such as Posterous, who rely on being able to post for their clients as part of their value proposition.

    One last thing, OAuth has absolutely nothing to do with enhancing user security. If anything, it makes it worse by sending users to enter their credentials over the open Internet with no certificate security exchanged with the sites requesting their credentials (they could be anybody, including phishers). What OAuth DOES is allow Twitter to exchange your data with other services without having to exchange your username & password, and it allows Twitter and others to have absolute control over what applications and users can access their resources at any given point in time. In other words, with OAuth, Twitter can now block you and/or your app from accessing Twitter anytime they want. They could only block individual users with the Basic Auth currently in place.

    Reply
  13. Jason Evanish Avatar
    Jason Evanish

    Chris,

    Thanks for pointing this key information out and mention us. Over here at oneforty.com, we're starting a tag system on our site; anything tagged “oauth” is safe (see here: http://oneforty.com/tag/oauth).

    Anyone can tag, so if you're a user and know that the app is ok, feel free to add the tag. We'll be doing a lot of it ourselves over the next 2 weeks, but with thousands of apps it will take awhile, so any help is appreciated!

    Thanks,
    Jason

    Reply
  14. David Beckemeyer Avatar
    David Beckemeyer

    For small scripts and such where OAuth is too much hassle or impossible, there's life after Twitpocalypse at http://supertweet.net – Basic Auth to OAuth proxy service – free to use.

    Reply
  15. The Marketing Over Coffee Clothing Line | Marketing Over Coffee Marketing Podcast

    […] Twitpocalypse is […]

    Reply
  16. joshuaguffey Avatar
    joshuaguffey

    This is a good change, but what's funny is that even the Twitter owned Twitter for iPhone app works this way. Or perhaps I simply haven't upgraded mine yet. Upgrades are exhausting…sheesh! ;]

    @JoshuaGuffey

    Reply
  17. joshuaguffey Avatar
    joshuaguffey

    PS. Nice whale!

    Reply
  18. joshuaguffey Avatar
    joshuaguffey

    This is a good change, but what's funny is that even the Twitter owned Twitter for iPhone app works this way. Or perhaps I simply haven't upgraded mine yet. Upgrades are exhausting…sheesh! ;]

    @JoshuaGuffey

    Reply
  19. joshuaguffey Avatar
    joshuaguffey

    PS. Nice whale!

    Reply
  20. David Beckemeyer Avatar
    David Beckemeyer

    @Tatiani, I'm not sure what condition you're referring to. If a user grants access to a service like TwitPic or yFrog via OAuth, that service can support “Upload & Post” capabilities if it wishes to. For example, Twitmart.org does this both via the website itself and via an API (say if a third-party client wanted to post and upload via Tiwtmart), see: http://twitmart.org/about/api

    Reply
  21. David Beckemeyer Avatar
    David Beckemeyer

    @Tatiani, I'm not sure what condition you're referring to. If a user grants access to a service like TwitPic or yFrog via OAuth, that service can support “Upload & Post” capabilities if it wishes to. For example, Twitmart.org does this both via the website itself and via an API (say if a third-party client wanted to post and upload via Tiwtmart), see: http://twitmart.org/about/api

    Reply
  22. David Beckemeyer Avatar
    David Beckemeyer

    @Tatiani, I'm not sure what condition you're referring to. If a user grants access to a service like TwitPic or yFrog via OAuth, that service can support “Upload & Post” capabilities if it wishes to. For example, Twitmart.org does this both via the website itself and via an API (say if a third-party client wanted to post and upload via Tiwtmart), see: http://twitmart.org/about/api

    Reply
  23. Twitpocalypse postponed due to vuvuzelas | Christopher S. Penn’s Awaken Your Superhero

    […] grab your vuvuzela and celebrate – you have another month or so before the Twitpocalypse. Did you enjoy this blog post? If so, please subscribe right […]

    Reply
  24. professional web design Avatar
    professional web design

    long time. I agree with you. great post! The last thing people want to have to do is spend time searching.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

More posts

Pin It on Pinterest

Shares
Share This