Twitter Tip Jars Have Major Security Flaw

Twitter recently introduced a new Tip Jar feature on the site. But eagle-eyed testers have noticed that the feature has a huge security flaw that may endanger the physical safety its users.

A way to give money directly to Twitter accounts has been rumored for weeks on the site, but it wasn't confirmed until earlier today when Twitter's Support Account announced the new Tip Jar feature. Right now though, it's only available to certain users. The feature lets Twitter users send money directly to other users through various payment services, such as PayPal, simply by clicking the Tip Jar icon on the profile of the user they want to send money to. So, say a user finds a spicy hot-take about Nintendo's latest trending controversy, all they have to is go to the poster's profile, click on the Tip Jar, and send money directly to their PayPal.

The security flaw specifically relates to PayPal, rather than Twitter. If someone sends a tip over PayPal, the person receiving the tip will be able to view the sender's address. At no point in its announcement does Twitter make it clear that, if someone were to send money to the Twitter bot that created Qanon, that they would be doxxing themselves to that person. Likewise, people who don't use PayPal that often might not be aware of this "feature."

It shouldn't be hard to imagine how dangerous this could be. People unwittingly having their addresses shared could lead to stalkers, robberies, or worse. If someone's ex, or stalker, or harasser were to get hold of their address, they could die. Griefers have no qualms about saying vile things behind the cover of anonymity, and if they had access to their target's address, there's no telling what they could do with that information.

Of course, this is really an issue with PayPal, not Twitter. So there's not much Twitter could realistically do about it. Despite that, it's probably something that Twitter could pressure PayPal to change somewhere down the line. This feature is likely to become a big moneymaker for PayPal, which will give Twitter some leverage when pushing for change.

Regardless of how it happens though, Paypal needs to fix this in order to ensure their users' safety. They have an obligation to protect their users from harassment and stalkers, and giving away user addresses flies in the face of that duty. PayPal has always been good at leaking things, but sharing people's addresses when they send money is absolutely unsafe if they're not ordering something that needs to be physically shipped to them.

Bandai Namco has finally shown its hand regarding Tales of Arise’ gameplay, and it looks like a promising new take on the Tales formula. Another revision to the battle system and a new approach to a battle camera has left multiplayer by the wayside, but it still looks like a compelling experience. Alongside all of that came a look at the new setting of the game, the planets Dahna and Rena. A few different environments were shown, including a wasteland and a snowy wonderland. Some footage of jumping from high places, as well as limited swimming and climbing, was seen as well. It all looks quite impressive, and is definitely a breath of fresh air compared to the empty fields and wide hallways of the last few entries.