back to article IP address X-posure now a feature on Musk's social media thing

Video and audio calling features for X Premium users added last year to Elon Musk's version of Twitter have been expanded to everyone on the platform, and FYI: It may reveal your IP address to those you're nattering away to. For some of you, that's not a problem. You're calling people you know and trust anyway. For others, it …

  1. Anonymous Coward
    Anonymous Coward

    Not using Twitter(X)

    It seems that Twitter in solidarity with Facebook have decided to enhance security by stopping anyone login in at the moment.

    Unlike FB, my connecting Twitter session hasn't expired, but can't login on the web at the moment.

    > To find the audio and video calling features, which can only be disabled or modified in the Twitter app, not on the website,

    Is the new calling feature only a thing in the App? as you say, I can't find anything in the settings about this on the web based access.

    1. Someone Else Silver badge

      Re: Not using Twitter(X)

      From the article:

      How to protect yourself on X

      The safest, most sanity-maintaining way to use X is not to [...]

      Truth in Advertising!

  2. mark l 2 Silver badge

    Am I correct in the wording of he article that you now cannot directly message a another user on Twixter unless you pay for a subscription or the other part has paid and message you first?

    I mean if Elons goals is to drive all the free users off the platform to another one where you can message for free, then hes doing good work with that. Maybe he just wants only the die hard Musk fanbois left on Twixter as surely they would be dumb enough to pay a monthly fee to use it?

    1. Jim Mitchell

      article: "Video and audio calling features for X Premium users added last year to Elon Musk's version of Twitter have been expanded to everyone on the platform"

      So, no, you don't have to have a paid Twitter account to use this, um, feature.

      1. OhForF' Silver badge

        Mark I 2 wasn't asking about the video and audio calling features but about the DM direct messaging feature.

  3. Brynstero0

    Free users cannot send DM's

    And this means theyre not exposed to the ability to make/recieve calls?

    Seems like a selling point to not pay for the artist formally known as Twitter

    1. diodesign (Written by Reg staff) Silver badge

      Re: Free users cannot send DM's

      Free users can send DMs, but it's a bit complicated as it depends on your settings and who you're messaging. We've taken that part out so as not to confuse anyone.

      C.

  4. Pascal Monett Silver badge

    I love it

    Every half-brain change Elon makes to his "platform" is continually blowing up in his face.

    I just love watching that.

  5. mbc
    Boffin

    Peer to peer works this way

    The Register knows my IP address as well, when my browser client connects to the server. Peer-to-peer video calls would, by their very nature, also require disclosing one's IP address to the other peer. The workaround is to run traffic through an intermediary, which seems like what X is doing. How is this any different than any number of other Internet-related services? The Register hates X and Elon, I get that, but the fact that sniffing traffic from a peer-to-peer connection reveals the destination of the traffic is obvious.

    Not to mention that knowing someone's IP address does not let you "physically" track them. The author needs to write more clearly and possibly gain a better understanding of how the IP protocol works. Not everything X does is malicious.

    1. Anonymous Coward
      Anonymous Coward

      Re: Peer to peer works this way

      > Not everything X does is malicious.

      True that: there is still that bloke who pauses at the entrance to the car park, to let pedestrians cross first; they can't let him go as he is the only one who knows how to make Elon's coffee, which makes him the most valuable employee.

      Although the rumour is that he'll be getting a company Tesla; the autopark won't suffer from his un-X-like behaviour.

    2. diodesign (Written by Reg staff) Silver badge

      Re: Peer to peer works this way

      Yes, we've expanded that part of the article. We do know what IP addresses and P2P comms are all about.

      This is a heads up for those who assumed Twitter's calling feature was routed through X servers. It's not, by default, you have to switch that on.

      We felt this was something worth pointing out to people in general. Not everyone is an IT expert like yourself.

      C.

    3. Anonymous Coward
      Anonymous Coward

      Re: Peer to peer works this way

      > knowing someone's IP address does not let you "physically" track them

      That depends, You can whois my IP address and get my IRL address.

      1. Network Explorer

        Re: Peer to peer works this way

        > You can whois my IP address and get my IRL address.

        I would recommend you fix that sooner than later. It's not that hard; get a company to host your ip and use a VPN. Don't allow websites to get your location, they only do that to track you.

        1. Anonymous Coward
          Anonymous Coward

          Re: Peer to peer works this way

          Hopefully it's in hand. I thought it had changed when the GDPR rules came into play, one of my blocks changed but not the other, but it used to be the rules for having real IP address blocks. My business is based at my home.

          The real laugh is that websites never get my location right. They claim I'm all over the country, but never close to home :-)

          The marketing people were never allowed to make use of the whois data, I guess the like of RIPE aren't good to pick a fight with, you suddenly find you can't connect to the Internet :-)

      2. MatthewSt

        Re: Peer to peer works this way

        And Plusnet in the UK by default reverse DNS your IP address to accountname.plus.net

    4. Anonymous Coward
      Anonymous Coward

      Re: Peer to peer works this way

      I had the same question - why is this news? Of **COURSE** the person you're doing a peer-to-peer anything with gets your IP address. Am I missing some other point here?

      In my case, I'm on T-Mobile home internet; my public IP address isn't always in the same state as me!

