What a mess. No sooner had Twitter unveiled its new Tip Jar feature, which would allow anyone using the app in English (at least during the rollout) to send money to a small handful of Twitter users whose work they would like to support as major users Data protection deficiencies.
Normally I would take this time to complain about how annoying slow feature rollouts are, but I’m grateful that Twitter doesn’t allow everyone to set up their own Tip glasses right now. There are a handful of feature issues associated with using PayPal to fund these tips – one of the many payment options available – and they are important before you accidentally send your home address to someone random on the internet, for example.
This potentially catastrophic risk to your privacy was first exposed by security researcher Rachel Tobac, who shared her findings (where else?) In a tweet:
While Twitter plans to take additional measures to inform users that their personal information may be disclosed as part of the tipping process, this entire problem is PayPal’s problem. I didn’t hear a peep from that.
G / O Media can receive a commission
As more people started digging into PayPal-based tips, a few more privacy issues popped up. For example, if you set up a tip jar and link it to PayPal, but don’t have one PayPal nicknameAnyone who initiates a tip (no, they don’t actually have to complete the transaction) can see the email address you linked to PayPal. If that’s your personal email address you’d rather not have in the wild, then you’re out of luck. Better set up this nickname ASAP.
We are not finished yet. If you take a closer look at Rachel’s tweet from above, you’ll see that PayPal takes a fee as part of the tip transaction:
This shouldn’t come as a surprise to anyone who has used PayPal to send money. But there’s an odd interplay between fees and privacy that you need to know about in order to tip someone for their Twitter work.
My advice? Do not use PayPal for these transactions at all. If you have to tip someone on Twitter – a practice I wholeheartedly encourage if you find value in their work or in their jokes – fund them entirely through another service. You can currently choose from Bandcamp, Cash App, Patreon and Venmo, which should be more than sufficient for the occasional random donation. Keep PayPal if information like your address is really important (eBay). Do not give this information to all Twitter users, at any cost.
