Technology

The business and culture of our digital lives,
from the L.A. Times

« Previous Post | Technology Home | Next Post »

A Twitter hole lets you Google protected tweets

October 19, 2009 |  5:32 pm

Billclinton

[UPDATE, Oct. 20, 1:50 p.m.: The Bill Clinton tweets appear to be a leftover from a Clinton impersonator who now resides at @NotBillClinton. Also, Twitter spokeswoman Jenna Sampson wrote an e-mail today saying, “We have no deal with Google that gives them access to private accounts. … Trust and safety are huge areas of interest for us, and we would never make a deal that damages those ethics.”]

You can find just about anything with a Google search. That includes status updates on many Twitter profiles that were supposed to be private.

Some Twitter users lock their profiles from public view by checking a box on their settings page. People looking to follow protected accounts must then ask permission.

A minority of Twitterers do so to avoid public attention but, as Fleet Foxes indie folk singer Robin Pecknold writes on his protected profile, "keep up to date w/ loved ones and family."

If you try to access a protected account from just about any Web browser, you'll see this message: "This person has protected their tweets."

But Twitter gave at least one company the key to the city: Google.

Google's search crawler, called the Googlebot, appears to be given an unobstructed view into Twitter's more than 5 billion messages, including supposedly protected tweets. It seems Googlebot can crawl through the doggy door and access private profiles without permission.

Many of those protected messages can be found through Google's search engine. The results page shows an index of the tweets it has logged, and for more recent tweets, a cache of the page as it might appear for someone who has been granted access.

Even tweets that appear to have been deleted from a hidden account show up partially.

For example, a search for Bill Clinton's profile spits out the first few words of tweets. The excerpts include: "John Edwards...why did you," "NY Gov got caught with a," "Oh Hillary, 3rd place in," and "I have been too depressed..." Bummer that it cuts off the juiciest parts.

San Diego Chargers cornerback Antonio Cromartie has Twittered about mornings at church and days spent at home watching the Lifetime channel with his wife, whom he calls "poohcat."

Jersey City rapper Joe Budden appears to be ripping on his hip-hop cohorts from the comfort of a perceived private broadcast medium.

Jonathon Linner, chief executive of location-based social network Brightkite, uses his private Twitter account to automatically tell his locations to friends. Little does he know that anyone could just as easily follow him around San Francisco.

Twitter has fixed at least two holes in the past that allowed users to peek into hidden profiles. Twitter's own search engine used to occasionally display tweets from private accounts. You could also trick Twitter into showing you hidden tweets using the site's RSS feeds.

Google was wrapped in a similar controversy recently when its search engine began surfacing voice mail messages for some users of Google Voice. Whoops.

To pull back the Twitter curtain, search the following string, replacing "<user>" with the name of a protected profile: "site:twitter.com/<user>."

We expect this is an unintentional "feature." Twitter Chief Executive Evan Williams wrote on his profile (which is not protected) Saturday, saying, "I think it's not cool to retweet a protected tweet."

We think it's not cool to let Google index a protected tweet.

-- Mark Milian

Follow my unprotected Twitter profile: @markmilian

More in: Google, Mark Milian, Privacy, Security, Twitter

Post a comment
If you are under 13 years of age you may read this message board, but you may not participate.
Here are the full legal terms you agree to by using this comment form.

Comments are moderated, and will not appear until they've been approved.

If you have a TypeKey or TypePad account, please Sign In





Comments

This is an important post. People who "protect" their Tweets do so for a reason. I believe if it was understood that any portion of a protected tweet could be found by Google or any other search engine, Twitter would lose a lot of customers. I plan to tweet this article to all of my followers with a large warning sign.

Posted by: Rosalie Kramm | October 19, 2009 at 06:25 PM

Those "Bill Clinton" tweets seem to be from the "fake" Bill Clinton, before his account was suspended and transferred.

Posted by: Chris | October 19, 2009 at 07:25 PM

earth to twitter. get your *$%^ together and fast before you lose it all.

