You will be surprised by what your Tweets may reveal about you and your habits

Analyzing twitter accounts activity

I use Twitter every day. As a cybersecurity consultant it is by far one of the best tool to get the latest news and share information you find relevant to others. With the recent inauguration of Donald Trump, the regular Twitter goofs of the new staff and the creation of Twitter resistance groups I decided to demonstrate how easy it is to show revealing information from someone else account — without hacking it.

Metadata

As any other social media website Twitter know a lot of things about you, thanks “metadata”. Indeed, for a 140 characters message you will get A LOT of metadata, more than 20 times the size of the initial content you typed in! And guess what? Almost all of this metadata is accessible through the open Twitter API.

Here are a few examples that could be exploited by anyone (not just government) to “fingerprint” and track someone:

Timezone and language set for the Twitter interface

Detected languages in tweets

Sources used (mobile application, web browser, …)

Geolocations

Most used hashtags, most retweeted users, etc.

Daily/weekly activity

Example of an Tweet (2010 — API has changed a lot since)

Everybody knows the danger of geolocation leaks and how it can impact privacy. But few realize that just tweeting regularly can say a lot about your habits.

Taking apart a single tweet may reveal interesting metadata. Taking a few thousands of them and you can begin to see some patterns. That’s where the fun begins.

Meta-metadata

Having collected enough tweets from someone we can for example distinguish “corporate” accounts (only used during working hours) and even trying to guess how many users are interacting with the account.

To prove my point I developed a python script that retrieve all latest tweets from someone, scraping metadata, and measuring the activity per hours and days of the week.

Analyzing the @Snowden account

Snowden posted 1682 tweets since September 2015. We can easily determine his sleep pattern as shown below (Moscow timezone).

Snowden Twitter account activity

Analyzing the @realdonaldtrump account

Is Donald Trump account managed by multiple people? This time looking at the number of detected sources, I will let you guess…

Donald Trump account tweeting sources

General recommendations

I would highly suggest you to read the grugq’s Twitter security guidelines. In addition to that guide I would advise you to be careful of timezone/language used, also be aware that your tweets may be analyzed as a whole: don’t tweet at the same hours if don’t want people to guess your timezone. Of course, do this only if you wish to remain anonymous, don’t apply these principles with your main account (that would be a waste of time)!

Source code

I pushed my script on Github. It’s open-source so feel free to contribute 😉