Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Twitter Tip Jar May Expose PayPal Address, Sparks Privacy Concerns

Twitter Tip Jar May Expose PayPal Address, Sparks Privacy Concerns

This week Twitter has begun experimenting with a new feature called ‘Tip Jar,’ which lets Twitter users tip select profiles to support their work.

Twitter iOS and Android app users using Twitter in English can now send tips to a limited group of people around the world, including creators, journalists, experts, and nonprofits. 

However, the new feature has sparked multiple concerns among Twitter users: from the sender’s PayPal shipping address getting exposed, to how are “disputes” handled.

Twitter ‘Tip Jar’ may expose your PayPal shipping address

Yesterday, Twitter rolled out a ‘Tip Jar’ feature to Android and iOS app users who have their preferred language set to English.

The feature has been introduced by the company to “support the incredible voices that make up the conversation on Twitter.”

Although anyone can send cash tips, the group who can receive such rewards is currently restricted to just a handful of entities:

“For now, a limited group of people around the world who use Twitter in English can add Tip Jar to their profile and accept tips.”

“This group includes creators, journalists, experts, and nonprofits. Soon, more people will be able to add Tip Jar to their profile and we’ll expand to more languages,” announced Twitter in yesterday’s blog post.

Also Read: Practitioner Certificate In Personal Data Protection: Everything You Need To Know

Those interested in tipping someone can use a variety of payment methods, including BandcampCash AppPatreonPaypal, and Venmo.

Moreover, Twitter does not receive a cut of the tipped amount, although the payment networks may charge a minimal transaction fee.

Twitter tip jar
Twitter Tip Jar illustration (Source: Twitter)

However, within a few hours some pointed out that because of how PayPal works, users may not realize that their PayPal shipping address was being exposed to those who they tipped:

Put simply, because “tipping” counts as a transaction on Twitter, much like a buyer paying a seller when shopping online, PayPal may (by default) expose the money sender’s shipping address to the person who is receiving tips.

Twitter users including Anashel and Yashar Ali pointed out that the solution to this potential issue is rather simple.

Those using PayPal for sending tips via Twitter Tip Jar can select “No address needed,” under the Shipping Address form field prior to sending the payment: 

twitter tip jar paypal test
How PayPal users can hide their shipping address when using Twitter Tip Jar
Source: Twitter

Additionally, Twitter has updated its tipping prompt and Help Center to make it clear that other apps, such as PayPal, may share information between people sending and receiving tips.

Well, that one was easy. But there’s just one more issue that others have brought up.

Also Read: The DNC Singapore: Looking At 2 Sides Better

But, what about disputes?

What happens when someone tips a Twitter user using the Tip Jar and later files a “dispute” concerning the payment?

Different payment networks offer methods to dispute outbound payments for many reasons: such as receiving faulty goods, or not receiving a service adequately, and so on.

But, in PayPal’s case, some have pointed out that if a tip sender files a dispute after tipping someone, things can get ugly for the recipient—who now has to pay a $20 dispute charge, plus payment processing fees, of course, in addition to refunding the tipped amount:

And, as noted by infosec journalist Brian Krebs, if a fraudster can repeat sending “tips” a few times and dispute these, they can, in turn, make the recipient pay up as a result of triggering the dispute process, effectively reversing the direction of flow of money.

It is unclear what policies PayPal and Twitter will introduce to prevent malicious actors from abusing the Tip Jar feature which has just been rolled out.

Also, at this time, not every Twitter Android and iOS app user may have the Tip Jar feature enabled.

Twitter profiles with Tip Jar enabled will show a “Tip Jar” icon next to the “follow(ing)” button on their profile, as shown in the GIF illustration above.

In tests by BleepingComputer, however, Tip Jar was not available for some app users, including those with verified accounts, although the preferred language for the accounts/apps was set to English. 

As such, those interested in pioneering the Tip Jar feature should keep an eye on their app for any updates.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us