Twitter commenced the global rollout of Fleets – its own version of Stories or ephemeral status updates – last week to a mixed reception from users. While some users were stoked at the arrival of a cool new feature in the Twitter app, not many were happy with the arrival of ‘stories in yet another app’ where it was not really needed. Critical reception aside, the worldwide rollout of Fleets also came with a host of technical issues, one of which was Fleet visibility even after their 24-hours expiration period.
This meant that developers could save a Fleet URL during the 24h the Fleet was active. Due to our queue backlog, that URL may have still been accessible after the Fleet expired. The queue is now caught up and we’ve updated our systems to reduce the likelihood that this reoccurs.— Twitter Support (@TwitterSupport) November 23, 2020
Addressing the issue, Twitter made it clear that Fleets can not be viewed in its app once they have reached their 24-hour expiration period. However, some Fleets were visible even after they reached their maturity period due to the failure of a backend system that has a queue for deleting all Fleets after a period of 24 hours. Essentially, the queue backlog was the reason responsible for Fleets being visible past their expiration period.
We don’t believe this is a security or privacy concern because Fleets (from accounts without the "protected" setting) are public. We updated our systems today to require an authenticated session before requesting Fleets metadata, to add more friction to use these APIs.— Twitter Support (@TwitterSupport) November 23, 2020
The social media giant explained that some developers saved a Fleet’s URL when it was active and were thus able to view it later due to the non-deletion of the backlog. However, Twitter has now updated the queue of its backend system, ensuring that Fleets are only visible for their intended life span. Moreover, the company also noted some users may not appear in the ‘Seen by’ list for Fleets if the list gets too long due to a large number of users seeing it.
Finally, we heard concerns that people can see Fleets without showing up in the “Seen by” list. Our goal is to show a list of people who've seen your Fleet, but we don’t guarantee completeness for technical and experience reasons. For example, we cap the list when it gets long.— Twitter Support (@TwitterSupport) November 23, 2020
Twitter also addressed an issue that allowed people to see its take on Stories without even signing-in. However, the company clarified that Fleets are visible only when users are logged in, and the aforementioned ‘issue’ was merely a developer-specific behavior that does not pose any security risks. Nonetheless, Twitter claims to have updated its systems to ‘require an authenticated session before requesting Fleets metadata,’ to add more friction to the process which it defines as scaping.