Calling it "altering the public record" is a little hyperbolic imo. If you want to act as a repository for the public record, you better use your own system. Twitter is under no obligation to retain this kind of stuff on your behalf.
I'm not trying to say that this is right or wrong, just that these are the facts of the matter when you engage with a company's code and terms of service.
They declared something worked one way then silently changed how that thing works without properly announcing the change first and giving people enough time to adapt. Would you still be willing to make these excuses if your emails provider decided to do the same thing?
Even if it's their system, there's a limit where people would rightfully start to object.
It's a free service that they provide - why can they not change how their system works when they want? People can object whenever they want - but it doesn't change the fact that they don't have any 'rights' to show someone elses content via a 3rd party on their website.
Maybe if you paid to embed tweets? Sure ok, they changed the contract - so deal with that.
Is it a bit annoying if you use it? Probably. Is it bad that the docs are out of date? Ok.
Twitter doesn't have any responsibility to you as someone who wants to quote someone else via their platform.
I deliberately chose Twitter's JavaScript because I inspected the design of how it worked and saw that they had deliberately built it in a way that would respect my preferences for how deletion should be handled.
They've changed that on me - without even announcing the change. This is a rug-pull.
Now I have to replace their code with my own implementation, and they've hurt my trust.
You have badly missed the most crucial message of the post.
When you copy the embed link, you are copying the string literal of the tweet too.
You put this text on your site. You are the one retaining it.
The twitter module is hiding the text from the rendered page, rather than loading the local copy.
Edit: clarified js change
The follow-up discussion then unfortunately is not so much about the grievance or problem, but about the needless hyperbole.
In the end, because the problem no longer feels reasonable or relatable, it seems more like the author has an axe to grind.
There's too many examples to cite, but one could follow any discussion that surrounds a change made by large tech company to find numerous examples.
Even journalists, who really should know better are now quoting tweets.
Talk about a double-edged sword
Why are you not, though? I feel like we have been so co-opted by the system that we forgot we are allowed to criticize it. A giant company with billions of dollars should not be given get out of moral jail free cards. They should absolutely be held to higher standards because of all the power they wield.
One is saying Twitter shouldn’t have done this and should be called out for breaking a promise.
The other group mostly agrees, but is pointing out that problem was giving Twitter so much control over one’s own content in the first place.
I agree with this: Banking on what’s nothing more than a handshake is a bad call.
Having to go to the court of public opinion is largely a failure, not the recourse of choice.
The commercial internet of today works this way, and it’s increasingly becoming fragile for it.
By changing the behavior of the javascript, without even updating the documentation, Twitter has broken every rule of being a good distributor of third-party code. In a similar vein, any third party code could at any time do any number of malicious things. Just because I didn't pay Twitter for the privilege of running their code and just because I embedded their code in my website does not make it okay for them to start distributing malware to modify my website to their liking.
There are lots of other malicious things Twitter could have the javascript do. Twitter could start showing ads before and after all quoted tweets. This would also conflict with the documentation and would be malicious.
At a minimum, it should probably be embedded in a sandboxed iframe.
Just taking a screenshot, and linking to the tweet, seems like a more robust solution, that won't randomly stop working, and doesn't have the same privacy issues.
When I started blogging again, I wanted to render my Twitter feed on the homepage, as a sort of bitesize alternative to the regular content, but I too have a deep aversion to allowing external scripts on my websites. So I added some code to my Hugo theme that pulls the tweets from my profile via the Twitter API and renders them statically.
That of course still leaves open the matter of whether/how you're making sure to trigger a new build for every new tweet.
It was pretty darn simple to get the text of a tweet, and just apply some styles to it. If one was motivated, making something to replace Twitter's version of embedding would not be very difficult.
Sure, but these problems were anticipated in the design of, certainly later, HTML specs. One example: the ALT text tag for images, which has been part of the spec since at least HTML4, originally published as a recommendation in 1997.
Every image on your website(s) should have ALT text to be screenreader friendly and, if it doesn't, that's on you: it doesn't make using images an inherently bad or accessibility-unfriendly idea.
Is it necessary for a quoted tweet to look exactly like it came from Twitter when the text and a link serves an identical purpose?
