Privacy alert: Twitter disclosed email addresses when people sent DMs (UPDATED)

June 19th, 2009

UPDATE, 3 p.m. Pacific time: Twitter appears to have fixed the bug, and DMs from before June 11 do not appear to be affected.  But anybody you sent a DM to between June 11 and June 18 now has the email address you’re using on your Twitter account.

FYI – when you send a DM, the receiver CAN SEE YOUR EMAIL ADDRESS from the DM sent via email. BE AWARE!!! @twitter #security #fail

– ChicagoBungalow about 18 hours ago on Twitter

For those who aren’t on Twitter, a DM is a “direct message”, twitterspeak for a private message between two people.  When you receive a DM, Twitter notifies you via email.  And sure enough, just as ChicagoBungalow said, if I send you a DM, if you look at the email header information, you’ll see that the “Sender” field has an address like

This field is hidden by default — in gmail, you need to select “Show original” to see it — but once you find it, it doesn’t take a rocket scientist to figure out what account name I used to sign up on Twitter.

If I want somebody to have my email address, I’ll send it to them.  I don’t want Twitter giving it out for me. And most especially, I don’t want Twitter doing it behind my back.


PS: I updated this post several times to clarify the description; thanks to all for the feedback, and @NiteStar for the gmail instructions.

Computers, Freedom, Privacy, and NEWS!

June 18th, 2009

More mentions of the 2009 Computers Freedom and Privacy Conference from the news and blogosphere.

Futures, Wendy M. Grossman, net.wars, 6-13-09

US Justice Department Considers Possible Antitrust Violations in Google Books Deal, Rachel Balik, Finding Dulcinea, 6-11-09

Let’s Make a Data Deal, Brian Quinton, The Big Fat Marketing Blog, 6-10-09

Talk About Targeting, Cristina Smith, Privacy Gurus Blog. 6-9-09

My Talk on the Good and Bad Sides of Digital Activism at the CFP 2009 Conference, Gaurav Mishra, Gauravonomics Blog, 6-9-09

Data Privacy Issues Still Plague E-Health Record Efforts, Lora Bentley, ITBusinessEdge 6-8-09

Iran: routing around censorship, blogging anonymously, and following the coverage online

June 15th, 2009

persiankiwi: Internet very slow ...

from Twitter

The events in Iran the last several days illustrate a theme repeatedly at this year’s CFP in the panels on Internet censorship, China, anonymity, and social network activism: governments will routinely block access to the internet and SMS to prevent organizing.  Or at least they’ll try to …

As the video of CFP08’s panel on Breaking the Silence: Iranians Find a Voice on the Internet discusses, activists in Iran have plenty of practice in getting around their government’s technical and legal restrictions.   And so, despite horrendously slow internet speeds in Iran and multiple reports that the government is blocking SMS and Facebook, there continue to be viable communication channels in cyberspace:

Read the rest of this entry »

“CFP moments”

June 11th, 2009

Every Computers, Freedom, and Privacy conference has some magic moments that capture the essence of CFP.  For example, when I think of 2005 in Seattle, I remember the grainy surveillance camera and eyecam footage projected in parallel with the opening “panopticon” knot of people surrounding Undersecretary of State Frank Moss after the ACLU’s RFID demonstration, and the four local teens on danah body’s panel explaining their use of technology to astonished oldsters like me.

What about 2009?

For me, magic happened a coupel of times on Thursday:

  • the panelists on the Internet and social change in China panel using Twitter and their cellphones to track reports of the demonstrations in Hong Kong and the mass censorship of the Chinese internet
  • at the closing Panopticon panel, where speakers like Anne Roth and Steven Hatfill talked about how their lives had been turned upside down by total government surveillance — at the same time as tweets about the unexpected success of the Chaffetz amendment limiting whole-body imaging (aka “digital strip search”) showed the potential for privacy advocates using social network activism

What are the other “CFP moments” you particularly remember, from CFP 2009 or past years?


Panel, June 4: the Internet and social change in China

Goals for CFP 2010 … your thoughts?

June 9th, 2009

The next few weeks will be a little schizophrenic around here, as we wrap up CFP 2009 and start the planning for CFP 2010.  For ideas about speakers or topics you’d like to see at the conference, please continue to use the CFP 2010 brainstorming thread.   This thread is specifically for discussions about the goals.

Potential co-chair Elizabeth Stark and I came up with these as a first cut … what do others think?

  • “from conference to community”: move towards a year-round community, with online hubs and smaller in-person regional workshops/salons complementing the main conference
  • reconnect CFP with hackers and the free culture community
  • diversify CFP community and conference — planning team, audience, presenters, …
  • build on the high-quality content, engagement with government, and online visibility success of 2009 and continue “rebooting CFP”

Please discuss!


“Online activism around the world” on the CFP Wetpaint wiki

June 8th, 2009

At Thursday’s Online activism around the world session, Ralf Bendrath described how the path to getting 75,000 people in the streets in Germany to protest surveillance started with “a mailing list and a wiki”, and I showed Willow Witte’s slide of the Join the Impact wiki and talked about the work Baratunde Thurston had done with the Voter Suppression Wiki.   Notice a theme here?

The wiki page we’ve created for the session has the video, presentations by Ralf, Gaurav Mishra, and me, and links out to moderator Nancy Scola’s Global Digital Activism Case Study: Germany’s Freedom Not Fear in techPresident as well as Gaurav’s The 4Cs Social Media Framework, which provided a great intellectual framework for the session.  There’s also a document Katrina Neubauer put together summarizing panelists’ email responses to a handful of questions.  If there’s other information that should be here, please add it to the page or leave it as a comment here … thanks!

