By the end of the year, Twitter expects to be recording and analyzing every link users click on when using its Web site or any of the thousands of third-party microblogging apps.
An e-mail announcement Wednesday night said "all users" will soon be switched over to Twitter's t.co link-shortening service and, once that happens, "all links shared on Twitter.com or third-party apps" will use it. In addition, the company said, when anyone clicks "on these links from Twitter.com or a Twitter application, Twitter will log that click."
Wednesday's news was soon met with a smattering of privacy concerns, with some Twitter users dubbing it a "disgusting data landgrab" and others wondering if there will be an "opt-out policy" for those who prefer not to have their clicks recorded. Another concern: a centralized link-redirector means a centralized point of failure in a service known for being frequently overloaded.
The announcement wasn't entirely unexpected: Twitter said in June, as CNET reported at the time, that it would begin using t.co to shorten some links. Like bit.ly and the venerable tinyurl.com, t.co allows an unwieldy URL like our own http://news.cnet.com/8301-13578_3-20015368-38.html to be represented more concisely. (Separately, Twitter's e-mail also said that developers now have to use the more secure OAuth framework to access your account.)
Of course, Twitter is not alone--and this point deserves to be stressed--in recording what links visitors click.
Knowing what links are popular can help a sufficiently sophisticated Web site refine its recommendations, and likely will let Twitter improve its "promoted tweets" program and its resonance algorithm, which uses metrics like number-of-clicks to decide which messages are relevant and useful.
It can also, as Twitter's Sean Garrett pointed out in June, permit better detection and prevention of malicious links.
So beyond the it-feels-a-bit-creepy, what's the real privacy concern? It's this: a security breach at a Twitter data center could reveal who's clicking on what links (although any theoretical breach would probably reveal much more sensitive information too). Police armed with search warrants in criminal investigations may have link-clicking questions they want answered. Divorce attorneys armed with subpoenas won't be far behind. And, in general, users may not expect this data about their behavior to be stored forever.
It's true that plenty of other link-shortening services exist, including tinyurl.com, bit.ly, is.gd, and snipurl.com. But once every Twitter user is switched over to t.co, it becomes a central information repository and a more alluring source of who-clicked-what data.
One obvious way to alleviate any privacy worries would be for Twitter to offer an option to disable logging and to delete any previously stored records. Log anonymization after a certain time wouldn't hurt either. Alex Macgillivray, are you reading this?
Disclosure: McCullagh is married to a Google employee