Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

Twitter Tip Jar may expose PayPal address, sparks privacy concerns

This week Twitter has begun experimenting with a new feature called ‘Tip Jar,’ which lets Twitter users tip select profiles to support their work.

Twitter iOS and Android app users using Twitter in English can now send tips to a limited group of people around the world, including creators, journalists, experts, and nonprofits. 

However, the new feature has sparked multiple concerns among Twitter users: from the sender’s PayPal shipping address getting exposed, to how are “disputes” handled.

Twitter ‘Tip Jar’ may expose your PayPal shipping address

Yesterday, Twitter rolled out a ‘Tip Jar’ feature to Android and iOS app users who have their preferred language set to English.

The feature has been introduced by the company to “support the incredible voices that make up the conversation on Twitter.”

Although anyone can send cash tips, the group who can receive such rewards is currently restricted to just a handful of entities:

“For now, a limited group of people around the world who use Twitter in English can add Tip Jar to their profile and accept tips.”

“This group includes creators, journalists, experts, and nonprofits. Soon, more people will be able to add Tip Jar to their profile and we’ll expand to more languages,” announced Twitter in yesterday’s blog post.

Those interested in tipping someone can use a variety of payment methods, including BandcampCash AppPatreonPaypal, and Venmo.

Moreover, Twitter does not receive a cut of the tipped amount, although the payment networks may charge a minimal transaction fee. 

Twitter tip jar
Twitter Tip Jar illustration (Source: Twitter)

However, within a few hours some pointed out that because of how PayPal works, users may not realize that their PayPal shipping address was being exposed to those who they tipped:

Put simply, because “tipping” counts as a transaction on Twitter, much like a buyer paying a seller when shopping online, PayPal may (by default) expose the money sender’s shipping address to the person who is receiving tips.

Twitter users including Anashel and Yashar Ali pointed out that the solution to this potential issue is rather simple.

Those using PayPal for sending tips via Twitter Tip Jar can select “No address needed,” under the Shipping Address form field prior to sending the payment: 

twitter tip jar paypal test
How PayPal users can hide their shipping address when using Twitter Tip Jar
Source: Twitter

Additionally, Twitter has updated its tipping prompt and Help Center to make it clear that other apps, such as PayPal, may share information between people sending and receiving tips.

Well, that one was easy. But there’s just one more issue that others have brought up.

But, what about disputes?

What happens when someone tips a Twitter user using the Tip Jar and later files a “dispute” concerning the payment?

Advertisement. Scroll to continue reading.

Different payment networks offer methods to dispute outbound payments for many reasons: such as receiving faulty goods, or not receiving a service adequately, and so on.

But, in PayPal’s case, some have pointed out that if a tip sender files a dispute after tipping someone, things can get ugly for the recipient—who now has to pay a $20 dispute charge, plus payment processing fees, of course, in addition to refunding the tipped amount:

And, as noted by infosec journalist Brian Krebs, if a fraudster can repeat sending “tips” a few times and dispute these, they can, in turn, make the recipient pay up as a result of triggering the dispute process, effectively reversing the direction of flow of money.

It is unclear what policies PayPal and Twitter will introduce to prevent malicious actors from abusing the Tip Jar feature which has just been rolled out.

Also, at this time, not every Twitter Android and iOS app user may have the Tip Jar feature enabled.

Twitter profiles with Tip Jar enabled will show a “Tip Jar” icon next to the “follow(ing)” button on their profile, as shown in the GIF illustration above.

In tests by BleepingComputer, however, Tip Jar was not available for some app users, including those with verified accounts, although the preferred language for the accounts/apps was set to English. 

As such, those interested in pioneering the Tip Jar feature should keep an eye on their app for any updates.

Source: https://www.bleepingcomputer.com/news/security/twitter-tip-jar-may-expose-paypal-address-sparks-privacy-concerns/

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given federal agencies three weeks to secure Adobe ColdFusion servers on their networks against two...

Cyber Security

Businesses and developers are focusing more on the security of applications in their digital environment as cyber threats and data breaches continue escalating. The...

Cyber Security

HCL BigFix is an endpoint management platform that has the capability to automate discovery, management, and remediation. It can find and fix vulnerabilities on...

Cyber Security

The Environmental Protection Agency cited a lack of resources and the sheer volume of critical vulnerabilities as the reasons for its inability to patch...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO