Elon Musk is at it again. And by “it,” I mean making inexplicably bad and poorly thought out decisions. After changing Twitter’s name last year, the billionaire with a flair for pretending he’s a genius businessman and an unhealthy obsession with the letter X decided it was time for his next move. He had Twitter X’s engineers finally start switching the platform over from “Twitter.com” to “X.com.” Soooo, how well do you think that one’s going? *Spoiler* It’s not going well.
Here’s what happened: Earlier this week, X implemented a feature that forcibly replaced posts on iOS that used the URL “Twitter.com” to “X.com.” It was first rolled out for people using the site through the iOS (Apple) app. It sounds simple in theory but it blew up spectacularly. It’s like someone used the “Find + Replace” feature in Microsoft Word. Basically, *anything* with the word “twitter.com” was automatically changed to “x.com” For example, if you typed in the domain “NetfliTwitter.com,” the post’s text would show up as “NetfliX.com,” despite taking people to the first URL. Did users pick up on this and take advantage of it? Yup! Is it also ripe for scammers to have a field day? You betcha!
X’s Twitter dot com problem: If a user typed in “Twitter.com,” they would see “Twitter.com” as they typed it before hitting “Post.” But, after submitting, the platform would show “X.com” in its place on the X for iOS app, without the user’s permission, for everyone viewing the post. And shortly after this revelation, it became clear that there was another big issue: X was changing anything ending in “Twitter.com” to “X.com.”
Why this is a big deal: Let’s say someone owns the domain name “NetfliTwitter.com.” Why would they own that domain name? Because if X is automatically changing anything that includes “Twitter.com” to “X.com,” then that means posting “NetfliTwitter.com” on X would make it appear in posts as “Netflix.com,” the popular movie streaming service. And if a user clicked the linked “Netflix.com” text that appears in that post, it would really take them to “NetfliTwitter.com.” Because while X is changing the text that the user wrote, the URL it links and directs to remains the same as the user posted.
A dream scenario for phishing campaigns: Some users on X noticed this very problem and found that it could quickly be utilized by scammers, hackers, and other bad actors. X user @yuyu0127_ quickly registered the domain name “NetfliTwitter.com” in order to prevent it from being weaponized and put up a warning page on the URL about the potential issues in X’s changes. “This domain has been acquired to prevent its use for malicious purposes,” reads the headline text on “NetfliTwitter.com.”
Someone saved us from sex.com: Another domain name “seTwitter.com” was also registered due to its potential to be exploited as X would then change how the URL is viewed on the platform to “sex.com.” The X user, @amasato_mochi, who registered that domain name, also put up a warning page in order to put a spotlight on the issue. “Please be very careful not to access suspicious URLs,” reads seTwitter.com. “I will hold onto this domain for a year to prevent any harm.”
URLs on older posts were affected: According to some users, the change implemented by X also affected older posts. Meaning any instance where someone previously tweeted “Twitter.com” was being changed retroactively to “X.com.”
Patching it up: X eventually realized the issue and rolled out a patch later that same day for some of the domains affected by this change. “Netflitwitter.com” no longer shows up as “Netflix.com” for example.
More changes are coming: However, Mashable can confirm that the X for iOS app is currently still changing many other references of “Twitter.com” to “X.com.” We noticed that in one instance we found, the change was happening when “Twitter.com” was being used in a subdomain for another URL.
“A remarkable stumble” LMAO: It’s unclear if this version of the issue will eventually be patched too. It certainly seems like a bad idea to change the text in a user’s post without their permission. Regardless, the whole ordeal is certainly a remarkable stumble for X, especially when Elon Musk’s social media platform itself still forwards “X.com” to “Twitter.com.”
Gizmodo also reports that, “As of Tuesday, it appeared that X had reversed course and was no longer automatically changing “NetfliTwitter.com” to “Netflix.com” on iOS.” I tested out some URLs using words that end in X, substituting that letter for the word Twitter. On both my iPhone and MacBook, the words showed up in my post as written, so it looks like whatever patch they did is working as of now. I also did a test post, asking, “Does Twitter.com redirect now?” and in that case, the text of my Tweet *was* changed to read as “Does X.com redirect now?”
What a dumbass idea from a dumbass person. Does nobody run these things by a legal department or something first? This could have also caused catastrophic issues for companies and paid advertisers, too. Imagine thinking you’re clicking on a Netflix ad for, say, Wednesday, but the URL actually takes you to a site with a virus or phishing scheme. Honestly, it makes me really sad to see what Space Karen has done to a platform that I spent years curating to my preferences and really did enjoy using as a result. It was a place I went to after I basically abandoned Facebook during the Trump years. I used to think that Elno was doing his investors’ bidding and purposefully trying to ruin Twitter, but now I’m not so sure. He may just be that bad at running companies.
Photos credit: Lukasz Gagulski/Avalon and Getty
