Privacy alert: Twitter disclosed email addresses when people sent DMs (UPDATED)

JonPincus — Fri, 19 Jun 2009 17:15:43 +0000

UPDATE, 3 p.m. Pacific time: Twitter appears to have fixed the bug, and DMs from before June 11 do not appear to be affected. But anybody you sent a DM to between June 11 and June 18 now has the email address you’re using on your Twitter account.

FYI – when you send a DM, the receiver CAN SEE YOUR EMAIL ADDRESS from the DM sent via email. BE AWARE!!! @twitter #security #fail

– ChicagoBungalow about 18 hours ago on Twitter

For those who aren’t on Twitter, a DM is a “direct message”, twitterspeak for a private message between two people. When you receive a DM, Twitter notifies you via email. And sure enough, just as ChicagoBungalow said, if I send you a DM, if you look at the email header information, you’ll see that the “Sender” field has an address like

twitter-dm-jon_pincus=yahoo.com@postmaster.twitter.com

This field is hidden by default — in gmail, you need to select “Show original” to see it — but once you find it, it doesn’t take a rocket scientist to figure out what yahoo.com account name I used to sign up on Twitter.

If I want somebody to have my email address, I’ll send it to them. I don’t want Twitter giving it out for me. And most especially, I don’t want Twitter doing it behind my back.

jon

PS: I updated this post several times to clarify the description; thanks to all for the feedback, and @NiteStar for the gmail instructions.

Day Two, Recap Part 2 (via 4hours)

GuestBlogger — Thu, 04 Jun 2009 20:26:01 +0000

Mark Belinsky, co-director of the nonprofit Digital Democracy, and a guest blogger for the conference writes from the cloud on the second part of the second day of the conference.

He covers privacy, censorship and circumvention as well as laws on cloud computing and some research. READ MORE!

Word Cloud of Popular Words at CFP09

CFP 2009 Blog » security

Privacy alert: Twitter disclosed email addresses when people sent DMs (UPDATED)

Day Two, Recap Part 2 (via 4hours)