Technology, Top News

Twitter reportedly hoards DMs from your tweeting past

FIRST IT WAS FACEBOOK and now it looks like Twitter is in the ‘we may need to address our data handling‘ game, as TechCrunch has found that the social network keeps hold of your direct messages.

Even if you’ve sent a strange DM to your celebrity crush who accidentally followed you when Twitter was but a small thing all those years ago, security researcher Karan Saini told TechCrunch that Twitter still has such messages on record.

Through digging around in a file from an archive of his own data, which he obtained through the social network from accounts that were no longer on Twitter, he found that Twitter still had messages from years ago.

According to TechCrunch, Saini also reported a bug he found a year ago, but has only just disclosed, which means that he could use a since-deprecated API to dig up old direct messages even if they’d been deleted by both the sender and the recipient.

Displaying this data appears to be a bug rather than a hidden feature in Twitter. And the old API wasn’t able to scrape up messages from suspended accounts, which is a tad grim as such accounts could be full of all manner of text-based nastiness.

But more alarming is the fact that Twitter seems to hoard this DM data, a bit like an information-hungry Smaug. This is also a bit of a head-scratcher given Twitter’s privacy policy says that anyone leaving Twitter will have their account “deactivated and deleted”; looks like only parts of the account get purged.

Twitter also says that there’s only a 30-day window for users to retrieve their old data if they decide to delete their account and then change their mind and rejoin the social network. But it would appear that the data behind the accounts hangs around a lot longer.

Furthermore, by downloading your account data from Twitter, TechCrunch reported, you can see all your old messages including those that you’ve deleted from your inbox and those sent to suspended or deleted accounts.

Saini said this is not a security issue but a “functional bug”, one that allows anyone to perform a “clear bypass” of Twitter’s mechanisms which should prevent access to data on suspended or deactivated accounts.

This might not be a security bug but it’s a privacy problem and one that a Twitter spokesperson told TechCrunch that the company is looking into. We somehow suspect there’s more to all this than meets the eye. µ

Further reading

Source : Inquirer

Previous ArticleNext Article
Founder and Editor-in-Chief of 'Professional Hackers India'. Technology Evangelist, Security Analyst, Cyber Security Expert, PHP Developer and Part time hacker.

Send this to a friend