Abraham Williams

Despite our best efforts to reach out to Twitter to clarify what they are asking us to change about Refollow (which went ignored by them), Twitter has decided to suspend Refollow. This means you can no longer use OAuth to login (but for now, basic Twitter authentication still works).

We assume Twitter knows what is best for their overall ecosystem, but we certainly question what exactly that vision is. Without the ability to discover the nature of your relationships with others (or potential new relationships) and take actions, what’s the point?

We will continue to reach out to Twitter support and see if we can get a dialog going, but in case that fails, thank you to all 100,000+ of you that regularly use Refollow! Feel free to keep on Refollowing until Twitter figures out how to block basic authentication as well :) Guess it’s time to start the port to Facebook!

In case anyone is interested, here are the emails we exchanged with Twitter support:

From Twitter Support:

From: sutorius [mailto:notifications-support@twitter.zendesk.com]
Sent: Tuesday, January 19, 2010 10:01 AM
To: Support
Subject: #827777 Twitter Support: update on “Your site Refollow.com”

Support, Jan 19 10:01 am (PST):

Hi,

We’re writing to let you know that your site, Refollow, breaks our Automation Rules and Best Practices (http://help.twitter.com/forums/10711/entries/76915). Specifically, it facilitates automated bulk user following and unfollowing, which is not allowed. It’s best for both our users and your users if your application follows the rules, so please make the necessary changes to bring your application into compliance.

We’ll check back in on your application on Monday, February 1st. If these changes aren’t made by then, we may take action against it. Thank you in advance for your cooperation.

Let us know if you have any questions!
Brian
Twitter API Support

Our reply:

From: Rob Meadows
Sent: Tuesday, January 19, 2010 11:33 AM
To: ‘Twitter Support’
Cc: Tyler Buck; Jeremy Miller
Subject: RE: #827777 Twitter Support: update on “Your site Refollow.com”

Hello,    Can we please setup a time to discuss the specifics of this request? Refollow does not automate following or unfollowing any more than the Twitter web interface itself. Users must still go through and select other users to take action on, then manually choose to follow/unfollow the selected users. The only enhancement Refollow provides beyond following/unfollowing each user individually is that it optimizes the use of your api calls to follow/unfollow in groups of 20. But users must still select specific users after filtering and examining them.    Refollow is designed to help users discover things about their twitter social relationships (such as users who have become inactive, users who are interested in certain things, users who are most influential, etc.) and perform actions on these users such as following/unfollowing/blocking/tweeting. The application is not intended for the purpose of spamming, aggressive following, building followers, etc., nor does the application encourage such actions.    Please let us know the next steps.   Thanks,
Rob  

Rob Meadows
CEO Originate Labs
www.originatelabs.com

Guess not…:

From: sutorius [mailto:notifications-support@twitter.zendesk.com]
Sent: Monday, February 01, 2010 11:18 AM
To: Support
Subject: #845863 Twitter Support: update on “Your site Refollow.com”
Support, Feb 01 11:17 am (PST):

Hi,

This is a second notice that your application, ReFollow, breaks our Automation Rules and Best Practices (http://help.twitter.com/forums/10711/entries/76915). Specifically, it facilitates bulk user following and unfollowing, neither of which are allowed. Please remove these features from your application to bring it into compliance with our policies by next Monday, February 8th. If you are unable to meet this deadline, your application may be prohibited from functioning on Twitter.

Thank you in advance,
Brian
Twitter API Support

As part of our ongoing efforts to monitor our user base for odd activity, we noticed a sudden surge in followers for a couple accounts in the last five days.  Given the circumstances surrounding this, we felt it was best to push out a password reset to  accounts that were following these suspicious users.

Then we started doing some digging and, given what we found today, we felt it important to share this information.  An outline of what appears to have happened follows …

Torrent sites aren’t exactly “new”; however, this is one of the first times that we’ve seen an attack that came from this vector.  It appears that for a number of years, a person has been creating torrent sites that require a login and password as well as creating forums set up for torrent site usage and then selling these purportedly well-crafted sites and forums to other people innocently looking to start a download site of their very own.  However, these sites came with a little extra — security exploits and backdoors throughout the system.  This person then waited for the forums and sites to get popular and then used those exploits to get access to the username, email address, and password of every person who had signed up.  Additional exploits to gain admin root on forums that weren’t created by this person also appear to have been utilized; in some instances, the exploit involved redirecting attempts to access the forums to another site that would request log-in information.  This information was then used to attempt to gain access to third party sites like Twitter.  We haven’t identified all of the forums involved (nor is it likely that we’ll be able to, since we don’t have any connection with them), but as a general rule, if you’ve signed up for a torrent forum or torrent site built by a third party, you should probably change your password there.

