Elon Musk has put an end to weeks of uncertainty by announcing that Twitter has accepted his bid to purchase the social media network for $54.20 per share, valuing it at $44 billion. While Musk’s long pursuit of Twitter has come to an end, the next chapter in Twitter’s history and the lives of its hundreds of millions of users has just begun for him. The transaction sparked immediate worries that Musk, a self-described “free speech absolutist,” will roll back content regulation, possibly undoing years of work to stop hate speech and disinformation from spreading unchecked.
But, at a time when even workers are unsure about the company’s future, experts have been quick to caution about the possible privacy ramifications of the $44 billion acquisition to take Twitter private. One of Musk’s numerous planned initiatives for Twitter that has raised concerns in the business is the open-sourcing of the platform’s algorithmic code to make it publicly available, according to his brief 78-word statement. Musk claims that this change, which Twitter has been considering for some time, will help to restore trust in the platform, which has been plagued by false news and security breaches in recent years, including one in which hackers hijacked high-profile Twitter profiles, including Musk’s, to promote a cryptocurrency scam.
However, cybersecurity experts are concerned that Musk’s open-source vision for Twitter may leave it more vulnerable to hackers. According to Jamie Moles, senior technical manager at security firm ExtraHop, “the choice to open source this code certainly implies that it will be copied by other social networks, advertisers, and others who are eager to sharpen their user targeting.” “Of course, there are substantial security risks with any widely accepted open-source code.” Vulnerabilities in widely used open-source software are exponentially more lucrative, as we’ve seen with Log4Shell and Spring4Shell. Making its technology open source may provide Twitter users more transparency, but it may also make twitter a far more attractive target for hackers.”
Musk’s effort to fight so-called spam bots, which have been used to distribute malware and propagate political beliefs, might result in “new approaches that improve the detection and identification of spam emails, spam postings, and other dangerous incursion attempts,” according to Moles. “It might be a huge help to security professionals globally.” Professor Eerke Boiten, the head of De Montfort University’s faculty of computer science and informatics, cautioned that open-sourcing Twitter’s algorithm might lead to malevolent actors “gaming” the system, resulting in people being treated differently depending on their personal traits.
“Think, for example, of outside manipulation of Twitter’s targeted advertising components, which is a privacy risk even before it is gamed,” Boiten added. “It would therefore hasten the arms race of new gaming techniques and countermeasures.” Musk’s brief response had a lot to be desired. He didn’t clarify how he intended to “authenticate all humanity.” Some see it as a proposal to expand Twitter’s existing user verification system, or as a real-name policy requiring users to produce verified proof of their legal name.
The Electronic Frontier Foundation, a digital rights organization, expressed worries about the impact real-name restrictions have on the human rights worth of pseudonymous communication, and Musk may not have addressed the consequences of a loss of anonymity on particular groups of individuals. In a blog post, the EFF stated, “Pseudonymity and anonymity are crucial to protecting people who may have beliefs, identities, or interests that do not coincide with those in power.” “Policies requiring genuine names on Facebook, for example, have been used to exclude Native Americans, persons with traditional Irish, Indonesian, and Scottish names, Catholic clergy, transgender people, drag queens, and sex workers.” If people in control uncover their actual identities, political dissidents may face significant harm.”
The EFF also expressed worry over Twitter direct messaging’ persistent lack of end-to-end encryption: “Fears that a new owner of the site might be able to read those communications are not unwarranted,” the EFF stated. Musk’s assault on pseudonymity, according to Boiten, is the most worrying component of Musk’s takeover. “In many situations, anonymity is a requirement for privacy. Once authoritarian regimes learn that Twitter has authenticated its users, they can demand the information, jeopardizing a lot of existing disruptive activity in those nations,” he warned. “I’m curious how many anonymous Twitter accounts Tesla employees now operate – Elon Musk follows his own guidelines to a tee — thus future Tesla whistleblowers or unionizers wouldn’t be comfortable getting themselves authenticated on Twitter.”