Twitter: Protected Updates are a False Sense of Security
December 19th, 2008
Every morning I check out what happened in DC via Twitter.com for my Living in the District Blog. Basically what I do is I have an RSS feed set up that looks for “DC”, “Washington, DC”, and “Washington DC” that gets piped into my Google Reader and sometimes I randomly reply to them with @livingindc. Today I found a major Twitter bug that I think I should share.
Lately, I have seen more and more twitter users protecting their tweets so that only approved followers can read them. This morning I came across a tweet that I wanted to respond to via my RSS feed and when I went to twitter.com it said that the person had protected their tweets. But how so if I saw it in my feed. This is the problem.
I wanted to respond to this tweet.
When I went over to twitter to get the tweet to reply to this is what I got. [Link]
However, if you go to search.twitter.com and search on this persons tweets this is what you get. [Link]
I would say that this is a major security and privacy hole for Twitter users. This is a false sense of security that I think people who protect their tweets need to know about.
Twitter also has described the protect my updates setting incorrectly.
Protected updates are CLEARLY SHOW in the public timeline via search.twitter.com
Promethh said:
Facebook suffers from the same false sense of security:
1) mark yourself as private, mark your pictures and your entire online existence as private,
2) have a friend comment on your private blog or photo
3) perhaps I am a friend of your friend, but a complete stranger to you
4) I can see the picture or blog our shared friend commented on, and thus, I can see your photo or blog
Privacy online is a hard thing to code. All of the “logical instances” we can think of aren’t necessarily translated to RSS feeds or shared data.
farrelley said:
Ah there have been some emails…this may be because the user set there post protected within the week.