Twitter

Another Twitter secuirty alert

Yet again we are reminded of how easy it is to access personal information online, but thankfully this time it proved to be a false alarm.

First reported by the L.A Times that there had been another security loophole found in Twitter. Apparently you could see private tweets by performing a simple search on Google using the 'site:' operator and typing twitter.com/username. As many users found out, it appeared they could view the private Tweets of former President Bill Clinton.

But amidst the rumours, Harrison Hoffman of the Cnet Blog network discovered it was a bit of a false alarm. The error arose because the tweets belong to "notbillclinton" from when someone owned the "billclinton" Twitter account.

So if your Twitter account has been private since its creation you should find that none of your tweets have been indexed by Google. On the other hand if you have at some point made your account public, then the tweets indexed at that time will probably still show in the results.

There have been a number of security gaffs in the social application since its incision. At the start of the year we saw the hacking of celebrities' accounts, followed by DDoS attacks and most recently, an indexing error surrounding the robots.txt file. David Naylor, a UK SEO expert reported how Twitter had incorrectly modified their robot.txt file, as he explains below:

"Twitter have added:

"# Repel the robot invasion of sub-domains
User-agent: *
Disallow: /

What they should have done is :

m.twitter.com

All of Twitter's content is currently available in the organic rankings via twitter.com and m.twitter.com. they could have corrected this so the mobile version of the site is only available from Google Mobile and also that Twitter.com isn't available from Google Mobile.

The solution is to block GoogleBot-Mobile indexing twitter.com by placing the following in the "twitter.com/robots.txt" file:

User-agent: Googlebot-Mobile
Disallow: /

Then they should block GoogleBot from m.twitter.com by placing the following in the "m.twitter.com/robots.txt", but still allow the Googlebot-Mobile:

User-agent: Googlebot
Disallow: /

User-agent: Googlebot-Mobile
Allow: /"

But it begs the question if Twitter doesn't want to be indexed - why is Google indexing it? Also, since Twitter added the rel="nofollow" attribute to all links automatically via its API (which resulted in another security flaw!) why Google is not following its own rules and not indexing links with the "rel=nofollow" attribute? So, if you don't want to compromise your online privacy don't post details to social sites. Ever.

Like this article? Get the RSS feed: