Stuff that occurs to me

All of my 'how to' posts are tagged here. The most popular posts are about blocking and private accounts on Twitter, also the science communication jobs list. None of the science or medical information I might post to this blog should be taken as medical advice (I'm not medically trained).

Think of this blog as a sort of nursery for my half-baked ideas hence 'stuff that occurs to me'.

Contact: @JoBrodie Email: jo DOT brodie AT gmail DOT com

Science in London: The 2018/19 scientific society talks in London blog post

Showing posts with label locked account. Show all posts
Showing posts with label locked account. Show all posts

Sunday, 15 November 2015

Echofon is (sort of) a hacker-tool for Twitter

Echofon is a third party Twitter app which I use, as the free ad-supported version, on an iPhone. I also (primarily) use desktop Twitter on Firefox. Over the years of using both concurrently I've drawn a few conclusions about the differences between the two, which boil down to.

Echofon...
1. Tells you what app or platform someone's used to send a tweet
2. Lets you see the tweets of someone who's blocked you
3. Lets you see the (previously public) tweets of someone who's recently (within 5 days or so) made their account private - I think they might have now fixed this but haven't tested much (8 Dec 2015)

I daresay other apps will let you do these too.

1. What app?
In the tweets below you can see that one says sent 'via Twitter Web Client' which means I sent it from my computer and the other 'via Echofon' which means I sent the tweet from my phone's app.


There probably aren't many times you'd need this information but I have used it in a vaguely 'forensic' sense to help someone strongly indicate that someone else sent a tweet themselves and that it wasn't automated. A big caveat is that the 'via Twitter Web Client' would also appear if I had used the Chrome browser app on my iPhone to send a tweet.

2. See tweets if blocked
I had been blocked by a homeopathy enthusiast for some time, without realising it, because their tweets showed up on the #homeopathy hashtag which I occasionally entertain myself with on desktop Twitter. If I click on their username on desktop it tells me I'm blocked but if I click on their name on Echofon it just shows me all their tweets, followers / following etc. Echofon doesn't appear to distinguish accounts blocking me from accounts not blocking me - I can't favourite or retweet a tweet, but otherwise if I was using only Echofon I'd probably not realise.

On any app or platform (possibly with the exception of Twitter for Android) you can simply search the person's username to see alll of their tweets (and replies. To see only their tweets use from:name). Or log out, of course.

3. See newly locked accounts
This was a new one to me and I only noticed it today. Via Echofon I've spotted a tweet sent 17 hours earlier and another one sent within 48 hours that both showed up in search results, from accounts that have since locked their accounts and which I don't follow. Clicking on the account's name in both cases tells me that I can't see their tweets and that their accounts are private. However searching for from:username brings up what I think are all the tweets they sent before locking their account.

This is probably shortlived and I expect in a few hours or days I won't be able to do this for either of those accounts, assuming that there's some time-restricted window that, once passed, means I won't be able to see any of their tweets (public tweets are also cached by Google so may still be visible until Google re-indexes them, and finds that it can't and removes them). I can't see who they follow or are followed by though.

 I can see (on 14 Nov) the tweets sent by someone on 10 Nov before they made their account private. From tweets sent in reply to them later it seems their later tweets don't show up.

Twitter's information about public / private tweets https://support.twitter.com/articles/14016#

Free ad-supported Echofon is also very annoying in that it regularly and frequently auto-opens the App Store on the iPhone in an attempt to get you to buy in-app purchases. It did it 7 times in 45s once but that's unusual, it goes through phases of not doing it for ages and then does it once every 20 seconds for a short while. On an iphone quickly double-tap the home button at the bottom to minimise all apps then swipe upwards on the trying-to-open-itself App store. 





Posted by Jo at 00:06 0 comments
Labels: , , , , ,

Saturday, 7 December 2013

It is not possible to view private tweets but here's what to be aware of to protect your account

by @JoBrodie, brodiesnotes.blogspot.com

This post exists because so many people found my blog while searching for "how to read private Twitter accounts" so I wrote this for them - updated July 2016.


You cannot read tweets from someone who's made their account private (locked) unless you're following them, or you've broken in (definitely a bad idea) or using someone else's account to read (possibly a bad idea).

If you've made your account private be aware that others can get a lot of info about your private account from replies sent to you. [26 July 2016]

Summary of main post
You cannot view someone's tweets if they've protected their account (locked it), unless you are following them. If you view their profile you'll just see something saying like 'this user has protected their tweets', and that's pretty much the end of it.

