In the last few days, there have been a number of stories about Twitterank and the way it asks you for your Twitter username and password in order to calculate something it calls “PageRank for Twitter”.
Image by ecstaticist via Flickr
The issue here, as you might have guessed already, is that the service requires you to enter a password and is in this way essentially a phishing site.
As a solution to this problem, everyone in the debate is calling for an use of OAuth, authentication protocol that doesn’t require one to disclose authentication tokens.
So that’s what we already know and the industry essentially decided on – OAuth is good for breaking walled gardens. Yet there’s another point to this story, that I haven’t seen being presented – there is no real need for any authentication in this service.
Twitter has an excellent API, that allows you to see who a (public profile) person follows without any need for authentication. You can either parse microformats on the page or use their API. It’s even bidirectional as you can see both “friends” and “followers” depending on direction of connection you are interested in.
Oh, an that “viral” tweet, that service allows you to post after you’ve checked your Twitter rank? You can do it with a piece of Javascript.
The big point
So the issue we should be debating about here is how to build more services like Twitter that allow you to access information in computer readable formats using Microformats, RDFa or just RESTful API and not how to authenticate into overly closed gardens.