I'm raising my hand as one of the gullible. I wanted to see how LOW my rank was, actually. I guess I didn't see a huge danger in entering my password. There isn't a distinct value in having my password other than just doing blatant damage--and most password theft has a distinct objective like stealing cash from accounts. Either way, I was duped! I'm a dupee.
Milos
· 1 year ago
I have changed my regular PW on Twitter into a "random" PW, used it on Twitterrank and once I realized that there is no real reasoning/algorithm as to how the rank is calculated nor what it means, I went back to Twitter and changed my PW again. I was curious as everyone kept tweeting about it, but was suspicious of its validity from the beginning.
hawaii
· 1 year ago
Way to jump on the bandwagon. The Brian Oberkirch tweet was a joke, and he's not the creator of Twitterank. The Twitterank page previously featured a tongue-in-cheek warning about being careful with your service passwords, but it's been commented out (which is now offered up as further evidence there's something awful going on).
It's spreading virally, like anything that lets Twitter users massage their egos, but that doesn't make it nefarious.
Is it a bad idea to give your Twitter password out willy nilly? Sure. But tell that to all the fans of BrightKite, TweetDeck, and a multitude of other services that "plug in" to Twitter. (Including Mashable's handy "share my comment on Twitter" comments!) Basically, Twitter offers only password authentication to verify accounts, whatever the purpose.
For there to be this Chicken Little response for this one app is ridiculous.
Beth
· 1 year ago
^^^^ THIS.
lumatts
· 1 year ago
At first, I resisted, but then everyone else was doing it, so... I followed the herd. I even did a tweet (somewhat) riducling the herd when someone posted a graph showing the amazing number of hits. Live and learn... die and you forget!
Emily Chang
· 1 year ago
You wrote: "ZDNet seems to have identified the person behind Twitterrank, who tweeted this evening “Twitterank is a vast conspiracy I created to steal all of ur passwords + shame Twitter into OAuthing. + make u look vain.â€
Um, no. That tweet is NOT from the Twitterrank developer. It was a tweet by @brianoberkirch that was retweeted by @t. If you look at @brianoberkirch's next tweet (http://twitter.com/brianoberkirch/status/100288...) he says "I keed. But you really shouldn't hand out your password to some fly-by-night site."
So, there really is no hard proof that Twitterrank is a phishing scam.
Granted we should be wary of providing passwords to random sites, we should also check our facts before blowing things out of proportion.
Vanessa
· 1 year ago
OK, I confess I used Twitterank - I looked at the site a couple times before I decided to get my 'rank' but realized the number is meaningless because there is no scale to measure against and the guy doesn't give you any idea of what he is measuring.
Final result, 185.03 and password changed.
Adam
· 1 year ago
sorry it was twiterank with one 'r' ... fixed
Jesse Luna
· 1 year ago
I told my followers that the only ranking needed was the JesseRanking, and I gave them all five Stars *****.
@jesseluna on Twitter your usename and password are not required. :)
Ok, went there and I am getting a site of PHP? Is that right?
Derek Jay Steen
· 1 year ago
I'm clever. I used a different Twitter account than my main one to find out see what the site was all about. The lack of design made it me wary that the site wasn't trustworthy.
From what you've said in this post, at least it seems like the creator of Twitterank is trying to do something positive; improve Twitter's API.
marisol segal
· 1 year ago
hate to say i am one of the ones that jumped on the twitterank bandwagon, but as soon as i did it i thought hmmmm and changed my password.
Granted there are sites that ask us for our Twitter username and password like Posterous, Brightkite, Facebook, etc. but for the most part they seem reputable and wouldn't abuse their user base. With Twitterank, it's just some guy writing an app late at night. It is suspect that no one has been able to identify him yet. Also there are other vanity Twitter ranking sites like Twitter Grader that just asks for your Twitter username and returns a calculated result without requiring your password. I would like to think it was an experiment and that the Twitterank developer is not malicious. In lieu of better judgment though, I gave into the urge for my ranking. And then changed my password.
Robyn @ PurelyCosmetics
· 1 year ago
Raises hand sheepishly. Just followed the herd like all the rest. Now to change my password. Where else? Britekite, twitterlater, backtype... what else?
