The other reply seems more informed, but I’ll share another technical practice that would lead to increased load and thus risk of DDoS in general (I hadn’t heard of this change and issue of Twitter before reading about it here):
Delivering webpages without a logged-in user means you can cache (remember) commonly returned data and pages. You can repeatedly deliver the same thing.
For logged-in users, this is not the general case. A logged-in user has follows, blocks, and adjusted content selection. So rather than deliver a “standard view” a “user view” has to be generated.
They blocked access in the back end, but didn’t adjust the frontend to deal with this situation.
If you try to access twitter while not logged in the frontend requests tweets from the backend, gets an error response and therefore tries again around 10 times per second.
How does not letting logged-in account access tweet end up DDDosing the site?
The other reply seems more informed, but I’ll share another technical practice that would lead to increased load and thus risk of DDoS in general (I hadn’t heard of this change and issue of Twitter before reading about it here):
Delivering webpages without a logged-in user means you can cache (remember) commonly returned data and pages. You can repeatedly deliver the same thing.
For logged-in users, this is not the general case. A logged-in user has follows, blocks, and adjusted content selection. So rather than deliver a “standard view” a “user view” has to be generated.
They blocked access in the back end, but didn’t adjust the frontend to deal with this situation.
If you try to access twitter while not logged in the frontend requests tweets from the backend, gets an error response and therefore tries again around 10 times per second.