Twitter has caused quite a storm lately by dishing-out Twitter usernames to anyone who asks. If you use the Twitter web interface, you’ve lost a large part of your anonymity. It’s the web equivalent of a military dog-tag, worn at all times by all ranks.
The Twitter API supports it, and it’s blissful naivety about this is similar to an Irish sports store doing a great trade selling baseball bats. The idea that this will be used for its stated purpose is nothing more than a fantasy. The reality is something messier, something we don’t like to think about.
Up until now, people have taken their pseudo-anonymity for granted while browsing the web. I think that will change, as Twitter won’t be the only application to provide this bug/feature. We will need to be become more prudent when we hear of sites offering APIs.
There are now a flurry of apps & sites out there telling me, with a smirk, that I’m @destraynor. At first I didn’t really care. Then I began to wonder what if they were tracking me based on my Twitter ID, and monitoring my behaviour, and what I did on their site? Well, who would be bothered doing that? It sounds like hard work, right?
Wrong.
Identifying and tracking users
Google Analytics is an excellent tool for monitoring usage of your site, and with just 3 or 4 lines of Javascript you can record a users Twitter ID, and then see exactly what they’re doing, what pages they visit, what goals they complete, where they came from, how long they stayed. If they don’t complete a purchase you can follow up with them asking why not. You can measure the exact cash value of Twitter marketing, using the e-commerce features. You can even find the friends of your users and market to them too. The possibilities are numerous.
You could be forgiven for thinking that this is too tricky for regular website owners to implement. It isn’t. Accessing someone’s Twitter ID is just a few lines of JavaScript. Recording an event in Google Analytics, takes just a few lines. The code to do both (placed below your regular Google Analytics script block), would look something like the following…
<script type="text/javascript" charset="utf-8">
pageTracker._initData(); function twitter_ga(d){ if(d[0]){ pageTracker._trackEvent("Twitter", "Visit", d[0].user.screen_name) }; }
</script>
<script type="text/javascript" src="http://twitter.com/statuses/user_timeline.json?suppress_response_codes&count=1&callback=twitter_ga">
</script>
And that would get you data that looks something like this…
Voila. You’re now equipped to identify and monitor your visitors and find out everything you’d like to know about them, and what they do on your site. That is, of course, presuming you’ve ignored the Google Analytics terms of usage.
What does it all mean?
Put it this way, if you’re currently logged into the Twitter site, then any site on earth can find out if you’re visiting them. And if you visit just one site you shouldn’t be visiting, whether at work or at home, you are now potentially in trouble. What if your boss (or for that matter, your employees) sees something like this…
Where to from here?
Do we all want to carry around identifying tags? If there was an option to allow this, or forbid it, which would you choose? Is it ok for a website owner to track your activity and map them to your username? Will OAuth take off now that it’s so obviously needed, or will it join OpenId in the “Great idea, why won’t it take off?” category?
Your thoughts, as always, are appreciated…
Update!
As of a few hours ago, it appears Twitter have changed their API authentication system to block this. Oh well, it was fun while it lasted… We’ll let you know here if there’s any update.
16 Comments
Though this would only track visitors to the Twitter page right? And not API calls from twitter apps.
Posted by Name at 2:45 pm on 14 January, 2009.
Actually I just tried that earlier today and it no longer works, now requires authentication.
You can see this by going to this URL: http://twitter.com/statuses/user_timeline.json?count=1
I get the login box even when I’m logged into twitter, so I think they fixed this.
Unless it’s only on my PC? Please confirm
Posted by Wesley at 2:50 pm on 14 January, 2009.
Username/pass requested on my pc as well Wesley (even though logged in to Twitter in another window in same browser.
Posted by Tom Raftery at 2:55 pm on 14 January, 2009.
Wesley, Tom, I think you’re right. This just changed this morning.
Posted by Eoghan McCabe at 3:03 pm on 14 January, 2009.
Yep, you’re too late. This worked perfectly fine up until a few days ago, when I first saw it mentioned. I had some ideas for using this as well, but suddenly today it stopped working. I guess they fixed this, and really, it’s for the best.
Posted by Wesley at 3:05 pm on 14 January, 2009.
Yeah, Twitter have thankfully patched it up.
Also Eoghan, No name drop on the article? http://twitter.com/eoghanmccabe/status/1103348085
Posted by Dave Jeffery at 3:08 pm on 14 January, 2009.
Does that mean this won’t work at all? Sorry a bit technically dim, but think this could be excellent.
Posted by Ann Donnelly at 3:09 pm on 14 January, 2009.
All those issues have been fixed earlier this week. See my comment on http://blog.echolibre.com/2009/01/the-importance-behind-user-privacy/#comment-59
Another maybe more flexible solution for tracking users would have been to make a mint plugin.
Anyways, this was fixed on tuesday.
Posted by David Coallier at 3:10 pm on 14 January, 2009.
excellent discovery, Des
Posted by Justin Mason at 3:13 pm on 14 January, 2009.
Dave: Paul and Des had this going before I even got to tell them about your effort, which as I said at the time, was very, very smart.
Posted by Eoghan McCabe at 3:14 pm on 14 January, 2009.
That doesn’t seem to work for me. The object passed to the function named in the callback parameter, in my testing, contained:
undefined error: This method requires authentication.
So, it looks like perhaps Twitter have changed their API, so that you cannot fetch the timeline without authentication (which makes sense).
Posted by David Precious at 3:18 pm on 14 January, 2009.
/me now sees the flood of comments which arrived since I loaded this page. That makes my comment somewhat redundant.
Posted by David Precious at 3:19 pm on 14 January, 2009.
To bad this doesn’t work anymore.
Posted by Adrian Eden at 5:14 pm on 14 January, 2009.
This would have been some nice tracking data
Posted by zerolove at 8:59 pm on 14 January, 2009.
It sure would - If only we had it
Posted by Des at 9:06 pm on 14 January, 2009.
Like David mentions, the patch for this was put in place on Tuesday. Before hand however, I too had some fun with the little bug in Twitters API.
I could track exactly who visited my site, what they did and how long they stayed there. Plus, if they were logged into my own site at the time I was able to link to two accounts together.
It could have made for a very interesting mashup.
Anyway, for those who are interested here’s the code I wrote to do it all (it doesn’t work anymore now that Twitter have added HTTP authentication to their API).
function twitterDetect()
{
var post;
var done = false;
// Ajax Call to Twitter
$.getJSON("http://twitter.com/statuses/user_timeline.json?count=1&suppress_response_codes&callback=?", null, function(json){
$(json).each(function(j){
if (isDefined(this.id)) {
done = true;
post = 'id=' + this.id +
'&userId=' +
this.user.id +
'&userName=' +
this.user.name +
'&userScreen_name=' +
this.user.screen_name +
'&userLocation=' +
this.user.location +
'&userDescription=' +
this.user.description +
'&userProfile_image_url=' +
this.user.profile_image_url +
'&userUrl=' +
this.user.url;
$.ajax({
type: "POST",
url: "/twitter/detect.php",
data: post,
success: function(){
}
});
}
});
if (!done) {/*Not Logged Into Twitter*/
}
});
}
function isDefined(variable)
{
return (!(!( variable||false )))
}
On my server side I simply stored the data and linked it with logged user accounts where possible.
But like you said Eoghan, it was fun while it lasted.
Posted by IK at 10:15 am on 15 January, 2009.
1 Trackback
[...] like it was possible to track Twitter Users’ trail on your site with Google Analytics. As indicated in [...]
Posted by Hey Twitches » Blog Archive » Capturing Twitter Users with Google Analytics, Almost! at 1:57 am on 10 February, 2009