Comments
Twitter, on Monday, addressed various privacy concerns about Fleets, its ephemeral tweets that are meant to disappear from a profile after 24 hours.
“We wanted to address some security and privacy feedback related to Fleets. Here’s a technical breakdown of what we’ve heard and what we’ve done to address it,” Twitter tweeted from its official Support account.
“First, we heard concerns about expired Fleets still being viewable. Fleets are *not* viewable in Twitter apps after 24h. However, our backend system has a queue that deletes Fleets media after 24h –– this system fell behind on Friday morning PST due to scaling problems,” it wrote.
“This meant that developers could save a Fleet URL during the 24h the Fleet was active. Due to our queue backlog, that URL may have still been accessible after the Fleet expired. The queue is now caught up and we’ve updated our systems to reduce the likelihood that this reoccurs,” it added.
First reported by TechCrunch , a bug had enabled Fleets to be visible even after 24 hours.
Twitter to prompt users to read any website link before retweeting
Details of the bug were posted on Twitter. Fleets could be accessed through a workaround that used a developer app that uses Twitter API to get fleets from public accounts. Fleets have their individual URLs. The bug enabled users to view the fleets using the URL, which would load the fleet as an image or a video even after the Fleets disappeared from these accounts.
Fleets are saved on Twitter’s servers for 30 days, longer if it violates Twitter’s policies and needs to be reviewed. However, the URLs will no longer display Fleets for other users as the microblogging platform has now fixed the issue, it said.
Other concerns
Apart from this, other concerns regarding Fleets were that it could be viewed without logging into the app and that people could view them without their profile appearing in the ‘Seen by’ list.
“We also heard concerns that Fleets may be visible to people who aren’t logged in. To clarify, people using Twitter apps can only see Fleets when logged in. But it’s possible for developers to make API calls to return Fleets metadata through a common behaviour called ‘scraping’,” Twitter wrote.
“We don’t believe this is a security or privacy concern because Fleets (from accounts without the protected setting) are public. We updated our systems today to require an authenticated session before requesting Fleets metadata, to add more friction to use these APIs,” it said.
“Finally, we heard concerns that people can see Fleets without showing up in the “seen by” list. Our goal is to show a list of people who’ve seen your Fleet, but we don’t guarantee completeness for technical and experience reasons. For example, we cap the list when it gets long,” it said.
“The edge cases that can result in a mismatch between the “seen by” list and the actual people who saw your Fleet are uncommon, but we realise that this may not have aligned with expectations. We’re taking this feedback seriously and considering how we can improve,” it added.
The concerns come shortly after the social media platform rolled out the Fleets feature to users globally. Shortly after its worldwide rollout was announced, Twitter, however, had slowed down the release to fi some “performance and stability problems.”
Twitter had then made Fleets available to users on Android and iOS globally on Friday.
Comments
COMMENT NOW
Comments
Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.
We have migrated to a new commenting platform. If you are already a registered user of TheHindu Businessline and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.