Personal Tech

Twitter users complain 'private' Circle posts aren't

Sorry, make that Titter. We can explain

Netizens using Twitter's Circle feature may want to take note here.

Stuff posted in a Circle is supposed to only appear to those selected to be in that Circle, yet some tweeters claim their Circle-limited tweets are sometimes appearing in public timelines, contrary to expectations.

This issue was pointed out by multiple Twitter users this week who created posts that were seen and liked by individuals not included in their Circle, something that should be impossible by the social network's own description of the feature.

"People who are currently in your Twitter Circle can see any Twitter Circle Tweets you've shared," Twitter's Help Center for Circle reads right now. "Twitter Circle is for sharing the Tweets you only want to share with the people you choose to see them," the help page continued. 

According to Kubernetes SIG security co-chair Ian Coldwater, that's not the case. "I made a Twitter Circle with one person in it and posted this tweet for science. Two people I don't follow saw the tweet & liked it. One of those people doesn't follow me either," Coldwater said on Twitter. Other users expressed similar findings, saying that the bug may hurt whatever trust is left in Twitter.

Twitter Circles are a way for Twitter users to limit the reach of their tweets to only the people they choose, such as family or coworkers, to include in their Circle. Tweets posted to a Circle can't be retweeted or shared, and up to 150 people can be included in one's Circle, or so that's the idea. Conversely, Circle members can't leave unless they unfollow or block the person managing the Circle they're a part of. 

In this vulture's experiment with the issue, Twitter Circle seems to be working properly at this point. Those asked to see if my test tweet could be viewed were unable to see it from outside my Circle.

In a message to The Register, Coldwater said they didn't believe there was much consistency in how the bug was displaying tweets meant for Circles, as "the people who expressed they could see it on their For You page aren't really people I interact with much at all, and people who actively went looking for that last one couldn't see it when they tried."

Coldwater said they haven't seen evidence of Circle tweets being searchable or discoverable on purpose, only that they appear to be showing up in the For You timeline of recommended tweets, which they definitely shouldn't be doing.

It's not immediately clear what's causing the issue, though bugs and breakdowns in Twitter's systems do attract attention, at least, since billionaire Elon Musk took over the platform and axed more than half of the biz's 7,500 employees.  

Twitter's comms team was among the bird site's staff cuts, and the company's press email account now only responds with a poop emoji, as it did when we inquired about this latest issue. We also attempted to elicit a response by tweeting at Twitter's developer-relations account, but didn't receive any reply. 

Fair enough, as the remaining Twitter staff is likely busy ensuring Kremlin-linked accounts are able to tweet missives to the whole of the platform again, after previously being restricted, and painting over the W on Twitter's HQ logo – making it spell Titter rather than Twitter – after the company's landlords (who may be looking for any reason to evict Musk and friends) told them they weren't happy with the letter being covered by a tarp last week.

Then there was the Substack fiasco: newsletter subscription biz Substack launched a Twitter-ish microblogging feature called Notes, which upset Musk so much, he restricted people's ability to share links to Substack and engage with tweets about the competitor. He's since eased up on that, though searching for 'Substack' on Twitter reportedly returned results for 'newsletter'.

It's also worth noting that the exposure of Twitter Circle posts could be considered a data privacy breach under EU law, noted privacy lawyer Whitney Merrill.

If that's the case, toss it on the pile with the other concerns the EU has with Twitter's current regime. Regulators in Europe have expressed concern that the gutting of Twitter's staff would make it difficult to protect user security and privacy. Germany, meanwhile, has threatened to fine Twitter €50 million ($54.7 million, £43.8 million) over violating hate speech laws by failing to toss out Nazis and similar.

Finally, Twitter is under fire for not being totally transparent about the political ads it runs. ®

Send us news

Twitter grew an incredible '1.6%' since Musk's $44B takeover. Amazing. Wow

No doubt thanks to Vladi5555, KremLinda1776, RealAmericanPat22, etc etc

FBI, cyber-cops zap ~1K Russian AI disinfo Twitter bots

RT News snarks back after it's accused of building social nyet-work for Kremlin

Microsoft ad subsidiary Xandr accused of violating GDPR

Access, deletion requests go ignored, and consumer profiles contradict themselves, complaint alleges

EU officials say X’s paid-for blue check deceives users and breaks law

Preliminary findings also claim platform not compliant with DSA requirements for transparency, research access

Peloton faces lawsuit over claims it pedaled past privacy

Chat widget allegedly fed data to third party, which used it to train AI without telling customers

War on Texas law requiring ID to savor smut online heads to Supreme Court

Talk about painfully invasive processes

Latest Ghostscript vulnerability haunts experts as the next big breach enabler

There's also chatter about whether medium severity scare is actually code red nightmare

Antitrust cops cry foul over Meta's pay-or-consent ultimatum to Europeans

Facebook, Instagram gobble up same data whether you hand over cash or not

America's best chance for nationwide privacy law could do more harm than good

'Congress has effectively gutted it as part of a backroom deal'

Google's Privacy Sandbox more like a privacy mirage, campaigners claim

Chocolate Factory accused of misleading Chrome browser users

What's up with Mozilla buying ad firm Anonym? It's all about 'privacy-centric advertising'

Is such a thing possible for an industry that never respected people's wishes?

Google’s attempt to kill off child privacy app advertising lawsuit defeated

Won't somebody pleeease think of the ... oh, right, they are