A few moments ago I discovered a bug in the way twitter handles protected updates.

Apparently, if you search for a username, it will provide you with that users most recent tweet. This could easily be exploited through scrapes to provide a "feed" of a users "protected" updates.

So much for privacy. One more reason to hate twitter.

For the curious, here is how it's done,

Simply enter the URL in this format:
http://twitter.com/tw/search/users?q=USERNAME

This seems sporadic with the "normal" twitter, but the mobile version showed the last update 100% of the time (that I tried, about a dozen from a few machines)

The mobile url is:
http://m.twitter.com/tw/search/users?q=USERNAME

You will need to be logged in for this to work.