Twitter has rolled out Tip Jar, a new feature aimed at supporting Twitter users by sending them money. The service supports Bandcamp, Cash App, Patreon, PayPal, and Venmo to make payments, with Twitter not taking any cut. Tip Jar is currently limited to select creators, journalists, experts, and nonprofits around the world, however, users have realized that the service is a privacy nightmare. Not only does it share user email addresses with the recipient when they attempt to send money via PayPal, but it also shares the sender’s home address.
Tip Jar shares name and address with recipients when using PayPal
Tip Jar is a well-intended feature and is an effort from Twitter to allow users to send money to one another to show support. So far, the feature is limited to a few types of accounts, but people have already started finding issues with the new feature.
The issue reported is not exactly an issue on Twitter’s side but more on PayPal’s side. Due to how PayPal works, it shares a lot of sender data with the receiver. This includes the sender’s name and address. Various Twitter users like Rachel Tobac were quick to share these concerns even when rumors had started going around that Twitter will be launching Tip Jar with PayPal integration.
Huge heads up on PayPal Twitter Tip Jar. If you send a person a tip using PayPal, when the receiver opens up the receipt from the tip you sent, they get your *address*. Just tested to confirm by tipping @yashar on Twitter w/ PayPal and he did in fact get my address I tipped him. https://t.co/R4NvaXRdlZ pic.twitter.com/r8UyJpNCxu
— Rachel Tobac (@RachelTobac) May 6, 2021
Even if users just tap the Tip Jar button, their Twitter email address is shared with PayPal, even before they send any money. This has been demonstrated as per the video below by Ashkan Soltani on Twitter. There seems to be no message or warning from Twitter that the user information will be shared with PayPal, before it actually happens.
Warning all: @Twitter's new "Tip Jar" feature reveals the recipient's email address that's linked to their account, even when you don't send them any actual money
(I got permission from @jason_kint to show his email in this video)
Thread here: https://t.co/Z6WFuXSlgO https://t.co/e8f9J58db7 pic.twitter.com/6u4Vjwkinf
— ashkan soltani (@ashk4n) May 7, 2021
Twitter Support is aware of these issues and has tweeted that its tipping prompt in the app and information in the Help Center will be updated to show what sort of information will be shared with other apps and services when using Tip Jar.
We’re updating our tipping prompt and Help Center to make it clearer that other apps may share info between people sending/receiving tips, per their terms.
— Twitter Support (@TwitterSupport) May 6, 2021
This sort of issue should have been caught and resolved before roll-out as payment method implementation should be internally scrutinized by security and data compliance departments. However, it is good to see that Twitter is listening and will be making changes to let users know what information is going to be shared when using Tip Jar.
Tip Jar is available now on iOS and Android for Twitter in English. Twitter will be rolling out the feature to more languages and users soon.
