Posting using Twitter api without permission

There is this service called Tweet cloud, which analyses your tweets for keywords and creates a cloud with the most highly used ones. Pretty. interesting too. However, I find that when it posts a link to your cloud, it also posts an image of the cloud using twitpic. How does it login to twitpic to post on my behalf?

Here’s the process.

When you login to the website, you reach this basic page, where it tells you about the service. Clicking Generate a cloud prompts you to grant access with your Twitter account.

Nice cloud. Loved it. You have the option to tweet your result or not. I chose to tweet. This is the tweet that got sent.

As you see from the short url, the pic is hosted at twitpic.com. I don’t remember logging in to twicpic. I didn’t authorize a login for twitpic. But the image got posted from my account. How did this happen?

I checked, but I was not logged in to Twitpic. Thus:

So I suppose the question now is if Twitter authorizations can be used by third parties to post in my name. Sure, this time, nothing offensive as such was done, but the point that it is possible to do it – is it a security issue? You decide.

Leave a Reply

Your email address will not be published. Required fields are marked *