Twitter recently partnered with PayPal and other payment providers to offer a ‘Tip Jar’ feature, but the technology inherits settings that means a recipient sees a donor’s email and physical addresses.
The privacy-busting aspect of the technology was demonstrated by hacker and security education specialist Rachel Tobac, who used the Tip Jar facility to send a test donation to her colleague Yashar Ali, a New York Magazine contributor.
Donor exposure
“If you send a person a tip using PayPal, when the receiver opens up the receipt from the tip you sent, they get your address,” Tobac explains in a Twitter thread documenting the donation process and its privacy implications.
Tobac uploaded a screenshot of an obfuscated receipt that showed that recipients of tips would see both the email address and physical address of donors to the PayPal Twitter Tip Jar.
“Be careful using PayPal Twitter Tip Jar – this is a hallmark of PayPal rather than Twitter of course but it impacts Twitter users who may not know that their address is leaked by PayPal to tip receivers,” Tobac warned.
Tobac argues that PayPal needs to make it “crystal clear which data is given to money receivers and stop sharing that data”. Twitter, meanwhile, needs to educate users of the tipping service about what info tip receivers get when using PayPal.
In response, Twitter acted promptly to offer a revision of its wording so that it’s clear Tip Jar donations made through PayPal are not anonymous.
“We’re updating our tipping prompt and Help Center to make it clearer that other apps may share info between people sending/receiving tips, per their terms,” a message from the official Twitter Support account explained.
The Daily Swig asked Tobac if she’d had any feedback from PayPal, as well as whether other Tip Jar payment options might offer better privacy controls. We’ll update this story when more information comes to hand.
Tobac’s insight sparked a lively debate among security researchers with several, including Brian Krebs and Marcus Hutchins, noting how fraudulent donations made using stolen credit cards could be used to leave recipients out of pocket through chargeback fees.
Source: https://portswigger.net/daily-swig/researcher-calls-out-privacy-flaw-in-twitters-new-tip-jar-donation-feature