[Thorrez]

Why does this require the extra step of using a burner account? Why not tweet https://twitter-unfurl-faker.herokuapp.com/ from your main account and that's it?

Does Twitter only unfurl t.co URLs? If so, why would they write separate code for unfurling t.co with ?amp=1 vs without ?amp=1 ? And why would Twitter unfurl a t.co link past the first non-t.co URL? I guess that's the vuln, right, that they don't stop after the first non-t.co URL?

[manmal]

Sometimes, t.co links redirect 5+ times until the target domain is reached, so I guess fixing this would break a lot of twitter‘s content.

[Thorrez]

You mean they redirect through various different domains not affiliated with Twitter before reaching the end? Who creates these links? Is it people creating short links before posting to twitter? What's the purpose? Just tracking?

[manmal]

Yes, my bet is on tracking.

[Thorrez]

Wait, my original question still is open. "Why not tweet https://twitter-unfurl-faker.herokuapp.com/"? If Twitter won't unfurl non-t.co URLs, then that "would break a lot of twitter‘s content."