The other reply seems more informed, but I’ll share another technical practice that would lead to increased load and thus risk of DDoS in general (I hadn’t heard of this change and issue of Twitter before reading about it here):
Delivering webpages without a logged-in user means you can cache (remember) commonly returned data and pages. You can repeatedly deliver the same thing.
For logged-in users, this is not the general case. A logged-in user has follows, blocks, and adjusted content selection. So rather than deliver a “standard view” a “user view” has to be generated.
This is generally true, but it would only result in minor increases in traffic as users sign up to see posts. The “create an account” page is cached to hell and back, obviously, and I don’t think anyone is going “oh geez better create an account so I don’t miss out!”
The other reply seems more informed, but I’ll share another technical practice that would lead to increased load and thus risk of DDoS in general (I hadn’t heard of this change and issue of Twitter before reading about it here):
Delivering webpages without a logged-in user means you can cache (remember) commonly returned data and pages. You can repeatedly deliver the same thing.
For logged-in users, this is not the general case. A logged-in user has follows, blocks, and adjusted content selection. So rather than deliver a “standard view” a “user view” has to be generated.
This is generally true, but it would only result in minor increases in traffic as users sign up to see posts. The “create an account” page is cached to hell and back, obviously, and I don’t think anyone is going “oh geez better create an account so I don’t miss out!”