Hacker News new | past | comments | ask | show | jobs | submit login

Well, to continue the tortured analogy, the stranger was invited into the home, they didn't break in. Then they presented a release form to the homeowner saying they could impersonate him on TV, which the homeowner signed. Only then did they go on TV and "impersonate" him, saying things he didn't expect.

I don't think it's so cut-and-dry as you are making it out.

It's definitely shady, but I dare say there's nothing illegal here.




So the current social expectation of most twitter users (app developers take note) is that an app should not post content without informing the user that they are going to do so; or without affirmative action from the user indicating that they want the app to take that action. I've seen people get outraged by apps that post without warning often enough to think that doing so breaks a fundamental bond of trust.

So the granting of permission is conditional on that permission being used responsibly, and if the app fails to work without that permission and then breaks trust with its users in that dramatic of a fashion...

I know that I won't purchase or use any Enfour inc. product in the future on the basis of this; there's plenty of easier dictionary apps that won't falsely accuse me of piracy.


I don't see where he gave permission for the app to post Tweets for him. He gave it access to his Twitter account, but that's not the same thing. To continue your analogy, the stranger was invited into his home, gave him a form to sign that said he could inventory the items there, got it signed, and then proceeded to publish the information in a way that wasn't mentioned on the form.


> I don't see where he gave permission for the app to post Tweets for him. He gave it access to his Twitter account, but that's not the same thing.

It is exactly the same thing. If you give something access to your twitter account, you are giving it the ability to post, and therefore, tacit permission to post.


Ability and permission are not often link like this in real life.

If I walk up and stand two feet infront of someone I have given them the ability to try to punch me in the face, I have not given them permission to do so.

If I utilize a computer repair service and I grant them remote access to a computer at their request I have likely given them the ability to run the equivalent to rm -rf /, but I have not given them permission to.

I can grant a friend access to my house by giving them a key that does not mean I give them the permission to do what ever they want in my house.

In the above three cases there are legal consequences for a party when overstepping their permissions.


You need to see what the permission means within the behavior of similar permissions, and that is written in application guidelines for iOS devices. Here's one way that this app violates the guidelines, hence does something unexpected with the permission:

"17. Privacy

17.1 Apps cannot transmit data about a user without obtaining the user's prior permission and providing the user with access to information about how and where the data will be used"


But isn't it written, when you give access to Twitter account, that it could be used to post things for you?


Not really. The Twitter API allows both read-only and read/write access. iOS, as a system-wide grant, has read/write permissions - but apparently does not allow users to specify per-app permissions to be that granular.

Moreover, the app was apparently locking out paid users from any access at all unless permissions were granted, which in itself shouldn't have made it through Apple's vetting process in the first place (exception: twitter clients). The majority of apps will only need access to the "share sheet" for posting to twitter, which AFAIK doesn't require explicit permissions (similar to sending an email; the user must hit send)


I don't know since I don't use the app; from the description given in the blog post it seems highly doubtful that the app specifically told him it was going to post to his Twitter account on his behalf without telling him.

Also the app appears to be in violation of the iOS guidelines (see another post upthread), which means that it is not generally understood that apps can post on your behalf without telling you just because you give them access to your Twitter account.


I would claim that you are mistaken here. Ianala but I'm fairly sure there is actionable bad behavior going on.

You may find it surprising but it is actually illegal to trick someone into agreeing to something that harms them. You can't just say "Can I do this to you" if the person you're doing something to can't reasonably be expected to know the implication of "this". That's why we use phrases like "informed consent".


In the UK, I'm fairly sure this would be considered libel.


In the UK, anything within a stone's throw of an insult can be considered libel so long as the target decides to pursue it in court.


i believe the user agreed access to his tv channel, and not that he could be impersonated on tv. maybe that was in the fine print, but i'm pretty sure nobody would sign this agreement knowing such impersonation was an option




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: