Comments for Buyer Beware: Topify Turns Down Offer to Acquire Twimailer

Buyer Beware: Topify Turns Down Offer to Acquire Twimailer

2009-04-07T17:50:40Z

A few weeks ago, we wrote about Twimailer, a third-party Twitter tool similar to Topify, that aims to make Twitter's email notifications more useful. Now, however, we read that Twimailer was quietly sold and acquired early last month, and that the current owner is already trying to sell the service. According to Topify's Arik Fraimovich and Ouriel Ohayon, the new owner approached Topify, but the company turned down the offer to acquire its competitor, not in the least because Twimailer's own Twitter account has been closed, and because a lot of users have been complaining about the service.

]]> Sold for $2,500

Twimailer's original developer, Jon Weatley, put the site up for sale on the SitePoint Marketplace in early March, right after he received a number of very positive mentions from promintent Twitter users like Kevin Rose and Tim O'Reilly. The site was put up for sale exactly one day after our own positive review of the service, and it eventually sold for $2,500.

According to Topify, the current seller, who is based in Romania, claims that he is too busy to maintain the service. Other warning signs for Topify were that Twimailer's site features no terms of service (something to think about before you give your Twitter credentials and/or email address to a third party!), and that the site still features Twimailer's now deactivated Twitter account. Twimailer also never notified its users about the sale.

This whole affair does indeed seem rather shady and we think Topify's developers did the right thing when they decided not to buy Twimailer. Topify's developers couldn't help to note that Twimailer, because of its small size, wouldn't be much of an asset anyway.

Use Twimailer? Change Your Password

Twimailer didn't take users' Twitter credentials, but, as we pointed out in our review, users had to forward their direct messages and other email from Twitter to the service, which would include any password change notifications. Twimailer is currently down, and if you are paranoid about somebody hacking into your Twitter account, this might be a good time to change your password.

More and more services are now using Twitter's oAuth implementation, which should make using third-party applications a lot safer by default. For Twitter web apps that don't use oAuth yet, however, it is worth considering their terms of service and other factors to see if this is a reputable company. Even then, though, there are still some risks, as this example from Twimailer clearly shows.

Comment from Arik Fraimovich on 2009-04-07

2009-04-07T18:38:08Z

Frederic, thank you for posting this! We want as many people to know of it, so they be cautions about such issues in the future (and to warn Twimailer users).

I think that besides having some sort of TOS, people should check who is behind the application. There was never a mention of who developed Twimailer, which from the beginning looked suspicious to me. On the other hand - you can easily tell who is behind Topify, Twitterfeed, Twittercounter and many other popular Twitter applications. You can trust these application because you know that their creators will never risk their reputation for quick money or dubious acts.

Arik

Comment from Jon Wheatley on 2009-04-07

2009-04-07T18:48:03Z

This was quite a shock when I saw this story pop up in my RSS reader.

When this was originally developed we never considered there to be any security issues with twimailer. After all, all you're doing is changing your default twitter email and not handing over any of your login credentials.

This was also before twitter flipped the oAuth switch on so when this was developed there really was no other way around it.

It was later suggested that this could still *potentially* be a risk regarding twitter password resets. This was obviously NEVER our intention.

"Twimailer also never notified its users about the sale."

Actually, they were. From what I understand the new owner sent out an email to all twimailer users.

Thanks for the original writeup and for continuing to follow the story. Luckily, now twitter has rolled out oAuth this kind of thing will no longer be an issue.

Comment from Ivy on 2009-04-07

2009-04-07T19:00:34Z

Twitter is a social networking site. When did we become a society wanting to know what a perfect stranger is having for lunch? I never really took the thought of social networking sites as having the greatest defenses against hackers and your articles point is well taken.

Comment from Ouriel on 2009-04-07

2009-04-07T19:11:43Z

Jon, the surprise is elsewhere.

The issue is that you sold this application without being transparent to your users. This is unrelated to the oAuth implementation you are evoking. This is not a security debate but a trust debate with users.

I see you have experience in selling apps you are building (like Twollow and Twitority). i assume you should be aware of that

Comment from Richard Cunningham on 2009-04-07

2009-04-07T21:12:21Z

I got the email but I don't think it was very clear that the site had been purchased.

