> Our laws, regulations, and societal norms have a long way to go before they catch up with technology.

Oh, that remains to be proven. Impersonating someone else to have them describe themselves as a criminal is pretty clearly legally actionable, both in a civil and criminal sense. There's every likelihood that the laws and regulations will work just fine. And judging by this post, societal norms are also working just fine to disapprove of the behavior.

The guy has come up with a new way to violate laws/social norms, to be sure. But that doesn't actually mean they aren't working. They are flexible enough to adapt to most new situations and this is certainly one covered by them.

Well, to continue the tortured analogy, the stranger was invited into the home, they didn't break in. Then they presented a release form to the homeowner saying they could impersonate him on TV, which the homeowner signed. Only then did they go on TV and "impersonate" him, saying things he didn't expect.

I don't think it's so cut-and-dry as you are making it out.

It's definitely shady, but I dare say there's nothing illegal here.

So the current social expectation of most twitter users (app developers take note) is that an app should not post content without informing the user that they are going to do so; or without affirmative action from the user indicating that they want the app to take that action. I've seen people get outraged by apps that post without warning often enough to think that doing so breaks a fundamental bond of trust.

So the granting of permission is conditional on that permission being used responsibly, and if the app fails to work without that permission and then breaks trust with its users in that dramatic of a fashion...

I know that I won't purchase or use any Enfour inc. product in the future on the basis of this; there's plenty of easier dictionary apps that won't falsely accuse me of piracy.

I don't see where he gave permission for the app to post Tweets for him. He gave it access to his Twitter account, but that's not the same thing. To continue your analogy, the stranger was invited into his home, gave him a form to sign that said he could inventory the items there, got it signed, and then proceeded to publish the information in a way that wasn't mentioned on the form.

> I don't see where he gave permission for the app to post Tweets for him. He gave it access to his Twitter account, but that's not the same thing.

It is exactly the same thing. If you give something access to your twitter account, you are giving it the ability to post, and therefore, tacit permission to post.

Ability and permission are not often link like this in real life.

If I walk up and stand two feet infront of someone I have given them the ability to try to punch me in the face, I have not given them permission to do so.

If I utilize a computer repair service and I grant them remote access to a computer at their request I have likely given them the ability to run the equivalent to rm -rf /, but I have not given them permission to.

I can grant a friend access to my house by giving them a key that does not mean I give them the permission to do what ever they want in my house.

In the above three cases there are legal consequences for a party when overstepping their permissions.

You need to see what the permission means within the behavior of similar permissions, and that is written in application guidelines for iOS devices. Here's one way that this app violates the guidelines, hence does something unexpected with the permission:

"17. Privacy

17.1 Apps cannot transmit data about a user without obtaining the user's prior permission and providing the user with access to information about how and where the data will be used"

But isn't it written, when you give access to Twitter account, that it could be used to post things for you?

Not really. The Twitter API allows both read-only and read/write access. iOS, as a system-wide grant, has read/write permissions - but apparently does not allow users to specify per-app permissions to be that granular.

Moreover, the app was apparently locking out paid users from any access at all unless permissions were granted, which in itself shouldn't have made it through Apple's vetting process in the first place (exception: twitter clients). The majority of apps will only need access to the "share sheet" for posting to twitter, which AFAIK doesn't require explicit permissions (similar to sending an email; the user must hit send)

I don't know since I don't use the app; from the description given in the blog post it seems highly doubtful that the app specifically told him it was going to post to his Twitter account on his behalf without telling him.

Also the app appears to be in violation of the iOS guidelines (see another post upthread), which means that it is not generally understood that apps can post on your behalf without telling you just because you give them access to your Twitter account.

I would claim that you are mistaken here. Ianala but I'm fairly sure there is actionable bad behavior going on.

You may find it surprising but it is actually illegal to trick someone into agreeing to something that harms them. You can't just say "Can I do this to you" if the person you're doing something to can't reasonably be expected to know the implication of "this". That's why we use phrases like "informed consent".

In the UK, I'm fairly sure this would be considered libel.

In the UK, anything within a stone's throw of an insult can be considered libel so long as the target decides to pursue it in court.

i believe the user agreed access to his tv channel, and not that he could be impersonated on tv. maybe that was in the fine print, but i'm pretty sure nobody would sign this agreement knowing such impersonation was an option

> Our laws, regulations, and societal norms have a long way to go before they catch up with technology.

I wouldn't say that what this app is doing is within societal norms. Just like laws, societal norms get broken, which is what happened here. The publisher will suffer consequences (both from Apple and potential customers), as they should.

Your analogy should be narrowed according to the facts of this case. Assuming that the author's guesses about the app's behavior are correct, this is a case of software checking for one specific tool — a tool that's strongly associated with piracy. A defendant in the physical world wouldn't necessarily have a reasonable expectation of privacy if there were indications that he or she was engaging in unlawful conduct. So it's unfair to say the app's behavior would be obviously illegal or that it's comparable to a secret inventory of all of someone's physical items. That said, I'm not justifying the hijacking of the author's Twitter. That's not an appropriate remedy by any standard.

It's one thing to have other people learn that you own a crowbar. It's another thing to have someone else declare, using your name, that you've used that crowbar for breaking into houses.