On Thursday, Twitter continued its grand tradition of embracing features users had unofficially pioneered (see also: the @-reply, the retweet, the hashtag) by instituting a Tip Jar. Enjoy someone’s tweet? Send them some money straight from the app, via the online payment processor of their choice. Simple enough. And yet, predictably, not so simple, especially for those who value their anonymity online.
Within a few hours of Twitter’s Tip Jar announcement, security researcher Rachel Tobac found an unfortunate wrinkle: Sending someone money via PayPal revealed to them her home address. Not long after, former Federal Trade Commission chief technologist Ashkan Soltani discovered that using PayPal for the Tip Jar could reveal a user’s email address, even if no transaction took place.
You’ve likely picked up on PayPal as the common thread here. To be clear, there are ways to send and receive money through that service, including through the Twitter Tip Jar, that do not give away your home or email address. But that makes it all the more disappointing that no one at Twitter thought to head those obvious issues off at the pass.
“Twitter users have come to learn that they can be anonymous on Twitter—it’s a platform that doesn’t require your real name and encourages more potentially anonymous interactions than other social media sites,” says Tobac, cofounder of SocialProof Security. “For that reason, there are many more vulnerable populations that use Twitter to anonymously communicate with others, rather than other platforms.”
But because the Tip Jar si ..
Support the originator by clicking the read the rest link below.