There were a lot of logistical challenges with this panel, and so four of the invited panelists weren’t able to attend in person.   We’ll try to work with Basem Fathy, Evgeny Morozov, Michael Bolognino, and Willow Witte to incoporoate their perspectives on the page as well, via a presentation, video, blog post, and/or article.  Over time, we’ll hopefully have with similar pages for other sessions as well. In other words, stay tuned for more!

And it’d be great to hear what others thought of the session — and thoughts what other campaigns we should have covered.  So please feel kick off some discussion in the comments!


Computers, Freedom, Privacy, and NEWS!

June 8th, 2009

More CFP09 news and blog coverage.

China’s “Green Dam Youth Escort” software, Rebecca MacKinnon, RConversation, 6-8-09

Computers Freedom and Privacy, Mike Banks Valentine, Larry English , 6-8-09

The role of design in protecting cyberspace: thoughts from CFP 2009, Ian Glazer, tuesdaynight, 6-8-09

Signs of the Times News fit, Keine Kommentare, privacy laws, 6-7-09

House Curbs “Virtual Strip Searches” At Airports, Declan McCullagh, CBS News Political Hotsheet, 6-5-09

CFP Panel on Voting and the Internet, Association for Computing Machinery Weblog, 6-5-09

Internet Voting: How Far Can We Go Safely?, Ed Felton, Freedom to Tinker, 6-5-09

Bush FBI sent 18 armored agents to search my house, wiretap whistleblower says, John Byrne, The Raw Story, 6-5-09

Global Digital Activism Case Study: Germany’s Freedom Not Fear, Nancy Scola, Personal Democracy Forum, 6-5-09

Computers, Freedom, Privacy and NEWS!

June 5th, 2009

Below is more blog and news coverage of CFP09.  If you’re blogging about the conference, let us know so we can include you in your links!

NSA Whistleblower Meets Anthrax ‘Person of Interest’, Kevin Poulsen,’s Threat Level, 6-4-09

Deep Packet Inspection Here to Stay, Say Computers, Freedom and Privacy Conference Experts, Douglas Streeks,, 6-4-09

Are We Really Inching Toward Cybarmageddon?, Matthew Harwood, Security Management, 6-4-09

Is Internet Voting Safe? Vote Here, Kevin Poulsen,’s Threat Level, 6-4-09

Business and the Internet on Tiananmen’s 20th Anniversary, Chip Pitts, CRS Law, 6-4-09

CFP 2010 brainstorming thread

June 4th, 2009

I know, I know, CFP09 isn’t even over … but it’s not too early to be thinking about CFP 2010!

If you’ve got an idea for a panel, workshop, or tutorial, please submit it via the CFP 2010 submission system.  Or use this thread for brainstorming!  A few questions to think about …

  • What do you want to see more of?
  • What other topics should we cover?
  • Who should we get as speakers?
  • How can we make the online aspects better?

Other topics, suggestions, critiques, etc. welcome …

Please discuss!


PS: thanks to Lenny Foner for getting the submission system up so quickly!

Deep Packet Inspection

June 4th, 2009

Despite the varied backgrounds of the panelists, there was a good deal of agreement about the uses and abuses of Deep Packet Inspection during the discussion today.  The overall conclusion was that the technology itself was neutral, but that specific uses could be either good or evil, and the solution to this was not to ban the technology outright, but rather to encourage openness on the part of ISPs as to how they are using DPI on their networks, as well as guidelines to its appropriate use.  Whether those guidelines should be in the form of legislation or not was one of the points of contention.

When discussing the negative uses of DPI, the panel mostly focused on the actions of ISPs, who want to limit specific types of traffic in order to increase their profits.  While legislation may be effective at ensuring that DPI is not used to compromise net neutrality or privacy in the US and other relatively open countries, it will do nothing to ensure that DPI is not used for bad ends in less open countries, such as Iran or China, where DPI will almost certainly become a valuable tool in their censorship and surveillance arsenal, if it isn’t already.  The possible uses of DPI for overt censorship of political speech, as opposed to limiting economic competition was not directly addressed by the panel. However, Ralf Bendrath of the Delft University of Technology, brought up the issue of non-ISP actors who have an interest in using DPI to monitor traffic when he discussed recent court cases in Europe where the music industry has attempted to force ISPs to use DPI to prevent the transfer of copyrighted MP3s.  He brought up the valid point that once the ISPs have put advanced DPI technology in place in order to “manage traffic” or bill users different amounts for different services, they may have trouble fending off legal requirements to use it to do more.

At the same time, there are many valid uses of Deep Packet Inspection.  It is used in routers to allow for IP sharing on a home network, to assist in the transition to IPv6, and to defend against denial of service attacks and other network-breaking attempts.

What I took away from this panel is that Deep Packet Inspection is the latest in a long series of technology that is being defined in the public mind by its worst uses (see: last year’s substantial limiting of Usenet access by several major ISPs because child pornography was being traded on a couple of groups; the general demonization of P2P file sharing because it is frequently used to transfer copyrighted material, despite other more legally clear uses.)  I think what we should be more concerned about is the varied actors who have a vested interest in limited our choices to serve their own desires– be they advertisers who want to invade our privacy to sell to us, governments who want to control what political views we are exposed to, or ISPs who want to prevent us from using internet services that compete with their interests.  The debate over what rights we, as internet users, have, and how to keep corporations and governments from abusing those rights, regardless of what technology they use to do it, seems to be much more substantial and much deeper than just DPI.

-Eliza Bonner
Guest Blogger