A Twitter bug is allowing fleets to be viewed after their supposed 24 hour expiration date.
The new fleets feature was first added to Twitter last week. Much like SnapChat and Instagram Stories, it allows users to post photos and videos with text that will disappear after 24 hours.
The bug, first report by TechCrunch, is enabling fleets to be viewed long after this expiration period. The bug has been detailed in a Twitter thread by user @donk_enby.
They said that using an app that interacts with Twitter’s developer API, anyone can view and download a user’s fleet without triggering a ‘seen’ notification.
This is apparently because each fleet has a unique URL that can be opened in a browser, even after the 24 hour expiry period.
“I have also just confirmed that the media URLs don’t expire after 24h, so you can view fleets after they’re deleted,” @Donk_enby said in a tweet.
full disclosure: scraping fleets from public accounts without triggering the read notification
the endpoint is: https://t.co/332FH7TEmN
— cathode gay tube (@donk_enby) November 20, 2020
“We’re aware of a bug accessible through a technical workaround where some fleets media URLs may be accessible after 24 hours. We are working on a fix that should be rolled out shortly,” a Twitter spokesperson said to TechCrunch.
According to Twitter, the workaround will simply be the Twitter API no longer returning URLs for fleets that are 24 hours or more old.
Twitter has also said that fleets all fleets will remain on its servers for 30 days. That time period may be extended if a fleet violates its rules.