Pages

Saturday, 7 December 2013

It is not possible to view private tweets but here's what to be aware of to protect your account

by @JoBrodie, brodiesnotes.blogspot.com

This post exists because so many people found my blog while searching for "how to read private Twitter accounts" so I wrote this for them - updated July 2016.


You cannot read tweets from someone who's made their account private (locked) unless you're following them, or you've broken in (definitely a bad idea) or using someone else's account to read (possibly a bad idea).

If you've made your account private be aware that others can get a lot of info about your private account from replies sent to you. [26 July 2016]




Summary of main post
You cannot view someone's tweets if they've protected their account (locked it), unless you are following them. If you view their profile you'll just see something saying like 'this user has protected their tweets', and that's pretty much the end of it.

However I think people should be much more aware that people can infer a great deal about what a protected account is tweeting simply by looking at the tweets sent in reply (eg search for to:theirname or @theirname to see tweets sent to the account, eg to see tweets sent to me type to:jobrodie or @jobrodie into Twitter search).

More detail and explanations (and things to watch out for) below.





More detailed information
To the best of my knowledge it is now not possible to see the tweets of a protected account unless you're following them, or have stolen their password or the password of one of their authorised followers or some other morally and legally iffy technique (bad idea). 

If someone doesn't want you to read their tweets, then it's much nicer if you just respect that. But here are some suggestions for ignoring that, written more in the spirit of warning people with protected accounts what to watch out for from sneaky folk than helping sneaky folk, though it obviously does help them. Think of it less as "how to annoy someone" and more as "how to thwart annoying people".

1. Follow them, if they'll let you
If someone has locked their account to make it private then it is not possible to see what they've said unless you follow them... so the obvious first step is to try and follow them.

Click the follow button and hope for the best.

1b (i). Create a secondary account
If they know who you are and don't want you to follow them then you'll not have much luck unless you change your name or create a new account. Simply changing your username is imperfect as it's pretty easy to see if you're still the same person they didn't want following previously

1b (ii). Make sure your email address doesn't give you away
Be aware that if they have your email address in their contacts and allow Twitter to 'find their friends' then your new account will show up, unless you untick the Discoverability setting which lets people find you via your email. I believe this is OFF by default.

An interesting conceptual equivalent to this is people who create anonymous blogs but use the same Google Analytics code as they do on their other (non-anon) sites. Given that Google Analytics codes are unique to one person's account, with modifications of a suffix for each different website, this can give them away.
 
1c (i). Password strength
If you've got a protected account you might want to make sure you've got a difficult-to-guess password as another obvious 'in' is to crack into your account by guessing or phishing for your password. If people can crack your email password that's another source of risk because then they can use the 'forgotten password' to get a reset link sent to the compromised email account.

1c (ii) Password strength of your followers
As Jon points out in the comments below I've missed out a fairly obvious opportunity, which is for someone to read your protected tweets by cracking the account of one of your approved followers.

2. Search for tweets sent to them - infer conversations from what others say to them
Tweets sent to people (often in reply to their own tweets) tell you one half of the conversation. As always it's your friends' responses to your protected tweets that would likely give you away ;)

Just search for their @name in the search bar - to see all tweets sent to me you can type @JoBrodie. There are obviously quite a lot because I've been on Twitter for five years but you can add in keywords to narrow things down a bit.

Note: Echofon apparently will show you the private tweets of recently blocked accounts. Search for from:username to see the tweets.

3. Storify / screenshots in blogs / manual retweets / look at their phone
See if you can find their tweets in Storify or other archiving places. Storify traps tweets even after they've been deleted so it seems reasonable to suspect that it will keep them even after someone's account goes private.

By contrast embedded tweets in blogs will generally disappear because the bit of code will stop working if the original tweet is deleted or the account made private. Any blog posts that used screenshots to reshare a tweet won't be affected of course.

*Embedding a tweet means that each time the blog post loads the tweet it calls on Twitter to display it and if it's no longer publicly available then it won't show up.

If your account is private then your followers cannot retweet you as the retweet button is not offered to them. However they can still see the text of your tweet and interact with it. If they want to there's nothing to stop them from copying and pasting the text and retweeting you manually. I have done this - with permission I hasten to add - when someone tweeted something really interesting that I thought deserved wider sharing.

