Search This Blog

Showing posts with label Twitter. Show all posts

Twitter Used Phone Numbers and Email Addresses Provided for Security to Target Ads


Twitter, on Tuesday, admitted using phone numbers and email addresses of users provided for the purpose of enhancing security via two-factor authentication to serve target ads.

However, sensitive user data has not been shared with the company’s third-party partners and the issue which stemmed the incident has been taken care of; now the phone numbers and email addresses are only asked for security purposes, according to Twitter.

Last year, Facebook was caught for engaging in a similar practice where the phone numbers and email addresses provided by the users to make their accounts more secure were used by the social media giant to target ads, as per the Federal Trade Commission (FTC).

In the wake of the breach, Twitter received widespread criticism for compromising its users' privacy. The fact that user security has been violated through a framework that was intended to rather strengthen it, further fuelled the public reproval. Although the company did not intend to use sensitive user data for the purpose of ad targeting, one can’t deny that the platform was practicing the aforementioned without the knowledge of its users. Moreover, it took the company almost a month to disclose the information.

Putting what Twitter called as an 'error' into perspective, it wrote in a post on its Help Center website, “Tailored Audiences is a version of an industry-standard product that allows advertisers to target ads to customers based on the advertiser's own marketing lists (e.g., email addresses or phone numbers they have compiled)."

"When an advertiser uploaded their marketing list, we may have matched people on Twitter to their list based on the email or phone number the Twitter account holder provided for safety and security purposes." The company added.

Remarking data (here) as a liability, Duruk, a human-computer interface expert, wrote “Phone numbers stored for 2FA end up in advertising hellhole. The more you accrue, the more someone inside your org will find a way to abuse it.”

Apologizing for the inadvertent mistake, Twitter further wrote, "We’re very sorry this happened and are taking steps to make sure we don’t make a mistake like this again."

US: Investigators can Use Fake Social Media Profiles to Monitor Potential Visa Seekers





US Citizenship and Immigration Services officers, who were previously banned from creating fake social media profiles, can now create such profiles for the purpose of monitoring social media information of foreigners attempting for visas, citizenship and green cards.

On Friday, the ban was overturned in the review of potential privacy issues conducted and posted online by the Homeland  Security Department.

Explaining the need for the reversal of the ban, a statement by USCIS said that locating evidence of fraud and cross verifying the information for security reasons will be made easier for officers and investigators while deciding whom to allow inside the US.

The concerned State Department took several other steps which included asking applicants applying for US visa to provide their social media handles. However, it is ambiguous how resorting to fake social media identities would be carried out successfully as the terms and conditions of major social media platforms like Facebook and Twitter would clearly be violated while impersonating.

Commenting on the matter, Twitter said in a statement, "It is against our policies to use fake personae and to use Twitter data for persistent surveillance of individuals. We look forward to understanding USCIS's proposed practices to determine whether they are consistent with our terms of service,"

As per the DHS document, the investigating officers are restricted from interacting or conversing with people on various social media platforms and are only allowed to review and verify information passively. Although a lot of social media activity can be viewed and hence reviewed without an account,  certain platforms still keep within bounds the access for the guest users.

Referencing from the remarks made by Dave Maass, a senior investigative researcher for the civil liberties advocacy group Electronic Frontier Foundation, use of fictitious accounts "undermines our trust in social media companies and our ability to communicate and organize and stay in touch with people."

"It can't be this double standard where police can do it, but members of the general public can't." He added.

Global outage affecting Facebook, Instagram, and WhatsApp around the world







Social media services owned by Facebook were down for several hours for users around the world. The outage was affecting the entire ‘family of apps.’
Facebook, Instagram, and WhatsApp faced the outage from the early Morning on Wednesday, some users reported issues in uploading and downloading the images, video and audio files, while some of them faced difficulties in the News Feed. 

Facebook acknowledged the technical glitch and tweeted from their global Twitter handle stating that “We're aware that some people are having trouble uploading or sending images, videos or other files on our apps. We're sorry for the trouble and are working to get things back to normal as quickly as possible." 

The outage affected users across Asia, Europe, USA, and Africa. 

Users vented out their frustration against the three social media website on their Twitter accounts with the hashtags #instagramdown, #facebookdown and #whatsappdown, all of these hashtags were top trends on the site across the world. 

Instagram was forced to issue its own statement on Twitter. "We're sorry for the trouble and are working to get things back to normal as quickly as possible" Instagram tweeted.


Twitter removes nearly 4,800 accounts linked to Iran government

Twitter has removed nearly 4,800 accounts it claimed were being used by Iranian government to spread misinformation, the company said on Thursday.

Iran has made wide use of Twitter to support its political and diplomatic goals.

The step aims to prevent election interference and misinformation.

The social media giant released a transparency report that detailed recent efforts to tamp down on the spread of misinformation by insidious actors on its platform. In addition to the Iranian accounts, Twitter suspended four accounts it suspected of being linked to Russia's Internet Research Agency (IRA), 130 fake accounts associated with the Catalan independence movement in Spain and 33 accounts operated by a commercial entity in Venezuela.

It revealed the deletions in an update to its transparency report.

The 4,800 accounts were not a unified block, said Yoel Roth, Twitter's head of site integrity in a blog detailing its actions.

The Iranian accounts were divided into three categories depending on their activities. More than 1,600 accounts were tweeting global news content that supported the Iranian policies and actions. A total of 248 accounts were engaged specifically in discussion about Israel. Finally, a total of 2,865 accounts were banned due to taking on a false persona which was used to target political and social issues in Iran.

Since October 2018, Twitter has been publishing transparency reports on its investigations into state-backed information operations, releasing datasets on more than 30 million tweets.

Twitter has been regularly culling accounts it suspects of election interference from Iran, Russia and other nations since the fallout from the 2016 US presidential election. Back in February, the social media platform announced it had banned 2,600 Iran-linked accounts and 418 accounts tied to Russia's IRA it suspected of election meddling.

“We believe that people and organizations with the advantages of institutional power and which consciously abuse our service are not advancing healthy discourse but are actively working to undermine it,” Twitter said.

Several Major US Airlines Experience Significant Delays After A Computer Glitch Causes Flight Disruptions Nationwide





As per the Federal Aviation Administration because of an issue called AeroData, used to ascertain the weight and balance of flights before departure the Southwest, Delta, United, JetBlue and The Alaska Airlines were compelled to ground or delay.

The glitch prompted nearly 3,400 flight delays by midday Monday at airports in New York City, Boston, Chicago, Detroit and Washington, DC, Dallas, Charlotte, Atlanta and Miami, according to FlightAware's MiseryMap.

In any case, the number of delays brought about by the AeroData issue, are still unclear.

More than 3,400 flights had been delayed nationwide as of midday Monday, including a large percentage of flights at airports in New York City, Boston, Chicago and Washington, DC. FlightAware's MiseryMap delay tracker is seen above

American Airlines revealed that a couple of its provincial bearers - which incorporate     Air Inc., Piedmont Airlines Inc., PSA Airlines Inc., Compass, Mesa, Republic and SkyWest-had been influenced, however it is indistinct which.

American said in a statement, 'AeroData is currently experiencing a technical issue that is impacting multiple carriers, including a few of our regional carrier and is working to resolve the issue as quickly as possible; we apologize to our customers for the inconvenience caused.'

While United and Delta reported on Twitter that the blackout incidentally obstructed their capacity to print release paperwork, the passengers took to social media to express their dissatisfaction and frustration, with a couple of addressing and questioning whether or not the delays were a some addled April Fools joke.



The FAA nonetheless recommends the travellers to contact their respective airlines directly for any further updates.

Don’t change your birth year to 2007 to Twitter or you’ll be locked out

There are tons of hoaxes constantly doing the rounds on Twitter, including the recent Bitcoin scam. Today, I want to warn you about one that’s taken over the platform over the past couple of days: the “birth year hoax“.

It’s as simple as it is stupid: it encourages you to head into your settings and change your birth year to 2007, in order to unlock a colourful feed or a ‘retro’ theme across the site. Instead, users who fall for the scam will be locked out of their accounts because Twitter prohibits anyone under the age of 13 from using the site.

So, as soon as you change your birth year, Twitter thinks that you’re only 12 years old, and blocks your account.

Twitter has automatically prevented users under 13 from using the social network since May last year and its terms of use state that the social network is "not directed to children."

You were promised a new timeline of colour options. You ended up getting blocked from the social networking site.

Earlier this week, rumours were circulating that changing your birthyear would give you access to Twitter's nostalgic old appearance.

Twitter has warned users to ignore a hoax suggesting an alternative colour scheme will appear in the app if they change their birth year to 2007. Users won't get a new colour scheme on the Twitter app if they change their birth year, the social network says.

If you, like many people, were lured into changing your birth year on Twitter to 2007 to unlock new colour schemes, you fell victim to one of the social media's latest hoaxes.

"Please don't do this," the company said via a tweet.

If you’ve unfortunately fallen prey to this scam and are locked out of your account, follow the instructions in the email the company has sent you to regain access.

Twitter API Bug Enables Third Party Access to User Data



An API bug found earlier this month that could host unapproved third-party developers in order to gain access to the user's information on Twitter was as of late looked for and removed by the said social networking site.

The bug was said to affect the permission dialog while approving and authorizing certain applications to twitter and left direct messages to be exposed to the third party without the user's knowledge. Instead of the OAuth token-based method, bug manifested with applications that require a PIN to finish the authorization procedure.

Terence Eden, who found the issue and thusly reported it to Twitter describes it as one coming directly from the official Twitter API keys and the privileged insights being uninhibitedly accessible, enabling the application developers to get to the Twitter API even without the administration's approval.

In spite of the fact that Twitter upheld a few confinements to anticipate imitating the official applications by utilizing the keys to divert to an alternate application than the one they are related with. They utilized a strategy to limit 'callback URLs', so a developer couldn't utilize the API keys with their application.

Yet, shockingly this assurance was not comprehensive, since some applications don't utilize a URL, or they may not bolster call-backs and for these, Twitter at that point resorts to a secondary, PIN based, approval system. Later on, Eden saw that the applications did not demonstrate the correct OAuth details to the user. For reasons unknown, the discourse wrongly informed the user that the application could not be able to access the direct messages, although the inverse was valid.




The researcher submitted his discoveries through HackerOne on November 6 and the issue was acknowledged around the same time subsequent to giving elucidations and exhibiting the privacy violation problem.

Nonetheless Twitter settled the issue on December 6 subsequently informing the analyst that he could distribute the subtleties of his report.


Bug in Google Breaking Search Result Links




Discovered by a Twitter account of the site wellness-heaven.de , there exists a bug in Google Search known to break the search results when utilizing Safari in macOS if the connection contains a plus symbol.


First observed on around September 28th, when there was critical drop in the site's activity from Safari users.For example, on the off chance that you search for a specific keyword and one of the search results contains a plus symbol, similar to https://forums.developer.apple.com/search.jspa?q=crash+app+store&view=content,
then when you tap on the connection it won't do anything.

At the point when the issue was accounted for to John Mu, a webmaster trends analyst at Google, he answered back that it was undoubtedly unusual and that he would pass on the bug report.

The BleepingComputer could affirm this bug utilizing the search results for Apple found on Safari in macOS Sierra. They have likewise reached out to Google as well for more comments in regards to this bug, however did not heard back.

This bug is likewise influencing Firefox 61.0.1 in macOS, however seems, by all accounts to be working fine with Chrome 69.


Anyway, it is recommended for the users who may have seen a plunge in traffic beginning around September 28, to check their analytics software to decide whether this is originating from Safari users being unable to click on their links.