However I think people should be much more aware that people can infer a great deal about what a protected account is tweeting simply by looking at the tweets sent in reply (eg search for to:theirname or @theirname to see tweets sent to the account, eg to see tweets sent to me type to:jobrodie or @jobrodie into Twitter search).

More detail and explanations (and things to watch out for) below.




More detailed information
To the best of my knowledge it is now not possible to see the tweets of a protected account unless you're following them, or have stolen their password or the password of one of their authorised followers or some other morally and legally iffy technique (bad idea). 

If someone doesn't want you to read their tweets, then it's much nicer if you just respect that. But here are some suggestions for ignoring that, written more in the spirit of warning people with protected accounts what to watch out for from sneaky folk than helping sneaky folk, though it obviously does help them. Think of it less as "how to annoy someone" and more as "how to thwart annoying people".

1. Follow them, if they'll let you
If someone has locked their account to make it private then it is not possible to see what they've said unless you follow them... so the obvious first step is to try and follow them.

Click the follow button and hope for the best.

1b (i). Create a secondary account
If they know who you are and don't want you to follow them then you'll not have much luck unless you change your name or create a new account. Simply changing your username is imperfect as it's pretty easy to see if you're still the same person they didn't want following previously

1b (ii). Make sure your email address doesn't give you away
Be aware that if they have your email address in their contacts and allow Twitter to 'find their friends' then your new account will show up, unless you untick the Discoverability setting which lets people find you via your email. I believe this is OFF by default.

An interesting conceptual equivalent to this is people who create anonymous blogs but use the same Google Analytics code as they do on their other (non-anon) sites. Given that Google Analytics codes are unique to one person's account, with modifications of a suffix for each different website, this can give them away.
 
1c (i). Password strength
If you've got a protected account you might want to make sure you've got a difficult-to-guess password as another obvious 'in' is to crack into your account by guessing or phishing for your password. If people can crack your email password that's another source of risk because then they can use the 'forgotten password' to get a reset link sent to the compromised email account.

1c (ii) Password strength of your followers
As Jon points out in the comments below I've missed out a fairly obvious opportunity, which is for someone to read your protected tweets by cracking the account of one of your approved followers.

2. Search for tweets sent to them - infer conversations from what others say to them
Tweets sent to people (often in reply to their own tweets) tell you one half of the conversation. As always it's your friends' responses to your protected tweets that would likely give you away ;)

Just search for their @name in the search bar - to see all tweets sent to me you can type @JoBrodie. There are obviously quite a lot because I've been on Twitter for five years but you can add in keywords to narrow things down a bit.

Note: Echofon apparently will show you the private tweets of recently blocked accounts. Search for from:username to see the tweets.

3. Storify / screenshots in blogs / manual retweets / look at their phone
See if you can find their tweets in Storify or other archiving places. Storify traps tweets even after they've been deleted so it seems reasonable to suspect that it will keep them even after someone's account goes private.

By contrast embedded tweets in blogs will generally disappear because the bit of code will stop working if the original tweet is deleted or the account made private. Any blog posts that used screenshots to reshare a tweet won't be affected of course.

*Embedding a tweet means that each time the blog post loads the tweet it calls on Twitter to display it and if it's no longer publicly available then it won't show up.

If your account is private then your followers cannot retweet you as the retweet button is not offered to them. However they can still see the text of your tweet and interact with it. If they want to there's nothing to stop them from copying and pasting the text and retweeting you manually. I have done this - with permission I hasten to add - when someone tweeted something really interesting that I thought deserved wider sharing.

Tweets viewed on any screen can also be snapped as a screenshot.

Jon (in comment below) also points out that someone just has to gain access to your phone to see your protected tweets or the tweets of any protected account that you're authorised to view.

4. What about authorised third-party apps?
I don't know if it's possible for people or companies who've created Twitter apps to access someone's protected tweets. To read Twitter on my iPhone I use an app (not the Twitter app) and of course when I'm logged in it shows me my private messages, so the app can obviously 'see' my DMs. The app can see my private messages so it's logical to think that the people who own it might be able to as well, though I doubt they'd bother. I mean more that I don't know how these things are kept separate.

Probably misusing an app for that purpose would be both against Twitter's terms and conditions not to mention possibly illegal under the Computer Misuse Act 1990 (UK) or Computer Fraud and Abuse Act (US).

People who use Echofon can see tweets of private accounts by searching from:username to view - this seems to be a time-sensitive thing and after a period of time the search 'cache' is cleared and this is no longer possible. Glitch now fixed.


