They adjusted blocked access in the back end, but didn’t adjust the frontend to deal with this situation.
If you try to access twitter while not logged in the frontend requests tweets from the backend, gets an error response and therefore tries again around 10 times per second.
The other reply seems more informed, but I’ll share another technical practice that would lead to increased load and thus risk of DDoS in general (I hadn’t heard of this change and issue of Twitter before reading about it here):
Delivering webpages without a logged-in user means you can cache (remember) commonly returned data and pages. You can repeatedly deliver the same thing.
For logged-in users, this is not the general case. A logged-in user has follows, blocks, and adjusted content selection. So rather than deliver a “standard view” a “user view” has to be generated.
This is generally true, but it would only result in minor increases in traffic as users sign up to see posts. The “create an account” page is cached to hell and back, obviously, and I don’t think anyone is going “oh geez better create an account so I don’t miss out!”
How does not letting logged-in account access tweet end up DDDosing the site?
They adjusted blocked access in the back end, but didn’t adjust the frontend to deal with this situation.
If you try to access twitter while not logged in the frontend requests tweets from the backend, gets an error response and therefore tries again around 10 times per second.
The other reply seems more informed, but I’ll share another technical practice that would lead to increased load and thus risk of DDoS in general (I hadn’t heard of this change and issue of Twitter before reading about it here):
Delivering webpages without a logged-in user means you can cache (remember) commonly returned data and pages. You can repeatedly deliver the same thing.
For logged-in users, this is not the general case. A logged-in user has follows, blocks, and adjusted content selection. So rather than deliver a “standard view” a “user view” has to be generated.
This is generally true, but it would only result in minor increases in traffic as users sign up to see posts. The “create an account” page is cached to hell and back, obviously, and I don’t think anyone is going “oh geez better create an account so I don’t miss out!”