Snoop Alert: Twitter Bug Lets People See Fleets Past Their Expiration Dates

Twitter can’t catch a fleeting break.
Twitter can’t catch a fleeting break.
Photo: Lionel Bonaventure / AFP (Getty Images)

It looks like Twitter just can’t catch a fleeting break. Days after the company unveiled Fleets, its new Instagram Stories-like posts that are theoretically supposed to disappear after 24 hours, a bug has basically made them pretty useless. Even worse, the bug could open the door to snooping galore.

Advertisement

According to TechCrunch, Twitter users disclosed the bug, which allows others to view Fleets on public accounts past their 24-hour expiration date, on Saturday. In addition, the bug allows anyone to view and download a person’s fleet without sending the author a read notification or informing them of who had viewed their fleet. Do you all see the problem here? It means that people could snoop on your posts without your knowledge via a tool that’s supposed to help you feel “freer” on Twitter.

Advertisement

That’s pretty creepy.

In a statement to the Verge, the company said that it was addressing the issue.

“We’re aware of a bug accessible through a technical workaround where some Fleets media URLs may be accessible after 24 hours,” a Twitter spokesperson told the Verge via email. “We are working on a fix that should be rolled out shortly.”

Advertisement

Apparently, the bug appears to be related to a developer app that could scrape tweets from public accounts using Twitter’s API, the Verge reported. The company told the outlet that the API doesn’t return URLs for Fleets that are older than 24 hours, adding that once it fixes the issue, people will not be able access Fleets after they expire even if they have a URL for an active fleet.

On its end, Twitter does keep a copy of all sent Fleets after they expire or are deleted by users in order to take enforcement actions against content that violates its rules. Twitter maintains that it may keep a copy of Fleets found to be in violation of its rules for a longer period of time in order to give users an opportunity to appeal its decision.

Advertisement

Gizmodo reached out to Twitter to ask it about the Fleet bug and was directed to a thread posted on @TwitterSupport on Monday. In the thread, Twitter stated that Fleets are not viewable in Twitter apps after 24 hours. Nonetheless, it acknowledged that there was a technical problem underway when users detected the Fleet issue.

“Our backend system has a queue that deletes Fleets media after 24h—this system fell behind on Friday morning PST due to scaling problems,” Twitter wrote. “This meant that developers could save a Fleet URL during the 24h the Fleet was active. Due to our queue backlog, that URL may have still been accessible after the Fleet expired. The queue is now caught up and we’ve updated our systems to reduce the likelihood that this reoccurs.”

Advertisement

Twitter also affirmed that it had received concerns about people who weren’t logged in being able to see Fleets, and stated that people who use Twitter apps can only see fleets when logged in. However, the company acknowledged that it’s possible for developers to make API calls and obtain Fleets metadata through scraping. Twitter didn’t think this was a privacy or security concern though, given that Fleets from accounts that don’t have the “protected” setting enabled are public. But it did announce that it had updated its systems to require an authenticated session before requesting Fleets metadata.

Finally, the company addressed concerns that people could see Fleets without showing up in the user’s “seen by” list. Apparently, Twitter never intended to show complete “seen by” lists.

Advertisement

“Our goal is to show a list of people who’ve seen your Fleet, but we don’t guarantee completeness for technical and experience reasons. For example, we cap the list when it gets long,” the company stated. “The edge cases that can result in a mismatch between the ‘Seen by’ list and the actual people who saw your Fleet are uncommon, but we realize that this may not have aligned with expectations. We’re taking this feedback seriously and considering how we can improve.”

Fleets, which can include texts, GIFs and photos, were developed as a way to encourage Twitter lurkers who rarely post to do so. In true Instagram fashion, people can reply to your fleet with an emoji or a message. With Fleets, the company aimed to create a format where users could post their thoughts for a short period of time, per the New York Times, a space that less pressure that feels safer. It certainly makes some sense, considering how Twitter more often than not resembles a toxic swamp of rage and harassment.

Advertisement

Then again, we must remember that Twitter allowed its platform to become this thing, and I don’t know if Fleets is going to fix it. But I bet that bugs like this are probably not going to inspire tons of user confidence.

Advertisement

Update 11/30/2020, 7:30 p.m. ET: This post has been updated with additional comment from Twitter.

[TechCrunch]

Advertisement

Share This Story

Get our newsletter

DISCUSSION

They give us expiring tweets but no timed mutes on people (as opposed to words/phrases/hashtags) and no way to mute tweets quoting tweets for people (which has supplanted re-tweeting).