Another Twitter app launched itself to momentary viral stardom this morning by using a practice that seems to irritate more-or-less everyone. I refer to the mandatory auto-tweet posted from your own account saying something like “I just scored X% using suchandsuch app” – you know the type. This particular app was the sneaky, (or misguided) type that gives no warning, and no way of opting out.
Anyhow, this isn’t the first time I’ve been annoyed by auto-tweeting, I’ve written about it before. It’s happened more times than I care to remember, so I won’t go into the details of today’s particular example, except to say that its author has [sort of] apologised. It’s already been blogged anyway if you’re curious.
What I will harp on about though, is the fact that this is nothing short of spam – Twitter needs to agree, and needs to make it easier to report badly behaved apps.
Best practice guidelines for auto-tweeting
Best practice in my opinion is to at the very least provide a clear statement of intent, that by authorizing this application it will tweet from your account immediately. At best this should be an opt-in mechanic, or an after-the-fact sharing mechanic. Maintaining moral integrity when your app needs traction may be frustrating, but a good viral encourages users to spread the message because they want to; i.e. passing the message on provides value.
I checked Twitter’s growing API terms today to see if there are any guidelines around this specific issue. I couldn’t find anything. There are plenty of guidelines around automation, but nothing about moral use of the statuses/update method when used to post a status update via another user’s account. I believe the use of this method should insist that if it is not invoked directly and knowingly by the owner of the account, that the owner must at least be been warned, and ideally given the opportunity to opt-out.
I posted a query about this on Quora to see if anyone else could find anything in black and white about this.
Defining Twitter spam
Twitter’s definition of spam doesn’t include this practice either. An application auto-tweeting without consent, or warning is using other people’s accounts to distribute bulk messages without their permission, and consequently without the recipients’ permission. That’s about as close to a definition of spam as I think you need to get.
However, despite Twitter’s maturing terms of service, they doesn’t seem to think the same. They do say that their definition of spam “will continue to evolve as [they] respond to new tactics”, but this tactic is not in the least bit new.
If I were a cynic (cough), I may even suggest that identifying more activity as spam would not be in the company’s interest … statistically speaking.
Reporting applications
Twitter provide a way to report spam, (or you can do it through TwitBlock :D) – but this is really for individual user accounts; not all applications have a corresponding Twitter account, and the registered author may just be doing as they’re told by a client, or employer. There is no specific way to report an application for misbehaviour. You can complain by way of a support ticket, but that’s not quite good enough. Facebook make reporting an application much easier. All applications have profile pages one click away from the Connect dialogue, and a report button, (albeit a discreet one) is available there. I want to see mandatory application profiles for Twitter, with clearer flagging and revoking facilities.
Write access and revocation
You can’t discuss this topic for long without the old issue of opt-in write access being raised. i.e. Should users be able to choose what privileges they grant an application? Personally, I think it should be made visually clearer (see Facebook), but if an app requires write access to function, I think it is reasonable that the user cannot concoct their own privilege cocktail. i.e. “This app requires write access to perform its primary function; if you don’t trust us, don’t use it”.
OAuth revocation is too well hidden on Twitter too. It may only be two clicks away from any part of the main UI, but most people don’t know it’s there. How do I know this? Firstly, by speaking to people who aren’t all developers, and secondly – of the 43,500 users who have authenticated on TwitBlock, only about a thousand have revoked their ‘connection’, that’s less than 3%.
While both these issues are important and have room for improvement, I don’t believe they alone can solve the problem of applications being spammy. That requires a better definition of what it means to be spammy, and a better way to report those applications.