On Twply and giving out your Twitter password (updated)
It's 2009 and people are still, well, naive. Just read a post by Robert Scoble about how Twply - apparently a service that sends replies you get at Twitter to your email - is using usernames and passwords for its users to send twitter messages with the users' account (and of course, keeping that data to do as they please in the future). There's 3 parties to blame about this whole thing:
2) Twitter: because they've been sitting on their OAuth implementation for over a year now. Essentially, it would give users a way to provide external services with temporary access to the account, without actually giving the entire account away. This would provide a safe way for services to communicate without the user actually being in jeopardy. Twitter folks, what the hell?
3) Twply: because they're violating trust and being shady. Interestingly, someone asked them (over Twitter, no less) if the passwords people were giving were encrypted on Twply's service to which they replied " yes they are". Well, they can't be or they wouldn't be sending them to twitter, would they? 1
The subject of trusting web applications and services with your data is complex and tricky. But there's definitely apps out there that make it really clear that they're shady. Problem is, naive users (looking for the latest bling because they see pundits mention the service) will still be lured in.###Footer notes