this post was submitted on 30 Jan 2024
40 points (73.8% liked)

Privacy

32173 readers
289 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

Got this from (allegedly) Twitter

So right off the bat I can tell for sure that it ain't me trying to log on to that shite, but it doesn't leave me much choice either now does it?

(red blotches mine, for privacy, and dramatic effect)

(solve the captchas to win a free tshirt!)

all 22 comments
sorted by: hot top controversial new old
[–] [email protected] 44 points 10 months ago (1 children)

Speaking as a security professional, this is pretty standard practice for a solid user experience. I’m rather surprised someone in a privacy community would take umbrage at this because security and privacy are closely linked. When someone attempts to steal your account, do you not want an alert?

The easiest way to get rid of this email is to delete your Twitter account.

[–] [email protected] 27 points 10 months ago (2 children)

The point of contention here is not that OP doesn't like this kind of verification, but that he believes that Twitter is making up the sign in attempt to get OP to actually log in and report higher usage metrics in Q3.

I don't think OP opposes 2FA, at least not from the info he posted.

[–] [email protected] 13 points 10 months ago (1 children)

There's no way a campaign like this is going to growth users use metrics in a significant way to cheat a quarterly report

[–] [email protected] 7 points 10 months ago

I agree, I'm just explaining OP's logic

[–] [email protected] 3 points 10 months ago (1 children)

From a conspiracy standpoint, so what?

  • Numbers for the console that tracks these things go up, making the security features trend higher internally. Net win for user security.
  • Total logins goes up. This is a meaningless metric that doesn’t affect value to anyone but the most ignorant shareholder. Nothing changes for Twitter.
  • Links clicked through Twitter’s tracker goes up. Since the target and originator is a single user, this increases nothing. From a shareholder perspective, again, a worthless metric.
  • Twitter gains session data. Unless the user deletes Twitter while logging in, this is an intentional choice by the user to use the platform and give that data. Possible win for Twitter but it’s a win the user agreed to because their data is the product.

“Numbers go up” doesn’t really work here. Fidelity isn’t going to upgrade Twitter’s value from any of this. Even if we assume it’s a drummed up attempt, it gains Twitter nothing we don’t agree to give Twitter by using the platform.

[–] [email protected] 4 points 10 months ago

I totally agree, just explained OP's point

[–] anarchy79 23 points 10 months ago (1 children)

And of course this goes without saying:

[–] [email protected] 6 points 10 months ago (1 children)

What email client is this?

[–] [email protected] 9 points 10 months ago

Might be Proton going off the icon's color scheme

[–] [email protected] 17 points 10 months ago (1 children)

I’m confused, it’s not actually asking you to log in. It’s saying IF you want to log in you’ll need this code right? Seems like standard 2FA practices. Am I missing something?

[–] anarchy79 1 points 10 months ago* (last edited 10 months ago)

Of course it's not!

Look at it like they are saying:

"Hi! Your account may be hacked. To mitigate it, you need to log in."

I didn't even know I had a Twitter account, and so 2FA certainly not. So as a person who never uses Twitter, to get a mail like this is a conundrum. Better log in and change that password or whatever, right? So suddenly someone who never used twitter, or apparently did sign up once some long time ago, is logging in for the first time in ages.

Corporate: "See, users are coming back to our platform!"

Then again, it could be a phishing attempt, too, but either case is un-good. Someone tried to log in multiple times over 6 hour intervals and over 2 days, so obv hacker, but still.

[–] [email protected] 11 points 10 months ago

FWIW I haven't logged in for a year and a half and didn't receive any emails. My money is on it being a hacking attempt.

[–] [email protected] 9 points 10 months ago

Huh, that'd be a clever trick. Too clever for muskians, I'd say.

[–] [email protected] 7 points 10 months ago

Got this mail too, a few weeks ago. I used this opportunity to delete my long dormant twitter account for good.

[–] [email protected] 2 points 10 months ago* (last edited 10 months ago)

X is still calling itself Twitter? Does the Twitter In Chief or whatever Herr Musk calls himself these days know ow about this?

[–] [email protected] 2 points 10 months ago (1 children)

Of all the half baked ways to drive engagement, this seems likely to cause a bunch of bogus support load.

Wouldn’t be surprised if someone’s trying password spray attacks.

[–] anarchy79 1 points 10 months ago

I'm pretty sure it is, but the thought occurred to me and I thought it was funny.

[–] finestnothing 2 points 10 months ago

It seems like a phishing email, idk if the sender is the correct one or not since it was cropped but the Twitter logo is on it despite that being phased out. My bet is that the reset password is a bogus page that has you enter your current password to reset it, that or someone at Twitter missed updating a logo in just this email template

[–] [email protected] 1 points 10 months ago (1 children)

Is the email from twitter.com?

[–] anarchy79 1 points 10 months ago

Man I thought I added that information, I intended to, obviously.

But either case, I'm not taking any chances. I'd never click a mail link regardless, I'd go straight to the address in another browser session to examine what's going on.

My solid guess right now is actual hacker attempt, because they've been trying to log in every 6 hours or so for a day or two. I use solid passwords for everything, so hopedy hope. Not that I know what the fuck they'd use my twitter account for.