Twitter, the wildly popular micro-blog-blogging Web site, has roared onto the scene in an amazingly short time, even by Internet standards.
Twitter users can post short (140-character) messages known as "tweets" to all their followers. Pretty much anyone can follow anyone else’s tweets on Twitter, although there are some minimal
privacy settings and such for those who want to limit the scope of where their tweets go and who can see them.
It’s through this simple matrix of followers and writers that communities of like-minded people have joined one another in reading and posting their tweets.
But several articles and blog entries have been published declaring Twitter to be insecure. A common theme among the naysayers has been Twitter’s use of TinyURL, a site/service that encodes long URLs—we’ve all seen them—to be just a few characters long. No doubt this is used so that people can post tweets with URLs and still fit within the 140-character tweet limit.
The problem with TinyURL and similar encoding mechanisms is that the end user really doesn’t know what’s in the original URL itself. Thus, a tweet could be pointing the reader to a URL we click on or enter into our browsers manually can take us to sites that contain malicious data. Granted, some sites are going to seem more trustworthy than others: a respected news outlet is likely to be more trustworthy than (say) www.click-here-to-infect-your-computer.com which, by the way, I think is not a registered domain.
Another common complaint is that there’s no verification of a Twitter user’s identity, so someone could trivially pose as (say) a celebrity and the public would be none the wiser. This too is quite true, but it’s nothing new with Twitter.
But let’s get past that and consider some positive recommendations on how to safely use twitter, assuming that you also want to hear what some of your colleagues want to say in 140 characters.
- Don’t click on encoded URLs if you at all doubt them. If they point to something you feel you do want to read, direct message or e-mail the tweet’s author and ask for the full citation, and then decide whether it deserves your trust.
- Harden your browser anyway, just like I’ve suggested many times.
- Follow people who post things you’re genuinely interested in. Follow people you trust. Verify their Twitter identities via a trustworthy channel like, for instance, an encrypted or cryptographically signed e-mail.
- Avoid twits. There is a lot of noise on twitter. Life is too short for that blather. Shut it off.
- If you "protect my posts," which restricts your tweets to only your followers. Approve (or disapprove) your followers. Block followers you don’t know or otherwise don’t want reading your tweets.
- Avoid posting URLs, or post really short URLs so that your tweets don’t automatically invoke TinyURL. If you want to point to a URL, tell your followers to direct message you to request the full URL.