![Photo of [email protected]](https://secure.gravatar.com/avatar/e98fdaac8be4f0ff88b91ea040247ebd?s=96&d=https%3A%2F%2Fwww.dailydot.com%2Fwp-content%2Fthemes%2Ffreepress-ui%2Fimages%2Ffreepress-default-gravatar.png&r=g){kind=avatar}
The scary thing about Representative Anthony Weiner’s crotch-shot incident? As the Daily Dot reported yesterday, it could have happened to anyone, thanks to insecure photo-sharing services.
That all could change, now that Twitter’s getting into the photo business itself.
Right now, photo sharing on Twitter happens exclusively through third-party services. As many as 2.1 million photos are shared in a single day, estimates Sysomos, a social-media-monitoring firm.
Of those, almost half — 45.7 percent — were shared with Twitpic, a Charleston, S.C.-based photo-sharing service made famous in 2009 when Janis Krums used it to share a photo of US Airways Flight 1549 landing in the Hudson River.
Yfrog, a service provided by Los Gatos, Calif.-based ImageShack, was the second most popular, with 29.3 percent. That’s a sobering figure, considering the massive security hole perspicacious bloggers uncovered, whereby anyone could use an easily guessed email address to submit a photo to a user’s account. (Yfrog has since fixed that hole.)
Twitpic and Yfrog are most commonly used in conjunction with Twitter apps — either Twitter’s own mobile and desktop apps, or third-party apps. Yfrog is currently the default on Twitter’s iPhone app — though it’s easy to switch to Twitpic or others. That may change when Twitter’s own service debuts, of course.
Yfrog’s weak email security — what we dubbed “the Weiner hole” — certainly strengthens Twitter’s hand. As does Yfrog’s clumsy response: First Yfrog bragged on Twitter about passing a recent security audit. CEO Jack Levin misled the New York Times, claiming that users’ passwords hadn’t been compromised, without pointing out that photos submitted by email didn’t require a password.
Even though the latest evidence suggests Yfrog was the weak link in Weinergate, Twitter bore the brunt of the initial blame for Weiner’s claim that he’d been hacked. In response, a Twitter employee emailed security tips to Congressional offices.
It turns out that none of those suggestions would have helped Weiner or other Yfrog users if, indeed, a hacker went through the Weiner hole.
I asked Twitter how it handles insecure third-party apps. Jodi Olson in Twitter PR responded:
“If we find that an application appears to have a possible security hole, we alert the developer of that hole and work with them to ensure that the hole is shut down, while avoiding affecting users to whatever degree is possible. In instances where we believe that there is a current active security threat to users (generally where we’ve seen evidence of bad behaviors), we suspend applications and notify developers of the security risk.”
That’s a sensible response. And it seems to be what happened here: ImageShack executives aren’t commenting on Yfrog’s email vulnerability, but they suspended the feature last night.
Wouldn’t it be better, though, if Twitter could just handle security threats to its users directly?
Expect that to be a talking point as Twitter pushes its own photo service.