$3k Bug Bounty - Twitter's OAuth Mistakes

by @edent | # # # # # | 2 comments | Read ~11,782 times.
A Twitter login screen. Highlighted is the information that it cannot access your DMs.

Imagine the scenario. You're trying out some cool new Twitter app. It asks you to sign in via OAuth as per usual. You look through the permissions - phew - it doesn't want to access your Direct Messages. You authorise it - whereupon it promptly leaks to the world all your sexts, inappropriate jokes, and […]

Continue reading

Twitter's Secret "Guest Mode"

by @edent | # | Read ~21,803 times.
Twitter's guest mode displayed on a TV.

Twitter has an undocumented feature which lets you follow accounts without being logged in. Here's how I found it, and how you can use it. My crappy old TV has a crappy old web browser on it. One boring Sunday, I decided to see which websites worked and which didn't on a 6 year old […]

Continue reading

How to avoid JPG compression on Twitter

by @edent | # # # | 6 comments | Read ~2,694 times.
Screenshot of a graphics editor. One pixel has been removed from the image.

Let's talk image compression! Services like Twitter will often apply aggressive levels of compression in order to reduce their storage space and decrease download times. This can have negative consequences for usability and image quality. Here's an example - this detail of a logo from my former employers, Vodafone. Solid red - with some fine […]

Continue reading

A curious way to break Twitter's search results

by @edent | # # # | Read ~162 times.
Screenshot of a tweet. The HTML is malformed.

(This isn't really a security issue, although I've disclosed it to the Twitter team.) "Fuzzing" is a computer science term which means "sending weird data into a program and seeing what happens." It's a useful way to see how your code can break in new and unexpected ways. It's particularly good at showing what a […]

Continue reading

An Animation of Every Emoji

by @edent | # # # # # | Read ~298 times.
A friendly looking chicken stares at you

The Video EVERY EMOJI! pic.twitter.com/2fCUqwu67c — Terence Eden (@edent) October 24, 2017 Download the WEBM version (19MB). The Process Mostly notes to myself, but I thought you lot might be interested 🙂 Get Every Emoji from Twemoji Twitter maintain the Twemoji Project - it contains high quality SVGs of every emoji. They generously make them […]

Continue reading

Easy Tutorial For Getting Twitter Friends Using Python & Tweepy

by @edent | # # # # | 1 comment | Read ~2,187 times.

Here's a very simple introduction to getting started with Tweepy - a Python program which lets you access Twitter. This will work on small computers like the Raspberry Pi. Everything here takes place in the Terminal on the Command Line. This should work on Windows and Mac - but I'm using Linux. Get Python Open […]

Continue reading

The Twitter Logo As SVG Circles

by @edent | # # | Read ~760 times.

Five years ago, Twitter updated its logo and demonstrated that it could be made entirely of circles. Interestingly, the official Twitter logo doesn't use circles directly. So, here is an SVG I've made which is only circles: Or, without the edges, and no transparency: And the raw code: <svg height="100" viewBox="0 0 100 100" width="100" […]

Continue reading

Stop! You're talking to fake customer services on Twitter!

by @edent | # # # | 4 comments | Read ~679 times.

Ever had a moan at your bank on Twitter? You're not alone - it's one of the most popular ways to interact with large companies. But how can you be sure that you're actually talking to the real customer services team? There's been a worrying rise in the number of fake accounts which attempt to […]

Continue reading

Training Customers To Be Stupid

by @edent | # # # # | 2 comments | Read ~1,329 times.

Companies face a complicated choice. Make things easy for the customers, or make things secure for them. Convenience seems to take priority most of the time. This forces companies to get their customers to risk their own security. In this example, we see Verizon Wireless asking their customers to type their passwords into Twitter for […]

Continue reading

Visualising Twitter Conversations in 2D Space

by @edent | # # | 1 comment | Read ~1,807 times.

Update! The source-code for this app can be found at https://github.com/edent/TweeView Many years ago, I created a threaded conversation viewer for fledgling social network App.net. It was a unique way to flow through a conversation without having to be constrained by the linear vertical scroll of the typical web browser. App.net died - and I […]

Continue reading