WhatPulse Forums » Support » Client software v » Whatpulse is hijacking Twitter accounts? Welcome back, Guest.

Post Reply 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Whatpulse is hijacking Twitter accounts?
09-19-2010, 01:42 AM
Post: #1
Whatpulse is hijacking Twitter accounts?

So I set up a team on my website, all is going great and we're rising in the ranks, however yesterday a user posted about how he signed up here and for some reason he's now following @whatpulse on Twitter, but at not point did he opt to follow, this raises the question: are you forcefully hijacking twitter sessions/passwords to gain followers?

This didn't happen to me and I doubt it iss happening (I suspect a user error) but it seems mighty strange for this to be a user error so I'd be interested in hearing any theories on how this happened. I suspect it has something to do with the Twitter stats feature.

Any ideas why someone who downloaded whatpulse would suddenly be following whatpulse on twitter if they didn't opt to through the twitter website and hasn't signed up with the whatpulse twitter thingy?

Posts from the user are available here on my forum: http://www.minecraftforum.net/viewtopic....85#p651185 the user minix.
Find all posts by this user
Quote this message in a reply
09-19-2010, 07:42 PM (This post was last modified: 09-19-2010 07:46 PM by Carbon.)
Post: #2
Whatpulse is hijacking Twitter accounts?
Note: I have in no way done work on the WhatPulse site's Twitter function, and a lot of this is based off of assumptions, and from me being a Twitter whore.

The Twitter function uses what is known as O:Auth. It stores a token, and not passwords. This is used as a secure authentication method. Considering the WhatPulse Twitter is running as an "app" of sorts. (Or, at least it appears to be.) Now, considering the WhatPulse Twitter feature is a "client." They can have it set to auto follow their WhatPulse account.

So, since Twitter uses O:Auth, it's all secure. And you're not being "hijacked", considering it can be programmed in. As for an issue of an auto-follow. I don't see why it would matter. I'd assume someone using the Twitter function on WhatPulse would want to follow and stay updated as well. I also think your friend is just being overly paranoid, and needs to learn to relax. On a final note, the link you posted doesn't even work.
Visit this user's website Find all posts by this user
Quote this message in a reply
09-20-2010, 02:51 AM
Post: #3
Whatpulse is hijacking Twitter accounts?
I know how twitter and oauth work, the issue is he did not authenticate but for some reason his account s authenticated, implying that either he's a moron who forgot he did it, or whatpulse is using its system access to "force" authentication.

regarding the link, it's my forum and we're under heavy load and it'll be back soon, the link basically reiterated what I'd said here though so it's no problem.
Find all posts by this user
Quote this message in a reply
09-20-2010, 03:27 AM
Post: #4
Whatpulse is hijacking Twitter accounts?
Oh my sweet Jesus. This just became my favourite post of the week. Not only do we count your keys, we hijack your twitters! Okay, anyway, to a serious reply:

The WhatPulse twitter feature operates via our website. You can opt in and opt out of it, and it will authorize you via tokens. All he'd have to do is visit our twitter page and click the link OR have a page preloader, which would follow the link itself. I'm not sure how exactly o:auth works, but it's completely possible that if you're logged in and you follow the link, it can automatically complete the authorization. Once more, I don't use twitter, so I cannot comment on that.

As for us having his username and password, that is not possible. I can verify from an admin side of things that we don't store much of anything. We don't even keep pulse history for a long time. No twitter information can be retrieved at all. Therefore, this leads to several things:

-Your user clicked the link, forgot, and thus is now like 'what the hell?'
-Your user has a friend or family member who did it
-Your user has a background link optimizer which preloaded the o:auth page and he clicked yes (or it went through automatically)
-Twitter is now sponsoring WhatPulse with free followings.

I'm assuming it's not the last, so...

In short, I'm not quite certain but I can confirm it was not a WhatPulse side thing. Our Twitter interface completely uses the appropriate mediums as provided by Twitter.

Find all posts by this user
Quote this message in a reply
09-20-2010, 05:39 PM
Post: #5
Whatpulse is hijacking Twitter accounts?
Carbon/Cent pretty much summed it up.

It's pretty much impossible to hijack twitter accounts, especially since twitter only supports oath nowadays. As far as I know, allowing the twitter app to be used on your account also does not auto follow @whatpulse...so..

About the staff page: The linux developers username is there, he just didn't want a direct link to his page because of the private message button on the profile page. ;-)
Visit this user's website Find all posts by this user
Quote this message in a reply
09-21-2010, 08:17 PM (This post was last modified: 09-21-2010 08:19 PM by citricsquid.)
Post: #6
Whatpulse is hijacking Twitter accounts?
I have to be nice to my users (like you are to yours Smile) so I was assuming he wasn't lying even if I assumed it 99.999% ridiculous -- I mean really, if you're stealing things why would you steal twitter accounts? Sense it make not.

Thanks for replying to him though, I'd be interested to find out what on earth happened with it, although after reading his reply to you he has an air of arrogance about him: "...nobody with a brain would trust your service...". I guess he doesn't respect the administrator of the forum he uses, because I've been here since 2006 Smile
Find all posts by this user
Quote this message in a reply
09-22-2010, 02:03 AM
Post: #7
Whatpulse is hijacking Twitter accounts?
Welcome to the people that we are forced to deal with every day. No respect is ever granted to those that have been around for a while and know their way of doing things. And feel free to tell him that I love to have conversations with people that believe that 'nobody with a brain would trust our service.'

Find all posts by this user
Quote this message in a reply
Post Reply 

Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  Whatpulse 3.2 on Ubuntu 21.04 Lieutenant_Dan 2 277 04-26-2021 05:23 PM
Last Post: Lieutenant_Dan
  whatpulse is writing to database every second minho 0 174 04-19-2021 06:52 AM
Last Post: minho
Question Autostart WhatPulse 3.1 without Confirmation (Win10) blankster 0 234 04-04-2021 04:53 PM
Last Post: blankster
Question Can't install WhatPulse 3.1 correctly (Win10) blankster 0 238 04-04-2021 04:49 PM
Last Post: blankster
  When you switch networks WhatPulse stops tracking bandwidth TheEliteFriendsYT 2 592 04-01-2021 10:05 AM
Last Post: TheEliteFriendsYT
  Problem on starting whatpulse Steven793 1 514 03-29-2021 08:17 AM
Last Post: Resowy
Bug WhatPulse 3.0 stops responding when running on start up Mevious 6 1,411 01-17-2021 09:18 PM
Last Post: Mevious
  Whatpulse Client and Windows 10 (20H2) d3FC0N 3 1,230 12-29-2020 12:54 PM
Last Post: d3FC0N
  Cannot start WhatPulse using Ubuntu 19.10 Adrriii 8 4,738 11-05-2020 02:23 PM
Last Post: Juje
  Cannot start Whatpulse successfully on Manjaro 18.1.4 (Arch Linux) anijatsu 3 2,835 10-25-2020 01:36 PM
Last Post: smitmartijn

Forum Jump:

User(s) browsing this thread: 1 Guest(s)