Twitter’s Tip Jar Privacy Fiasco Was Entirely Avoidable
Within a few hours of Twitter’s Tip Jar announcement, security researcher Rachel Tobac found an unfortunate wrinkle: Sending someone money via PayPal revealed to them her home address. Not long after, former Federal Trade Commission chief technologist Ashkan Soltani discovered that using PayPal for the Tip Jar could reveal a user’s email address, even if no transaction took place.
“Twitter users have come to learn that they can be anonymous on Twitter—it’s a platform that doesn’t require your real name and encourages more potentially anonymous interactions than other social media sites,” says Tobac, cofounder of SocialProof Security. “For that reason, there are many more vulnerable populations that use Twitter to anonymously communicate with others, rather than other platforms.”