What is Twitter's Tip Jar — and what are the security issues?
Social media giant Twitter has today unveiled its Tip Jar functionality — a new way for Twitter users to directly monetise their work via their followers.
Does what it says on the tin. You can tip Twitter users that have the function if you like their Tweets, or other output shared on the platform.
Kind of like once-off payment service Ko-fi, or recurrent subscription platforms like Patreon, except, one assumes, it keeps you on Twitter while you're doing it.
Working at creating content is: a) hard, and b) very insecure, especially if you're freelance.
You'd be hard-pressed to find a freelance journo, comedian, streamer, etc. that wouldn't welcome the income after the Covid-19 crisis.
Plus, y'know, we all use the platform, and we've all wished we could support our favourites better at some point.
This, as it turns out.
Huge heads up on PayPal Twitter Tip Jar. If you send a person a tip using PayPal, when the receiver opens up the receipt from the tip you sent, they get your *address*. Just tested to confirm by tipping @yashar on Twitter w/ PayPal and he did in fact get my address I tipped him. https://t.co/R4NvaXRdlZ pic.twitter.com/r8UyJpNCxu
— Rachel Tobac (@RachelTobac) May 6, 2021
Journalists Rachel Tobac and Yashar Ali went poking and prodding at Tip Jar's processes and found that if you tip via the functionality's PayPal option, and select 'goods and services', the postal address on your provided PayPal account will be visible in receipts.
This leaves users potentially open to abuse so that's a bit worrying.
Twitter was on the scene pronto after this tweet, with product lead, Kayvon Beykpour, working with the journos in question to establish the issue.
It's not on Twitter's end, apparently.
this is a good catch, thank you. we can't control the revealing of the address on Paypal's side but we will add a warning for people giving tips via Paypal so that they are aware of this.
— Kayvon Beykpour (@kayvz) May 6, 2021
If there's a Tweeter you must tip your hat (or the contents of your wallet) to, be sure to use your card directly, or select other options in PayPal, such as 'family and friends', when doing so.