5. Answers to specific questions people ask of Google
I have no idea who asked these questions, I just get a list of phrases that people used to search for information on Google and in which my blog appears to them in the search results. 
  • How can you tell if someones twitter acount is private?
    Visit their account page (http://twitter.com/THEIRNAME) and if it says something like "Only confirmed followers have access to @THEIRNAME's Tweets and complete profile. Click the "Follow" button to send a follow request." that's your answer.
  • How can someone find me on Twitter although I have private setting?
    Only your tweets are private. Your Twitter name, bio and any web address details you've included in your bio are public.
  • How can you block someone from reading your tweets even if your profile isn't private? // How do I make it so only confirmed followers can see my tweets but not be private?
    You can't. Blocking someone stops YOU from seeing THEIR tweets in your timeline. You can still visit their page to view all their tweets. They can still visit yours (they mostly have to log out or use third party apps now).
  • If I block someone on twitter and my profile isn't private can they still read my stuff?
    Yes. They can just log out or use a third party app.
  • Can people still see at mentions if private? // Can people see tweets i'm mentioned in if my twitter is private?
    Yes. All they need to do is search on Twitter for @YOURNAME to see all tweets sent to you. They cannot see any tweets sent FROM you unless they follow you.
  • Can private account send mention // Can I still mention someone on twitter even though i'm private?
    Yes, but if they're not following you I think they won't actually be able to see it. 
  • Can you block someone on twitter even when your tweets are private?
    Yes, it just means that you won't see their tweets. They already can't see your tweets if you're private and not following you - there's no additional need to block them.
  • Did this happen because my account is private? you have been blocked from following this account at the request of the user.
    No, that just means that they've just blocked you. If you want to see their tweets you'll have to search for from:theirname or log out to view them.
  • Even tho I'm private on twitter how can people retweet my stuff
    Anyone who is following you is able to manually retweet you (by copying and pasting the words in your tweet). They might also take a screenshot. You can ask them not to but there's not much else you can do other than block them. It's also possible that the account of one or more of your followers has been compromised and someone else is seeing what they see and retweeting that (see 1c(ii) in the main list above).
  • Even though your private should you still see your tweets in search do others
    If you are logged in and search for things on Twitter then if your tweets contain them they'll show up to you, but not to other people. To check, log out of Twitter and search again - your tweets should not show up. An exception is someone using Echofon which may well show search results for 48 hours or so after you make your account private.
Related post
Don't assume that your private Twitter account is all that private (7 December 2012 - I only just noticed that I wrote that exactly a year ago!)

See also
Three fairly cool things you can do on Twitter (apart from tweet obviously) (4 November 2013)


History of this post
A few weeks ago I spotted a spike in the number of incoming searches to my blog from people looking for information on how to read protected tweets. First I wondered if there'd been something happening on Twitter that I wasn't aware of and secondly I wondered why they'd bother looking for that since, as far as I've been aware, it's never been possible to see the tweets of someone who's protected their tweets.

Today I learned that I'd actually been wrong although all the security glitches and workarounds that I've heard of from looking this up on Google appear to have since been fixed.

According to a 2009 LA Times story Google once (inadvertently) displayed protected tweets and it also seems to have been possible to view protected tweets through RSS feeds (again in 2009 but I think this was fixed back then) and Twitter no longer supports RSS anyway.

Glitch, from November 2015 - FIXED

This morning I learned that Echofon (and perhaps other apps) may display private tweets in search results. I spotted one that had been sent 17 hours previously and one that had been sent at 2am on 12 November. The tweets both showed up in search and when clicking on them (as if to reply) they still showed up. I could see the locked icon next to the people's names (I'm not following either of them). Clicking on their profile confirmed that their account was locked and I was unable to see their tweets that way. Presumably this only works on accounts that have made their tweets private within a particular time window, I suspect this won't work forever.

 I was then surprised to find that, again on Echofon, if I searched from:username for this locked account I could see all of their private tweets. At some point their tweets will disappear from search results but I don't as yet know how long that takes.

 Echofon for iPhone is basically a Twitter 'hacker' tool: it lets you see what apps / platforms people are using to send a tweet, it shows you profiles of accounts blocking you and it also lets you see private tweets (of recently-ish locked accounts) in search results.

 For people with locked / private accounts
Be aware that it may take a while before your tweets stop showing up in search, on certain apps. It seems people can see all of your private tweets by searching from:yourname (though this is probably only temporary, so far no longer than 48 hours).

 For people who want to read locked / private accounts
Try from:username or searching for keywords in a tweet you know they sent. Use Echofon for iPhone or other third party app (I doubt this will work on official Twitter apps / platforms though).


Posted by Jo at 13:06 6 comments
Labels: , , ,
Subscribe to: Posts (Atom)