Tweets viewed on any screen can also be snapped as a screenshot.

Jon (in comment below) also points out that someone just has to gain access to your phone to see your protected tweets or the tweets of any protected account that you're authorised to view.

4. What about authorised third-party apps?
I don't know if it's possible for people or companies who've created Twitter apps to access someone's protected tweets. To read Twitter on my iPhone I use an app (not the Twitter app) and of course when I'm logged in it shows me my private messages, so the app can obviously 'see' my DMs. The app can see my private messages so it's logical to think that the people who own it might be able to as well, though I doubt they'd bother. I mean more that I don't know how these things are kept separate.

Probably misusing an app for that purpose would be both against Twitter's terms and conditions not to mention possibly illegal under the Computer Misuse Act 1990 (UK) or Computer Fraud and Abuse Act (US).

People who use Echofon can see tweets of private accounts by searching from:username to view - this seems to be a time-sensitive thing and after a period of time the search 'cache' is cleared and this is no longer possible. Glitch now fixed.


5. Answers to specific questions people ask of Google
I have no idea who asked these questions, I just get a list of phrases that people used to search for information on Google and in which my blog appears to them in the search results. 
  • How can you tell if someones twitter acount is private?
    Visit their account page (http://twitter.com/THEIRNAME) and if it says something like "Only confirmed followers have access to @THEIRNAME's Tweets and complete profile. Click the "Follow" button to send a follow request." that's your answer.
  • How can someone find me on Twitter although I have private setting?
    Only your tweets are private. Your Twitter name, bio and any web address details you've included in your bio are public.
  • How can you block someone from reading your tweets even if your profile isn't private? // How do I make it so only confirmed followers can see my tweets but not be private?
    You can't. Blocking someone stops YOU from seeing THEIR tweets in your timeline. You can still visit their page to view all their tweets. They can still visit yours (they mostly have to log out or use third party apps now).
  • If I block someone on twitter and my profile isn't private can they still read my stuff?
    Yes. They can just log out or use a third party app.
  • Can people still see at mentions if private? // Can people see tweets i'm mentioned in if my twitter is private?
    Yes. All they need to do is search on Twitter for @YOURNAME to see all tweets sent to you. They cannot see any tweets sent FROM you unless they follow you.
  • Can private account send mention // Can I still mention someone on twitter even though i'm private?
    Yes, but if they're not following you I think they won't actually be able to see it. 
  • Can you block someone on twitter even when your tweets are private?
    Yes, it just means that you won't see their tweets. They already can't see your tweets if you're private and not following you - there's no additional need to block them.
  • Did this happen because my account is private? you have been blocked from following this account at the request of the user.
    No, that just means that they've just blocked you. If you want to see their tweets you'll have to search for from:theirname or log out to view them.
  • Even tho I'm private on twitter how can people retweet my stuff
    Anyone who is following you is able to manually retweet you (by copying and pasting the words in your tweet). They might also take a screenshot. You can ask them not to but there's not much else you can do other than block them. It's also possible that the account of one or more of your followers has been compromised and someone else is seeing what they see and retweeting that (see 1c(ii) in the main list above).
  • Even though your private should you still see your tweets in search do others
    If you are logged in and search for things on Twitter then if your tweets contain them they'll show up to you, but not to other people. To check, log out of Twitter and search again - your tweets should not show up. An exception is someone using Echofon which may well show search results for 48 hours or so after you make your account private.
Related post
Don't assume that your private Twitter account is all that private (7 December 2012 - I only just noticed that I wrote that exactly a year ago!)

See also
Three fairly cool things you can do on Twitter (apart from tweet obviously) (4 November 2013)


History of this post
A few weeks ago I spotted a spike in the number of incoming searches to my blog from people looking for information on how to read protected tweets. First I wondered if there'd been something happening on Twitter that I wasn't aware of and secondly I wondered why they'd bother looking for that since, as far as I've been aware, it's never been possible to see the tweets of someone who's protected their tweets.

Today I learned that I'd actually been wrong although all the security glitches and workarounds that I've heard of from looking this up on Google appear to have since been fixed.

