diff --git a/39.md b/39.md
index b84603c9..9eacee8b 100644
--- a/39.md
+++ b/39.md
@@ -51,6 +51,8 @@ Identity: A Twitter username.
 Proof: A Tweet ID. The tweet should be posted by `<identity>` and have the text `Verifying my account on nostr My Public Key: "<npub encoded public key>"`.  
 This can be located at `https://twitter.com/<identity>/status/<proof>`.
 
+Caveat: fetching `https://twitter.com/<identity>/status/<proof>` and looking for the `<npub>` is not sufficient as a validation, because Twitter can automatically redirect if you use the wrong identity (but the correct tweet ID) as part of the URL! So after fetching `https://twitter.com/saylor/status/1701877505437675910` one must re-check the *actual* URL (or avoid redirects in the first place) before concluding that the person using `1701877505437675910` as a proof matches the @saylor identity on Twitter!
+
 ### `mastodon`
 
 Identity: A Mastodon instance and username in the format `<instance>/@<username>`.