Twitter yet Again Embroiled in Controversy as a new Trick for Spreading Misinformation through Tweet URL Surfaces!

BAD NEWS ALERT! At a time when Twitter is trying its best to tackle spam and abuse on the platform, another manipulation technique has surfaced that can be used for spreading spam, fake news and abuse on Twitter.

It should be known by now that the URL for accessing any tweet is a combination of username and the tweet-status-id. Guess what? The username part is unnecessary for fetching a tweet and just the id is required.

A number of URLs can be generated with the same tweet ID but different usernames and the tweet that popped up in each case will be the same.

For example, here's a link to a recent tweet by official Twitter account:
https://mobile.twitter.com/Twitter/status/1138558731271229440

However, we can visit the same (above) tweet by replacing the username "Twitter" with another username:
https://mobile.twitter.com/digitaliworld/status/1138558731271229440

Both URLs are different but they lead to same address.

If not handled timely, this approach can result in a lot of false information being spread and impersonation claims. For example, people with ill-intentions can make it seem like a tweet is promoted by someone (who in real life might not even be aware of the tweet’s content) through redirection.

Security researcher Davy Wybiral crafted a link in such a way that the username part of the URL contained Donald Trump’s username but upon clicking the link, the user would be redirected to one of Davy’s tweets (the one to which the id was pointing).

On Desktop, extra effort might be required to make the manipulation successful as the redirect is quite visible in the address bar. On mobile devices however, the redirect isn’t visible and thus, the trick’s success rate is high for users accessing the tweet via mobile.

BleepingComputer (BC) proved that the trick can even be used for impersonation purposes. A tweet was created with the username of National Security Agency in the URL and id of an account controlled by BC itself. The profile name was changed to make it seem like the actual NSA account and relevant images were also added.


Impersonation is unacceptable in its own right but this behavior can also be implemented to redirect users to various types of scams.

It’s a well-known fact that Social Media Platforms, due to their impact on the entire world, are being used to spread misinformation. Facebook has been a victim for quite a long time now. Twitter has had its fair share of controversies as well.

Even though Twitter is working nonstop in getting the platform rid of such problems and even took down 5,000 fake accounts registered for state-backed activities, it’s not enough to balance out the spam or questionable activities that have been transpiring lately.

While talking to BC, Wybiral mentioned that selecting inactive accounts’ handles can be used to abuse the platform as well due to Twitter’s loose policy of allowing anyone to select a username that is no longer in use.

Thus, users with intentions to cause harm can easily look up the accounts that have been abandoned and pick up the desired handle. When they are asked to verify, they can simply use references to the old account to their advantage.

Thus, a lot of work needs to be done to cleanse the platform from these malicious acts.

Twitter URLs Can Be Manipulated to Spread Fake News and Scams
Photo: NurPhoto / Getty Images

Read next: Twitter Executive Said Many of the Things Considered Abusive by Some are not Necessarily Against the Platform's Policies

No comments:

Post a Comment