Twitter IDs Aren’t Personally Identifiable Info [#IranElection]

I think it’s an important story to take to the public, which is why I’ve asked Duncan Riley if I could post here at Inquisitr, rather than just my personal blog. I feel these stories deserve to be presented to a wider audience, and thankfully Duncan has obliged my request.

Over the last few days, though, everywhere I go, I keep seeing pleas that look like this one I saw on a CNN blog post:

June 16th, 2009 2:42 pm ET

People have been begging CNN to immediately quit reporting with usernames from Twitter. As reported in this piece, individuals are being arrested and questioned due to exposure – intentional or otherwise.

There was someone above in a comment who posted a twitter name in their post. Moderator, please remove immediately and insure that their safety is protected b not being stupid about what is said.

As many have said the Iranian govt is watching twitter and the news sites and are shutting down those whose names are being broadcast and disseminated out there.

Users have been asked to remove the tweeter’s username from ReTweets to protect their identity.

Can someone please explain to me how this is supposed to work?

image How is it that the Iranian government going to find out the personal identity of a Twitter user? Has Twitter suddenly started including GPS meta data in their API? Have @biz and @ev started sending out IP address data for users when asked for it by election stealing foreign presidents?

Meanwhile, if lists of reputable purveyors of on-the-ground information stop getting published, how am I, a news consumer, short of spending all day watching the twitter public timeline, going to learn what’s a credible news tip and what’s not? There aren’t great hard-coded methods of determining trust within Twitter, so the best method we have is by looking at the Twitter ID of the tweet originator, and scanning it for the tell-tale signs we know to look for in a disreputable account.

To that end, if Iran really wanted to know who was using Twitter from within the country, they certainly wouldn’t need to read the comments on my blog or on CNN. All they’d need to do is set up one or two honey-pot proxy servers, or just grab Twitter cookie files from the browser whenever a user tries to go to the site and hits the national firewall.

Finding published sources of reputable Twitter posters in blog comments is the least efficient method they could choose to find their identities.

Where Did This Idea Come From?
image From the best I can determine, Cory Doctorow was the first to popularize this idea. Cory is one of the founders of the uber-popular blog Boing Boing, and fairly well respected in privacy and IT circles.

He made a blog post the other day he titled the “Cyberwar guide for Iran elections,” in which he said:

5. Don’t blow their cover! If you discover a genuine source, please don’t publicise their name or location on a website. These bloggers are in REAL danger. Spread the word discretely through your own networks but don’t signpost them to the security forces. People are dying there, for real, please keep that in mind…

I understand the importance of not releasing a location of a source. Telling the Iranian government through a public announcement of where a dissident may be can be tantamount to putting their life in danger. Generally, though, the present location of any given Twitter user can’t be found through simply revealing their Twitter ID.

Certainly, I, like I hope most people, will use their judgment in determining what information is personally identifiable. Until someone explains to me the method Iran is using to divine personally identifiable information out of Twitter IDs, I’ll continue to publish Twitter names when appropriate – it’s the best way I know of to help keep the signal visible amongst the cacophony of noise we all are having to wade through.