Preserving Deleted Tweets


Go take a look at this tweet https://twitter.com/edent/status/650948940431511552.

You can't - I deleted it! I've been looking at how to track politician's deleting tweets, when it occurred to me - is there any way to prove that a Tweet ever existed?

Deleted Tweets-fs8

It's possible to automatically take a screenshot of a page, but screenshots can easily be manipulated.

So, can we preserve deleted tweets with reasonable proof that the Tweet existed?

I think the answer is yes - although it's cumbersome, difficult to automate, and not hugely easy to understand for the average person.

Twitter provide an API which allows you to retrieve Tweets. By itself, this isn't enough to create proof that a Tweet existed - all it supplies is a JSON file which, again, can easily be forged.

Twitter offer an Apigee console - it allows developers to work with the Twitter API and, crucially for our purposes, allows responses to be saved as a snapshot.

Here's the output from Apigee snapshot - have a scroll through it.

As you can (hopefully) see, it contains the contents of the deleted Tweet and all its associated metadata. It's not particularly easy to read - but it's also fairly hard to forge.

There's no way that I can find to automate the creation of these snapshots. But, on the other hand, they don't seem to expire.

It's also possible to do the same for Direct Messages.

All this shows that once you've published something on the Internet, you can never regain control of it. Data can be copied, preserved, and used against you. Careful now.

(Note - use of the data this way may constitute a breach of Twitter's Terms of Service and Developers' Agreement - hence why I've only used this on my own data. Only use this knowledge for good, yeah?)

5 thoughts on “Preserving Deleted Tweets

  1. I don't understand what you're trying to say in this article. Are you saying that the Twitter API call to retrieve an individual tweet has a bug in that it fails to check the 'deleted' flag?

    1. No, I'm saying once you make an API call, it's possible to save the response in a way that can't be tampered with. Apigee are Twitter's official partner, so there's a high level of trust that what they are showing you *once* existed on Twitter's servers.

  2. I've toyed with the idea of scripting a download using modified TLS libraries that will preserve all of the required cryptographic state in a format that can be viewed and verified to have been signed by a certificate issued to a website at a later date. It'd be a pretty deep dive, though.

    There's also archiving websites (ie, archive.is), but they are pretty public. My concern is more saving things for use as evidence without making them publicly available.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.