Twitter recently began testing out a new feature that allows users to tip select profiles to help support their work but concerns have arisen regarding senders having their PayPal information exposed.
English-speaking users of the social network's iOS and Android apps can now send tips through the company's Tip Jar to creators, journalists, experts and nonprofits around the world.
Twitter users interested in tipping the account holders of their favorite profiles can do so using a variety of payment methods including Bandcamp, Cash App, Patreon, PayPal and Venmo. While the company doesn't take any cuts from these tips, the payment networks themselves may charge users a small transaction fee for tipping.
- We've compiled a list of the best identity theft protection services
- These are the best firewalls on the market
- Also check out our roundup of the best social media management tools
Senior product manager at Twitter, Esther Crawford provided more details on how this new feature works in a blog post, saying:
“You’ll know an account’s Tip Jar is enabled if you see a Tip Jar icon next to the Follow button on their profile page. Tap the icon, and you’ll see a list of payment services or platforms that the account has enabled. Select whichever payment service or platform you prefer and you’ll be taken off Twitter to the selected app where you can show your support in the amount you choose.”
Exposed PayPal information
Within a few hours of the Twitter's Tip Jar rolling out though, some users on the social network discovered that due to the way in which PayPal works, the shipping addresses of those tipping other users could be exposed online.
Hacker and CEO of the white hat hacker company focused on social engineering Social Proof Security, Rachel Tobac explained how this works in a tweet, saying:
“Huge heads up on PayPal Twitter Tip Jar. If you send a person a tip using PayPal, when the receiver opens up the receipt from the tip you sent, they get your *address*. Just tested to confirm by tipping @yashar on Twitter w/ PayPal and he did in fact get my address I tipped him.”
Thankfully though, the solution to this potential issue is quite simple as those using PayPal to send tips via Twitter's Tip Jar can select “No address needed” under the Shipping Address form before sending a payment on the social network.
Twitter has since updated its tipping prompt and Help Center page on its website to clarify that other apps such as PayPal may share information between those sending and receiving tips.
- We've also highlighted the best antivirus
Via BleepingComputer
