This is a slightly polished version of a similar post that appeared yesterday on PR Cog’s personal blogs.

As some of you have likely heard Twitter recently opened up a system to embedded tweets on web sites, blogs, etc. Initially I thought this could be done well, but had my suspicions, particularly with deleted tweets actually being (more or less) deleted. Unfortunately the worst did happen and as it turns out I’m highly disappointed in the embedded tweets system (though I still love Twitter).

I quote tweets not infrequently and doing screenshots has definitely been a pain in the ass (until I found Screenhunter that is — see post here on that cute lil program).

Here’s my ideal list of what I’d want from an embeddable tweet system:

• Dead simple
• Bulletproof (works on all systems – whether a blog or traditional website)
• Accurate
• Secure (forgery resistant and unable to be deleted (because really – if I’m embedding a tweet – it’s going to be juicy and I want there to be zero doubt that it’s legit and still there (or once was)))

So, let’s see how the new system stacks up:

Dead Simple

Not yet it’s not.  Currently you have to grab the individual tweet’s URL, hop over to the Blackbird Pie page, paste the URL, take your code, go over to your favorite platform, paste and hope it looks good. 2 words: Push Button.  It should be as simple as sending a tweet or even retweeting (under the new system).  I’m sure this’ll change as developers start tinkering with the API, but for now it’s yet another browser tab I need open and more chances for the code to go wonky.

Bulletproof

It’s not even mosquito proof.

I tried embedding  a sample tweet on a WordPress page (admittedly it could just be my theme, but if that is the case, then it’s likely going to happen elsewhere as well).  Here’s what I got:

It’s supposed to look a bit more like this (grab the user’s background, etc.):

Accurate

The first tweet cited above was sent out late Tuesday night or in the wee hours of Wednesday morning, not “less than a minute ago.”  If the time provided just references the amount of time elapsed from the tweet to when the embed code was created it’s pretty much useless as a reference point for my purposes.  This may change for older tweets that go beyond the ‘X days ago’ status, but if you’re trying to embed a tweet, who’s coming back to it then?

Secure

No and Yes.

The ‘No’ is pretty huge though.  As it turns out the embedded tweet is really just text/code just hidden in the code Blackbird Pie spits back out.  What I was hoping for something fancier referencing back to Twitter’s dbase so the tweet would stay ‘pure,’ even though this would likely melt Twitter’s servers eventually.

Here’s the thing – if you can just tinker with the text to make a tweet say whatever you’d like it to then I might as well copy and paste the text into my document.  True embedding, YouTube style, where changes to the source document ripple through any embedded tweets would’ve been ideal so that when the source material changes the other sites change as well (or gets deleted since you can’t really edit a tweet).

So not only is it possible to forge a tweet (and really, on the net if it looks right it must be accurate, right? (and if you don’t think people are that gullible consider how many bad phishing emails have resulted in bank account hacks)).

Consider that in about 20 seconds, using the embeddable tweet code and some editing I was able to create this from the above example to create: