Breaches Twitter TOS (OAuth twitter authentication uses embedded browser)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Gwibber |
Invalid
|
Undecided
|
Ken VanDine |
Bug Description
Just wanted to bring to your attention a couple of comments regarding the new twitter authentication:
"The problem with the current implementation is that it completely disregards the advantage of OAuth, namely, that the user does not have to trust the application to not steal his/her password. For proper OAuth support, I suppose the browser should be opened with the correct URL (which I'll admit is not ideal) that the user can check." [1]
This also breaches the TOS defined by Twitter:
(c) Your application should not:
...
o replicate, frame, or mirror the Twitter website or its design."
Twitter wants all authorizations to be passed through a "trusted" browser, such as Firefox or Chrome, or Safari on the iPhone. Gwibber (or, in this case, the Ubuntu application) will likely be suspended.
[2]
[1] http://
[2] http://
security vulnerability: | yes → no |
visibility: | private → public |
This is not a duplicate of bug #627565 - more a bug in the current fix forbug #627565