Will Using Twitter’s Tip Jar Sometimes Send Recipient Your Address?

Product testers warned of a potential security issue.

  • Published
Landscape, Nature, Outdoors
Image via Getty Images

Claim

In some instances, sending money via Twitter’s new "Tip Jar" feature would reveal to the recipient the sender’s PayPal-affiliated, snail-mail address.

Rating

Context

When using PayPal to send money on Twitter, a customer can select one of two options on how that money is sent before processing the payment: One that will automatically share the customer’s snail-mail address with the recipient, and a second that will not. This former option can be disabled by toggling a specific option in the user’s account.

Origin

In May 2021, Twitter announced a new feature that allowed users to “tip” their favorite profiles. But as news of the money-sharing option was rolled out to the public, a “glaring privacy issue” was flagged by some users: Sending money over PayPal could unintentionally share their snail-mail (physical) address with the recipient.

Twitter announced the new feature on May 6, and at the time of this writing, it was in the testing phase, only available to a select number of journalists and organizations. Tip Jar is slated to be available via a mobile app on Android and iOS, and will use third-party services like Venmo, Cash App, Bandcamp, Patreon, and PayPal to send “tips” to select people.

The option is relatively easy to use. A person need simply to click on the dollar bill icon next to a username, and Twitter redirects the user to a monetary platform to complete the transaction.

“We $ee you – sharing your PayPal link after your Tweet goes viral, adding your $Cashtag to your profile so people can support your work, dropping your Venmo handle on your birthday, or if you just need some extra help,” announced the platform in a blog post.

But as many media outlets pointed out, if a person sends money using PayPal, in some instances, the snail-mail address associated with the account will also be sent over. The issue was first pointed out by security researcher Rachel Tobac, who shared in a May 6 tweet that in some instances, the Tip Jar option could reveal a user’s home address — or any that is affiliated with the PayPal account — to the person receiving money.

In subsequent comments, Tobac said that she had done a test with another user, noting that while it is a “hallmark” of PayPal, the nuance could still impact Twitter users who do not know that their address is affiliated with their PayPal account.

In response to Tobac’s tweet, Twitter Product Lead Kayvon Beykpour said that the social media platform cannot control PayPal practices, but that the social media platform planned to add a warning for people who donate money via the service.

In an email to Snopes, PayPal spokesperson Tom Hunter described how the payment flow works on PayPal.

“When using PayPal to send and receive money, there are two options a customer can select before processing the payment on how that money is sent. ‘Goods and Services’ is used to buy or pay for an item or service from someone and will automatically share the customer’s address with the recipient for the delivery of those goods and services,” explained Hunter.

“Customers can toggle within the payment flow to select ‘Friends and Family,’ which does not share the address with the recipient. This is the standard functionality of the PayPal app and we will work with Twitter closely to ensure user awareness.”

Click here for more information on changing your PayPal account preferences.