Filttr Blog  who are we?

Twitter Security Ballyhoo

  • 11:36:18 am on January 6, 2009 | # | 3

    The latest turn of events in the sphere has been a rise in security concerns amongst users about giving their credentials to third party applications so that they can interact with the API. Especially in light of what happened with Twply, and the very recent phishing attack on the community, we can understand if you have second thoughts about giving up your Twitter username and password. While we can’t speak for the entire developer community, as one of those third party services, we believe that it is our responsibility to explain to our users the different measures and steps we’ve taken to make sure your details are safe with us.

    We are not “just another app”

    We’ve worked hard to create Filttr. If you see the extent of the features we offer, you will see that we cannot be in this for the short run. A smart filtering engine, a desktop application, an awesome web interface are just the beginning of what Filttr is about. The word ‘app’ doesn’t do us justice. We’re a full fledged service, based off Twitter. Even though in closed beta, we’ve received an amazing response from everyone, and we are going to continue building upon features to give people the best Twitter experience since Twitter itself.

    We really do need your credentials

    All these features need your authentication, so that we have full access to your data, since we make use of all the different data streams Twitter allows. However, we use the data from Twitter on a ‘read-only’ basis. Which means that unless you explicitly ask us to, we don’t send any data to Twitter on your behalf. And here’s the cool part – We don’t actually store anything on our end. Don’t believe us? Restart your browser and try and see your timeline from Filttr. See? That’s because your credentials don’t exist the moment you close your browser. All the data we store, is what FLAI has managed to surmise about you, and the priorities and keywords that you enter.

    We would love for you to trust us with your details, because like we say on our sign-up page as well, we are Twitter users ourselves. We understand the value and concerns a user might have. You can change your password right now if you’re still not sure. Anything that needed your password will stop working (like IM notifications), and you’ll have to change it from the Settings page.

    Our security measures rock

    Multiple points of interaction requires multiple points of securing. That’s why anywhere that requires you to send data, is sent over HTTPS. Ultimately, your security depends on the network you’re connected to, but we make sure that there are no lapses on our end. While we run very strict checks on our end to make sure every feature or aspect of Filttr is secure before the public gets to see or use it, we have an on call team that fixes security bugs as soon as they’re found and reported. So if you find something we might have missed, we urge you to let us know as soon as you can so that we can fix it.

    Twitter is working on improved and more secure ways of interacting with the API, and as always, we will implement them as soon as we can get our hands on them.

    So, that’s all we have to say about this. This is still the place to stay up-to-date with what’s happening with Filttr, although you can follow us on Twitter to let the news come to you. Any doubts or queries can always be aimed at us directly (we are @aditya and @swarooph), at @filttr, or our feedback page. We read and respond to everything.

    So, hoping that we’ve managed to put you at ease about using Filttr, and how the gears turn around here. Keep rockin’ the new year! Happy filtt’ring!

  • It all comes down to trust.

    I am comfortable here because I trust @aditya. If this site were run by randoms, though, there’s a good chance I’d wait for OAuth (from Twitter).

  • One factor for trusting a service should be the features offered – the more complicated and number of features, the more you can trust that it isn’t a scam.

    Another should be the reputation of the people involved. Ofcourse, nothing beats knowing someone on the inside :) We just hope the raised voices in the sphere haven’t turned people away from apps indefinitely, otherwise it’ll be a big blow to Twitter which, regardless of being popular, is still a small company with limited resources.

  • Now Twitter’s own internal systems have been hacked, along with the accounts of Twitter users including celebrities:

    The initial point of entry wasn’t a gap in Twitter’s security. The hacker(s) gained access through a Google Apps account. The worry with a Google account is, it’s web-based and therefore only as secure as the rest of the Internet. If yuor Google account is compromised and you use Google Docs in a serious commercial setting, your Twitter account will be the least of your worries.