My Twitter wish list for developers
Twitter is now turning into a ubiquitous social platform. It’s everywhere. It has already achieved a lot and still has a lot of potential. That said, there is still a lot of focus spread around the system and not much love and attention.
I wish a developer on the twitter platform could address the following:
- Ability to share development tools with a team. At the moment, only a single twitter account can ‘own’ and manage a twitter application, this means we have to share login credentials with team members who need to use it.
- Unable to use https urls with a card. This is a bit of a strange one, but the form fields all have ‘http’ prefixed, and this cannot be removed. So if you’re website it https only (as more and more are these days), then you’re out of luck.
- oAuth cannot specify scopes. Different apps should request different privileges as they need them. Twitter has a blanket policy were an app can read everything or nothing. So if an app needs to read just your timeline, then it can read everything. There is no granular control over data privacy.
- Cannot use two factor without than one account on the same phone number. It is common for a brand to have more than one twitter account (one for customer support, one for announcements etc) - but unless you have a bunch of different connected phone numbers - you can’t secure these accounts using two-factor authentication. This leaves all your accounts vulnerable. This in itself explains why such high-profile accounts have fallen victim to malicious activity because the legitimate account owners were unable to protect themselves.
- Stricter terms to stop spam harvesting and friends from sucking up the user details of another. There are loads of profile harvesting applications out there that use Twitters public API to make fake accounts on other websites. There needs to be a clear and accessible route for these applications to be reported. For example, if I find that a website owner has harvested my profile and setup another profile on their own website with my details - then I should be able to report them to Twitter and have the connecting application banned. The terms of service should at least be strict and enforceable that applications should not be allowed to just create profile pages outside the users control. It’s spammy behavior.
- There is no way to know an application has access your account. This is in contract to Facebooks platform which displays when the application last downloaded profile data.
- A way for users to block applications. There is no way for a user to block a malicious application (even if they haven’t authorized it). Any registered application can use the twitter API do download public details about my profile. There is no way for a user to opt-out of this system, or indeed block applications on app-by-app basis, which can all be done on Facebooks application platform.
I hope these changes are one day made. The twitter developers application management portal indeed hasn’t been modified or changed in anyway since it was created several years ago, so it hasn't received any attention. Twitter seems to want to focus on being a data mining and intelligence company first, sadly putting developer tooling and privacy beyond second place.