topherchris

I’ve done lots of sites that take advantage of the Tumblr API, and specifically a few that utilize portions that require authentication, but for some reason the recent posting of tumblrist.com has sparked a wave of questions about the legitimacy and ethics of, well, me.

To be perfectly clear, I’d never code anything that allows me to see your password. It’s not stored anywhere, in any form. You log in to tumblrist with your tumblr credentials, they get sent to Tumblr’s API (http://www.tumblr.com/api/write) and I either get back a message saying “hey, this person logged in correctly, and here’s their username, url, blog title, and their pretty/handsome avatar” or a message saying “hey, this person didn’t log in correctly.” That’s it.

Other points I’d want to make:

• I have better things to do with my time than collect your passwords and log into your accounts to post Beach Boys songs on your behalf. This would be hilarious for two seconds until I’m banned from Tumblr forever, which would of course send me back into the depths of obscurity which I’ve lived most of my life. Seriously, I’m touched that some of you think I’d literally do something like that.

• The next time you are asked to enter your Gmail login so a hot new web2.0 service can retrieve your contact list to send out invites for you, please reply directly to the screen the following phrase with righteous indignation: “What, you want my email login? This is blasphemy! Curse you, internet web site!”

• If it still makes you nervous, I respect that. Don’t use it. You have my blessings.