December 16, 2019

Article at The Inquirer

View original

Twitter bug notifies users when added to 'Private' Lists

Twitter bug notifies users when added to 'Private' Lists
Look at that damned blabbermouth.

A TWITTER BUG has come to light in the most embarrassing way imaginable. Twitter claims that 'Private Lists' are "only accessible to you", but it appears it's not averse to telling people when they've been added.

So if you make a passive-aggressive list title for your own amusement, and then add someone to it - well, it may seem to cut out the "passive" part.

The above tweet is from Buzzfeed journalist Caroline Haskins. As you can see, she was added to a list called "Haters" by Morgan Culbertson - who happens to be a PR for Amazon-owned Ring. A company that, probably not coincidentally, has been consistently reported on by Haskins over a number of privacy breaches.


At first, it just appeared like this was a weird move from a PR professional, but Vice got a tip-off that it was a bug, and was later able to verify this. A notification went out to one of the three people added to a test "private list", while the other two were left in the dark, suggesting it's far from consistent as bugs go.

The tip-off came from security researcher Kenn White, who told the site that it's probably "easy to make the mistake of underestimating the complexity of a system on this scale."

"The software logic behind real-time notification queuing of billions of messages per minute can be staggering in scope," he continued. "That said, when these sort of privacy leaks are discovered, it's important to resolve them as quickly as possible."

As a rule of thumb, it's probably best to assume that anything done online - even in ‘private' - will eventually leak. That way you won't end up in an embarrassing situation when this kind of fubar inevitably occurs again in the future. µ

  • Tweet
  • Facebook
  • Send to