May 24, 2007
You know Twitter, yeah? And you know how people love it because they can stay in touch with their friends and communicate privately what they’re up to?
Well. If you use it like this and are happily twittering away about people you work with, or fancy, or both, or whatever, you probably ought to know that
everything you think is protected (private) within Twitter actually isn’t.
Due to (I assume) some quirk of the API, things can be protected within the twitter.com realm, but available for the whole world to see via Twittervision, regardless of their privacy preferences. That means that someone who’s twittering privately at twitter.com/[username] is actually visible to everyone at twittervision.com/[username].
I’ve got examples, but for obvious reasons, I’m not going to share them here.
And if you thought that wasn’t bad enough, those twittervision userpages with archived messages on them are now showing up in search engine results.
Twitter people: sort it out, please.
After Bobbie Johnson contacted Biz & chums about the problem it looks like the hole’s been plugged (for now).
However, since it was obviously open for a while, its legacy lingers in the form of google’s cache.
Side note: I’m still not sure why it only seems to have revealed *some* of my private posts to Twittervision. Weird.
Update, later still:
Alex from Twitter got in touch in the comments to share the official take on this issue: essentially, it’s not a problem with the Twitter API, but instead an issue with the way that Twittervision displayed the user data.
Now, I don’t have any memory of providing login info to Twittervision – in fact, I’m nearly 100% convinced that the first time I provided any details to the site was yesterday, trying to log in and figure out how to make my contributions private – but leaving that to one side, I have to say that, like Dan Hon, I was less than thrilled with Twittervision developer David Troy’s response to Bobbie, earlier in the day when the issue was pointed out. He said:
â€œFor what it is worth, the number of people who participate in something like Twitter who also opt to keep updates private is a pretty small percentage, and you are the first person to bring this up to me,â€ he said. â€œIf this were a widespread concern I would have heard about it from others by now.â€
Yeah? Well, just because something doesn’t affect a lot of people doesn’t mean it’s not something to take seriously – people care about privacy. Plus, if you’re affected by it, it is a big deal.