obligatory obscure reference

self-deprecating yet still self-promotional witty comment


twitter privacy problem?

Filed under: Hacking,Reverse Engineering — jet @ 16:05

Today I got an interesting screen on twitter:


Now stop for a second and think about this. Twitter won’t reveal my phone number, but they will let people search for me by my phone number.

So if I just search for all permutations of phone numbers for a given NPA (area code) and NXX (the first three digits of a phone number in the USA), I can make a list of twitter users in a given geographic area or at a specific business. NPA is often a geographically large area, but a given NPA/NXX pair can be very small — as small as a single company or small town.

Obviously you’d get caught trying to search for a bajillion contacts at once, but if I opened ~50 twitter accounts and added 10-20 numbers to each account per day, I could do 500-1000 lookups and cover a given NPA/NXX pair within a week or so.

Powered by WordPress