That said, if someone wants to delete a tweet or otherwise correct the record, are you prepared to issue a correction of your own when quoting a tweet? The internet is particularly unforgiving when it comes to this.
<object> or <portal> already exist. maybe they would work?
And have none accessibility.
- screenshot - now you dont have to add custom styles, meta data exists, but it is not usable - you can make is to click on tweet will open a tweet, but click on tweet author will open authors profile. Also screenreaders and bots - they dont parse text from images and it is harder to make images work on smaller screens.
The solution is not as simple as - ctrl+c ctrl+v text or screenshot and call it a day. You need to consider that content will be interactive (all links should work) and accessible (for screenreaders and mobile).
___
So it is understandable why low effort approach with embedded scripts, but less secure is more popular than high effort most likely not completely working, but more secure approach.
The better way would be to use twitter api and render tweets with your own styles. Safe, accessible, interactive.
>The better way would be to use twitter api and render tweets with your own styles.
How does that fix the issue of twitter obfuscating embedded tweets?
If not, that is a huge opportunity.
An apostrophe as a possessive marker in its is nonstandard:
It's imo not about pettiness, finding errors of others to shame them, or holding others to a bar set too high, but rather, if we don't, we start tumbling towards lesser good things as a society and community and humans.
Not to say that it's not ok do make errors (it is, and it's human), but if we spot one and can easily correct it, we should.
It doesn't have to be this way. Either the individual or the platform could cryptographically sign content to prove that it really happened. I guess Twitter would prefer a plausible deniability. If anyone screenshots you saying something you regret, you can just say it was forged.
So, IMHO, the title and the post doesn't make any sense. Twitter isn't editing anyone's site. You have chosen to embed some content of Twitter on yours and it is perfectly fine if they chose to remove it.
That would be an interesting solution to link rot, admittedly - lots of older pages which are just empty lists formerly containing links to now defunct websites!
But the link still will be on your site.
And i think the whole "they edited my page" statement is ridiculous. You EMBED a part of twitter into your page. You know it can change. If you embed a youtube video, and the owner deletes it, it wont play anymore. obviously.
The problem is real tho. You casually publish 1-3 things per day. After 20 years you have many thousands of pages that slowly rot away. You could monitor them and delete the articles but that doesn't always work. A tweet and a 5 second video in the middle of a lengthy article don't render the article useless. It becomes something like old paper publications citing lists of unobtainable things.
Malware is defined by Wikipedia as:
> Malware (a portmanteau for malicious software) is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, deprive users access to information or which unknowingly interferes with the user's computer security and privacy.
This script distributed by twitter is software intentionally designed to cause a disruption to a server and to deprive users access to information.
Luckily GDPR seems to have a chilling effect on recklessly embedding such stuff without thinking about privacy or security implications. Personally I hope that in a few years third-party embeds will mostly be a thing of the past.
The "web" has been going to hell in this way for a decade at least, because it ceased to have boundaries. Without boundaries there cannot be responsibility. Widespread introduction of JavaScript created a quite different kind of technology from the WWW in which concepts of client-browser and document-server made any sense.
Minus any reliability/security it can't be considered safe for delivery of important materials now. If even the site owner can't trust what you see on a site that's bad (though as people point out, we've had this even since banner ads) But it's why I think the future of critical "information services" (as opposed to e-commerce / social media) is on something like Gemini.
For Javascript if you're paranoid you can add the `integrity` attribute, and most of the time you can self host the JS although all of these come with maintenance commitments.
I think it's reasonable if you trust the source (Twitter for example) to embed their third party code.
Tweet embeds are a live link to the Twitter system to show a tweet. To show the actual tweet from the Twitter platform. If the tweet doesn't exist, there's nothing to show. No one said it should maintain some kind of 'copy' of old data on your site.
They're not entirely right, but they're not wrong either. You're running their javascript to power the embed, and so they gave the response "respecting user's deletion".
Apparently the “contract” that Twitter would preserve the text of a deleted tweet was a tweet from some random employee.
I hope they add a simple check if the element has children or not to fix the regression, but I work on an app where some sort of fallback UI for deleted Tweets is a welcome change, even if "blank Tweet card" isn't a huge improvement, it's still a small win to get some hard-to-fix-on-our-side UI complaints off the backlog.