Comment from Alain E. on 2009-04-07

2009-04-07T21:19:45Z

Richard, indeed it is not clear but Topify seems to explain that well on their blog and it is mentionned on YesThat.com although without details on the owner

This is why i switched from Twimailer to Topify

thanks to this blog for bringing some light

Comment from factoryjoe.com on 2009-04-07

2009-04-08T03:44:29Z

Wow, well, it is nice to be proven right every now and again. Guess my point to NOT give Twimailer your ACTUAL Twitter email account proved prescient:

http://factoryjoe.com/blog/2009/03/04/how-to-use-twimailer-securely/

Comment from Ouriel on 2009-04-07

2009-04-08T04:26:29Z

FactoryJoe, this is not saving the fact that you covered a service many users won't trust anymore whatever the method you are using. So i guess you are not that right...

By the way if any Read Write Web reader would like to try topify here are 50 invites

http://www.topifybeta.com/invite.php?id=b93559b3f3d4a4d2176c040519bf2d83

Ouriel Ohayon

Comment from Joe on 2009-04-07

2009-04-08T04:43:08Z

Ouriel,

How about OAuth for Topify then. And what guarantees are you offering that you aren't going to be EVIL?

Comment from Vinko on 2009-04-07

2009-04-08T05:17:08Z

I had previously warned people about services like this and to use the trick of setting an email filter to redirect emails rather than changing the registered email address in the Twitter account.

Now visiting Twimailer.com results in a MySQL error.

I suggest anyone who had changed their Twitter account's registered email to the one Twimailer provided, restore the email address as soon as possible.

Comment from Arik Fraimovich on 2009-04-07

2009-04-08T05:25:27Z

Joe - while you can never be sure, at least in our case you know who is behind the service: me and Ouriel. Do you really believe that we will risk our reputation in order to gain some quick money?
Re. OAuth - it's on the way... stay tuned :)

Comment from Toni on 2009-04-08

2009-04-08T07:44:36Z

I'm the owner of Twimailer.

First of all I want to point this: my conversation with Arik was a private one so he shouldn't have made it public. He's been playing dirty from the beginning.

Also, saying bad things about your competition isn't good business practice. In fact, our sign-ups grew with 10% since Arik started talking bad about us.

As you can see on http://mvdmedia.ro I have more than 20 projects and I'm working on 3 new ones so this was the real reason to sell.

Since I've been thinking of our users I've tried to let them on the good hands of Topify. But I think they're afraid of growth :)

Comment from Toni on 2009-04-08

2009-04-08T07:50:10Z

As for the transparency: every new user that signs-up on Twimailer received an email about the acquisition.

Comment from Toni on 2009-04-08

2009-04-08T07:52:22Z

UPDATE: speaking of bad business practice :) I just posted a comment on the Topify blog and they've deleted it. Funny :)

Comment from artgrrl on 2009-04-08

2009-04-08T07:59:58Z

Just when I started to like twimailer and got used to it, it's down (sold I read here). I didn't got any e-mail about the sale, I just found out now when I was checking twimailer.com which is down.

Comment from Toni on 2009-04-08

2009-04-08T08:05:49Z

artgrrl: http://twimailer.com is alive and kicking. It was down because we've changed the servers. Check it out!

Comment from artgrrl on 2009-04-08

2009-04-08T08:09:18Z

@Toni: thanx, I see it now, hopefully I get new e-mail about followers soon

Comment from Arik Fraimovich on 2009-04-08

2009-04-08T10:22:08Z

Toni -

When you emailed us you never asked not to share the conversation. Besides that all of the information we posted is publicly known - including the information about the sale, the fact that Twimailer's Twitter account was suspended or that you have issues lately.

As for the email that every new user gets - it says that you're invested in Twimailer rather than bought it. For new users it doesn't have much difference, but for the already exiting users it does have a significance the choice of words.

And we don't delete comments from our blog. It was marked as spam by Disqus (see here: http://twitpic.com/2zu99) - maybe it says something about you...

Good luck with your projects.

Comment from Voyagerfan5761 on 2009-04-27

2009-04-28T04:33:15Z

I just switched my own Twitter account from Twimailer to Topify. It was very simple (and I'm much less worried about security) because I never actually changed my email address in my settings on Twitter.com. All routing of messages to Twimailer (and now to Topify) was (and is) handled by a filter in Gmail. I know Chris Messina wrote about using Twimailer safely using a very similar filter, but I just published a post that applies to Topify as well: http://voyagerfan5761.blogspot.com/2009/04/how-to-safely-use-twitter-notification.html

Comment from sesli on 2009-05-30

2009-05-30T23:07:47Z

thanks for comments