RSS

No identity left behind

Dog tags

Twitter has caused quite a storm lately by dishing-out Twitter usernames to anyone who asks. If you use the Twitter web interface, you’ve lost a large part of your anonymity. It’s the web equivalent of a military dog-tag, worn at all times by all ranks.

The Twitter API supports it, and it’s blissful naivety about this is similar to an Irish sports store doing a great trade selling baseball bats. The idea that this will be used for its stated purpose is nothing more than a fantasy. The reality is something messier, something we don’t like to think about.

Up until now, people have taken their pseudo-anonymity for granted while browsing the web. I think that will change, as Twitter won’t be the only application to provide this bug/feature. We will need to be become more prudent when we hear of sites offering APIs.

There are now a flurry of apps & sites out there telling me, with a smirk, that I’m @destraynor. At first I didn’t really care. Then I began to wonder what if they were tracking me based on my Twitter ID, and monitoring my behaviour, and what I did on their site? Well, who would be bothered doing that? It sounds like hard work, right?

Wrong.

Identifying and tracking users

Google Analytics is an excellent tool for monitoring usage of your site, and with just 3 or 4 lines of Javascript you can record a users Twitter ID, and then see exactly what they’re doing, what pages they visit, what goals they complete, where they came from, how long they stayed. If they don’t complete a purchase you can follow up with them asking why not. You can measure the exact cash value of Twitter marketing, using the e-commerce features. You can even find the friends of your users and market to them too. The possibilities are numerous.

You could be forgiven for thinking that this is too tricky for regular website owners to implement. It isn’t. Accessing someone’s Twitter ID is just a few lines of JavaScript. Recording an event in Google Analytics, takes just a few lines. The code to do both (placed below your regular Google Analytics script block), would look something like the following…

<script type="text/javascript" charset="utf-8">
pageTracker._initData(); function twitter_ga(d){ if(d[0]){ pageTracker._trackEvent("Twitter", "Visit", d[0].user.screen_name) }; }
</script>
<script type="text/javascript" src="http://twitter.com/statuses/user_timeline.json?suppress_response_codes&count=1&callback=twitter_ga">
</script>

And that would get you data that looks something like this…

Screenshot of twitter analytics

Voila. You’re now equipped to identify and monitor your visitors and find out everything you’d like to know about them, and what they do on your site. That is, of course, presuming you’ve ignored the Google Analytics terms of usage.

Terms of Usage for G.A

What does it all mean?

Put it this way, if you’re currently logged into the Twitter site, then any site on earth can find out if you’re visiting them. And if you visit just one site you shouldn’t be visiting, whether at work or at home, you are now potentially in trouble. What if your boss (or for that matter, your employees) sees something like this…

destraynor-new-job

Where to from here?

Do we all want to carry around identifying tags? If there was an option to allow this, or forbid it, which would you choose? Is it ok for a website owner to track your activity and map them to your username? Will OAuth take off now that it’s so obviously needed, or will it join OpenId in the “Great idea, why won’t it take off?” category?

Your thoughts, as always, are appreciated…

Update!

As of a few hours ago, it appears Twitter have changed their API authentication system to block this. Oh well, it was fun while it lasted… We’ll let you know here if there’s any update.