Twitter testing new feature that reveals when you’re online

Who other than stalkers actually wants this?

Twitter online status

Twitter is testing a new feature that would inform your followers if you are currently online.

The feature, revealed in a post from Twitter’s director of product management and shared more widely by Twitter CEO Jack Dorsey, reveals that the site is toying with the idea of displaying a green dot next to active, online users.

What isn’t entirely clear, however, is whether Twitter plans to make the feature opt-in or opt-out when/if it eventually rolls out to the great unwashed masses.

Why does that matter? Well, it’s an erosion of my privacy to share with the world that I’m currently online checking Twitter.

And it’s easy to imagine how digital stalkers could use such a feature to harass victims (“I know you’re online… why haven’t you replied to my message?”)

It should be my choice whether that’s the kind of information I wish to share publicly what I’m doing. The risk is that Twitter will view such a feature as a way of encouraging engagement between Twitter users, and will make the feature enabled by default. Many users probably wouldn’t be aware that such a feature was enabled.

My hope is that if Twitter does ever roll out this feature it will follow the example it uses with location - where users have the option of sharing their location, but the functionality is (quite rightly) disabled by default.

Maybe the resources Twitter is putting into displaying whether a user is online or not could instead be directed at dealing with the considerable problem of malicious bots, Nazis, and its failure to police its terms of service more rigorously.

If you’re losing faith in Twitter you might like to try a friendlier, ad-free alternative like Mastodon. You can find me there at https://infosec.exchange/@gcluley

Update: Sara Haider, Twitter’s director of product management, has confirmed to me that the “presence” feature will be opt-in:

To hear more discussion about this issue, be sure to check out the “Smashing Security” podcast:

Smashing Security #94: ‘Rogue browser extensions, Twitter presence, and how to cheat in exams’

Listen on Apple Podcasts | Google Podcasts | RSS for you nerds.

Tags: , ,

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

, ,

3 Responses

  1. Gil Favor

    September 4, 2018 at 3:01 pm #

    I don’t have any problem with it as long as it’s opt-in. Users who are careless enough to opt-in are welcome to the potential consequences.

    In fact, the one bit of damning with faint praise I’ll say about Facebag is that their criminal invasions of users’ privacy and security via the unceasing torrent of new “features” that are opt-out is what drove me to terminate my presence there many years ago.

    So, in a perverse sort of way, I’m grateful to Facebag. If they had acted morally and made all their garbage features opt-in I might still be there wasting my life. (heh)

  2. Vito Tuxedo

    September 4, 2018 at 3:23 pm #

    The fact that it’s opt-in (for now) is fine. My only question is whether at some point down the road Twitter might switch their little “Currently Online” green-light indicator to opt-out with little or no warning — a trick worthy of Mr. Mark “Move fast and break things” Zuckerbillion$.

    Facebook’s constant assaults on my privacy were impossible to manage without spending more time than I was willing to waste. Like Gil Favor, that’s what led me to deactivate my account. I’d hate to see Twitter go the same route.

  3. Pete

    September 4, 2018 at 4:13 pm #

    It’s not at all clear what “currently online” means in the context of this proposed feature. Does it mean “Logged in to my Twitter account and currently displaying a Twitter page in an active browser window”?

    Or (much worse), does it mean running some kind of script that phones home to Twitter and reports that users are online, regardless of whether or not they’re logged in to their Twitter account?

    I don’t like either one, but the former is far less invasive than the latter. At least users can control that by logging in only when they’re actually using Twitter.

    Of course, it’s not a problem if it stays opt-in, but with feature creep, no one can be certain. It makes another good case for running NoScript to control any user-side shenanigans.

    Actually, it makes sense to use a network monitoring app, which keeps track of all outgoing connections. I would disallow any automatic attempt to report my online status to Twitter…or anyone else I don’t approve. It’s none of their business whether I’m online.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.