Tweetdeck Hijacks Your Settings, Opens Accounts In Your Name

September 13, 2010 at 9:16 AM (Uncategorized) (, , , )

Have you updated Tweetdeck recently? Then you had better double-check your settings; the most recent update (0.35) hijacks your setting for image hosting service and changes it to yfrog without your permission (and without bothering to tell you). Nice, right?

Tweetdeck is a very popular desktop client for Twitter, Facebook and various other social media services. It lets you read and update status messages, view and upload pictures and watch YouTube videos without having to use a web browser. It includes support for uploading to several image hosting services.

At some point or another, Tweetdeck began recommending yfrog (owned by Imageshack) by default over other image services. With the PC desktop version of Tweetdeck, you can go into the settings to change the image hosting to any of several other services. However, the next time you try to upload a picture, Tweetdeck will pop up a large dialog window telling you that “Tweetdeck recommends yfrog.” This dialog displays a huge button to “continue using yfrog” and a tiny link to “continue using [other service].”

This aggressive promotion of yfrog is obnoxious and intrusive, but at least it only does it once. I assume Tweetdeck is being paid by yfrog to promote their service.

The newest Tweetdeck takes this intrusive behavior straight into the realm of malicious activity. Not content merely to throw a pop-up window at you to ask you to switch services, the update to version 0.35 simply hijacks the setting. There is no dialog, no consent, no notice and certainly no ethics involved. The very next time you use Tweetdeck to upload a picture, it places it on yfrog instead of your preferred service.

“Hang on a second,” you say. “I don’t even have a yfrog account.”

Well, you do now. After hijacking your settings, Tweetdeck misuses your Twitter credentials to create an account on—in your name—without asking for your permission or even telling you it’s done it.

The people who develop Tweetdeck ought to be ashamed of themselves. This is completely unethical and is not how a responsible software company should behave. You can promote a service if you want, but you should never take control away from the user and hijack settings like that. And you absolutely do not EVER open accounts under another person’s name without their consent. In almost any other circumstance, that is called fraud.

When I worked in the anti-malware software industry, we had a name for software that behaved like this. Seeing the same behavior in software from companies that wish to be considered legitimate is surprising and disappointing. Tweetdeck’s developers need to put a halt to their malicious and unethical behavior.


1 Comment

  1. Michelle Malkin » The Ick-arus of Capitol Hill; Sunday update: Weiner’s Yfrog and Tweetdeck problems said,

    […] is the preferred default photo-sharing site for Tweetdeck, and Tweetdeck aggresively promoted Yfrog. Most users, myself included, don’t bother to change […]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: