Earlier this evening the LA Times Tech Blog ran a post claming that Google has unrestricted access to Twitter’s protected tweets, or, as the Times put it, the “key to the city”. And you can apparently search those tweets with a not-too-difficult advanced Google search. As supporting evidence, the post includes snippits of supposedly protected tweets from Bill Clinton’s Twitter account, with messages like, “John Edwards…why did you,” “NY Gov got caught with a,” “Oh Hillary, 3rd place in,” and “I have been too depressed…”
What, you say? Those sound like some bizarre things for a seasoned politician to be tweeting about? Yeah, I had the same thought. So I did a bit more digging, and as it turns out those tweets didn’t come from Bill Clinton at all, at least not the real one. Instead, they came from someone who was masquerading as Bill Clinton at some time in the past, when they were cached by Google. But now they can all be found under the Twitter account NotBillClinton.
Here’s the full text of those tweets:
John Edwards…why did you cheat on your wife that has cancer, you’re a dog! If Hillary gets sick, that’s it, no more Hoochies! FAMILY FIRST
NY Gov gets caught with a Hooker. At least it’s a 5000k/hour quality hooker and not those FREE ones that keep a blue dress.I’m still pissed!
Oh Hillary, 3rd place in IOWA sucks! What happened to all the “GIRL” power you keep on telling me about!
Not so damning after all. As for the other accounts mentioned in the Times article, I suspect that Google is displaying tweets from them, but only messages that were sent before they were made private. For some more evidence, I reached out to Brightkite Jonathon Linner (who is mentioned in the LA Times post), who says that he did in fact change his account to private only in the last month or so. The fact that these messages are all cached still poses a problem — make the mistake of setting your account public for a while and you may have no way to ever pull that data back in — but it doesn’t look like Google has special access to these tweets.
We’ve reached out to Twitter to confirm that Google does not actually have these so-called keys to the city.
Twitter will be gone in 12 months. Traffic is already flat and there is too much money in to be returned.
Pwned!
Nice work TC.
Ditto. Good reporting.
full flavored PWNage
I was trying a bunch of queries and not able to reproduce this one either. Starting of course first with my own private acct. ::whistles::
This may be just me and is completely off topic — but doesn’t it seem like the stories on TechCrunch have gotten quite stale over the last month?
The real issue is, what to do with the tweets you wrote before you protected your twitter account?
Should they be set to private? Can they be set to private or is it too late because Google has already indexed them?
I think this is a storm in a glass of water…
See my post below. Any information that is at one time public, should be considered infinitely public. This is 2009. WAKE UP!
This is ridiculous. Of course those aren’t Bill Clinton’s protected tweets. Some asshole from the Times has no idea what he is talking about. There is no hole.
As far as Google caching your tweets when your account is unprotected … well, yeah. The same concept applies to any online information. That is what Google and many others do. The scraping and storing of public information on the web is nothing new. If that fact comes as a surprise to someone, they have been asleep for over a decade.
I don’t see what the big deal is personally. We all know that anything you publicly post on the internet, for however short a time, is findable somehow somewhere. So I am not only not shocked that public tweets are cached to Google, I would expect them to be.
Something twitter already warns people of…
Along with the protect updates checkbox it clearly states:
Tweets posted previously may still be publicly visible in some places.
Twitter is struggling with all sorts of problems; check this out: http://www.mone...acked%E2%80%A6/
It’s not polite to spam/advertise.
And it is a public service to call attention to it. Thank you.
The one who reported was just so excited with Bill’s tweets that he did not bother to cross check with other accounts. I tried with a couple of accounts of my friends who are protected and could not access them.
But for those who have decided to protect their accounts recently should have an option to let google and twitter know that their tweets -current or old should be gone from the indexes.
Great new tool for communication and stong way to spread the word.
The technical details are academic. If a user tried to protect their data after it was made public by Google, this is also academic. Either way — the user’s privacy is breached, against their express wishes.
This is surely a classic example of Google and Twitter abusing their position in the market. These corporations are apparently willing to jeopardise people’s privacy and security for commercial gain.
Have you ever used the internet before? If you put it out there publicly at one point, it will be there publicly forever.
I checked this against a number of colleagues who believe they have protected their tweets, and in many cases their conversations were readily available in Google by searching for their username and the word “Twitter”.
The reasons for this breach remain hypothetical, e.g. Google may or may not hold “the keys to the city”, but the fact remains that this is an apparent breach of privacy by Google and Twitter.
Part of what should not be forgotten in this conversation, is that it is up to people to be ethical, not up to technology to hold up the protective fences.
At Boost eLearning, we train knowledge workers how to effictively find high value information. There is a lot that can be done with Google and doing site searches on different social media venues, and if used for business research, it serves a good purpose.
The idea of spouting what can be done on Twitter, taking quotes from accounts (apparently inaccurate ones at that) is not journalism, not even poor and/or inaccurate journalism, it is sensationalism.
Wow standards have really fallen at the Los Angeles Times, apparently. Are they hiring 12-year-olds now? Anyone with half a brain should have known the real Bill Clinton would not have tweeted anything like the tweets he mentioned. Shockingly bad reporting—and it is hardly news that Google scrapes everything.
I can confirm that this issue has still not been fixed.
I can still use Google to read other people’s “protected” tweets. Many of these tweets were indexed by Google this week, and Google’s cache displays a recent date stamp, even when the users’ tweets have been protected for months or even years. I urge commentators not to play this down by suggesting that this issue only affects older protected tweets — all tweets can be affected by this regardless of timescale.
I therefore have access to private information of complete strangers. On Twitter, these items are hidden by the message “this user has protected their tweets,” while on Google they are freely accessible.
In fact, everybody in the world can still use Google to access information which users specifically asked Twitter to hold private. These users rightfully believe the information is not public, yet it is public.
Because Twitter users are led to believe that “protected” tweets cannot be read by unauthorised persons, data available through this Google/Twitter security back-door or loophole could include potentially damaging personal information or comments, bank details, and indeed almost anything.
As a tech blogger and as a web user, I am seriously concerned, and very disappointed that Google and Twitter have failed to take prompt action to safeguard our privacy and security.