The takeaway from this is that people are continuing to use the same email address and password (or a variant) on multiple sites.  Through our discussions with affected users, we’ve discovered a high correlation between folks who have used third party forums and download sites and folks who were on our list of possibly affected accounts.  While not all users who were sent a password reset request fall into this category, we felt that it was important to put this knowledge out there so that users would know of the possibility of compromise of their data by a third party unrelated to their Twitter account.  We strongly suggest that you use different passwords for each service you sign up for; more information on how to keep your Twitter account safe can be found here: http://twitter.zendesk.com/forums/10711/entries/76036.

Del Harvey
Director, Trust and Safety

Following your dreams is perhaps the most important thing to do in life.

I came to Silicon Valley in 2003 as a small town Montana guy, and recent college grad, with the big dream of becoming part of the technology community and one day starting a technology company. I had grown to love technology and entrepreneurship while making things for the Internet and running my own small company in college. I knew that before I could do this, I would have to learn and work alongside those that came before me. At the time, I was lucky enough to join Apple and have the opportunity to learn product and marketing at one of the best places in the world to learn those things.

At Apple, we were one of Facebook’s early partners and were looking to build community amongst college students using the power of social. Along the way, I became fascinated with the idea of a social operating system.

That summer, I had a few conversations with founders Mark Zuckerberg and Dustin Moskovitz and decided to join Facebook as a part of the newly forming team which would become the Facebook Platform team.

I joined Facebook in late 2006. At the time, Facebook had just welcomed the 10 millionth user to the site and was one of the most entrepreneurial places in the world. We hoped to enable entrepreneurs and developers worldwide to think differently about building for the Internet. We hoped to create a new kind of platform, one where identity and social context was king.

We always believed that the Internet was never just about information, but that it was ultimately about connecting people. And, that pushing the web to become a more social place, with real identity and privacy, and less anonymity, was the most important work that could be done to push the Internet forward.

In the over 3 years since, I’ve had the unbelievably fortunate opportunity to work alongside some of the most talented people in the world towards building Facebook Platform, Facebook Connect, and the resulting ecosystem. I’ve also had the opportunity to get an incredible depth and breadth of experience in strategy, product, marketing, and management.

We have worked hard to make the vision of a more social web a reality. Today, over 1 million developers and entrepreneurs have built over 350,000 applications for Facebook, over 80,000 sites have integrated Facebook Connect. Over 70% of Facebook users have interacted with at least 1 application, and over 60 million users have used Facebook Connect. We also count developers and entrepreneurs in over 180 countries. The community is truly a worldwide one.

It goes without saying, the experience in having a small hand in helping to build the Facebook Platform ecosystem was a deeply meaningful and enlightening one. I consider the people here to be some of the most world class people I have ever had the opportunity to work with and know. Beyond the people, Facebook is truly one of the best places to work in the world. If you want to learn how to build great things on the Internet, and how to be a great entrepreneur, Facebook is the place to go.

Today I am making a choice to continue following the dream.

I have decided to leave Facebook and partner with my long time friend Shawn Fanning to build a new company and to  become part of the Facebook Connect community on the other side. We’ll be exploring a few ideas and hope to come back to you with something interesting soon. Until then, we’ll be in a stealth’ish mode.

Those of you that have had a chance to work directly with me over the last few years also know that I enjoy nothing more than empowering people with big ideas to chase their entrepreneurial dreams. So, I will continue to also advise and angel invest in companies doing interesting things as I always have.

Facebook Platform and Facebook Connect have never been in better hands than those that will continue to lead them into the future — people like Bret Taylor, Mike Vernal, and Ethan Beard. Under the leadership of the entire Facebook management team, Facebook is on track to become a company that enables the entire world to be more open and connected. This was an incredibly hard decision to make, but because of these things, one that I can now make in confidence.

I want to thank everyone at Facebook that has been so supportive of me as I have made this decision and I look forward to the future. I will be around Facebook for another couple of weeks.