Twitter Secret Jar Privacy Fiasco Was Preventable
Thursday, Twitter continued their practice of allowing users who pioneered illegally (see also: @ -reply, the retweet, hashtag) by launching Tip Jar. Enjoy someone else’s tweet? Send money from the app, through an online payment processor they would like. Simple enough. And yet, predictably, it’s not easy, especially for those who appreciate their anonymity online.
Just hours after Tip Jar’s Twitter announcement, security researcher Rachel Tobac he found Wrong wrinkle: Sending someone money via PayPal has revealed their home address. Before long, Ashkan Soltani, a former Federal Trade Commission expert he found that using PayPal for Tip Jar can expose the user’s email, even though nothing has happened.
Maybe you picked it up on PayPal as a common thread here. For a better look, there are ways to send and receive money through this service, including Twitter Tip Jar, which does not provide your home or email address. But this is so frustrating that no one on Twitter is thinking of ending the visual issues.
“Twitter users have learned that they can be anonymous on Twitter – it’s a platform that doesn’t want your real name and promotes connections that can be anonymous than other social networking sites,” said Tobac, founder of SocialProof Security. “For this reason, there are a lot of insecure people who use Twitter to communicate anonymously, instead of texting.”
But because Tip Jar only gives you access to a third party — in addition to PayPal, it supports Venmo, Cash App, Patreon, and Bandcamp — in emergency play with a variety of rules. Twitter informs users that what is happening is happening elsewhere, but does not provide a complete definition of what it can mean, as well as what you can reveal about yourself along the way.
In the case of PayPal, payments are made automatically through the company’s so-called “Goods and Services” system, which is designed for the items being shipped – thus having a home address linked to them. Navigating to select a password on PayPal does not sound right. You need to hit the small arrow next to the phrase “Pay for an item or service,” and select “Send to a friend” instead.
Are fewer Twitter people and friends? Are the tweets better and more helpful? Good wise questions! Also a simple source of frustration if you are just trying to send a small amount of money to someone you follow online without knowing where you are. The email that Soltani received, at this point, applies to people who want to get paid: If you do not have a name on PayPal, this service secretly displays your email.
A spokesman for Twitter said the company would update their app information to make it clear that the payment methods they paid for Tip Jar “could share information with people who send each other tips.” Twitter release led Kayvan Beykpour he wrote “This is fine, thank you,” replied Tobac, calling for a local concern. “We will not prevent the disclosure of the address on the Paypal side but we will extend a warning to people who provide advice through Paypal to know this.”
As Tip Jar may have good intentions, Twitter users should not be the ones making this happen. That’s what Twitter must have done for itself, largely due to the large number of users who prefer anonymity.
“I don’t think this is a matter for better disclosure, but rather for experimentation,” says Soltani. “Most people like to keep their” real “secrets for a variety of reasons – security, hardship, harassment – especially when they can be persecuted for their views on Twitter,” as might happen in dictatorial regimes. “You would think of a company like Twitter, which is controlled. and the FTC on sensitive issues related to information security, if they had to keep such information confidential and secure when releasing new information. “Twitter approved 20 years of FTC approval in 2011 prohibits “misleading consumers about their security, privacy, and confidentiality.”