> Twitter believes that I should delete the Tweet (which I didn’t make in the first place)
But... It's on your account. If Twitter's condition for re-instating the account is that you delete this tweet, and you have enough access to your account to be able to delete the tweet, why aren't you deleting the tweet?
And:
> Twitter is behaving wholly irresponsible here: there is absolutely no way that if my account was compromised that they could not have noticed this prior to issuing the block, and as far as I can see my account is still there, which means that either someone social engineered Twitter into changing the password, then immediately turned around to compromise then get my account blocked or that Twitter has much larger problems in not being able to detect attempts at account compromise.
What if someone got hold of your password somehow? I'm sure Twitter has suspicious login detection, but those things can never be perfect. Maybe OP has really good reasons to think that there's no possible explanation other than a Twitter vulnerability or social engineering a Twitter employee, but none of that reasoning is in this post?
Because deleting it would remove the one bit of evidence that this happened and may well wipe out the data that would allow establishing how this was done.
> What if someone got hold of your password somehow?
Theoretically possible, practically not very likely for all kinds of reasons which I won't go into here but which you are going to have to take my word for. Let's just say that I'm a bit paranoid when it comes to stuff like this.
> I'm sure Twitter has suspicious login detection, but those things can never be perfect.
Apparently...
> Maybe OP has really good reasons to think that there's no possible explanation other than a Twitter vulnerability or social engineering a Twitter employee, but none of that reasoning is in this post?
Well, let's just say that I've been around for a while and to date have not yet had any of my accounts compromised, ever. That this should happen on Twitter where there has been a long history of such things happening is not all that surprising and when it comes to evaluating Twitter account security versus me being able to keep my passwords to myself I'm going to be arrogant enough to claim that I think that I can do that.
There is plenty of evidence for Twitter accounts being compromised, in fact, one comment here links to a SIM swap attack against Twitter's CEO...
I do trust that you have better opsec than 99%+ of users and that you didn't write this tweet. But it seems incredible that an adversary would burn a Twitter vulnerability to post a near incoherent message from your account (which isn't particularly influential, as far as these things go). Even social engineering Twitter support seems like a really crappy effort/reward ratio.
What you're doing here makes sense, and if I were at Twitter I'd be trying to help you figure out exactly what happened, on the chance that there was a deeper compromise.
Yes, that is the thing that really gets me: if this isn't widespread - and I have no indication so far that it is - then either this was a trial balloon and it backfired because I'm the wrong target to do that to or someone got supremely stupid and tipped their hand. One HN user below had a good idea on how to figure out if the password was unchanged and as far as I can see that is the case, which only makes this more of a puzzle.
> Because deleting it would remove the one bit of evidence that this happened and may well wipe out the data that would allow establishing how this was done.
It’s not clear from the post that you have the option to delete the tweet but are choosing not to. I think perhaps some of the confusion in this thread comes from that omission.
> Because deleting it would remove the one bit of evidence that this happened and may well wipe out the data that would allow establishing how this was done.
You say you've been around awhile but you don't seem to understand that there is not such thing as permanent deletion when it comes to social media. "Deleting" the post in this case would only mark it as deleted and remove it from people's feeds. There is no destruction of evidence that would prevent Twitter from investigating the tweet in the future.
> I would not make any assumptions about implementation details to which I have no access.
you've made the assumption that a deletion actually deletes, when there is near 100% chance that it doesn't, and there is clearly a 100% chance that Twitter has done all the investigation they are going to do.
this isn't a murder investigation, it's a flipping tweet. delete it and move on with your life.
Having been part of 'the industry' for the last 40 years or so I'm fairly well informed about how things are done and that between 'common practice' and 'actual implementation details' there can be a very, very large difference.
Take a screenshot of the Tweet? Download the page with the tweet on it? Seems easy enough if you want a record of it existing. Odd argument for sure. This thread itself is now historical record that it exists.....
Depending on context (GDPR, CCPA, etc) there are legal reasons to actually delete data when your users request to rather than simply mark the data as "deleted".
I understand OP's "I would not make any assumptions about implementation details to which I have no access." approach. That said though, I wouldn't expect any sort of "investigation", so my approach would probably be the same as most: "meh, delete it, change my password, revoke tokens and move on".
> Because deleting it would remove the one bit of evidence that this happened and may well wipe out the data that would allow establishing how this was done.
This has big "When the authorities get here I'll be vindicated!" energy, by which I mean: there's no forensics team heading out to the data warehouse to get to the bottom of what happened. Your tweet isn't that important and it makes sense that Twitter wants you to delete the tweet as a show of good faith.
It is possible that the same temporary (read-only?) access that would allow you to delete the tweet would also allow you to capture much of the relevant evidence:
• fetching the offending tweet via a raw/API method could, in the JSON, reveal more metadata – such as involvement of some compromised 3rd-party app with posting rights to your account
• requesting your entire Twitter archive might similarly still be available (as they offer it largely due to the EU's legal requirement), and include the offending tweet with full metadata
Requesting the latter – your full archive – without supplying any more new info (your phone number) might be a tactic with leverage given the EU-compliance dimension. (Though, it's also possible the regulators have already approved phone-number-verification as a reasonable prerequisite for such a giant personal data dump.)
> Because deleting it would remove the one bit of evidence that this happened and may well wipe out the data that would allow establishing how this was done.
That's not how computers work. You'll mark it as deleted and then the "deleted" column (or field or whatever) will turn from false to true. No forensic evidence will be lost.
Unless you work for Twitter and know how they have implemented this feature I don't think you can make that call. Based on things that have happened to Twitter in the past I think assuming sane implementations is something that I would not immediately do.
>> Because deleting it would remove the one bit of evidence that this happened and may well wipe out the data that would allow establishing how this was done.
> That's not how computers work.
No, not necessarily: computers definitely support hard deletion.
> You'll mark it as deleted and then the "deleted" column (or field or whatever) will turn from false to true. No forensic evidence will be lost.
Twitter likely implemented it as a soft delete, but that's by no means certain. And even if they did, a soft delete would mean only Twitter's internal teams would have access to the evidence, and there may be a desire for the evidence to be publicly accessible.
We all know that's likely, but we also all know that none of us can actually know that. I sure don't know what the db schema is or what the data retention schedule is or what edit means are available to insiders (employee or "visitor").
Thing is, Google, Twitter and many other platforms reinstate accounts after some public crying like this one.
> Now, I have been pretty vocal in my support for Ukraine
This pretty much answers it all, OP wrote the tweet, remember that there are no evidences of account being hacked? Account got blocked. OP makes a fuss about it hoping that visibility from other platforms will help him.
But... It's on your account. If Twitter's condition for re-instating the account is that you delete this tweet, and you have enough access to your account to be able to delete the tweet, why aren't you deleting the tweet?
And:
> Twitter is behaving wholly irresponsible here: there is absolutely no way that if my account was compromised that they could not have noticed this prior to issuing the block, and as far as I can see my account is still there, which means that either someone social engineered Twitter into changing the password, then immediately turned around to compromise then get my account blocked or that Twitter has much larger problems in not being able to detect attempts at account compromise.
What if someone got hold of your password somehow? I'm sure Twitter has suspicious login detection, but those things can never be perfect. Maybe OP has really good reasons to think that there's no possible explanation other than a Twitter vulnerability or social engineering a Twitter employee, but none of that reasoning is in this post?
What a weird blog post.