Egor Homakov ‏@homakov Dec 14

@DaKnObCS that's fun! now i don't feel any sadness about full disclosure because those guys seem crazy :|

DaKnOb ‏@DaKnObCS Dec 14

@homakov That’s what I thought. I discovered it by accident as I was messing with the API and I couldn’t figure out what *I* did wrong :P

Egor Homakov ‏@homakov Dec 14

@DaKnObCS hah, so you fuzzed "d name text" good job. I wonder if they have other commands built in

DaKnOb ‏@DaKnObCS Dec 14

@homakov Not as far as I know, but what stops you from trying the entire alphabet and figuring out the arguments? :P

Egor Homakov ‏@homakov Dec 14

@DaKnObCS why, i will end up with "it's a feature" anyway :D

Ben Ward ‏@benward Dec 14

@homakov @DaKnObCS In our model, the DM permission exists to ensure a user gives explicit consent for apps to *read* their messages.

Ben Ward ‏@benward Dec 14

@homakov @DaKnObCS Although the copy isn't explicit, Sending a Tweet and sending a DM are equivalent (and as you found, they're interwoven.)

Ben Ward ‏@benward Dec 14

@homakov @DaKnObCS The crux is: A user should not have to give an app permission to read their private DM inbox just so an app can send a DM

Egor Homakov ‏@homakov Dec 14

@benward @DaKnObCS from chats with people all o them find this "feature" illogical, maybe company could mind explaining why it's "built in"?

Ben Ward ‏@benward Dec 14

@homakov @DaKnObCS I refer you to my final Tweet: https://twitter.com/benward/status/411924932218458112 … The permission was added to protect users from harvesting of DMs.

Ben Ward ‏@benward Dec 14

@homakov @DaKnObCS We don't regard sending a Tweet or DM as distinct, either as an act or as a spam vector. Reading DMs is extra sensitive.

Egor Homakov ‏@homakov Dec 14

@benward @DaKnObCS my english skills can help me with understanding "harvesting of DM", wdym?