This post was shared on Hacker News with a much more tantalizing title, “Would you let a stranger read your DMs? You probably already do.”
Read it if you use a Twitter client. My own inventory of OAuth authorizations includes precisely 0 that are read only.
Richard’s point is one Twitter should take seriously, and you should definitely as well. Many people use direct messages as private communication channels, some with especially embarrassing results.
DMs are a feature of Twitter that I could live without, no question, and the feature, like protected accounts, is the antithesis of what Twitter is about, i.e. public communication.
However, unless you’re Apple, good luck deprecating any features.
The bottom line is that even with OAuth, you’re trusting the client’s developer, as well as Twitter, and who knows what their motives or goals are?
There are exceptions, e.g. established startups like Seesmic and TweetDeck.
The larger point is bigger than Twitter and its ecosystem. Facebook’s privacy goofs and their inability to understand that their service is bigger than their corporate goals have drawn legislative attention.
Any service with an international population of 500 (soon to be 600) million people will draw that type of attention, and I expect the next few years will be tough sledding legally for Facebook as countries with higher privacy standards than ours intervene on the behalf of their citizens.
As social media grows, so will the cost of doing business for Twitter and Facebook as they are increasingly held responsible to their users’ rights over their stakeholders’ goals.