Often times you only hear of bugs or even “features” that violate users’ privacy after someone reports it on the Internet. Often times the companies involved have to deal with the PR mess and backlash involved after the fact. Perhaps learning from its peers, Twitter has decided to beat others to the news and own up to its own privacy blunder. While it doesn’t exactly excuse them from making such a simple misstep, it has to at least be complemented for not waiting until the last minute to come clean.
Long story short, if you use more than one Twitter account on the Twitter app for iOS, your location may have been accidentally shared with a third-party. Even if you turned on the precise location feature on only one account, the other account’s location may have also been stored on Twitter’s servers. But that’s not the end of it either.
Twitter was supposed to remove locations from the data that it sent to a trusted but unnamed partner during an advertising process. Supposed to but didn’t and thus that partner actually received location data. Twitter says that the partner admits receiving the data but didn’t retain it and was eventually deleted as part of their “normal process”. It’s perhaps safe to assume that the location data was used anyway during that period.
That said, Twitter insists that location was sufficiently “fuzzed” so that only zip code or city was actually included. It didn’t include exact addresses or Twitter handles or account IDs, nothing that could be traced back to a user. Just location data, plain and simple.
It now boils down to whether you believe Twitter and its anonymous trusted partner did stay within legal bounds. The iOS bug has been fixed and Twitter promises it won’t happen again. To its credit, it does look better having come forward on its own rather than waiting to be dragged kicking and screaming into the spotlight.