Twitter is the newest social media site for users to experiment with posting disappearing content. With Fleets, as Twitter calls them, mobile users can post short stories such as photos or videos with overlaid text that will disappear after 24 hours.
However, a bug resulted in fleets not being properly deleted and being accessible long after 24 hours had passed. Details of the bug were released in a series of tweets on Saturday, less than a week after the feature launched.
The bug effectively allowed anyone to access and download a user's fleets without triggering a notification that the user's fleet was read and by whom. The consequence is that this error can be misused to archive a user's fleets after expiration.
Use an app designed to interact with Twitter's back-end systems through the Developer API. What came back was a list of the fleets from the server. Each fleet had its own direct URL which, when opened in a browser, loads the fleet as an image or video. But even after the 24 hours had expired, the server would return links to fleets that were no longer displayed in the Twitter app.
When reached, a Twitter spokesman said a fix was on the way. "We are aware of a bug that can be accessed through a technical workaround where some fleet media URLs may be available after 24 hours. We are working on a fix that will be rolled out shortly."
Twitter acknowledged that the update means fleets should now operate properly. It said it won't delete the fleet from its servers for up to 30 days – and that it may keep fleets longer if they break its rules. We checked whether we can still load fleets from their direct URLs after the expiry.
Fleet with caution.