Worst practices: Twitter’s privacy leaks, and other social defaults
Don’t get me wrong: I love Twitter. I use it constantly, and I think it’s both a great product and great fun.
But I’m compelled to say it suffers from one of the oddest – and potentially, one of the most serious – flaws I’ve ever seen in any system with social-networking functionality. Attentive users will know what I’m talking about: the fact that, although I haven’t invited them, users I’ve never even heard of will show up in my Friends list, seemingly at random.
Crucial to my enjoyment of Twitter – to my feeling safe to use it, even – is the idea that I’m not broadcasting my thoughts to all and sundry, but expressing them to a very small and carefully curated group of folks I can trust to take them in the spirit intended. That’s what makes it so distressing to find random strangers apparently (though admittedly through no fault of their own) working their way around the barrier I put in place to prevent just such things from happening.
I don’t know nearly enough about coding or scripting to figure out why this is happening, but here’s what I don’t get: a permission is pretty binary. Either the friend bit is set, or it isn’t, right? Like I say, I’ve never seen this happen anywhere else, and methinks the folks from Obvious will want to seal the leak before somebody gets hurt. (You so know that’s exactly what’s going to happen.)
Mind you, I’ve never quite understood why people collect “friends” they’ve never even met on a service like Twitter. Flickr I can understand: you want to avail yourself of a particularly interesting photo stream. But subscribing to a feed of intimate asides, every last one of which is highly likely to refer to something for which you have no shared context? It mystifies me.
Nevertheless, people ask. And this leads me to my second disappointment with Twitter – one which, in all fairness, it shares with quite a few YASNS applications: it introduces social default modes that hadn’t existed before. You’re there, you want to use the service, naturally you want to use it in the way that feels most comfortable to you and which it clearly supports, and all of a sudden you find yourself having to explicitly deny access to people you’ve never even met. What kind of first impression does that make?
Well, maybe that’s not such a big deal – although I’ve spent more time than I would have liked, jotting explanatory notes to people I’ve had to exclude but whom I have no wish to offend. But letting uninvited, even unknown people read my feed, after I’ve explicitly indicated that said feed is not public? Uh-uh, that’s a no-go. I’d patch this one, post haste.