Worst practices: Twitter’s privacy leaks, and other social defaults

Don’t get me wrong: I love Twitter. I use it constantly, and I think it’s both a great product and great fun.

But I’m compelled to say it suffers from one of the oddest – and potentially, one of the most serious – flaws I’ve ever seen in any system with social-networking functionality. Attentive users will know what I’m talking about: the fact that, although I haven’t invited them, users I’ve never even heard of will show up in my Friends list, seemingly at random.

Crucial to my enjoyment of Twitter – to my feeling safe to use it, even – is the idea that I’m not broadcasting my thoughts to all and sundry, but expressing them to a very small and carefully curated group of folks I can trust to take them in the spirit intended. That’s what makes it so distressing to find random strangers apparently (though admittedly through no fault of their own) working their way around the barrier I put in place to prevent just such things from happening.

I don’t know nearly enough about coding or scripting to figure out why this is happening, but here’s what I don’t get: a permission is pretty binary. Either the friend bit is set, or it isn’t, right? Like I say, I’ve never seen this happen anywhere else, and methinks the folks from Obvious will want to seal the leak before somebody gets hurt. (You so know that’s exactly what’s going to happen.)

Mind you, I’ve never quite understood why people collect “friends” they’ve never even met on a service like Twitter. Flickr I can understand: you want to avail yourself of a particularly interesting photo stream. But subscribing to a feed of intimate asides, every last one of which is highly likely to refer to something for which you have no shared context? It mystifies me.

Nevertheless, people ask. And this leads me to my second disappointment with Twitter – one which, in all fairness, it shares with quite a few YASNS applications: it introduces social default modes that hadn’t existed before. You’re there, you want to use the service, naturally you want to use it in the way that feels most comfortable to you and which it clearly supports, and all of a sudden you find yourself having to explicitly deny access to people you’ve never even met. What kind of first impression does that make?

Well, maybe that’s not such a big deal – although I’ve spent more time than I would have liked, jotting explanatory notes to people I’ve had to exclude but whom I have no wish to offend. But letting uninvited, even unknown people read my feed, after I’ve explicitly indicated that said feed is not public? Uh-uh, that’s a no-go. I’d patch this one, post haste.

11 responses to “Worst practices: Twitter’s privacy leaks, and other social defaults”

  1. Mark Baard says :

    Bummer! I was just about to sign-up, to give it a go. Thanks for brigning this stuff up…

  2. ashleyb says :

    FYI: this also happens on jaiku, and similarly infringes on the intimacy of communications, to the point that I am now reluctant to post stuff because of this.

  3. speedbird says :

    I don’t have the right phone for Jaiku. : . )

  4. Rob says :

    I’ve been experimenting with going public, but I’m changing my view on it as it makes me hesitate before posting (which can’t be good for quality). However, the same thing happened to me this weekend with the sudden appearance of someone called Slags. Nice.

    I use Jaiku too, so thanks for the warning Ashley.

    Another definition of web 2 might be the way people rush towards innovation with all the their critical faculties switched off. Heaven knows I’ve done that myself enough times lately.

  5. Christopher Fahey says :

    I’ve had this happen, too. I think it’s buggy software, frankly.

  6. Andy Piper says :

    That’s not so good.

    They show up there, and stay there?

    I guess you have quite a short list, since I’m on 71 friends and probably wouldn’t spot an intruder at this point.

    On the other hand, I also found it less useful when I was restricting my updates, so I opened it up fairly quickly.

  7. Klintron says :

    Just another “me too.” It happened to be people I’d want on my list anyway, but it’s still weird. Hear anything from Twitter on this?

  8. speedbird says :

    Actually, Klint, I haven’t. As I say, I suspect it’ll take a fairly high-profile interpersonal default case before they throw resources at fixing this – something on the order of P***s H****n losing her Sidekick, with similar social d0rkings and b0rkings in the offing.

    I further suspect the issue has something to do with scaling a service for 1000 people, all of whom it’s conceivable know the developers personally, to one suitable for a thousand times that many anonymous strangers. I know next to nothing about development, but I’ve heard that an environment like Ruby on Rails – so useful for launching small apps quickly and with a superficial gloss of sophistication – fails fairly badly when ramped up to enterprise scale.

    But that’s enough jargon and tech-talk for this site, and I’m in danger anyway of wandering into areas I’m hugely incompetent to discuss meaningfully. (I do find it interesting, though, that a similar issue apparently afflicts Jaiku.)

  9. shelley says :

    i dont use twitter or myspace myself, but considering this twitter thing and other social networks like it are still free, i believe the author of this article should have an option to pay for privacy. ironically i heard the owner of twitter was interviewed on an npr show admitting he was not making money and not sure how twitter could do so. so the question to the author and others is: are you willing to pay for a twitter service that is private to the general audience or “by invitation only”?

  10. Paul Mison says :

    My pet peeve with Twitter is that it doesn’t indicate which of your friends are private – and hence who might not want you copying and pasting their tweet, and also meaning that the URL to their utterance is unusable for most – and which are public.

    Flickr manages this nicely on a per-photo basis with the red/yellow/green square in the right hand info bar, but Twitter doesn’t. Admittedly a Flickr photo page has more UI wiggleroom, but there must be a way to wedge it in somewhere.

    Related problem for other people (not me, so much; I’m happy being all-private): being able to set a per-tweet privacy level.

  11. speedbird says :

    Paul, agreed completely. You may remember a time in Web development – I sure do – when a reasonable answer to most vexing UI questions was “what does Amazon do?” Flickr is the 2.0-era equivalent. They get most stuff mostly right.

    Shelley, what do you mean “the author of this article”? It’s just me here.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s