Twitter has recently launched a new feature that will help users tip each other. Dubbed ‘Tip Jar’, this feature will allow users to send a tip to others, such as journalists, security professionals, creators, and more. However, this exciting new Tip Jar feature also has a privacy issue for Twitter users.
About Twitter’s Tip Jar Feature
Twitter has recently introduced the ‘Tip Jar’ features for the users. Through this feature, users can send tips to other Twitter users directly via PayPal.
As elaborated in their blog post, this new feature will let the users tip someone they would appreciate. The Tip Jar icon will appear next to the ‘Follow’ button on a user’s Twitter profile. Clicking on this icon will let the other user choose an appropriate payment service to send the money.
Currently, for this feature, Twitter has enabled support for PayPal, Venmo, Patreon, Bandcamp, and Cash App. Whereas, Android users will get one more option – Spaces.
Twitter has elaborated that they would make no deductions through these transactions.
Presently, this feature is only available to a few Twitter in English users globally. Though, Twitter has pledged for service expansion in more languages soon.
What’s The Risk?
Although, having an option as simple as Tip Jar looks much more convenient for sending quick tips to favorites. However, it has a potential privacy risk too as the procedure exposes senders’ PayPal addresses to the recipients.
Here’s what Rachel Tobac of SocialProof Security highlighted in a tweet.
Shortly, it turned out that the privacy leak basically happens at PayPal’s end instead of Twitter. But, since Twitter has integrated PayPal to support Tip Jar, the matter now impacts the privacy of Twitter users.
However, as highlighted further, users can choose to hide their addresses during transactions.
Yet, another problem has also raised questions on the safety of the Tip Jar feature from potential abuse. Yet again, the issue mainly exists because of PayPal.
After these things surfaced online, Twitter confirmed to clearly mention this exposure of information in the Tip Jar prompt and Help Center. It’s presently unclear if PayPal and/or Twitter would resolve this matter for good or not.