Twitter DMs – Not As Private As You Would Think

Twitter October 11, 2010 5 Comments @niallharbison

One of the quickest ways I have of communicating is by using Twitter DMs. It’s probably one of the quickest ways you can get a message to somebody within your network with the only provision being that you have to follow each other. There are many of us who use DMs in the same way that we use Text Messages on a phone (same amount of characters and essentially the same thing but different medium). I wanted to have a look at DMs properly though and see how private DMs actually are on Twitter and if we should all be using them to communicate private information. My guess here is that the tech savvy readers here will be well switched on to the security flaws but that most normal punters who are new to Twitter could be surprised to see that DMs are not as private as they would have thought…

How Do You Use Twitter DMs?

I thought I would do a quick bit of research to see how people have been using DMs and wasn’t really shocked to see the results. Although there were plenty of people who were clued in and said they wouldn’t share anything too private in their DMs there were just as many who shared lots via DMs.

Who Can See Your DMs?

There are lots of technical explanations on who can see your Twitter DMs which you can read here and here but essentially to sum it up anybody who is devious enough could see your DMs. Basically allowing applications to access your information as many of us do when we click “allow” on the screen below means that developers or people with access to the info being pulled in can see your DMs. Most applications are going to be perfectly safe but it really wouldn’t take a lot of effort for somebody malicious enough who owned an application to start riffling through your DMs.

How To Check Which Applications Have Access To Your Info

Many people click to allow applications without giving it a second thought only to forget that there tons of developers with access to their data. Luckily you can log in to Twitter and check which applications have access to your info. Simply go to the settings page on your profile and then hit “connections”. Once in connections you can see all the applications that have access to your info and revoke any that you no longer need or don’t trust. You’ll probably be surprised at how many you have allowed to access your information and totally forgotten about.

Use Common Sense

I would always say to people that if they are putting information online that you simply have to expect it to be found at some stage. Even if you are using private mediums like Email, Facebook messages and Twitter DMs there is always a chance that they could be exposed. Twitter DMs should be used in the same way as Twitter public messages and used to share simple information that you wouldn’t mind the whole world seeing because as you can see above that could be what happens!

Tags

DMs
online
private. messages
secure
Social Media
Twitter

valentin

You lost me at the “DM”, whatever is that.
http://bonkers.ie David Kerr

Hi Niall,

> plenty of people who were clued in

The point that we can treat a DM like email – which is also an inherently insecure medium in most cases (encryption aside) – is pretty valid. I wouldn’t send sensitive information in an email such as credit card or bank details, and I certainly wouldn’t put those in a DM. I’m generally not worried that my web traffic can be snooped (as this post can be while in transit) because I know that personal information needs to be encrypted before transmission. Suggesting that a DM can be reconstructed by a 3rd party application developer is correct, but the point there is that by approving the 3rd party application, I am willingly giving 3rd party access to my twitter account’s credentials and granting them the right to post tweets on my behalf – we just need to look as far as the “Twiffiency” fiasco to see that granting full access to a 3rd party application is a bad idea – http://techcrunch.com/2010/08/17/twifficiency/

So I’d suggest it *is* possible to be clued in – and understand the risks associated with granting 3rd party applications access to your twitter credentials – which is exactly why the guys in twitter got rid of Basic Auth a couple of months back. So really the risk is akin to saying by giving someone access to your gmail account, they can see your emails. Yep.

cheers, Dave (@darkdiver)
http://www.stewartcurry.ie/ Stewart Curry

It means “Dirty Message” – it’s used for booty calls and sexy hookups, so people can talk about their fantasies and desires in private.
http://www.simplyzesty.com Niall Harbison

Considering I have had numerous DMs from you over the years Stu this revelation comes as a serious worry to me
Pingback: Citi Bank Launch Twitter account – Does Social Media And Banking Fit?

Other Posts You May Like

Handy tool shows you where your Twitter followers are from

Can celebrity endorsement on Twitter keep a business alive?

New app allows you to send anyone a private message on Twitter

Why Twitter needs to wake up and start working with businesses

Comments

Newsletter

Follow us on Twitter

Book A Speaker

See Us At