A bug in Twitter’s new Fleets feature allows the content of fleets to be visible after 24 hours, even after they are supposed to be deleted.
The feature, rolled out this week, was supposed to allow users to post ephemeral messages which disappeared after a short time. But the bug meant anyone could theoretically access and download others’ fleets even after their expiration.
The bug, first reported by TechCrunch, was disclosed by Twitter user @donk_enby, who detailed how the Twitter API could be used to scrap fleets. They detailed how they were able to use leaked consumer keys to access the firehose of all public Twitter data, from which they could scrap the fleets.
A Twitter spokesperson told TechCrunch that they were aware of the bug and were working on a fix. They hoped the fix would be rolled out shortly. However, even with the fix in place, fleets may remain on the Twitter servers for up to 30 days after they are posted.
The Fleets feature, which was first rolled out in South America in March this year, aims to copy the popular “Stories” feature from Instagram and the Snapchat format. Users can post short texts, photos, or videos, like a regular tweet, but the content is automatically deleted after a set period of time — in this case, 24 hours. The feature was particularly popular among the younger userbase of Snapchat due to its informality, as it required less polish to post a quick thought rather than a post that would last indefinitely.
Fleets drew more attention when they were rolled out to the rest of the world earlier this month. With ephemeral tweets which could not be liked or retweeted, reactions from Twitter users about this more casual way to interact with the platform have been mixed. Some users are concerned about security and harassment, saying that even people who are blocked can interact via fleets.
The issue with fleets being accessible even after they are supposed to have disappeared is likely to only deepen these concerns. For now, if you are going to use the fleets feature, we recommend being careful not to post anything that you don’t want to be visible and accessible by others.
- X says it’s squashing the bug that deleted Twitter images and links
- Twitter braces itself after source code leaked online
- Elon Musk now Twitter CEO after firing entire board
- Microsoft restores Outlook after a bizarre bug affects users for hours
- Misbehaving ‘baby’ black holes could cause strange brightening of radio galaxies