WhatPulse Forums » Support » Client software v » Whatpulse is hijacking Twitter accounts? Welcome back, Guest.


Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Whatpulse is hijacking Twitter accounts?
09-19-2010, 01:42 AM
Post: #1
Whatpulse is hijacking Twitter accounts?
Hi,

So I set up a team on my website, all is going great and we're rising in the ranks, however yesterday a user posted about how he signed up here and for some reason he's now following @whatpulse on Twitter, but at not point did he opt to follow, this raises the question: are you forcefully hijacking twitter sessions/passwords to gain followers?

This didn't happen to me and I doubt it iss happening (I suspect a user error) but it seems mighty strange for this to be a user error so I'd be interested in hearing any theories on how this happened. I suspect it has something to do with the Twitter stats feature.

Any ideas why someone who downloaded whatpulse would suddenly be following whatpulse on twitter if they didn't opt to through the twitter website and hasn't signed up with the whatpulse twitter thingy?

Posts from the user are available here on my forum: http://www.minecraftforum.net/viewtopic....85#p651185 the user minix.
Find all posts by this user
Quote this message in a reply
09-19-2010, 07:42 PM (This post was last modified: 09-19-2010 07:46 PM by Carbon.)
Post: #2
Whatpulse is hijacking Twitter accounts?
Note: I have in no way done work on the WhatPulse site's Twitter function, and a lot of this is based off of assumptions, and from me being a Twitter whore.

The Twitter function uses what is known as O:Auth. It stores a token, and not passwords. This is used as a secure authentication method. Considering the WhatPulse Twitter is running as an "app" of sorts. (Or, at least it appears to be.) Now, considering the WhatPulse Twitter feature is a "client." They can have it set to auto follow their WhatPulse account.

So, since Twitter uses O:Auth, it's all secure. And you're not being "hijacked", considering it can be programmed in. As for an issue of an auto-follow. I don't see why it would matter. I'd assume someone using the Twitter function on WhatPulse would want to follow and stay updated as well. I also think your friend is just being overly paranoid, and needs to learn to relax. On a final note, the link you posted doesn't even work.
Visit this user's website Find all posts by this user
Quote this message in a reply
09-20-2010, 02:51 AM
Post: #3
Whatpulse is hijacking Twitter accounts?
I know how twitter and oauth work, the issue is he did not authenticate but for some reason his account s authenticated, implying that either he's a moron who forgot he did it, or whatpulse is using its system access to "force" authentication.

regarding the link, it's my forum and we're under heavy load and it'll be back soon, the link basically reiterated what I'd said here though so it's no problem.
Find all posts by this user
Quote this message in a reply
09-20-2010, 03:27 AM
Post: #4
Whatpulse is hijacking Twitter accounts?
Oh my sweet Jesus. This just became my favourite post of the week. Not only do we count your keys, we hijack your twitters! Okay, anyway, to a serious reply:

The WhatPulse twitter feature operates via our website. You can opt in and opt out of it, and it will authorize you via tokens. All he'd have to do is visit our twitter page and click the link OR have a page preloader, which would follow the link itself. I'm not sure how exactly o:auth works, but it's completely possible that if you're logged in and you follow the link, it can automatically complete the authorization. Once more, I don't use twitter, so I cannot comment on that.

As for us having his username and password, that is not possible. I can verify from an admin side of things that we don't store much of anything. We don't even keep pulse history for a long time. No twitter information can be retrieved at all. Therefore, this leads to several things:

-Your user clicked the link, forgot, and thus is now like 'what the hell?'
-Your user has a friend or family member who did it
-Your user has a background link optimizer which preloaded the o:auth page and he clicked yes (or it went through automatically)
-Twitter is now sponsoring WhatPulse with free followings.

I'm assuming it's not the last, so...

In short, I'm not quite certain but I can confirm it was not a WhatPulse side thing. Our Twitter interface completely uses the appropriate mediums as provided by Twitter.

Thanks,
~Century0
Find all posts by this user
Quote this message in a reply
09-20-2010, 05:39 PM
Post: #5
Whatpulse is hijacking Twitter accounts?
Carbon/Cent pretty much summed it up.

It's pretty much impossible to hijack twitter accounts, especially since twitter only supports oath nowadays. As far as I know, allowing the twitter app to be used on your account also does not auto follow @whatpulse...so..

About the staff page: The linux developers username is there, he just didn't want a direct link to his page because of the private message button on the profile page. ;-)
Visit this user's website Find all posts by this user
Quote this message in a reply
09-21-2010, 08:17 PM (This post was last modified: 09-21-2010 08:19 PM by citricsquid.)
Post: #6
Whatpulse is hijacking Twitter accounts?
I have to be nice to my users (like you are to yours Smile) so I was assuming he wasn't lying even if I assumed it 99.999% ridiculous -- I mean really, if you're stealing things why would you steal twitter accounts? Sense it make not.

Thanks for replying to him though, I'd be interested to find out what on earth happened with it, although after reading his reply to you he has an air of arrogance about him: "...nobody with a brain would trust your service...". I guess he doesn't respect the administrator of the forum he uses, because I've been here since 2006 Smile
Find all posts by this user
Quote this message in a reply
09-22-2010, 02:03 AM
Post: #7
Whatpulse is hijacking Twitter accounts?
Welcome to the people that we are forced to deal with every day. No respect is ever granted to those that have been around for a while and know their way of doing things. And feel free to tell him that I love to have conversations with people that believe that 'nobody with a brain would trust our service.'

~Century0
Find all posts by this user
Quote this message in a reply
Post Reply 


Possibly Related Threads...
Thread: Author Replies: Views: Last Post
Bug Whatpulse keeps me logging off shadowrune 0 198 05-04-2020 12:19 PM
Last Post: shadowrune
  “Cannot open shared object file” pops up when installing WhatPulse Gaurav Mall 0 246 04-22-2020 06:08 PM
Last Post: Gaurav Mall
  Cannot start WhatPulse using Ubuntu 19.10 Adrriii 7 1,434 03-31-2020 09:39 PM
Last Post: Lieutenant_Dan
  Cannot start Whatpulse successfully on Manjaro 18.1.4 (Arch Linux) anijatsu 2 890 01-12-2020 04:06 PM
Last Post: Adrriii
  Whatpulse could not find OpenSSL Adrriii 0 553 12-03-2019 12:52 AM
Last Post: Adrriii
  Having trouble running whatpulse on Neon Linux BlackWidow 1 706 12-03-2019 12:02 AM
Last Post: Adrriii
  Whatpulse crash [GoT]Jewest 3 1,179 10-28-2019 01:18 PM
Last Post: [GoT]Jewest
  Updating from jessie to buster breaks whatpulse [GoT]Jewest 2 897 10-28-2019 01:17 PM
Last Post: [GoT]Jewest
  Server error: Missing input! with whatpulse 2.8.4 on Win10 Franck.Dernoncourt 3 1,400 09-24-2019 10:56 PM
Last Post: kolah
  Whatpulse isn't running after upgrading Ubuntu 1geeky 0 711 08-06-2019 05:46 AM
Last Post: 1geeky

Forum Jump:


User(s) browsing this thread: 1 Guest(s)