According to a 2009 LA Times story Google once (inadvertently) displayed protected tweets and it also seems to have been possible to view protected tweets through RSS feeds (again in 2009 but I think this was fixed back then) and Twitter no longer supports RSS anyway.

Glitch, from November 2015 - FIXED

This morning I learned that Echofon (and perhaps other apps) may display private tweets in search results. I spotted one that had been sent 17 hours previously and one that had been sent at 2am on 12 November. The tweets both showed up in search and when clicking on them (as if to reply) they still showed up. I could see the locked icon next to the people's names (I'm not following either of them). Clicking on their profile confirmed that their account was locked and I was unable to see their tweets that way. Presumably this only works on accounts that have made their tweets private within a particular time window, I suspect this won't work forever.

I was then surprised to find that, again on Echofon, if I searched from:username for this locked account I could see all of their private tweets. At some point their tweets will disappear from search results but I don't as yet know how long that takes.

Echofon for iPhone is basically a Twitter 'hacker' tool: it lets you see what apps / platforms people are using to send a tweet, it shows you profiles of accounts blocking you and it also lets you see private tweets (of recently-ish locked accounts) in search results.

For people with locked / private accounts
Be aware that it may take a while before your tweets stop showing up in search, on certain apps. It seems people can see all of your private tweets by searching from:yourname (though this is probably only temporary, so far no longer than 48 hours).

For people who want to read locked / private accounts
Try from:username or searching for keywords in a tweet you know they sent. Use Echofon for iPhone or other third party app (I doubt this will work on official Twitter apps / platforms though).


6 comments:

  1. You mention password strength. This isn't just an issue for protected accounts, though - if someone guesses the password for an approved follower of a protected account, they can then also view the protected account's tweets. That's an issue with services like Twitter - the info is only as secure as the accounts of the people who have access to it.

    There are also more old-fashioned ways of accessing protected tweets, if you know who the person is IRL - e.g. to get hold of their phone. Something people with protected accounts should bear in mind if they're hoping to protect tweets from someone they know in person.

    ReplyDelete
    Replies
    1. Ooh fab comment thanks. It seems you used to be able to read protected accounts by reading, via RSS, what was presented to one of their approved followers (I only discovered this yesterday when drafting my post, but it was a known glitch in 2009) but I'd not thought of the modern equivalent of breaking into a follower's account. I think that's sufficiently important that I'll update my post with credit to you.

      Also, yes, pinching their phone! I'm not condoning these devious methods of course.

      Delete
  2. My twitter account is not private but people still cant retweet my tweets. Help!

    ReplyDelete
    Replies
    1. Hello Yassmine

      I'm afraid I cannot explain this as it would seem to be perfectly possible for someone to retweet your tweets if your account is not private. If you're absolutely certain that your account isn't locked then I'm afraid I don't have an answer for you, but is it possible that your account is locked?

      Your followers would of course be able to see your tweets (though not retweet them) so it's possible that no-one would notice you were locked, although your followers will likely see a padlock next to your name.

      Your tweets (whether your account is locked or not) can still be retweeted manually, by copying and pasting your original tweet and adding RT at the front - if there's a glitch on your account you could suggest that to your followers.

      The other thing that would stop people from retweeting you (automatically, as opposed to manually) is that you've actually blocked them?

      How do you know that they can't retweet you? Have they told you or have you just spotted that your tweets aren't getting retweeted? If the second one you could send out a tweet and ask a couple of people to RT it to test, but the only other solution for getting retweets is to make sure that the sorts of tweets you're sending are the sort of thing that your followers might retweet ;)

      I'm sorry I can't think of anything else but wish you well in solving the mystery.

      Jo

      Delete
  3. Still a glitch. Not following anyone, but Im still having ppl reading my tweets

    ReplyDelete
    Replies
    1. I'm not really sure what you're asking to be honest...?

      Delete

Comment policy: I enthusiastically welcome corrections and I entertain polite disagreement ;) Because of the nature of this blog it attracts a LOT - 5 a day at the moment - of spam comments (I write about spam practices,misleading marketing and unevidenced quackery) and so I'm more likely to post a pasted version of your comment, removing any hyperlinks.

Comments written in ALL CAPS LOCK will be deleted and I won't publish any pro-homeopathy comments, that ship has sailed I'm afraid (it's nonsense).