Twitter’s Tip Jar Feature Makes It Easier to Dox People
Twitter’s new Tip Jar people can make it easier than ever to dox people you don’t like. That’s certainly not a good thing. At its heart, it’s not the worst idea Twitter has ever had. Through this Tip Jar feature, you can send money to people whose content you consume on the site. Only certain people have access to it right now, such as Twitter accounts with a Verified checkmark. There are a number of problems with Twitter’s Tip Jar, but the biggest is how easy it made it to dox people on the Blue Bird App.
Give Money and See Addresses With Tip Jar
May 6th saw the arrival of Tip Jar on Twitter, and it also immediately revealed how easy it is to dox someone through it. Doxing someone online means you have gained access to personal information, like their home address. Through this people can easily SWAT, harass, or otherwise harm innocent people. If you see the Tip Jar icon, you can send someone money through Paypal, Venmo, or Cashapp. Cashapp and Venmo are safe. They don’t reveal personal information.
The problem comes from Paypal. When you send someone money on Paypal, it’s going to show the physical address tied to that digital account. All you have to do is check the receipt when you’re sending the money, and it’s right there. Rachel Tobac of SocialProof Security noticed this and posted about it on Twitter:
“Huge heads up on PayPal Twitter Tip Jar. If you send a person a tip using PayPal, when the receiver opens up the receipt from the tip you sent, they get your *address*. Just tested to confirm by tipping @yashar on Twitter w/ PayPal and he did in fact get my address I tipped him.”
Seeing an address on Paypal isn’t new, for sure. The problem is that now more people than ever have the potential to get access to this info, and easier. Kayvon Beykpour, Product Lead at Twitter points out that Twitter has no control over this. It’s entirely on Paypal’s side. Twitter is at least adding a warning to Paypal’s Tip Jar. This won’t stop people from getting a dox through Twitter’s Tip Jar though.
Paypal’s suggestion is to tip through the “Friends and Family” option. This way, personal information stays hidden. If using “Goods and Services”, your address becomes visible to the person donating. In addition, Friends and Family also doesn’t allow for refunds. One of the big fears for people using this new feature is that people could also harass users by donating a small (or large) amount, and then immediately asking for a refund. There’s a 20 dollar chargeback applied when a user requests a refund from you. Someone could tip a dollar, and then refund it, leaving the Twitter user with a steep bill. If it’s at all possible to only make Paypal use Friends and Family, that would be preferable.