Tarpipe: a cool idea for lifestreaming, but is it secure?

I decided to check out Tarpipe because it looks like the kind of information flow / lifestreaming thing I’ve been interested in developing for Posterous. Strangely, Tarpipe doesn’t support Posterous, but instead supports Tumblr. But I thought I’d try it anyway.

The creepy thing, however, is that I had to give my Twitter login info to Tarpipe to get this rolling. Even if I decided that I trust these people, how can that be secure? They must be submitting this info to Twitter in plain text, right? That means they are storing it in plain text, right? Or maybe I don’t understand their advanced cryptography? My understanding was that once you encrypted something, that’s it. You can’t de-encrypt it. You’re supposed to simply compare two encrypted values… something tells me this is not happening.

I also wonder how this is achieved on Posterous or Tumblr, with their native autoposting to other services.

Anyhoo… it might be incredibly useful at some point, so I’m just checking it out for now. But my Twitter password will probably change very soon.

UPDATE: Looks like Tarpipe is pretty much barely beta, and it’s not as useful as I originally thought… probably will be after they start using PubSubHubbub or cron jobs or some other way of turning regular RSS/Atom feeds into real-time feeds. Apparently, one needs to develop a custom application to use much of what they have built. That’s cool, but not easy for a quick test.

This entry was posted in Information Flow, lifestreaming. Bookmark the permalink.

One Response to Tarpipe: a cool idea for lifestreaming, but is it secure?

  1. Bruno Pedro says:

    Thanks for expressing your thoughts about tarpipe. Let me answer your questions, starting with the cryptography.

    As you mention, all applications that somehow publish your stuff into other services will have this engineering challenge at some point. How does tarpipe make sure your credentials are complete secure? We use RSA encryption on all the credentials we store, meaning that we can encrypt and later on decrypt your credentials in a complete secure fashion. We also employ a scheme to prevent information theft.

    Now to the comment about usefulness: while we don’t support PubSubHubbub on our free version, we offer several tools for the end user which you can find at http://tarpipe.com/tools

    Let me know if you have any questions or other feedback.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>