My non-expert, likely useless, take on this:
Don't use Twitter's technology. If you're interested in quoting a tweet to create a public take a screenshot, copy of the text, quote it and provide a link. Simple.
If part of your post links, or portals, to another site you don't control it's not part of your blog/post/site. Complaining when remote content changes is pointless. You're not capturing what was when you link to remote content managed by someone else you're capturing something live, it's not a public record. It isn't quoting anything.
All of a sudden, this very inert code has changed, without warning, to actually edit any websites using it to delete the text that they put there. I think many would consider this malware-adjacent, if it wasn't from such a large company.
Now site ToS usually say that they can change the terms whenever they want. But that's going forward: something you wrote in the past should be under the contemporaneous terms.
So I wonder if someone could successfully sue under California law. If successful, it would be a great improvement to consumer rights.
(it is correct on the site itself)
> That widgets.js script looks for blockquotes with the class="twitter-tweet" on, and replaces them with a Twitter branded iframe to confirm that it is a real tweet
And that's how most libraries work? I don't see an issue. Yes, if you delete the tweet it seems they changed the behaviour (and that might be an actual bug) but still...
If you cared about JS injection why would you embed anything?!
If it still exists, just add a link to it underneath the screenshot. If it was deleted, then there's not much you can do, but that's no different than if you had embedded it.
End result will be much uglier pages.
Own your data, own your blogs, own your words, own what you create/write/do on the web. Don't rely on third party services uphold a common sense contract or what most people would expect is the ethical/correct/good thing to do.
I can see the publishers unhappy and actively obstructing such a solution though.
maybe there should be an open and distributed ACTUAL public record? have we finally found an actual usecase for blockchains?
We need to go back to the days when sticks and stones broke bones; when words were correctly not "violence" and that your right to not be insulted existed solely in that self-important (but empty) cavern between your ears.
Oh come off it already. What a remarkably brain dead opinion.
Twitter _is not a public utility_. It owes you _nothing_. Their property, their decision. That simple.
I do have an issue with the idea of their JS manipulating your own website but fuck off with this "Twitter is a public service" argument.
- They don't have to give you an account
- You are not entitled to make demands of them
- You can always use another service
Goddamned children. Enough already.
What this probably calls for and maybe something is out there is some service that can embed, archive, and track changes to a tweet or social media post. You'd embed the same way, but the archive will fetch and cache the content. It could then serve up the original version, as well as a timeline of changes.
The right to be forgotten has merit though, and I can see twitter's logic there and probably they're under pressure via GDPR or something. So any archival or cache service would need to take that into account. Various countries and districts have varying laws on what is and isn't official public record too, so it seems like managing that could be the function of a dedicated archival service.
What contract?
The API contract is:
> What happens when an author deletes their Tweet? The Twitter widgets JavaScript will not display a fully-rendered Tweet if the Tweet no longer exists on Twitter. The fallback <blockquote> containing Tweet information will be visible on the page.
Just with the Facebook like-Button, you're exposing your visitors to the tracking of Twitter.
For what? Just so you can quickly copy one snippet and be done with it, instead of manually copying author name, content and link and spending 10 seconds to format this yourself.
I wish I had something constructive to say, but this always seemed like a totally unnecessary "feature" with a lot of downsides. Instead of embedding 280 characters in your website you make it download an order of magnitude more from somewhere else and then execute code to display those characters in a way someone else deems appropriate.
It's very convenient (just click share or use a WordPress widget to embed tweet), it always look pretty, and there are multiple actions available from the tweet: go to profile, reply, share ...
So more features for less time to set-up. This is a service like all other Service, you usually tradeoff something like privacy for convenience. Why use Dropbox when you can have your own NAS ?
You trade GDPR-complience for convenience and all the Functions gained are not that hard to replicate..
I think a lightly styled html box with the tweet as text would be the best of both worlds.
Unfortunately copyright law is not going to be happy with that one. [0] It's insanely complicated, but basically, as things are at the moment, the original poster has a right to retract the publication at any time. You may find yourself in legal hot water if your copy doesn't disappear at the same time as the original.
[0] https://australiacouncil.gov.au/workspace/uploads/files/soci...
