Yesterday we were contacted by the Twitter API team and informed that WordTwit Pro‘s use of the API was not inline with the Twitter’s terms of service for third-party applications. The reasons given by the Twitter API team were:
“[WordTwit Pro] facilitates serial posting across multiple accounts, tweet/retweet automation, tweet branding and automated affiliate advertising.”
After reviewing the alleged violations by the Twitter API team, we are of the opinion that the reasons given are not justified based on the typical use cases of WordTwit Pro users.
First, WordTwit Pro does allow a user to push a tweet out to multiple accounts simultaneously. This feature is meant to simplify management of a website where new post information would routinely by posted to multiple accounts. For example, a WPtouch-related post on BraveNewCode could be pushed to the @wptouch and @bravenewcode Twitter accounts. This functionality is by no means specific to WordTwit Pro; it exists in almost all Twitter clients available today.
Second, while WordTwit Pro does allow a user to automate certain tweets or retweets, all of these essentially have to come at the request of the end-user. This represents a form of tweet scheduling, which is also a standard feature in many Twitter services and clients.
With regards to tweet branding and affiliate advertising, we are ultimately at a loss. Other than the WordTwit Pro application registered with Twitter (which ultimately causes each tweet to be associated with WordTwit Pro), there is no branding on tweets done by BraveNewCode or WordTwit Pro. Each user has the ability to manually edit a tweet before it goes out, which is no different than most Twitter clients. We also provide a very detailed Tweet Log in WordTwit Pro, which shows every tweet that is generated by WordTwit Pro, even if they were not successfully tweeted.
Ultimately Twitter has suspended the OAuth token currently used by WordTwit Pro, which has caused WordTwit Pro installations using the default configuration to stop working. We have tried to communicate with the Twitter API team to work towards resolving the misunderstanding, but as of right now the token is suspended and they have not responded to our most recent attempts to open a dialog or to educate them further about our product.
To simplify the process of setting up WordTwit Pro, we included a generic WordTwit Pro OAuth token registered with Twitter. Since we do not know the nature of the original complaint with Twitter, we can only assume a person or company witnessed some form of SPAM associated with an installation of WordTwit Pro and reported the application in violation. Since we do not control any portion of a WordTwit Pro installation or any tweets that are generated once a user installs the software, we are unable to intervene when any users potentially abuse the product.
Going forward we are forced to remove the default token within WordTwit Pro; this means all end-users will have to register a custom application with Twitter to use with their installation. That also means each user will be responsible for abiding by Twitter’s terms of service for use of the Twitter API. Since the feature to add a custom OAuth application already exists within WordTwit Pro, current installations already using this feature are not affected by the revoked token.
If you have been affected by this, please visit this page for information on how to create a custom application with Twitter and configure WordTwit Pro to use it.
We will release version 3.3 of WordTwit Pro shortly, which will require custom applications for new installations. If you have been using the custom application feature already and you upgrade, your installation should not be affected by this change.
We apologize to anyone who has been affected by this incident, but as the token was revoked by Twitter without any prior warning, we were not able to resolve any concerns without the downtime experienced by customers.
27 Comments
ryanimel
Thanks for letting everyone know — just noticed it in the last hour and was able to get it fixed up pretty easily. Cheers!
John O'Nolan
http://john.onolan.org
Guys – how about an email to customers to let them know you just bricked every single install out there? I don’t like having to find out about this by accident and then googling for 15 mins before finally finding this post…
Seems like something you might want to communicate to all users ASAP.
Dale Mugford
BNC Design Guru
Hi John, we will be sending out a letter. This has just happened in the past 24 hours.
And we didn’t brick anything- unfortunately Twitter has done this to us (and you), in an aggressive manner. According to their own policies they should have contacted us first before revoking our token.
johnonolan
Also – I just tried to create a custom application to get around this – only to find out the WordTwit Pro conflicts with Google Analytics for WordPress by Joost De Valk (one of the most popular plugins out there).
When you go to re-authenticate your Twitter account after setting up your custom application, you’re redirected back to the Google Analytics for WordPress settings page instead of the WordTwit settings page. The account adding process does not complete – and cannot be completed – until GA for WP is disabled.
Duane Storey
BNC Development Guru
Hi John,
Thanks for reporting that. Another user reported it in the forums some time ago. After investigating it, the issue appears to be in the GA plugin itself – it erroneously intercepts all OAuth calls, even ones not directed towards it. I emailed the author personally, but never received a response. We’ll continue to attempt to contact him to try and get him to resolve it.
StitchTek Services, LLC
http://www.stitchtek.com
Can you disable the Yoast plugin just to get it setup then re-enable or does it need to REMAIN disabled? If it is a one time thing not a giant deal for the 2 minutes is takes, but larger scale still a problem.
Dale Mugford
BNC Design Guru
Yes it should work just to disable it while authorizing and then re-enable it.