      1. Roland6 Silver badge

        Re: Peer to peer works this way

        My initial take on the headline was that “X” surfaces the other parties IP address in an end user screen, rather than requiring some tech knowledge to dig it out of the devices network stat’s.

      2. John Brown (no body) Silver badge

        Re: Peer to peer works this way

        The news to me was that there may be video calling going via a host provider is is masking the IP addresses of the participants! Although thinking about it, that would be the easy way to intercept data for building profiles etc. Now I'm envisioning Google/Facebook/X data centres with masses of servers doing voice and facial recognition on live video calls, all in the name of "privacy".

        Personally, I've never assumed privacy on the Internet ever since I first looked into how email worked and realised it was the equivalent of sending a message through the public mail system on a postcard, ie pretty much since I first got an internet connection.

  6. Pomgolian
    Pint

    No Sht, Sherlock

    The safest, most sanity-maintaining way to use X is not to.

    I'll drink to that.

    Oh, for dual icons.

  7. aerogems Silver badge
    Go

    Love it!

    To its credit, Xitter discloses that its audio and video calling exposes user IPs on the help page for the feature. X said "once our servers facilitate the initial setup, the call itself is routed peer-to-peer such that each parties [sic] IP address may be visible to the other."

    Not sure if that was something that was accidentally left in before publishing or if it was intentional, but if El Reg adopted that as the new official unofficial moniker for the company, I would find it hilarious.

  8. Anonymous Coward
    Anonymous Coward

    NAT

    Is peer-to-peer actually possible from behind a NAT router?

    Asking because I don't know.

    1. Licensed_Radio_Nerd
      Boffin

      Re: NAT

      Yes. The application will call home to Twit-central, and the software there will join the two ends together - a bit like the old plug-in switchboards. Unlike the old switchboards, the call routing will not continue through Twit-central. Once each end knows the public IP addresses, they can talk to each other point-to-point. The Network Address Translation side of the firewall will track the passing packets so it knows where to return the data to internally. I would guess (hope) the app is using HTTPS as pretty much every firewall device on the Net passes that without messing with it.

      And thanks to this article, I have already disabled this unwanted feature bloat!

      1. Anonymous Coward
        Anonymous Coward

        Re: NAT

        @Licensed_Radio_Nerd

        Quote: "...Twit-central, and the software there will join the two ends together...the call routing will not continue through Twit-central..."

        Reason for my question:

        (1) peerA - NAT - internet_server - NAT - peerB ## works as described where the internet_server "joins the two ends"

        (2) peerA - NAT - vanilla_internet - NAT - peerB ## don't see how this can ever work

        Why do ordinary people have to pay to get a service provider to connect a peer-to-peer communication?

        And, of course, maybe the "internet_server" is saving (at least some) metadata!!!!!!!

        1. Roland6 Silver badge

          Re: NAT

          >Peer B etc

          Both ends of the VPN connection need to run the same “brokered” VPN client.

          > Why do ordinary people have to pay to get a service provider to connect a peer-to-peer communication?

          Operator connected calls have always carried a premium…

          > And, of course, maybe the "internet_server" is saving…

          There will be a saving due to the connnection not having to be trombones via X’s servers.

    2. Roland6 Silver badge

      Re: NAT

      Totally possible, this is effectively what products like Draytek’s VPN Matcher do.

  9. Anonymous Coward
    Anonymous Coward

    Xitter indeed

    I have a Twitter account, never used it much. But, prompted by this article, I just opened the app for the first time in ages (well over a year I guess) and edited the setting. I scrolled through the first dozen or so messages on my timeline just to see what's what (I followed maybe a dozen accounts, mostly infosec)

    All of them were far-right / hate speech type stuff, it was quite unbelievable. Just wow. I'll keep the account just so no-one else can grab my username, but I don't see myself ever using it again.

    1. TheFifth

      Re: Xitter indeed

      I had exactly the same experience when I logged in for the first time in over a year a couple of weeks back. I had the pleasure of a video of a drug lord being murdered, a dad beating the crap out of his daughter for having an OnlyFans account and a fight on the Tube. I follow tech news, science news, retro tech and some comedians. Don't know how anyone can cope with Twitter anymore.

    2. iron Silver badge

      Re: Xitter indeed

      Your infosec people are all on Mastodon now.

    3. DS999 Silver badge

      Re: Xitter indeed

      I haven't logged into it in ages and I don't follow anyone, so if that's what's "trending" to be put in the feeds of people there I guess that's not exactly going to draw in a lot of new users. At least existing users who follow a lot of stuff would (hopefully/presumably) not get the nazi shit but instead get the people they followed. But who knows, since Musk has effectively forced himself into everyone's feeds you are going to get some alt-right stuff no matter what!

  10. Anonymous Coward
    Anonymous Coward

    The safest, most sanity-maintaining way to use X is not to

    Yea, sure comes across as unbiased reporting /s

  11. Mitoo Bobsworth
    Facepalm

    Wot, no fee?

    Surely his Muskiness should be charging for this new privilege.

  12. druck Silver badge

    You can't have it both ways

    One minute everyone is crying out for peer to peer encryption for security, now they are claiming it exposes IP addresses and you should go through the companies server for "enhanced privacy".

    1. Graham Cobb Silver badge

      Re: You can't have it both ways

      Yes you can... The encryption should be peer-to-peer, the connection should be via a server.

      There is absolutely no conflict.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like