Blog Post

Twitter (Finally) Starts Protecting Users From Malicious Links

With people sharing millions of links on Twitter — and often through URL-shorteners like that mask their final destination — spammers and hackers have been able to drive tons of traffic to malicious sites. Whether it’s a fake link to a celebrity sex tape, or a “get thousands of followers quickly” scam, average users and even tech-savvy figures like Guy Kawasaki have had their accounts, and sometimes even computers, hijacked.

But now Twitter’s trying to combat the problem by filtering links before people post them. Users that try sending tweets that link back to known infected sites get a new message on screen: “Oops! Your tweet contained a URL to a known malware site!” Web security site f-secure first discovered the new feature; Twitter hasn’t made an official announcement yet, so it’s not clear whether it’s been rolled out to all users, or if it’s just a test.

What’s also unclear is whether the URL-filtering extends to the many third-party apps people use to access Twitter. (I use TweetDeck, for example, and it appeared that my attempt to tweet a malicious link was blocked — though there was no notification as to why). I’ve put in an info request, and will update accordingly.

Improved security is a must if Twitter ever plans to make money by charging enterprise users; it will also go a long way toward getting brands more comfortable about spending money directly on Twitter-based ads (if the startup decides it wants to try to make money that way).

The new feature has surfaced (coincidentally) just a day after the annual Defcon hacker conference. Twitter was a resident on the Defcon “Wall of Sheep,” which shows a stream of passwords and login info from people that have unwittingly exposed their data over various networks (per Forbes); the startup got a better security grade this year than last year — but hackers still said Twitter could be doing more to protect its users.