Twifficiency is a perfect example of the friend spam dark pattern put into action on Twitter using OAuth. However, we should give the developer, James Cunningham, a break, as it was simply a small personal side project that took off in a huge way before he had a chance to properly evaluate the impact of his design decisions.
The Twifficiency.com homepage is visually designed to come across as clean, simple and credible. In small print at the bottom of the page, some text states that “Twifficiency will tweet your score on your behalf. Do not use this app if you do not consent to this.”. However, this text is tiny and since most users scan-read on the web, many people did not notice it.
As you can see above, this Twitter.com OAuth page doesn’t emphasise the point that you are granting the app the ability to tweet on your behalf, rather than simply to index your public tweets. This is clearly a design mistake. In this respect, we can blame Twitter for the volume of tweeted friend spam that is currently occurring from apps.
Here’s an example of the friend spam tweeted by Twifficiency. Using someone’s voice as a means to convince their friends to take an action is very effective because it takes advantage of human cognitive biases such as Social Proof, Authority and Liking.
Twifficiency sets itself up with permanent access to your twitter account using OAuth. This fact in particular has made some pundits particularly concerned. Twitter needs to reconsider how well they communicate the implications of permanent access in the OAuth user journey.
Example: Shelfari invitation spam (2007)
Shelfari claim this was nothing but a design mistake, whereby they mistakenly placed an opt-out checkbox below the fold. This is shown in the screengrab below (greyed area depicts the fold):