Round Year Fun

There is a painfully common occurrence happening on Twitter recently with these ‘fun’ game websites that you link to your Twitter account and they’ll give you some (bogus) information, such as Who Visits Your Twitter Profile, Twitter Networth and Twitter Family Trees. I’ve used at least one of these myself because, as most people, I didn’t see any harm in it.

Now, I’m not saying all of these websites are bad - some of them - are just fun little websites that pull together your Tweets and ‘guess’ some information, usually done on most-frequent contacts or most-recent followers, all are different.

A prime example of one of these bad websites though is RoundYearFun, I’m not linking the website as the domain will likely change again in a months time, but for context of how bad this website actually is, here is what happens when you try and tweet out their URL.

A screenshot trying to tweet roundyearfun domain

When you try and tweet out one of their domains, it comes back with the following

We can’t complete this request because this link has been identified by Twitter or our partners as being potentially harmful. Visit our Help Center to learn more.

Most people don’t come across this error because the websites domain get’s changed so often, so whereas .org is currently blocked .me isn’t.

Why are they bad though?

When you authorize a third party app to use your Twitter Account, there is a selection of permissions that Twitter allow developers to choose. For these ‘fun’ game apps, the only information they should require is access to your Tweets and to be able to send a Tweet for you, most people don’t care enough to review it and just approve it - but the RoundYearFun app includes a lot of permissions that give the website near enough complete control of your account (minus updating account information, seeing your password etc.)

A screenshot trying to authorize roundyearfun on twitter

For what these ‘games’ actually do, the only permission these apps would need are:

  • See Tweets From your Timeline
  • Post Tweets for you

Some settings are included with each other, such as Post Tweets and Delete Tweets, but we’ll ignore that for now since they’re not ‘massive’ issues. The ones that are the most concerning however:

  • See your Twitter Profile Information and Account Settings
  • Follow and Unfollow accounts for you
  • Update your profile and account settings
  • Create, manage, and delete Lists and collections for you
  • Mute, block, and report accounts for you

The second and last one are where problems are arising for most people, at least recently. Conspirador Norteño recently posted some interesting information regarding these Round Year Fun apps, along with how many of them have been and are being created on what seems to be a daily basis, along with the estimated number of accounts that have approved access to each of these apps

Stats for tweets containing RoundYearFun

Because of the permissions that these apps are requesting, a lot of people have found themselves following accounts that they haven’t followed. How are they getting through though? When the app follows the user for you, they’re muting the account at the same time - so you’re following this person which will increase their follower count, but you’ll never see their tweets on your feed (or on Twitter) as the user has been muted.

Stats for people followed by accounts containing RoundYearFun

OK cool, so they’re following people… so what?

Valid point. No one knows what other information they’re pulling though, if you think about it, with access to Account Settings they could in theory pull through the following information :

  • Email Address
  • Phone Number

They have access to your Timeline as well, along with all the tweets that you would see, so they can collect those tweets, along with your tweets, and any accounts that you follow that are private. Assuming they are doing that, that is potentially an absolutely HUGE database of personal information.

Twitters API has a limitation of only allowing 3,200 tweets to be pulled through, after that the only way you can view them is via a Twitter Archive that you need to physically request, but if you make the assumption that at least 60,000 people have used this website and have at least 3,200 tweets - that’s 192,000,000 tweets that have just been collected, including potentially private information or photographs if you’re a private NSFW account - that’s insane.

What can I do?

If you’ve used one of these apps the best thing you can do is deauthorize the app from having access to your account - you can do that here if you’re on a PC - if you’re on a phone you can do the following:

  • Open the Twitter App
  • Go to Settings and Privacy
  • Go to Account
  • Click on Apps and Sessions

Once in there, remove and apps that are by Round Year Fun, usually under Roun’ Year Fun with some random numbers after it.

If you want to check if they’ve followed any users for you, since they mute them, it makes it pretty simple to find out. Again if you’re on PC you can do it here. If you’re on a phone, you can do the following:

  • Open the Twitter App
  • Go to Settings and Privacy
  • Go to Privacy and Safety
  • Scroll down and click on Muted then Muted Accounts

You should see which accounts it has muted and followed, simply block the user and this will remove them from your following.

Further Reading

If you’re interesed, here are some other good resources for reading up about this website.

Windows, Android Users Targeted by Maikspy Spyware

Inauthentic Accounts Are Spamming Twitter With Spyware That Can Steal Users’ Private Data

affinitweet_ on Twitter

Twitter Family Trend Secretly Following Random Accounts

//

Song Addiction at he moment: Måneskin - I WANNA BE YOUR SLAVE

Catch. 😊x