Protected Twitter - I Read You Loud and Clear!

Bob Leggitt | Friday, 6 July 2012
So you’ve set yourself up on Twitter, and you want some privacy. What do you do? Well, if you really need to shut out the world, it’s obvious – you protect your account. This means that only users you expressly approve as followers are able to see what’s going on behind your impenetrable fortress of exclusion. If you only approve your friends as followers, no one else in the outside world has a clue what you’re saying, or what’s happening in your life, right? WRONG!…

A protected Twitter account is nowhere near as private as you may think. In fact, it’s so easy for outsiders to find out what’s going on in your private Twitter world, that if you do have a protected account, this piece is probably going to give you a severe shock.

The fundamental flaw in the Twitter system when it comes to keeping your protected account private, is that inherently, only your tweets are encrypted. The people with whom you’re communicating will typically be posting publicly. Even if they specifically @message you, their tweets are publicly accessible. So when those people interact with you, half of your conversations are visible. The outside world can’t see what you’re saying, but theoretically, it can see every single response and reaction to every single word you tweet.



This post is not here to promote the idea of breaching the privacy of those who don’t want to be watched – it’s here to warn those who think they’re keeping their affairs completely private on Twitter, that actually, that’s almost certainly not the case. So I’m not going to be offering up detailed info on doing custom searches for incoming public messages using Twitter’s freely available search API, but I can confirm that it's very, very easy indeed. Using a free third-party routine, the searcher simply enters the @usename of a protected Twitter account, and then reads all the protected user's incoming public messages, nicely laid out, in a chronological list. In fact, it’s easily possible to get the same information just from entering a protected @username into the search box on Twitter itself. By default, the search on Twitter gives filtered results, but all the protected account's incoming public messages are visible once the searcher has removed the filter.

BUT IS HALF THE CONVERSATION ENOUGH TO GIVE YOUR INFO AWAY?

Probably. Think about it. How many times have you sat on a train and heard a stranger talking on the phone? You can’t hear the voice of the person the stranger is talking to (well, not usually), but it doesn’t take long to glean what they’re talking about. Here’s a ficticious example…

Person 1: “……………………………….”

Person 2: “Oh you did get one in the end then? Is it any fancy breed or anything?”

Person 1: “……………………………….”

Person 2: “Oh, well there’s nothing wrong with good old ‘basic tabby’. I’d love to have one myself to be honest, but I think it’d rip the new furniture to shreds!”

So, you haven’t heard a word spoken by Person 1, but within two replies from Person 2, you know that Person 1 has, seemingly after some deliberation, got themselves a cat. The word ‘cat’ hasn’t even been mentioned, but there’s no doubt what’s been happening. You’ve only heard half the conversation, but you have the whole story.

Naturally, in some cases, people won’t see the whole picture quite so quickly, but if they collate and read all the responses and reactions to your protected tweets, over a period of a week or so, they’ll almost inevitably have a fair idea what you’ve been saying and doing. They’ll also have a good indication of which people you interact with the most. It’s fair for outsiders to assume that you, the protected user, will be following those consistently interactive people, and of course the outsiders can check if those friends are following you - by viewing their follow lists. Outsiders can then, if they wish, follow your friends’ public accounts, and monitor their conversations, which can, potentially, leak even more info about you… Not very private, this protected account lark, is it?

AND IT GETS WORSE…

So you, the ‘protected’ Twitter user, now know that people can basically ‘read’ what you’re talking about by collating all your incoming public messages and replies. They can gain a reasonable picture of who your friends are, and who you’re probably following. But what if they could read your tweets too? What if they could completely dismantle the barrier of protection you’ve erected, by breaking their way in?…

Well, it’s true that Twitter’s encryption on protected accounts is secure. But you can have the best security in the world, and the whole setup is completely useless, if you open your front door…

Yes, one of the most easily overlooked factors for people with protected Twitter accounts is that anyone can request to follow them, and there’s nothing to say that those would-be followers will be honest about who they are. You may think that you’re never going to accept a follow from anyone who isn’t a friend, or isn’t at least known to you. But what you may not have considered is that with all the information it’s possible for outsiders to gather about you and your protected account, it’s a lot easier for them to impersonate someone you know than you might think.

For example, could you have had a conversation about a friend who isn’t yet on Twitter, which has prompted your Twitter friends to tweet a little about that person? It would be so easy for an outsider monitoring interaction around your account to put in a follow request under the name of your not-yet-on-Twitter friend. Before reading this article, would you have suspected that such a follow request could be fake? Remember, once you accept a follow request, even if it’s only for half an hour, you’ve given someone access to all your tweets, your follow list, your followers list, everything! You don't know for sure who that person is. And half an hour is all they need. Even if you quickly realise something isn't right and block the imposter, you can’t retract the access they’ve already had.

So is it really worth protecting your Twitter account? Well, a protected account does offer more control than an unprotected account - that goes without saying. But it’s not really private. Twitter’s search API makes it easy for those who are hell bent on watching you, to do just that. Nothing you tweet on Twitter, whether or not your account is 'protected', should be considered safe from the public gaze.

RELATED POSTS (TWITTER)