When using PayPal to send money on Twitter, a customer can select one of two options on how that money is sent before processing the payment: One that will automatically share the customer’s snail-mail address with the recipient, and a second that will not. This former option can be disabled by toggling a specific option in the user’s account.
In May 2021, Twitter announced a new feature that allowed users to “tip” their favorite profiles. But as news of the money-sharing option was rolled out to the public, a “glaring privacy issue” was flagged by some users: Sending money over PayPal could unintentionally share their snail-mail (physical) address with the recipient.
Twitter announced the new feature on May 6, and at the time of this writing, it was in the testing phase, only available to a select number of journalists and organizations. Tip Jar is slated to be available via a mobile app on Android and iOS, and will use third-party services like Venmo, Cash App, Bandcamp, Patreon, and PayPal to send “tips” to select people.
The option is relatively easy to use. A person need simply to click on the dollar bill icon next to a username, and Twitter redirects the user to a monetary platform to complete the transaction.
“We $ee you – sharing your PayPal link after your Tweet goes viral, adding your $Cashtag to your profile so people can support your work, dropping your Venmo handle on your birthday, or if you just need some extra help,” announced the platform in a blog post.
show your love, leave a tip
now testing Tip Jar, a new way to give and receive money on Twitter 💸
more coming soon… pic.twitter.com/7vyCzlRIFc
— Twitter (@Twitter) May 6, 2021
But as many media outlets pointed out, if a person sends money using PayPal, in some instances, the snail-mail address associated with the account will also be sent over. The issue was first pointed out by security researcher Rachel Tobac, who shared in a May 6 tweet that in some instances, the Tip Jar option could reveal a user’s home address — or any that is affiliated with the PayPal account — to the person receiving money.
Huge heads up on PayPal Twitter Tip Jar. If you send a person a tip using PayPal, when the receiver opens up the receipt from the tip you sent, they get your *address*. Just tested to confirm by tipping @yashar on Twitter w/ PayPal and he did in fact get my address I tipped him. https://t.co/R4NvaXRdlZ pic.twitter.com/r8UyJpNCxu
— Rachel Tobac (@RachelTobac) May 6, 2021
In subsequent comments, Tobac said that she had done a test with another user, noting that while it is a “hallmark” of PayPal, the nuance could still impact Twitter users who do not know that their address is affiliated with their PayPal account.
In response to Tobac’s tweet, Twitter Product Lead Kayvon Beykpour said that the social media platform cannot control PayPal practices, but that the social media platform planned to add a warning for people who donate money via the service.
this is a good catch, thank you. we can't control the revealing of the address on Paypal's side but we will add a warning for people giving tips via Paypal so that they are aware of this.
— Kayvon Beykpour (@kayvz) May 6, 2021
In an email to Snopes, PayPal spokesperson Tom Hunter described how the payment flow works on PayPal.
“When using PayPal to send and receive money, there are two options a customer can select before processing the payment on how that money is sent. ‘Goods and Services’ is used to buy or pay for an item or service from someone and will automatically share the customer’s address with the recipient for the delivery of those goods and services,” explained Hunter.
“Customers can toggle within the payment flow to select ‘Friends and Family,’ which does not share the address with the recipient. This is the standard functionality of the PayPal app and we will work with Twitter closely to ensure user awareness.”
Click here for more information on changing your PayPal account preferences.