Why Does Twitter Think Facebook is Swedish?

I've nothing against the Swedes. Lovely people. Sweden is the third-largest country in the European Union by area. But I'm not from there. Neither, as far as I am aware, is Facebook.

But Twitter seems to think so.

When I share a link to Twitter on Facebook, this (sometimes) happens.

And sometimes, I get this delightfully mangled Unicode atrocity!

So, what's going on?

When Facebook wants to display a link, its servers send a quick web request to the URL that the user has typed into the box. When Twitter receives that request, it looks at where it has come from and tries to localise its content.

If you're a German, you probably want the Twitter website to be in German. That's fairly sensible. But when you receive a request from one country on behalf of another, what should you do?

Here are the headers which Facebook sends with every request.

User-Agent: facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)
Accept: */*
Accept-Encoding: deflate, gzip
Range: bytes=0-524287
Host: example.com
Connection: keep-alive
IP: 31.13.110.120

That IP address, according to most geolocation databases, is from Ireland - however some list it as being Swedish.

Twitter is, arguably, doing the right thing here. They're seeing an IP from Sweden, and serving it up a Swedish page.

Yes, their IP database is out of date, but even if it wasn't I'm not sure everyone on Facebook want to be reading in Gaeilge or English.

Facebook knows what language the user speaks. It really ought to be including the HTTP "Accept-Language" header in its requests.

It's really easy! All that HTTP request needs is:

Accept-Language: en-gb;q=0.8, en;q=0.7

That means "I want British English, but I'll accept any other form of English".

Hey presto! Twitter will see a request from Sweden / Ireland and rather than dumbly looking at the IP will make an intelligent choice based on the user's language preferences as determined by Facebook.

I spoke to someone informally at Facebook about this. They claimed that this is a user privacy measure. Facebook sending your language preferences to a third party could be an unwanted invasion of privacy. Personally, I think that's a load of rubbish. Could an attacker send you a specially crafted link and find out that you secretly read Facebook in Pashto? Perhaps. But because this doesn't happen all the time, I suspect it's just a piece of sloppy engineering.

As we say in Sweden, "Ibland användbarhet innebär att arbeta lite hårdare för att se till misstag i andra företags datorer påverkar inte dina användare negativt!"