“Twitter” Petition Demanding Equal iPhone 3GS Pricing For All Gains Steam – But Signing May Be A Bad Idea
A pair of online Twitter-based petitions to compel O2 and AT&T to offer similar pricing for all iPhone 3GS purchases (instead of more expensive pricing for those “not eligible” for a discount) have been created (O2, AT&T). However, there is a concern: The site collecting the online signatures (which is not run by Twitter) asks you to provide your Twitter username and password.
According to the site’s Privacy Policy, the credentials are required to “verify that “signatures” collected are genuine”. The policy goes on to state that the passwords will not be stored or provided to a third party. However, I cannot fathom a reason why this site would require these credentials — after all, I could simply create several Twitter accounts and “sign” a petition with them – so it doesn’t guarantee a “one man, one vote” ideal. Further, the site could simply monitor and parse tweets with a given tag like “#twitition28482″ or something similar — and that would ensure that the Twitter account is genuine.
Unless (and until) someone from the site offers a credible reason why someone should hand over their Twitter login, I recommend avoiding the temptation to sign these petitions (or any other at twitition.com).
That's why I didn't sign it – not handing out my twitter password… sorry!
I never even noticed it until Joe's post, but fully agree with not signing – way too many Twitter hacks lately …
Thank you for writing this common sense blog. I twittered this to my friends. Anyone who did give out their twitter password should be sure to change it asap – as well as any other accounts that may share the same login credentials and password (email comes to mind as an immediate risk if you share the same password).
Is it not done so it can tweet from your account that you have signed and post a link to the petition?
You could always do that with a simple link just like the "Tweet this" link we have on each article here.
@iph0ne: You could always do that with a simple link just like the "Tweet this" link we have on each article here.
My agency runs the site and I can assure you we don't store passwords and the only thing we do is tweet the petition. We tried to let people just tweet the link without asking for the password but it's too resource intensive to scrape Twitter every second just to see if somebody has tweeted something.
We are reputable – check out my blog to see what we do.
@Patrick Altoft: Perhaps you should speak to the gentleman behind http://keynotetweets.com – his site parsed (and displayed) all of the #wwdc tweets and didn't seem to have a problem.
Again, asking someone for their login credentials, regardless of how innocent your motives may be, is not something that as an IT security type I can ever really endorse.
^^^^ Patrick's site is:
http://www.blogstorm.co.uk
Does look legit, from just a very quick look – make your own judgements