Some four weeks have already passed since the security problem with Twitter circles came to light, a failure that we already informed you about at the time and that resulted in the uncontrolled exposure of messages which, in principle, should only be addressed to a specific audience. If you know how Twitter circles work, you can already imagine what this means, in terms of risks, for all users of this function.
If this is not the case, that is, if you do not know what they consist of, we are talking about a function clearly inspired by the control of the scope of our Facebook posts, which the Meta network has been offering for years. Its public tests began in May of last year and three months later, in August, its deployment to all users was completed, thus finally providing a system that allows users to select which people certain publications should reach, making they are completely invisible to other users of the social network.
Its operation is very simple: each account can create a circle of up to 150 users (it is not necessary for both accounts to follow each other) and, when publishing each new message, Twitter allows you to choose whether it is addressed to everyone or if, on the contrary, it is exclusively for the accounts that make up the circle. It is, without a doubt, a simple and intelligent implementation of a privacy function (that is, of all the privacy that a social network can provide).
Despite the fact that the incident occurred in early April, until now the social network had remained silent about it. Now, however, and as we can read in Bleeping Computer, Twitter has finally admitted to the incident with the circles, in a message sent to users whose messages were exposed. I know the saying that states that “It is never too late if happiness is good”, but it seems important to me to point out that in cases like this it cannot be applied, and I will explain the reason.
Responsible disclosure of security incidents It is a standardized method in the industry and allows early prevention of those who may be affected by them. The companies whose products or services are affected by an incident report it early, although without revealing, of course, the cause of the problem, to prevent it from being massively exploited with all kinds of evil intentions.
Fortunately, in this case, the security problem of Twitter circles publicly transcended thanks to the users themselves and the media that echoed the problem, which allowed those affected to take action in this regard. However, if it had been solely because of the way Twitter proceeded, and even if the problem were solved quickly (according to them, of course), the level of exposure could have been much higher.
What makes me come up with a business idea along the lines raised by Elon Musk since he is the owner of the social network: «We’ll only notify you of security incidents if you pay for Twitter Blue, otherwise you’ll… get annoyed«. Overall, it has already become clear that the importance that the social network gives to users who do not go through the checkout tends to zeroWhy not make it even more explicit? And I have even more ideas, maybe one day I’ll even share them, although, yes, if they finally decide to adopt them, I hope to be financially rewarded for them. But as an external service provider, be careful, I would not like to work in a place like this with a boss like that.
