Twitter testing new feature that reveals when you’re online

Graham Cluley

Twitter testing new feature that reveals when you're online

Twitter online status

Twitter is testing a new feature that would inform your followers if you are currently online.

The feature, revealed in a post from Twitter’s director of product management and shared more widely by Twitter CEO Jack Dorsey, reveals that the site is toying with the idea of displaying a green dot next to active, online users.

What isn’t entirely clear, however, is whether Twitter plans to make the feature opt-in or opt-out when/if it eventually rolls out to the great unwashed masses.

Why does that matter? Well, it’s an erosion of my privacy to share with the world that I’m currently online checking Twitter.

And it’s easy to imagine how digital stalkers could use such a feature to harass victims (“I know you’re online… why haven’t you replied to my message?”)

It should be my choice whether that’s the kind of information I wish to share publicly what I’m doing. The risk is that Twitter will view such a feature as a way of encouraging engagement between Twitter users, and will make the feature enabled by default. Many users probably wouldn’t be aware that such a feature was enabled.

My hope is that if Twitter does ever roll out this feature it will follow the example it uses with location – where users have the option of sharing their location, but the functionality is (quite rightly) disabled by default.

Maybe the resources Twitter is putting into displaying whether a user is online or not could instead be directed at dealing with the considerable problem of malicious bots, Nazis, and its failure to police its terms of service more rigorously.

If you’re losing faith in Twitter you might like to try a friendlier, ad-free alternative like Mastodon. You can find me there at https://infosec.exchange/@gcluley

Update: Sara Haider, Twitter’s director of product management, has confirmed to me that the “presence” feature will be opt-in:

To hear more discussion about this issue, be sure to check out the “Smashing Security” podcast:

Smashing Security #94: 'Rogue browser extensions, Twitter presence, and how to cheat in exams'

Listen on Apple Podcasts | Google Podcasts | Other... | RSS
More episodes...

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

3 Replies to “Twitter testing new feature that reveals when you’re online”

  1. I don't have any problem with it as long as it's opt-in. Users who are careless enough to opt-in are welcome to the potential consequences.

    In fact, the one bit of damning with faint praise I'll say about Facebag is that their criminal invasions of users' privacy and security via the unceasing torrent of new "features" that are opt-out is what drove me to terminate my presence there many years ago.

    So, in a perverse sort of way, I'm grateful to Facebag. If they had acted morally and made all their garbage features opt-in I might still be there wasting my life. (heh)

  2. The fact that it's opt-in (for now) is fine. My only question is whether at some point down the road Twitter might switch their little "Currently Online" green-light indicator to opt-out with little or no warning — a trick worthy of Mr. Mark "Move fast and break things" Zuckerbillion$.

    Facebook's constant assaults on my privacy were impossible to manage without spending more time than I was willing to waste. Like Gil Favor, that's what led me to deactivate my account. I'd hate to see Twitter go the same route.

  3. It's not at all clear what "currently online" means in the context of this proposed feature. Does it mean "Logged in to my Twitter account and currently displaying a Twitter page in an active browser window"?

    Or (much worse), does it mean running some kind of script that phones home to Twitter and reports that users are online, regardless of whether or not they're logged in to their Twitter account?

    I don't like either one, but the former is far less invasive than the latter. At least users can control that by logging in only when they're actually using Twitter.

    Of course, it's not a problem if it stays opt-in, but with feature creep, no one can be certain. It makes another good case for running NoScript to control any user-side shenanigans.

    Actually, it makes sense to use a network monitoring app, which keeps track of all outgoing connections. I would disallow any automatic attempt to report my online status to Twitter…or anyone else I don't approve. It's none of their business whether I'm online.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Never miss a thing. Sign up for the free GCHQ newsletter from Graham Cluley.
GET UPDATES