Image: Getty Images
Hacking. Disinformation. Surveillance. CYBER is Motherboard's podcast and reporting on the dark underbelly of the internet.
Advertisement
"PayPal needs to make it crystal clear which data is given to money receivers and stop sharing that data, & Twitter needs to educate users who don’t realize what info tip receivers get when using PayPal," Tobac wrote in a tweet. Tobac told Motherboard that “while some may say ‘well just make sure you are safe before sending!’ Twitter folks are particularly at risk because they’re already expecting to be able to be anonymous on the platform, and there are so many vulnerable populations on Twitter.”A Twitter spokesperson told Motherboard in an emailed statement that the company is "updating our in-app notification and Help Center article to make it clearer that other platforms, per their terms, may share information about people sending tips to one another." Kayvon Beykpour, Twitter's product lead, thanked Tobac in a reply and added that "we can't control the revealing of the address on Paypal's side but we will add a warning for people giving tips via Paypal so that they are aware of this."Tom Hunter, a spokesperson for Paypal, told Motherboard in an email that there are two different ways to send money via Paypal. Users can send payments as "Goods and Services" which will automatically share their address with the recipient or send payments as "Friends and Family" which does not share the address with the recipient. "If some, for example, has a business account that is primarily used for selling or other goods and services, their account payment type is likely to default to Goods and Services."
Advertisement
"It's incredibly frustrating when tech companies ilke Twitter and Facebook unleash untested products onto a hapless public, particularly when the problems they introduce can cause significant harm to both digital and physical safety," Ashkan Soltani, who used to be the Federal Trade Commission's chief technologist, told Motherboard in an online chat. "Lots of folks prefer to keep their 'real world' identities private for a variety of reasons (safety, liability, persecution)—particularly when they can potentially lose their jobs or be persecuted for their views on social media / Twitter. You would think for a company like Twitter, who is under order with the FTC for failures related to data security (a case I personally worked on), they would be mindful of these types of privacy and security risks when they release new features."Twitter and Paypal did not immediately respond to a request for comment about Soltani's finding. Additional reporting by Joseph CoxThis story has been updated to include a quote from Rachel Tobac.Subscribe to our cybersecurity podcast CYBER, here.