Twitter Bug Discovered, Enabling Fleets to be Viewed and Downloaded After Expiration
Twitter launched its new Fleets feature last week. Taking a page from Instagram, the 24-hour Fleets enabled users to post texts, pictures, and videos to a separate feed for 24 hours. Much like Instagram Stories, Fleets are designed to disappear after their expiration. However, a recent bug has been discovered which allowed Fleets to be viewed and downloaded after 24 hours.
According to TechCrunch‘s report on the bug, A series of tweets on Twitter went on to detail how Fleets were able to be accessed long after the 24 hours expiration had passed. Moreso, the bug would let users access and download Fleets without notifying the user who created them.
full disclosure: scraping fleets from public accounts without triggering the read notification
the endpoint is: https://t.co/332FH7TEmN
— cathode gay tube (@donk_enby) November 20, 2020
The tweets described how the bug was discovered using an API app that scrapes Fleets from public Twitter accounts. Using the app, a series of Fleets was returned from the server. It was then revealed that each Fleet was given a direct URL from the server. When using the URL of a Fleet through a browser, the Fleet’s picture or video would load, even after the 24 hours had elapsed.
TechCrunch spoke to a Twitter spokesperson who said: “We’re aware of a bug accessible through a technical workaround where some Fleets media URLs may be accessible after 24 hours. We are working on a fix that should be rolled out shortly.”
Once the hotfix is in place, Fleets should no longer be accessible through the public after their expiration. However, Twitter does not delete Fleets from its servers for 30 days after they are posted. Fleets that violate Twitter’s TOS may be retained for longer, however.