Twitter Ads to Read Your Mind Because Twitter's Stealing Your Email Address

This article is from the archive of our partner .

Learning a lesson from Facebook, Twitter has realized that the more it knows about us, the more valuable its ads can be, which is why it's working on a "custom audiences" tool that uses email addresses from retailers to serve more "relevant" ads for marketers, sources tell Bloomberg's  Douglas MacMillan and Jon Erlichman. In an attempt to move beyond standard promoted tweets, Twitter is trying so hard to legitimize its business model that, well, you're about to find out just how much Twitter really knows about where you shop. And the main privacy model "doesn't actually provide protection," the Electronic Frontier Foundation firm tells The Atlantic Wire.

Twitter's custom ad plan works like this: Companies will share the email address you gave to them — either at check-out or via online shopping — with Twitter, which then plans to share your address with advertisers, who will then use it to send the right ads to the right people back on Twitter. Don't be surprised if you start seeing promoted trends and tweets for your favorite stores around the end of the year, when sources tell Bloomberg the program would start rolling out. 

It's not exactly as all-knowing as Facebook's current setup — the social network knows where we shop and what we bought — but there are still some privacy concerns. First of all, the premise alone is unsettling. This kind of targeted advertising can get specific in a way that might make tweeters uncomfortable. Why does Twitter know that Spencer's is my favorite retailer? Do I want Twitter knowing that? Maybe not.

More worrying, at this point, is that it's unclear how Twitter will deliver this trove email addresses to advertisers. In order to ensure a certain level of anonymity between you and the marketer, for example, Facebook randomizes the letters and numbers in email addresses so that companies don't have direct access to your Facebook profile; in theory, the advertiser doesn't know who is getting the ad — just that the right person got it. If Twitter doesn't want a headache from users and privacy advocates, it will likely do some version of that process, known as hashing.

But even that won't placate all the skeptics. "Hashing an email address in general is not very privacy protective," the Electronic Frontier Foundation's Dan Auerbach told The Atlantic Wire. Because most people use only letters in their e-mail addresses, turns out it's pretty easy to do what's called a "dictionary attack" to recreate the original address. "From a protective point of view, it might sound appealing, but it doesn't actually provide protection," Auerbach added.

As much of a privacy overstep as Twitter's "custom audiences" strategy might present, knowing things about us fits with Twitter's advertising plan, as it theoretically readies itself to IPO next year. Just today, the platform announced a television advertising program that tracks people who tweet about certain shows to serve them Twitter ads that match those of the ads they saw during a commercial break. This type of marketing still relies on information we put into Twitter — a more standard form of web advertising. But, again, it takes our offline, off-Twitter habits — in this case television watching — and advertises directly toward that behavior, which is different than standard web advertising, which might follow us around the Internet but tends to leave our real lives alone. So much for that idea.

This article is from the archive of our partner The Wire.