Very shortly, as in next month/16 days. Spam is going to be non existent on Twitter. Twitter is ending it’s support for “Basic Authentication” and moving into using exclusively OAuth Tokens. Both have their pro’s and con’s, and from Twitters point of view they are definitely doing the right thing.
For non programmers, I will try to explain the best I can. As it is now, There is two ways to authenticate with Twitter. Basic Authentication is sort of like, the noobs way to do it. I don’t really know any easier way to describe it. Basic Authentication is (as the name suggests) very basic, send the username + password in the headers of the request. So basically what happens is every request that goes to twitter, contains your username and password, and they authenticate you every request. All of my Twitter applications have worked in this way (Funny since I just called it the noob method 
), but it is just easier to do. And requires less work on my part (Always a good thing!).
Since aslong as I can remember, There has been OAuth with Twitter aswell. OAuth works by authenticating a user, and then giving him a “token”, think of the token as a random 24 mix of words and letters. Using this token, an application can control your account. Now the beauty of this system is, that what usually happens is the application sends you to twitter to login, you do so, and then you are returned to the web application and the token is passed over. This way the application never actually sees your username and password. It is a little different now, but this is the general gist of why OAuth is so superb. Ofcourse in subsequent requests to the Twitter API, the token is only ever passed. So it is impossible to intercept it mid transfer (I don’t exactly know how that could happen, but anyway).
Come June 2010. Support for Basic Authentication will end with Twitter. Forcing every application out there to use OAuth. No biggie, just requires a few extra steps. The current system allows for logins to be processed in the application, so the user now doesn’t have to be redirected to Twitter. In a way this defeats the whole purpose of OAuth being more secure, because I can still read your password just fine. But Twitter moving to support just one authentication method is probably a good thing, will likely cause less Fail Whales, and make it more purpose driven.
Anyway, the one issue with the OAuth system, is that for any application to be able to generate an OAuth token, they need to be a registered app with Twitter. Now apparently any user can register here with this URL : http://twitter.com/apps/new. I haven’t heard of anyone’s app being rejected. And besides, you need to get an OAuth key BEFORE you start developing your application, so it isn’t like they can check what you are up to before they give you a key.
But just for a minute imagine someone like me signing up for a key. I will be needing one IF I ever intend to update Phoenix Twitter Desktop. Now while Phoenix isn’t really breaking any Twitter rules, It isn’t exactly what Twitter wants to see running around on it’s site. Auto tweeting, auto friend following, probably not high up on Twitter’s best use policy. Now with Basic Authentication, Twitter can’t tell jack about the users using Phoenix. They know that there is a user using the API, but they do not know for which application. With OAuth however, The application is registered. They know exactly how many users are using which applications, and what those applications are being used for.
I can see your eyes widening now already!
So in essence. Twitter is going to see a bunch of people, using my OAuth key, running around on Twitter auto following. I can easily kiss my OAuth key goodbye. And there really isn’t anything I can do about it. Twitter can even track users using my application, and use it to basically ban people. For this reason, I am pretty unlikely to even bother getting an OAuth key. Because when it gets banned, likely all the users that were using it will be banned aswell.
So, Come June. It may just be farewell to Phoenix forever. When that time comes, I will write a small post however about how it came to be. You know I probably haven’t updated it in over a year. The “Follow” methods inside it, I built after just a few weeks of my first C# course. It is pretty amazing how far it has come. Anyway, That’s enough sulking from me. Maybe I will build a new application to be my flagship, who knows 
Sounds like this could put an end to Twitting being a “noob” spam fest but those that know how to use basic web browser automation still have, though now a bit more difficult, path to travel if they intend on spamming Twitter.
I am not a programmer so not sure if this is possible or how difficult(thanks for all your hard work on this project btw), but could you have the software use the web interface? I have seen there are some ways to store cookies on each browser tab independently, so you could have multiple users logged in at one time, and then have the software relay messages to the web browser or perform macro behaviors.
It would be possible to use a browser window no problem. It would have to be one account at a time, since the actual browser object within C#/.net is just your average internet explorer window. But it can be done no problems. Ofcourse not even close to the speed and scale that you can currently do it.
I am woefully ignorant of online automation techniques short of a webbrowser in vb.net, but some people were saying it could still be done with cURL?
I use C#
And no they are wrong. Well, Semi wrong. You can still do it via curl, but you will still have to use an OAuth token.
Basically any way of authenticating with twitter, stopping short of automating a webbrowser and watching it physically type in and press submit etc, will require a OAuth key. Maybe I will write a post about how Phoenix works tomo
That sounds like it would make a good post, do it!
hi wade,
Just downloaded phoenix today. thanks very much for the free software . its great. one question though – what do i do once ive used all the keywords in my target – as your software cleverly doesnt add any duplicates but then, i run out. if the global status is ‘out of users’ does that mean i should try again tomorrow , or that is it. or try new keywords perhaps. any ideas?
also
- how do i use the account manager? what would it be used for?
-what would i want to load into the tweet scheduler as it gives me an option to load things…
- what does ‘sleep’ mean ?and why is there an option to choose numbers here – are these minutes before seearching for followers? sorry im not 100% computer literate, i just managed to get using the ‘friend adder’ and any help would be appreciated
thanks again for some great free software
kind regards
greg
gregsie74@yahoo.com
First and foremost, I don’t really support the app. Infact, If you read some of my latest posts, the whole thing is coming to an end.
Out of users simply means that it ran out of users to add. Either it reached the end of the line, or there wasn’t enough users using your search query in the first place.
Account manager does exactly that, manages your accounts.
Tweetmanager is used to… manage tweets (Funny that). Basically to tweet out things at set intervals.
Sleep means how long it takes between adds. It is a legacy setting and really shouldn’t be worried about.
It’s too bad you can’t auto generate the token key or can you?
When you pirate an app and the download comes with a key generator, that will generate a random key for that app.
Can this work the same way? So, create a key generator that will auto generate a username and then a token key not for apps but twitter.
“Spam is going to be non existent on Twitter.” This is great! Twitter was not created for spam. Perhaps spam can go to other avenues but not on Twitter. Twitter is clean and genuine and it should stay like that.