Social media platform promises to warn donors that their address is leaked by PayPal when tipping other users

Researcher calls out privacy flaws in Twitter Tip Jar feature

UPDATED Twitter recently partnered with PayPal and other payment providers to offer a ‘Tip Jar’ feature, but the technology inherits settings that means a recipient sees a donor’s email and physical addresses.

The privacy-busting aspect of the technology was demonstrated by hacker and security education specialist Rachel Tobac, who used the Tip Jar facility to send a test donation to her colleague Yashar Ali, a New York Magazine contributor.

Donor exposure

“If you send a person a tip using PayPal, when the receiver opens up the receipt from the tip you sent, they get your address,” Tobac explains in a Twitter thread documenting the donation process and its privacy implications.

Tobac uploaded a screenshot of an obfuscated receipt that showed that recipients of tips would see both the email address and physical address of donors to the PayPal Twitter Tip Jar.

“Be careful using PayPal Twitter Tip Jar – this is a hallmark of PayPal rather than Twitter of course but it impacts Twitter users who may not know that their address is leaked by PayPal to tip receivers,” Tobac warned.

Tobac argues that PayPal needs to make it “crystal clear which data is given to money receivers and stop sharing that data”. Twitter, meanwhile, needs to educate users of the tipping service about what info tip receivers get when using PayPal.


Read more of the latest data privacy news


In response, Twitter acted promptly to offer a revision of its wording so that it’s clear Tip Jar donations made through PayPal are not anonymous.

“We’re updating our tipping prompt and Help Center to make it clearer that other apps may share info between people sending/receiving tips, per their terms,” a message from the official Twitter Support account explained.

The Daily Swig asked Tobac if she’d had any feedback from PayPal, as well as whether other Tip Jar payment options might offer better privacy controls.

"I have not yet seen a way that folks can use Twitter tip jar anonymously," Tobac responded. "Twitter does warn Tip Jar users that it may reveal their real name (and now we know in some cases it can reveal more than a real name)."

Tobac’s insight sparked a lively debate among security researchers with several, including Brian Krebs and Marcus Hutchins, noting how fraudulent donations made using stolen credit cards could be used to leave recipients out of pocket through chargeback fees.


This story was updated to add comment from Rachel Tobac


RECOMMEND Mauritian government’s plan to intercept encrypted web traffic marks ‘death knell for freedom of speech’