Protected tweets means protected. Not for google's eyes only.

Posted by: jo schwarz | October 19, 2009 at 08:01 PM

Hey, I write for TechCrunch and am very familiar with the Google Voice 'controversy' you refer to. Those voice mail messages were previously shared by the user who owned them. There was no privacy breach involved, at least according to Google. I'm quite familiar with this case, because I noticed it weeks ago and asked Google about it. They confirmed these were only shared messages.

If you want a Google privacy breach, I'd check this one out instead:
http://www.techcrunch.com/2009/03/07/huge-google-privacy-blunder-shares-your-docs-without-permission/

Posted by: Jason Kincaid | October 19, 2009 at 09:26 PM

This is not a bug. The tweets Google shows were all made and indexed before the accounts were set to private.

Posted by: John T. | October 19, 2009 at 10:04 PM

Any followup to see if the tweets that are showing in Google were posted when the account was public?

Posted by: Amit | October 19, 2009 at 10:17 PM

Here's the story from a journalist who did his research:

http://www.techcrunch.com/2009/10/19/the-new-twitter-hole-that-probably-isnt/

Posted by: Chris | October 19, 2009 at 11:20 PM

Tried this nine ways to Sunday, changed the referrer, agent, disabled cookies/Javascript (checks sites do), and nothing.

The google search doesn't turn up legitimate accounts.

Not saying I didn't miss something, but the Twitter site seems to act normally on protected tweets, even if it thinks Googlebot is visiting. You might have missed on this one.

Posted by: Praet | October 20, 2009 at 01:59 AM

This has been acknowledged to be not true, no protected accounts have been indexed, that Bill Clinton's account was not the real Bill Clinton's account and was not protected.

Posted by: P11D | October 20, 2009 at 03:46 AM

from my own account, the *only* tweets that show up with the site:.... thing are ones tweeted while my account was public. there's not a single tweet there from after i switched to private a month or so ago.

seriously, this "bug" got a write-up in the LA Times Tech section with no research? pathetic.

Posted by: jill | October 20, 2009 at 05:58 AM

Thank you for putting this one online. User must not underestimate the crawling-power of BIG G.

Funny how CEO of twitter Evan Williams reacted, "“I think it’s not cool to retweet a protected tweet.”

well we say, "It’s not cool to see this bug being abused by “paparazzis” years ago before it was reported, today"

See more of the vivid discussion about this twitter exploitation: http://pinoytutorial.com/techtorial/twitter-bug-you-can-google-protected-tweets/

Posted by: pinoytutorial | October 20, 2009 at 07:02 AM

Wow. My protected tweets are out there (and mine has been private since I started on twitter.)

Knowing google, deleting my account won't help..

Posted by: J | October 20, 2009 at 07:10 AM

The last time I saw a bird talking was when it stated "I thought I saw a puddy cat". You remember that, dontcha? That is what technology has become where you are constantly looking over your shoulder wondering who, what and where is going to pounce on you, your messages and your lifestyle.

I don't know the first thing about twitter but I do have Facebook and MySpace accounts and I am here to tell privacy does not exist out there anymore. It also appears there are are so many dummy sites out there advertising fraud, misrepresentation and deception. These 'shell' sites are perfect fronts for the the unsuspecting, naive and ignoarant.

It is sad that we have come down to this because I would thoroughly enjoy talking with people I have seen in movies and concerts everywhere. However they don't want to be intruded on so they bow out of that arena. However, there are others who will take (or fill) their spot only too well and they create a phantom site in that person's name.

No wonder celebrities have a problem with others taking advantage of their stardom or their want to become more available so people can chat with them. However, there are always those who want to disrupt the process and make it uncomfortable for many. I just hope that people can change their mindset when it comes to taking something that is not theres, or misrepresenting a position or person because of their want.

Posted by: JR Jake | October 20, 2009 at 08:15 AM

GARSH!...BUT OF COURSE!