Ben Watson
· 1 year ago
My Twitterank is abstract statistical values expressed as a branded message on my behalf from a third party app using my login/password.
space__boots
· 1 year ago
I believe the creator is ryochiji ( http://twitter.com/ryochiji ) this entire thing seems rather pointless. definitely not putting my real password, but was curious enough to switch it first then see what all this was about
Beth from Avenue Z
· 1 year ago
Yep... I fell for it. Didn't even hesitate. I thought his explanation (I need it because I just need it, that's all) was valid.
Now my face is red for having such a low rank and for being so gullible.
Oh well.
PS -- I just clicked the "Share my comment on Twitter" thing. And it asked for my username and PW! Oh, no... not again!
Rachel Beer
· 1 year ago
I thought it looked suss and didn't bother.
Had already got my 'score' from http://twitter.grader.com/ which seemed above board and had a few other nice features, like suggesting new people to follow, and explaining how it arrives at your grade.
All of this is no more than a bit of fun, really (playing on basic human vanity), until such time as everyone buys into it and stops following/ only follows according to scores and grades. But I don't think the Twitter community is really like that, and there are so many people just using it to make great, genuine connections and sharing all kinds of interesting opinions, news, resources and ideas with each other.
If you are one of them, please follow me and I'll look forward to connecting with you :)
Ryan Hupfer
· 1 year ago
This is a scary example of the new ME! ME! ME! attention economy of the web that we now live in(and that I'm also a part of). As long as we have a a way to show how much more we rock than someone else, we'll join in - even if it means giving up our username/password/Twitter-dignity. Fell free to rank/vote/comment on it as you see fit(as long as it's a good one). ;-)
I wrote up some thoughts on what this all actually means over here:
A very interesting social experiment that Ryo has created, even if it is seen as a scam.
Mark
· 1 year ago
Dude, where do you come from spreading these bad rumours? NO ONE has reported having their PW stolen. Are you that bored or in need of attention you need to spread these lies?
YOU are worse than a non-existent phishing attempt. Now go F yourself mmmk?
Adam
· 1 year ago
thanks, anonymous Mark. Note how the title is a question. People were talking about it, and given most Mashable readers use Twitter, it was worth reporting. We also updated with the developer's side of the story.
corey dee
· 1 year ago
i did it b/c i'm on the constant search for twitter data analysis. changed my password 2 seconds later. blech.
Um...folks this is about more than just ranking, and more than just twitter. I had to chuckle when I clicked below on this comment box for "share my comment on twitter". It asks for my login and password.
The problem is that many of these web2.0 services have provided no way to share information between sites without giving out your login and password. Sometimes its just ego surfing/ranking but sometimes it is connecting with friends or aggregating your information, or making it easier to update multiple sites.
It may or may not be a scam but it isn't going to solve the problem. Wide implementation of APIs for data sharing is what will address the problem.
Blondefabulous
· 1 year ago
I knew my rank would be microscopic, so I didn't even bother. Glad I din't!
Joni
· 1 year ago
Lucky me, I got a Twitter API FAIL... WHALE. (code 400).
Ryo Chijiiwa
· 1 year ago
Hi folks,
I'm the guy who made the beast known as Twitterank. Unfortunately, I was at work when rumors about this being a phishing operation started going around, and apparently did a bad job at damage control. What do I have to do to set the record straight?
Ryo
Lady Diamond
· 1 year ago
I still see my friends posting their rank - even after I twitter'd this article. *Shakes head* It amazes me the things people will justify just so they can do it.
Liz
· 1 year ago
I must be pretty stupid because I didn't even think of this at all... but I changed my password so, thanks!
Anthony Lawrence
· 1 year ago
No, I didn't trust it.
If it really were honest, why not just post the algorithm or actual code so that we could run it ourselves?
Maybe he was not out for anything crooked, but I can't be that trusting :-)
scorpfromhell
· 1 year ago
Well, this does throw up a lot of light on the issue of trust & reputation on social media.
Oliver Mark wasn't scaremongering but he should have been more guarded.
I believe the author didn't steal anything. but the password is sent in clear text, there is no SSL. However, a trojan horse will be easier if someone does want to steal you password. C'mon writing a popular web app just for stealing your Twitter password?
Beth
· 1 year ago
ZDNet calls people gullible? LOL!!! This from the guy who bought some random guy's sarcastic tweet and immediately assumed it was the twitterank guy!
All they had to do was a simple whois search on the twitterank domain, and they could have even called the guy who made the site.
