Don’t Be A Twammer

I hate spam.  Over the years I’ve been an investor in a number of companies that address the spam problem, including Postini and Return Path.  I’ve also been involved in lots of other companies in the email ecosystem and spam has always been something I’ve paid close attention to.

I’ve thought hard about Blam (Blog Spam), Spim (IM Spam), Skam (Skype Spam), and SMam (SMS Spam).  A few times in the past I’ve thought about Twam (Twitter Spam) but Twitter has done a good job so far of dealing with most of the nasty stuff, the most visible being the porn-follower twam that they somehow managed to beat back (or that I’ve successful ignored).

Today, I got caught in a twam trap.  I got a note from someone to try out a service.  It’s someone I’d heard from before so I went to the new site and played around with it.  I wasn’t terribly impressed and didn’t really get it.  A few minutes later I got a DM from a friend that said [email protected] none of the links on that page are active, fyi. tried Chromium + Safari”

I didn’t know why my friend was tweeting me that, but then it occurred to me that playing around with the software must have sent out a tweet.  I took a look and lo and behold it did.  I didn’t want that, nor did I set it up.  But it did.  Yuck.

Automatic tweeting from within applications is becoming commonplace.  This is good in many cases, but unless the sender authorizes the actual tweet, it’s twam.  There’s no opt-in dynamic around twam, so before a service sends out a tweet for the first time, it seems like good form is to make sure the user wants to tweet.  Most, but not all, do.

When you develop a twitter integration, think this through.  Don’t be a twammer.

  • A big part of this problem comes from the fact that it’s too easy to ignore the “access and update” language that appears when a Twitter app asks for permission via OAuth. Twitter hasn’t done a good enough job of differentiating apps that only request the ability to access your account and so by default most apps ask for update permission as well even if they currently have no intention to use it.

  • Steven Livingstone

    It's interesting because oAuth allows you to restrict what the authorized app can do and using a set of clean rules this could be pretty powerful.

    However Twitter – and many others – don't exploit this functionality and so the app gets to do a LOT more than it should…. such as the auto DM.

  • This is an issue I try to be really careful with in all my apps as well (but I agree more developers need to be transparent on what they really are gong to do on your behalf when you start using their app).

    I'm releasing a new project at Chrip next week ( ) that really needs to be careful not to be spammy so I'll def. be engaging in the conversation around twam at Chirp…sure I'll reference this post more than once so thanks for the timely post! 🙂

  • This has been going on for a looong time.
    I've written to many developers, their CEO's, and even VC's to say
    "Eyes are only on the dough- that makes enemies"

    But there's still an insulated class in the money dev world.
    I hope everyone reads your post.
    The free pass by big names is old.
    (Think: WeFollow replacing Twitter BIO URL if users don't notice the discrete check box)
    What a humiliating trick by a huge name.

    PS- I thought IntenseDebate was going to fix the 2 character name bug?

    • Re: the ID two character bug – I’ll check into that.

  • Hey Brad, in reading your twammer experience it reminded of the experience that facebook is proposing w/so-called pre-approved sites where they will have all of my facebook info using an effectively automatic facebook connect authentication. what if i don't want that site to have this info? what shouldn't i get click the facebook connect button if i want them to have it. like your twammers, facebook looks to take control away fm the user. tough to explain to young entrepreneurs not to be twammers, when one of the arguably most successful sites is making a case for this sort of bad behavior 😉

  • Yeah – it’s going to get more complicated before it settles down.  That’s probably good because we all need to figure this out.

  • Yep. I don't care how much I like an app. This is an automatic sentence to the recycle bin.

  • This is incredible! Makes me want to close my twitter account after all.

  • inboulder

    Isn't the Foundry Group an investor in Zynga, which is wholly successful, and somewhat infamous for discovering a way to spam Facebook users?

    • I am a very proud investor in Zynga.  The company has been very careful to always be on the correct side of Facebook’s TOS. 

      • inboulder

        Come on really?
        Zynga is well known to push boundaries of spaminess on facebook constantly, and has been on the wrong side of Facebook ToS, enough to get a major game, FishVille, pulled:

        I do not see how one can claim to be against spam, or 'twam', or any dubious monetizaiton practices, and support Zynga, it seems hypocritical to me.

        • Sorry you think it’s hypocritical.  As with many things like this, there are multiple perspectives that are worth understanding better rather than simply taking at face value.  Since I’m on the board, I made a conscious decision not to argue about this in public but rather work hard with the company to quickly address anything that is inappropriate.

  • Yep. I don't care how much I like an app. This is an automatic sentence to the recycle bin.

  • I can't agree with more.

  • Pingback: good cheap car insurance()