Twitter API leak and Twitter protected users have sparked a firestorm of controversy online. The alleged leak, which surfaced on July 24th, 2024, purportedly shows code from Twitter’s backend that allows certain high-profile accounts to bypass standard content rules. This revelation has led to heated discussions about platform fairness and content moderation practices.
The leaked screenshot originally shared on Discord and later posted on Twitter by user @TheAntifaTurtle, appears to display a list of accounts with special privileges. These accounts supposedly have permission to use language that would typically violate Twitter’s Terms of Service without facing consequences. The list includes well-known figures like Donald Trump, Andrew Tate, and the account LibsOfTikTok.
What raised eyebrows even further was the swift suspension of @TheAntifaTurtle’s account following the leak. This action fueled speculation that Twitter was attempting to suppress the information, lending credibility to the leak in the eyes of many users.
IN REAL TIME !!!! I SAW THE ACCOUNT SUSPENDED WITH MY OWN EYES!!!!! pic.twitter.com/1XrKEO8xVU
— tippity (@tippitytoptweet) July 24, 2024
Details of the Twitter API leak
The alleged code snippet from the Twitter API leak shows a curious setup. It appears to use Okta, an identity management platform, to handle this list of “protected users.” This implementation choice has raised questions among tech-savvy observers. Many argue that using Okta for such a purpose seems overly complex and unnecessary, as Okta breach history is not the brightest.
Critics point out that a simple associative array or dictionary would suffice for storing a list of privileged accounts. The use of Okta in this context strikes some as either a sign of incompetence or evidence that the leak might be fabricated.
Another aspect of the Twitter API leak that has drawn scrutiny is the contents of the purported whitelist. The list of Twitter protected users consists entirely of well-known conservative figures and controversial accounts. Some argue that a genuine leak would likely reveal unknown accounts or internal test users as well.
Did Twitter protected users?
Several factors have led many to question the authenticity of the Twitter API leak. One notable issue is the presence of typos in some of the listed usernames. For example, “TatetheRailsman” appears instead of “TatetheTalisman,” which is the correct handle for Tristan Tate’s account.
Technical details in the leaked screenshot have also come under fire. The URL shown in the image uses a subdomain “protected-users,” which some experts argue makes little sense from a security standpoint. Additionally, attempts to access the purported Okta URL have yielded mixed results, with some users reporting redirects to Twitter-owned domains and others encountering Cloudflare blocks.
Investigating the Twitter API leak further
Security researchers and curious internet sleuths have conducted additional investigations into the claims. Some have examined the SSL certificate for twitter.okta.com, finding that it appears legitimate. However, this doesn’t necessarily validate the leaked information, as the subdomain shown in the screenshot differs from the standard Okta domain.
Others have looked into the DNS records associated with Twitter’s business domains. While these investigations have uncovered some interesting tidbits about Twitter’s infrastructure, they haven’t provided conclusive evidence supporting the leak’s authenticity.
Faults in the Twitter API leak detected by users
As discussions about the Twitter API leak and Twitter protected users controversy continue, opinions remain divided. Some view the leak as evidence of preferential treatment for certain accounts, while others dismiss it as an elaborate hoax.
Those skeptical of the leak point to several red flags:
- The conveniently timed Unix timestamp in the Okta URL.
- Certificate issues are noted in the original screenshot.
- The list of exclusively right-wing accounts.
- An unusual selection of slurs, including British and Australian terms.
- The use of Okta for what should be a simple configuration task.
While the debate rages on, it’s important to approach such leaks with a critical eye. Verifying the authenticity of leaked information can be challenging, especially when it involves complex technical systems like social media platforms.
As this story develops, users and observers alike will be watching closely to see if any additional evidence emerges to support or refute the claims made in the Twitter API leak.
Until then, the true nature of Twitter’s content moderation practices for high-profile accounts remains a subject of speculation and debate.
Featured image credit: Akshar Dave/Unsplash