People are such lemmings - everyone follows the herd first getting their "rank," then they all collectively go into a frenzy over ZDNet's paranoid and unresearched speculation. It took me about 20 seconds to find the Twitterank guy, and I'm a complete n00b compared to what I'd expect from someone at ZDNet.
FAIL!
We’re still trying to pin down a few more details on Twitterank
Do a whois at godaddy. Come on, guys, you know this!!! Also, here: http://twitter.com/ryochiji << that's him.
Matt
· 1 year ago
Hopefully this guy is on the up-and-up. Amazing though, that so many people just hop on the bandwagon.
Nikhil Narayanan
· 1 year ago
This site is total crap. One can give some random characters as password and it still accepts that if the username is a valid twitter username. So taking the password is all BULL, and is a phishing attempt. WTH-they say Twitter API demands password.HELL!! I am sure even the rank generated is some random stuff.
Get a life, twitterank!! -Nikhil
Michael Bailey
· 1 year ago
Mashable, What you should do now is write an article on "What happens when people get caught checking their ego"
This whole password stealing rumor got started when a few people who did NOT bother to uncheck the box for sending their Twitterank to Twitter.
Then it became a matter of self-preservation expressed in the form of "I did NOT give them permission to send that to Twitter" - well, yes they did because of the default setting, which they didn't bother to read.
So, as most self-preservation of ones ego goes, many people began the rumors that the site must be stealing their passwords, even rumors of DM's being sent from their account.
I checked the twitterank.com site just now and it appears to be down - what a shame that so much false information and ego-preservation could actually bring a site down.
Michael Bailey
· 1 year ago
Nikhil Narayanan - you are wrong.
Putting in a false password only does this: makes the process fail when twitterank tries to send your rank to Twitter - you don't see this failure, but that's what happens (I'm a developer who is very familiar with the Twitter API).
Because you don't understand (which is ok in itself) you are prone to assume that what you say is true - in fact it is false and you should retract your statement.
Nikhil Narayanan
· 1 year ago
@Michael Bailey I tried with 10 twitter ids and passwords like hkjhkhkh, it worked. I asked others to try and it worked. Why would I come up with false statements? -Nikhil
@Michael Bailey @Nikhil Narayanan You are both correct. If the user's score is already in the database and is less than 24 hours old, a request is never made to Twitter, so any password will work. If, however, the user's score is not in the database or the score is more than 24 hours old, then a request is made to Twitter, and you'll get an error if the password is incorrect. Or, at least that was the case until a couple of hours ago. The REST Twitter APIs were timing out, so I switched to using the Search API which doesn't require a password. The password is currently only used to post the score to the user's Twitter stream (if that option is selected).
Andy
· 1 year ago
Here is an Interview with Ryo (Gernam and english)
It seems this twitter widget have some flaws, hope they will fixed it soon.
Janet
· 1 year ago
I fell for it too. We seem to be quite willing to give up this info even though we all should know better. Whether this was malicious or not, it wouldn't take much to save all that luscious data and do something dastardly. I have a habit of changing my Twitter pass before and after I give it to other apps like this one that only run once . Now I feel all justified.
ana hyacinth quiminales
· 1 year ago
hi
Adam
· 1 year ago
This has come about because so many sites are so keen for you to add your friends that the ask for you to enter your email addy and pass for that which is much more damaging if phished.
It's a trend, and not a good one.
MITS Engineering college
· 1 year ago
MITS Engineering College,Best Institute in Orissa, India
Allison
· 10 months ago
Can't many of the services offered by these twitter applications be achieved simply by having you follow them (like MrTweet?) rather than logging in? I prefer to use the services that require me to follow someone, because then I can unfollow (and even block) the user later if I want.
All Comments
It's spreading virally, like anything that lets Twitter users massage their egos, but that doesn't make it nefarious.
Is it a bad idea to give your Twitter password out willy nilly? Sure. But tell that to all the fans of BrightKite, TweetDeck, and a multitude of other services that "plug in" to Twitter. (Including Mashable's handy "share my comment on Twitter" comments!) Basically, Twitter offers only password authentication to verify accounts, whatever the purpose.
For there to be this Chicken Little response for this one app is ridiculous.
Um, no. That tweet is NOT from the Twitterrank developer. It was a tweet by @brianoberkirch that was retweeted by @t. If you look at @brianoberkirch's next tweet (http://twitter.com/brianoberkirch/status/100288...) he says "I keed. But you really shouldn't hand out your password to some fly-by-night site."
