The idea of Twitter’s ‘Tip Jar’ is great : with this system it will be possible to send money to another user to support him if you like what he posts on Twitter. The feature has already started to roll out, but it has done so with certain associated privacy issues.
A cybersecurity researcher named Rachel Tobac has indicated that sending a tip via PayPal could reveal your physical address, which is unnecessary and can pose significant privacy concerns.
Your physical address can be prevented from being shared
The physical address of the tip sender is not always disclosed. The ‘Tip Jar’ feature lets you choose between multiple payment providers to tip the Twitter user. If you use PayPal, the recipient will see your physical (postal) address when they receive that money.
One of the top product managers on Twitter, Kavyon Beykpour, explained that this problem exists because of Payal’s own operation. ” We cannot control the disclosure of the physical address,” he explained, “but we will add a warning for people who tip through PayPal so that they are aware of this.”
Can you avoid showing the physical address? Those in charge of PayPal explain that yes, and that this disclosure only occurs if you send the tip as “goods and services”. If you choose another category such as “friends and family” your physical address will not be shared or revealed to whoever receives that money.
In addition to that problem, another expert named Ashkan Soltani discovered that this Twitter feature also reveals the email of the tip recipient (the one associated with their Twitter account) even when you don’t send them money.
As Soltani later clarified, the problem affects users who do not have an alias configured in the PayPal.me service : it is in those cases that PayPal reveals their email addresses.
Tip Jar is currently in beta and is not available to all users, but revealing data such as physical address or email is something that raises privacy concerns on both ends.
Although in its FAQ Twitter warns that information could indeed be shared “with the recipient or others” such as the full name or address, it does not seem likely that many users will consult that document before using the feature. It remains to be seen if PayPal and Twitter manage to fix the problem.