WHAT DOES ANYONE..EXPECT...FROM GOOGLE..AT THIS POINT?

THIS IS A COMPANY..THAT IS BASED..ESSENTIALLY..ON INVASION OF PRIVACY..GOOGLE IS..AGGRESSIVE ABOUT USING OTHERS PROPERTY TO ENHANCE THE 'TRAFFIC' THROUGH THEIR SITE(S)..

TAKE FOR EXAMPLE..ONE OF THE MOST EGREGIOUS EXAMPLES OF THIS PRACTICE..."GOOGLE STREETS" A DISINGENUOUS TITLE TO BE SURE...FOR ONE THING..THE PROJECT/PRODUCT SHOULD BE CALLED "GOOGLE HOME INVASION HELPER 2.0" OR "CYBER STALKER-HOME EDITION"...

GOOGLES UTTERLY PHONY RATIONAL..WHICH IS BOUGHT WHOLESALE BY APPEASERS...IS THAT THE IMAGES ARE NOT A "PRODUCT" AND THAT THE IMAGES ARE NO DIFFERENT THAN WHAT ONE CAN SEE FROM "THE STREET"...

WRONG! IF SOMEONE STANDS IN FRONT OF MY HOME..LOOKING AT 3 ANGLES...AT EVERY DETAIL..I HAVE AN OPPORTUNITY TO CALL THE COPS..OR JUST GET A LOOK AT THIS POTENTIAL BTK PSYCHO...NOT SO WITH A COMPUTER..

GOOGLE MADE NO EFFORT TO CONTACT THE "OWNERS" OF THE PROPERTY..SO EVERYTHING..FROM OPEN WINDOWS..TO SECURITY COMPANY LOGOS ARE VISIBLE..IT IS STUPIFYING..IN THIS AGE OF "SECURITY" WE SUDDENLY ARE TOLD THAT ITS OKAY FOR THIS GIANT CORPORATION TO VIOLATE OUR UTMOST PERSONAL SPACE...TO ALLOW OTHERS TO STUDY OUR HOMES IN DETAIL...WITHOUT OUR KNOWLEGE..OR CONSENT..

SIMPLY PUT..THIS IS AN EXAMPLE OF THE STUNNING LEVEL OF ARROGANCE..THAT IS BEGINNING TO 'DEFINE' GOOGLE...

THERE IS SO MUCH WRONG WITH 'GOOGLE STREETS'..IT IS SO SAVAGE A VIOLATION OF OTHER PEOPLES PRIVACY AND RIGHTS..ON SO MANY LEVELS..FROM CREATING DIFFERENT 'CLASSES' OF CITIZENS..(CAN I USE GOOGLES HQ OR THE CEO'S HOMES AND TAKE 3-D IMAGES TO USE ON MY WEBSITE?? DOUBT IT..)..IT VIOLATES THE THE VERY PREMISE OF "SECURE IN OUR HOMES.." AND OF COURSE OUR PRIVACY IS STRIPPED FROM US...WIPED CLEAN BY THE WRATH OF GOOGLE...

NOPE!GOOGLE IS EVIL...VICIOUS..ARROGANT...DISINGENUOUS TO A DEGREE NEVER BFORE WITNESSED...

google..us...EVIL..sue wm

Posted by: ectoendomezo | October 20, 2009 at 08:24 AM

First of all, you are reporting a fake Bill Clinton twitter account like it was actually Bill Clinton. Second, you are reporting the fact that Google caches Tweets, and then, when a Twitterer makes his page private, the cache still exists. Wow. Big story. Let's find out what the lead singer of Fleet Foxes has to say about it!

If I were you, Mark, I would "protect your blogs".

Posted by: TK | October 20, 2009 at 08:48 AM



Advertisement


Recent Posts
A wheel that teaches kids how to ride a bike |  November 24, 2009, 3:49 pm »
Vudu does Wikipedia |  November 24, 2009, 9:00 am »





Archives