So, there really is no hard proof that Twitterrank is a phishing scam.
Granted we should be wary of providing passwords to random sites, we should also check our facts before blowing things out of proportion.
Final result, 185.03 and password changed.
@jesseluna on Twitter your usename and password are not required. :)
I just changed my password.
From what you've said in this post, at least it seems like the creator of Twitterank is trying to do something positive; improve Twitter's API.
Who knows?
this entire thing seems rather pointless. definitely not putting my real password, but was curious enough to switch it first then see what all this was about
Now my face is red for having such a low rank and for being so gullible.
Oh well.
PS -- I just clicked the "Share my comment on Twitter" thing. And it asked for my username and PW! Oh, no... not again!
Had already got my 'score' from http://twitter.grader.com/ which seemed above board and had a few other nice features, like suggesting new people to follow, and explaining how it arrives at your grade.
All of this is no more than a bit of fun, really (playing on basic human vanity), until such time as everyone buys into it and stops following/ only follows according to scores and grades. But I don't think the Twitter community is really like that, and there are so many people just using it to make great, genuine connections and sharing all kinds of interesting opinions, news, resources and ideas with each other.
If you are one of them, please follow me and I'll look forward to connecting with you :)
I wrote up some thoughts on what this all actually means over here:
http://hubpages.com/hub/The-Truth-About-Twitterank
A very interesting social experiment that Ryo has created, even if it is seen as a scam.
YOU are worse than a non-existent phishing attempt. Now go F yourself mmmk?
The problem is that many of these web2.0 services have provided no way to share information between sites without giving out your login and password. Sometimes its just ego surfing/ranking but sometimes it is connecting with friends or aggregating your information, or making it easier to update multiple sites.
It may or may not be a scam but it isn't going to solve the problem. Wide implementation of APIs for data sharing is what will address the problem.
I'm the guy who made the beast known as Twitterank. Unfortunately, I was at work when rumors about this being a phishing operation started going around, and apparently did a bad job at damage control. What do I have to do to set the record straight?
Ryo
If it really were honest, why not just post the algorithm or actual code so that we could run it ourselves?
Maybe he was not out for anything crooked, but I can't be that trusting :-)
Oliver Mark wasn't scaremongering but he should have been more guarded.
More on my take about this whole fiasco in my blog post titled "Of Trust & Reputation in Social Media".
All they had to do was a simple whois search on the twitterank domain, and they could have even called the guy who made the site.
People are such lemmings - everyone follows the herd first getting their "rank," then they all collectively go into a frenzy over ZDNet's paranoid and unresearched speculation. It took me about 20 seconds to find the Twitterank guy, and I'm a complete n00b compared to what I'd expect from someone at ZDNet.
FAIL!
We’re still trying to pin down a few more details on Twitterank
Do a whois at godaddy. Come on, guys, you know this!!!
Also, here: http://twitter.com/ryochiji << that's him.
One can give some random characters as password and it still accepts that if the username is a valid twitter username.
So taking the password is all BULL, and is a phishing attempt.
WTH-they say Twitter API demands password.HELL!!
I am sure even the rank generated is some random stuff.
Get a life, twitterank!!
-Nikhil
This whole password stealing rumor got started when a few people who did NOT bother to uncheck the box for sending their Twitterank to Twitter.
Then it became a matter of self-preservation expressed in the form of "I did NOT give them permission to send that to Twitter" - well, yes they did because of the default setting, which they didn't bother to read.
So, as most self-preservation of ones ego goes, many people began the rumors that the site must be stealing their passwords, even rumors of DM's being sent from their account.
I checked the twitterank.com site just now and it appears to be down - what a shame that so much false information and ego-preservation could actually bring a site down.
Putting in a false password only does this: makes the process fail when twitterank tries to send your rank to Twitter - you don't see this failure, but that's what happens (I'm a developer who is very familiar with the Twitter API).
Because you don't understand (which is ok in itself) you are prone to assume that what you say is true - in fact it is false and you should retract your statement.
I tried with 10 twitter ids and passwords like hkjhkhkh, it worked. I asked others to try and it worked.
Why would I come up with false statements?
-Nikhil
http://www.phishmail.de/2008/11/twitterank-das-...
http://www.phishmail.de/2008/11/twitterank-das-...
I have a habit of changing my Twitter pass before and after I give it to other apps like this one that only run once . Now I feel all justified.
It's a trend, and not a good one.