First, we heard concerns about expired Fleets still being viewable. Fleets are *not* viewable in Twitter apps after 24h. However, our backend system has a queue that deletes Fleets media after 24h –– this system fell behind on Friday morning PST due to scaling problems.

We don’t believe this is a security or privacy concern because Fleets (from accounts without the "protected" setting) are public. We updated our systems today to require an authenticated session before requesting Fleets metadata, to add more friction to use these APIs.

The edge cases that can result in a mismatch between the “Seen by” list and the actual people who saw your Fleet are uncommon, but we realize that this may not have aligned with expectations. We’re taking this feedback seriously and considering how we can improve.

Finally, we heard concerns that people can see Fleets without showing up in the “Seen by” list. Our goal is to show a list of people who've seen your Fleet, but we don’t guarantee completeness for technical and experience reasons. For example, we cap the list when it gets long.

We hope this thread provides helpful context on the concerns and feedback that were shared. As always, we appreciate you sharing your concerns and apologize for any confusion or frustration this may have caused.

This meant that developers could save a Fleet URL during the 24h the Fleet was active. Due to our queue backlog, that URL may have still been accessible after the Fleet expired. The queue is now caught up and we’ve updated our systems to reduce the likelihood that this reoccurs.

We also heard concerns that Fleets may be visible to people who aren’t logged in. To clarify, people using Twitter apps can only see Fleets when logged in. But it’s possible for developers to make API calls to return Fleets metadata through a common behavior called “scraping”.

We wanted to address some security and privacy feedback related to Fleets. Here’s a technical breakdown of what we’ve heard and what we’ve done to address it:

