#TwitterFail on Personal Security

No safer than Facebook?

Get It Try It

SAN FRANCISCO (Radsoft) — A strange thing occurred on Twitter today. Account holders found caches of DMs (direct messages) long since deleted suddenly turned up again.

Twitter behaviour suggests DMs aren't distributed to account holders but exist in a single copy shown to both the sender and receiver until one or the other deletes them. And then they're supposedly gone.

Today's 'glitch' indicates things aren't that simple (or secure). There'd seem to be two possible explanations.

1. Yet another system error with caches of DMs targeted for deletion somehow managing to stay unseen in the system for months until returning today.

2. Twitter DMs aren't ever deleted. They're no longer shown once deleted but Twitter keeps them around anyway.

Neither explanation is flattering or comforting for anyone.

No Status Ticket

The most recent Twitter status ticket (http://status.twitter.com) was on 25 December. There's no mention of today's 'glitch'.

The people at Twitter need to address the issue and come out with a full and convincing explanation. Twitter usually attracts more 'careful' users. People don't use their own names as regularly as on Facebook where such is actually encouraged. Twitter users are most likely more aware of privacy issues and have generally found Twitter to be 'trustworthy'.

Today's accidental revelation tosses a spanner in the works - there's never been a reason to trust Twitter: user data (and consequently user privacy) are outsourced with secret messages stored on remote servers. Twitter users have no control over Twitter's management of sensitive data.

But up to now there's been a belief - evidently not well-founded - that Twitter respected user privacy. Now that illusion is shattered as well.

Representatives of Twitter need to exercise full disclosure immediately. They need to explain what happened and why.