StitchTek Services, LLC
http://www.stitchtek.com
Yes in fact it appears you only need to disable the GA plugin to add the accounts, then you can re-activate.
enobongetteh
I need help, followed the steps in creating the app. I have issues with WordTwit 3.2 first of after following the steps I have to add my tweet account and authorize the app. it keep timing out and doesn’t go through. Second my Wortwit can delete or move bulky failed or suspended tweets to trash
Marko Heijnen
I just looked into the code of Google Analytics. Even this is a big screw up by Joost it isn’t valid you guys can’t do anything about it.You can select that your action hook gets called first.
It is faster to fix it in your plugin then contact Joost about it. And of course he need to fix it because this issue can/will effect other plugins as well
Duane Storey
BNC Development Guru
We’ll look at possibly adding some code to try and work around the issue, but ultimately it’s a bug in their code and it needs to be fixed there. Chances are it’ll interfere with other OAuth plugins as well.
Marko Heijnen
http://YourWebsiteURL
Well if you also hook into admin_init you only need to change the priority of the action. That is quite simple. The rest I already mentioned.
Joost should fix it but you have a payed plugin so you need to give support to people who have issues. Even more when a fix like this is simple. And when you already known the issue you could already had it fixed before all of this.
enobongetteh
iI need help, followed the steps in creating the app. I have issues with WordTwit 3.2 first of after following the steps I have to add my tweet account and authorize the app. it keep timing out and doesn’t go through. Second my Wortwit can delete or move bulky failed or suspended tweets to trash
Dale Mugford
BNC Design Guru
We’ll get in contact with you to resolve the issue.
StitchTek Services, LLC
http://www.stitchtek.com
SO basically those of us running the GA plugin (which is Free), and your plugin, (WHich is paid for), can no longer use yours that we paid money for? I see the responsibility of fixing the GA/WordTwit issue as your problem not Yaosts. I understand Twitter is becoming a bit big in the briches and has even screwed up other service recently like the Responses feature of Disqus. I do blame them for a lot of the bricking going on, but what are we to do in the meantime if we run you and GA together. Don’t tell me to disable the GA one I need that more than yours, but I PAID for yours.
We want a resolution that works without the GA issue ASAP. I think I speak for everyone when I say if you don’t fix it, you will lose face, customers, and money..
I agree that Yoast is the issue, but being the one we are paying for… you are the ones that provide support. I echo Marko that you have KNOWN about it, but never bothered to fix it.
Duane Storey
BNC Development Guru
As per above, you can simply disable the plugin temporarily and add the accounts you want – having the GA plugin activated after that is no issue at all. The issue only occurs when a new account is added. That said, it is still an inconvenience, so we will look at trying to change our code to make it work with the way GA is written.
Charles Henry
http://YourWebsiteURL
Have you guys read the API Terms? What you quoted above doesn’t seem inline with their actual terms.
“[WordTwit Pro] facilitates serial posting across multiple accounts, tweet/retweet automation, tweet branding and automated affiliate advertising.”
Namely, if tweet automation is against the API Terms, why do the terms say “If your application performs automatic actions (including Tweeting or other content updates), make sure you comply with the Automation Rules found here” (The “here” is linked to this article: https://support.twitter.com/articles/76915)
I’m not sure about the serial posting, tweet branding, or affiliate advertising, but that is at least one point of contention I’d take up with Twitter.
Also, it seems to me that any users of your product are the ones liable for the content they are posting. Twitter should kill their accounts or their oAuth access if they are disobeying the Twitter rules. It seems to me that they are throwing the baby out with the bath water on this one.
P.S. I too run a premium WordPress plugin that automates tweets (as well as other social networks), this whole thing scares me.
Dale Mugford
BNC Design Guru
Hi Charles, yes we’ve read all the terms closely, and can’t determine why exactly they’ve done this, it doesn’t seem in line with their actual terms. Additionally, the terms state that they should have contacted us prior to revoking the token, which they didn’t- they just bricked us and then afterwards wrote to let us know they did.
They also stated that “We hold developers accountable for their userbase, as such, until steps are taken to prevent the previously stated abuse from occurring, your API key will remain suspended.”
matthewstillman
It seems to me that one feature that could fix this would be allow us to make each of the multiple tweets that we schedule different i.e. they have the same link but slightly different text. Because we can only have one text where the link is subtly different I can understand why it could be seen as spammy.
Dale Mugford
BNC Design Guru
I’m not sure that would fix anything— it seems that Twitter has stopped communicating with us, so making changes without understanding exactly what it is that they’d like changed won’t solve anything.
brucesimmons
Guys, your instructions to fix the issue was, for me, flawless. Thanks again for straight forward code and another straight forward fix… -Bruce
Dale Mugford
BNC Design Guru
Thanks Bruce!
Studio Menu
More In Blog
Popular Website Places
BraveNewCode Online
All content Copyright © 2008 - 2012 BraveNewCode Inc.
Contact Us • Support Forums • Terms & Conditions • Built on amazing WordPress