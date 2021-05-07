Twitter’s ‘Tip Jar’ idea is great: with this system it will be possible to send money to another user to support him if you like what he publishes on Twitter. The feature has already started rolling out, but it has done so with certain associated privacy issues.

A cybersecurity researcher named Rachel Tobac has indicated that if you send a tip via PayPal, that could reveal your physical address, something that is unnecessary and that can raise significant privacy concerns.

Your physical address can be prevented from being shared

The physical address of the tip sender is not always disclosed. The ‘Tip Jar’ feature lets you choose between multiple payment providers to tip the Twitter user. If you use PayPal, the recipient will be able to see your physical (postal) address when they receive that money.

Huge heads up on PayPal Twitter Tip Jar. If you send a person a tip using PayPal, when the receiver opens up the receipt from the tip you sent, they get your * address *. Just tested to confirm by tipping @yashar on Twitter w / PayPal and he did in fact get my address I tipped him. https://t.co/R4NvaXRdlZ pic.twitter.com/r8UyJpNCxu – Rachel Tobac (@RachelTobac) May 6, 2021

One of the top product managers on Twitter, Kavyon Beykpour, explained that this problem exists because of Payal’s own operation. “We cannot control the disclosure of the physical address“, he explained,” but we will add a warning for people who tip through PayPal so that they are aware of this. “

Can you avoid showing the physical address? Those responsible for PayPal explain that yes, and that that disclosure only occurs if you send the tip as “goods and services”. If you choose another category such as “friends and family” your physical address will not be shared or revealed to whoever receives that money.

In addition to that problem, another expert named Ashkan Soltani discovered that this Twitter feature also reveals the recipient’s email of the tip (the one associated with their Twitter account) even when you do not send them money.

Warning all: @ Twitter’s new “Tip Jar” feature reveals the recipient’s email address that’s linked to their account, even when you don’t send them any actual money (I got permission from @jason_kint to show his email in this video) Thread here: https://t.co/Z6WFuXSlgO https://t.co/e8f9J58db7 pic.twitter.com/6u4Vjwkinf – ashkan soltani (@ ashk4n) May 7, 2021

As Soltani later clarified, the problem affects users who do not have an alias configured in the PayPal.me service: It is in those cases that PayPal reveals your email addresses.

Tip Jar is currently in beta and is not available to all users, but information such as physical address or email is disclosed it is something that raises privacy concerns on both ends.

Although in its FAQ Twitter warns that information could indeed be shared “with the recipient or others” such as the full name or address, it does not seem likely that many users will consult that document before using the feature. It remains to be seen if PayPal and Twitter manage to fix the problem.