Twitter’s new DM options: To combat spam or invite more?
By Chester Wisniewski October 30, 2013
- Twitter’s new direct message changes could have far-reaching implications for security and privacy
- Seems to be an extreme response to a largely solvable problem but beyond that, isn’t earth-shattering
NEWS has been spreading that Twitter is slowly introducing changes to how it handles direct messages (DMs) and control the types of links that can be sent through DMs from non-verified accounts.
These changes could have far-reaching implications for Twitter users' security and privacy.
My first thought when reading this news was “Wow, what an odd way of admitting defeat in the fight against spam.”
Twitter has not rolled out these changes to all users, but it would appear that links in DMs to URLs other than Facebook, Twitter and Instagram will be blocked.
I might strongly recommend against clicking links in email, but Google, Yahoo!, Microsoft and AOL don't remove links from email messages.
A frighteningly high number of blogs might be compromised by cybercriminals, but I wouldn't suggest Chrome, Firefox, Safari and Internet Explorer render links unclickable.
Restricting the ability to send private links rather than filtering out spammy or malicious ones could discourage users from sharing content on Twitter rather than other private messaging services like SMS, Facebook Chat or MSN Messenger.
I wouldn't normally object to policy changes that could prevent users from being exposed to unwanted messages or malicious content, but this seems to be an extreme response to a largely solvable problem.
The second change appears to be the ability for users to receive direct messages from users they do not themselves follow. This is being rolled out slowly though a new account setting.
This might be particularly useful for organisations that provide customer service and technical support via Twitter and want to have private communications with customers without already having had to follow those users.
At the time of this writing, none of these changes are available on my accounts, but some are writing about the changes being implemented on their accounts.
This is likely a very bad idea for regular everyday Twitter users though. It is a bit of a blanket invitation for unwanted solicitations.
Other services that allow for private messaging have had to implement the blocking of unsolicited messages. If Twitter changes this option to be the new default it will likely end in tears.
Bottomline? Nothing earth shattering.
Check your Twitter settings and be sure ‘Receive direct messages from any follower’ is unchecked once it is available in your profile.
If Twitter blocks you from sending links to your friends through DMs, use another medium. It isn't really such a bad thing to avoid clicking shortened links when you don't really know where they might lead you anyhow.
Look on the bright side: At least they aren't trying to use your profile to promote products or removing privacy choices.
Chester Wisniewski is a senior security advisor at Sophos Canada. This article first appeared on the Sophos Naked Security blog here, and is being reprinted here with its kind permission. Sophos is headquartered in Boston, US and Oxford, UK.
Slew of stuff from Sophos, from freebies to Twitter malware alert
Social networking: Is your status update also a red flag?
Asia, the new breeding ground for spam, says Sophos