Security

Think Your Tweet Is Private? Think Again

Twitter has established itself as a means of broadcasting information to wide group of people all at once. But, for those times where you want to talk more intimately, Twitter also has the ability to send a Direct Message (DM) that is private between the two parties. Well, it's supposed to be private, but the reality is perhaps not as secretive as one might expect.

Every 140-character nugget of wisdom you tweet will be fed to anyone who follows your Twitter account, and is also publicly searchable by default. So, if you tweet "Getting sushi for lunch today, who's in?" your Twitter followers will instantly see the message in their Twitter feed, and anyone else that searches based on keywords like "sushi" or "lunch" might also uncover your tweet.

Your intended recipient may not be the only one capable of viewing the private DMs between the two of you.
However, if you want to go out for sushi for lunch with your best friend, and you don't necessarily want the rest of the world to know about, or feel as if they have been invited by proxy to join the party, you probably shouldn't sent the tweet to the whole Twitterverse. Instead, send your friend a DM.

In order to send someone a Direct Message, that person must be following your Twitter account. That way you can't go randomly DM'ing people you don't even know, or who don't want to be burdened with your Twitter spam. As long as the two Twitter accounts follow each other, though, the two parties can communicate back and forth via Twitter DMs that are only viewable by the recipient and don't enter the main Twitter feed.

But, it turns out that doesn't mean DMs are entirely private. While the DMs are ostensibly private, the reality is that any apps that have been approved to access your Twitter account can also see those "private" messages.

There are only two types of account access authorizations: read-only, or read-and-write. In either case, the fact that the app has been granted permission to access the account at all means that all Twitter messages, including DMs are accessible to the app. In the event of read-and-write approval, the app could also delete your messages, or send messages out on your behalf.

Perhaps you should think twice next time before blindly approving some random app to access your Twitter feed. You can find out which apps have access to your Twitter messages by logging in to your account on the Twitter site. Click on Settings, then Connections. The fine print for each entry displays the type of access authorized (read-only or read-and-write), and a link is provided to "Revoke Access" for any that seem shady or unwarranted.

It may be a tad paranoid to worry about whether the admin of a given app is abusing the privilege you have granted and is sifting through your private DMs. But, just to be safe you should exercise some discretion with the apps you grant that authority to, and remember that your DMs may not be as private as you might think.

Subscribe to the Security Watch Newsletter

Comments