When will TwitPic implement OAuth?

I just wanted to point out that Twitter has now opened OAuth to all developers, so there's no (technical) barrier to TwitPic switching over to OAuth. OAuth apps can be registered here:

http://twitter.com/oauth_clients

According to Twitter's OAuth FAQ the company plans to eventually turn off basic authentication, so I hope TwitPic starts the transition soon.

http://apiwiki.twitter.com/OAuth-FAQ

I won't use twitpic until it adopts oAuth, and have advised all our employees and community not to use it or similar services while they continue to request usernames and passwords. No excuses, now - just get on with it!

I've built a slick twitPic bookmarklet, but REALLY want to implement oAuth for users. When is twitPic gonna support oAuth?

I'd love to use TwitPic, but there's no way I'm giving you my Twitter password.

I like TwitPic, but since its developers refuse to even comment on this issue (after two months!) I'd like to recommend img.ly to everybody. It has essentially all the features of TwitPic, but uses OAuth so you don't need to divulge your Twitter password. The only thing img.ly lacks is the support in popular Twitter clients that TwitPic enjoys, but I think its developers are in contact with the makers of several clients, and for the meantime it does have upload-by-email, which makes uploading from mobile devices easy. I've been using img.ly for a few weeks, and it seems very stable and the developers are really proactive in listening to users and making improvements. Oh, and the URL is five characters shorter. ;)

P.S. I'm not affiliated with img.ly in any way, I just think it's a great alternative to TwitPic.

Is it just that twitpic is a massive Phishing site? Holding all those usernames and passwords means they can hold twitter to ransom if they ever decided to implement their own picture service.

The fact that TwitPic asks for this information means that there is NO guarantee for the user that this information is not recorded and potentially misused, either now or in the future. The statement "TwitPic doesn't record ANY usernames and passwords" is therefore meaningless without inspecting the actual running code.

Likewise "I'm certain they are safe" can only be supported as far as - (1) the intents of Twitpic's owners, and (2) the security of its codebase and architecture to prevent eavesdropping attacks - can be supported - i.e, not at all.

Far better to not require such trust in the first place.

The statement "TwitPic doesn't record ANY usernames and passwords" is simply false. If you send a photo through e-mail, how else would TwitPic post the photo to Twitter, unless they used OAuth?

I personally trust TwitPic with my Twitter credentials, but I certainly understand those that don't. And I really wish TwitPic would implement OAuth so we could put this argument to bed.

Actually it is not simply false, Dan. I have created a TwitPic bookmarklet where I don't record the username/password. It simply get's passed along on the request. Whether TwitPic records them or not is a different story. The amount of time my bookmarklet keeps the username/password is only for the duration of the request to TwitPic's API. I don't have any reason to keep it.

http://www.subprint.com/blog/projects...

As there are other services out there using OAuth like http://img.ly/ there is no need anymore to use TwitPic.
As I see less people using TwitPic in my Twitter stream I am not the only one thinking like that.

I wasn't aware of the email system in TwitPic. The Twitter API requires a username and password for authentication so there must be some sort of recording somewhere. I personally used img.ly on my latest website http://twipho.net/ because it was new and looked well developed. I'm looking into using OAuth too. I do however think that if TwitPic was vulnerable it would have been compromised by now. Maybe if people are still worried password modification should be a thought?

The problem that i have with OAuth is that I have THREE Open-ID's and keeping track of which is used where can be a real issue, so I'd want the ability to log in the normal way as well.

So now that Flickr works with Twitter really smoothly, there is no need for another picture service: http://blog.flickr.net/en/2009/06/30/...

Seven months and still not even a comment from TwitPic? Is anybody at the wheel over there?

Hi all,

I just wanted to break the silence and let you know this is something we are currently working on. We hope to have it ready for public consumption in the near future.

Thanks for using Twitpic!