It's been a month since Twitter's new management, and the blue bird icon has been making headlines all along.
A tumultuous series of back and forth ultimately led to the Musk acquisition at the end of October, which ultimately culminated in a €44 billion deal.
The world's richest man has offered to buy the popular social media platform to, he said, protect free speech. However, people are now wondering if he is of the same mind when it comes to his right to privacy.
From firing top executives and roughly half of the company's staff, to establishing a premium version and naming himself the new CEO, Musk has been very busy in his first 30 days at the helm of the company.
While Twitter has already been marred by previous privacy and data security issues, cybersecurity experts are now raising concerns about Musk's reckless behavior. And while the controversial banned profiles have returned to the platform, many users are turning to alternative services.
So what is at stake for the privacy of those who want to stay?
Pre-Musk Twitter and privacy issues
Not surprisingly, all eyes are now on the blue bird.
Twitter's privacy problems began long before the Musk acquisition. The popular social networking company actually has a good track record when it comes to failing to protect user data.
In 2009, a hacker hacked into several prominent accounts - opens in a new tab - to send phishing messages using an employee's corporate ID. The hacked profiles included Barack Obama, Fox News and Britney Spears.
Just a year later, the US regulator FTC filed a lawsuit against the social networking company for misuse of user data. That happened when the commission banned Twitter for 20 years (opens in a new tab) from misleading consumers while maintaining "a comprehensive information security program."
Unfortunately, not much seems to have changed since then.
The FTC fined Twitter $150 million for similar allegations in May of this year. The company was found guilty of misusing user data, such as email addresses and phone numbers, for targeted ads.
While it encouraged users to provide their personal numbers for security reasons, the company abused its de facto trust for six long years between 2013 and 2019.
In December 2020, it was the turn of an Irish GDPR officer to punish the social media company with a €550 million fine (opens in a new tab) for failing to properly report a data breach.
Most recently, a Twitter whistleblower sounded the alarm (opens in a new tab). Major security vulnerabilities that threaten users' personal information and even national security persist on the platform.
Notorious hacker Peiter "Mudge" Zatko, who worked as the head of Twitter's security division between November 2020 and January 2022, claimed that thousands of employees can access any user's personal information, even if they don't need it to continue with your work.
It also alleged that the company continued to mislead regional watchdogs by hiding its security concerns.
What has changed since the Musk acquisition?
It's fair to say that Musk not only acquired Twitter, but also its crumbling security and privacy infrastructure. However, many experts believe that the company's fragile situation has worsened since the new CEO took office.
The wave of layoffs that followed Musk's inauguration is probably the most concerning event, and not just from a worker rights perspective.
It's a recipe for disaster.
Vuk Janosevic, CEO of BlindnetMore than 50% of the staff have been laid off and many other employees have decided to resign. These included many executives from the most critical departments such as data privacy, compliance, and transparency.
Privacy expert Vuk Janosevic, CEO and co-founder of privacy consultancy Blindnet (opens in a new tab), said this is particularly worrisome for a company like Twitter that lacks a network of privacy-preserving technologies.
“They have software that is not designed for privacy and all the infrastructure around it, like the security director, the privacy director and the chief legal counsel, they are all gone,” he said.
Following the exodus, the legal team is now shifting the burden to engineers to self-certify for compliance with FTC rules, GDPR, and other regulations. Something that even provoked a warning from one of his lawyers (opens in a new tab).
This is because each engineer only builds a small part of the total product flow. Therefore, he must rely on the fact that everyone has the same ethics and understanding of data privacy.
"It's a recipe for disaster," Janosevic told TechRadar. "There are ways to build privacy software, what's called measurement of subject rights and consent, radiation interoperability. But rebuilding Twitter to do that requires a colossal undertaking."
These findings have already had an impact, with users having been locked out of their accounts for certain flaws with multi-factor authentication (opens in a new tab), for example.
"It's time. Delete your Twitter direct messages," another cybersecurity expert, Graham Cluley, wrote in a blog post as the social media giant's reputation slowly crumbles.
At the same time, Musk's decision to make Twitter's blue check for verified accounts exclusive to premium members has also led to a surge in scam profiles looming on the platform. It could also facilitate the spread of misinformation.
Although Janosevic considers this problem a "product defect," a paid subscription means the company will have to manage even more sensitive data, such as payment details and billing addresses.
Furthermore, Musk's ambitious vision of turning Twitter into a "multipurpose application (opens in a new tab)" certainly doesn't alleviate privacy concerns new and old.
All of this requires a lot more data to collect, store, and yes, share.
At this time, FTC and GDPR officials have confirmed that they are closely monitoring new events as they unfold from inside the headquarters.
What next for user privacy?
Like it or not, Twitter 2.0 is slowly taking shape. And what is certain now is that Musk and the rest of the staff will have to work hard to win back the trust of everyone: from users and investors to privacy experts and compliance officers.
"From a privacy perspective, I would say I'm very concerned," Janosevic told TechRadar. “That doesn't mean it's going to end badly. It can be done, but there are a lot of challenges on Twitter right now.
"Political challenges, technical challenges, regulatory challenges - I can't even imagine what Elon's priority list looks like, but there's no excuse not to do it, to rebuild a system that restores user trust in the platform."
True, Twitter's record on privacy is murky, to say the least. However, there are some new features that may reassure most users.
It's been a long time since Elon Musk highlighted the lack of encrypted DMs as a concern. Now, he has officially announced that his Twitter redesign will include end-to-end encryption of all messages. He is also working on encrypted voice and video chats.
"We want users to be able to communicate without worrying about their privacy, without worrying that a data breach on Twitter will cause all their DMs to hit the web, or thinking that maybe someone on Twitter could snoop on their DMs," Musk said, detailing his vision for Twitter 2.0, The Verge reported.
"Obviously it's not going to be great and it's happened several times before."
Slides of my Twitter chat pic.twitter.com/8LLXrwyltaNovember 27, 2022
Read more
As Twitter works to nurture its technical and public reputation, users can't leave anything to chance when it comes to protecting their privacy.
From using security software like VPN services and password managers to carefully customizing privacy settings, as Janosevic argued in 2022, users need to know their own data.
"If you're not asked for consent and you don't have the ability to easily control the information in the system, you should assume it's being abused.
"If you're on Twitter and you keep tweeting, be aware of that. You can still share any information, personal or public, whatever it is. Just be aware that the system doesn't have the necessary infrastructure." to protect your consent and protect your privacy. Your privacy rights."
Compare Today's Top Five Overall VPNs on Price