Earler today concerns were raised here
that the tweets of Twitter users who elected to keep their posts private had been exposed. Biz Stone has posted
about the Twitter glitch on the Twitter blog. He says there was no privacy glitch. What happened was the popular Twittervision
website was showing protected tweets because David Troy's Twittervision program was not properly checking Twitter's API to see if there were any "protected" tweets.
So what the heck are they talking about? Some Twitter users willingly provided their usernames and passwords to a mash-up project called Twittervision (a service unaffiliated with Twitter except that it accesses our API). They did this so they could be part of the fun and access more Twittervision features. However, Twittervision was not checking to see if any of these folks had marked their updates as "protected." Starting today David Troy, the creator of Twittervision, tells us he'll make sure to check for this.
As a reminder, please note that mash-ups and other experimental projects built using the Twitter API are totally awesome and fun but developed by folks outside of Twitter. So, we don't necessarily test them all out. If privacy is a concern, we remind you to refrain from supplying your Twitter username and password to other people, sites, or services.
That explains the privacy problem. It was smart of Biz Stone to quickly blog about what was happening. Unfortunately, for those with private tweets that went out they may have ended up in Google's cache. Even if you kept your tweets private and you were not using Twittervision but one of your Twitter friends was your private tweets may still have been exposed. The Guardian's
Bobbie Johnson explains in an update
to her earlier post.
UPDATE: It turns out that basically your information wasn't private if any one of your friends had given their details to Twittervision; effectively it was able to go and read private data you'd been given access to, and then build separate user pages for those people. Dave Troy responds: "There was no "glitch" in Twitter's API (outside of the scaling issues we've all witnessed) but rather in the cumulative interaction between our system and theirs." I've now changed the headline from "Twitter glitch leaves 'private' users exposed to the world' to the current version.
The glitch was apparently first noticed here
by a blog called Twitter Facts a couple weeks ago. In that post the error appears on TwitterMaps
. It is possible that this same error -- not properly checking Twitter's API for protected tweets -- is occuring on other Twitter apps.