OK, if some unimaginative journalist and/or editor can call a pair of bulging briefs “Weinergate” I can call this Twitter App “FireTweet”. Like Firesheep, Royal Test (FireTweet) is an attempt to demonstrate a privacy problem.
Techcrunch reported this story and I have verified the privacy issue. Despite allegedly being unable to read private messages, applications on Twitter can be made to read your private messages without your consent. Below is the screen you see from http://lab.thisisroyal.com/twitter/.
When you sign in and authorize the application it does indeed access your direct messages. Twitter responded to the problem and clarified that currently apps can access your direct messages. At the end of June there will be changes designed to give users more control over privacy. The web messages are there for the new technology, but it hasn’t been implemented yet. Until June 30th Twitter apps can access your private messages. With social networking sites it is always safest to use no apps at all, but if you are going to us apps, make sure you have good reason to trust the developer of the app before you share access to your private information.
Director of Technical Education
Cyber Threat Analysis Center
ESET North America
Author ESET Research, We Live Security