Twitter has admitted that they “inadvertently” collected and shared iOS geolocation information of their users with their partners. The vague language of the message was also quite frustrating to read as Twitter representatives wrote that circumstances under which they shared sensitive data were “certain.” Sadly, no one bothered to elaborate on what “certain” meant in this particular context.
The Twitter blog post explained that they collected information of users who used iOS devices to log in their accounts without turning off the precise location feature. The company stressed that they were cautious when sharing data and tried to “fuzz” the data by removing precise location and replacing it with ZIP codes and cities. Twitter did not share home addresses and precise locations of its users.
The blog post also mentioned that trusted partners did not receive any information that could allow them to identify users on the platform. The company ensured its users that they fixed the issue and will prevent such problems from happening ever again. All affected users were notified, and the company issued an apology.
This “slight misstep” is concerning due to the language that Twitter used to convey their message. The blog post does not clarify who their trusted partners are and for what purposes they “inadvertently” shared data with them:
Double your web browsing speed with today's sponsor. Get Brave.
“You trust us to be careful with your data, and because of that, we want to be open with you when we make a mistake. We have discovered that we were inadvertently collecting and sharing iOS location data with one of our trusted partners in certain circumstances.
Specifically, if you used more than one account on Twitter for iOS and opted into using the precise location feature in one account, we may have accidentally collected location data when you were using any other account(s) on that same device for which you had not turned on the precise location feature.
Separately, we had intended to remove location data from the fields sent to a trusted partner during an advertising process known as real-time bidding. This removal of location did not happen as planned. However, we had implemented technical measures to “fuzz” the data shared so that it was no more precise than zip code or city (5km squared). This location data could not be used to determine an address or to map your precise movements. The partner did not receive data such as your Twitter handle or other unique account IDs that could have compromised your identity on Twitter. This means that for people using Twitter for iOS who we inadvertently collected location information from, we may also have shared that information with a trusted advertising partner.
We have confirmed with our partner that the location data has not been retained and that it only existed in their systems for a short time, and was then deleted as part of their normal process.
We have fixed this problem and are working hard to make sure it does not happen again. We have also communicated with the people whose accounts were impacted to let them know the bug has been fixed. We invite you to check your privacy settings to make sure you’re only sharing the data you want to with us.
We’re very sorry this happened. We recognize and appreciate the trust you place in us and are committed to earning that trust every day.”
Sensitive personal information is a valuable commodity and many companies are willing to pay for it dearly. It creates incentives for social media platforms to keep “spying” on their users and collect any data that they can get their hands on. Recent scandals involving Facebook and Cambridge Analytica were eye-opening for many people. Facebook recently filed a lawsuit against another marketing agency Rankware from South Korea.
Social media giants regularly blunder when it comes to managing and sharing sensitive data of their users. Twitter admitted their mistake and fixed it as soon as possible which is a good thing. However, such mistakes and “bugs” should not go unnoticed. Next time, Twitter may share even more sensitive data with their “trusted” partners in “certain circumstances.”