Another Twitter app launched itself to momentary viral stardom this morning by using a practice that seems to irritate more-or-less everyone. I refer to the mandatory auto-tweet posted from your own account saying something like “I just scored X% using suchandsuch app” – you know the type. This particular app was the sneaky, (or misguided) type that gives no warning, and no way of opting out.
Anyhow, this isn’t the first time I’ve been annoyed by auto-tweeting, I’ve written about it before. It’s happened more times than I care to remember, so I won’t go into the details of today’s particular example, except to say that its author has [sort of] apologised. It’s already been blogged anyway if you’re curious.
What I will harp on about though, is the fact that this is nothing short of spam – Twitter needs to agree, and needs to make it easier to report badly behaved apps. Read more…
I joked yesterday about writing one omnibus tweet per week. But actually, that’s not a bad idea at my current blogging rate. So here goes, my week in the Twittersphere -
I woke up this morning to the apparent viral spread of the TweetCloud app that unoriginally, but very nicely displays your most tweeted words of the year, or month, or .. you get the idea. Here’s mine ->
Read more…
Two things happened today that inspired me to write this post tonight.
- A brief back-and-forth on Twitter with @kaigani where I outlandishly claimed that Facebook Connect is a phishing scam waiting to happen
- The warning of another Twitter scam that typically exploits the layman‘s inability to spot a fake URL.
Facebook and Twitter both offer authentication services arguably known as “single sign-on”. Facebook Connect is a proprietary system, and Twitter offers a system based on the OAuth standard. These services do something quite marvellous – They allow you to authenticate with a another website without the third party ever seeing your password. What’s makes it even more handy is that you’re probably already signed in to these popular services, so you may not need to enter your password at all. The problem is when you do.
Read more…
Last week a another change to Twitter caused me problems with my personal project TwitBlock. For the impatient, see my Google groups post about it. (It didn’t go down very well).
If you’re a Twitter user, you’re probably familiar with this image:
It is/was the default profile image for users that have not uploaded a custom avatar. You may also have noticed last week that Twitter has introduced a new version. Actually they they made seven of them in different colours:
At least I think they made seven; I can’t find any more, but I can’t find any official document stating how many are out there either.
Read more…
I made a major change to TwitBlock the other night. The change was made to protect people who are heavily blocked, but are not “spam”. Of course that depends on your definition. (A topic for another day)
Originally each block on account would yield 10 points. Then I became aware of just how murky this issue is. Barack Obama is blocked by many accounts (Republicans no doubt) plus some people with extreme right wing views were being blocked heavily. Then the complaints started. People whose businesses survive on a huge Twitter following accused me of destroying their reputations, and generating further blocks on their account by showing the number of existing blocks.
So now two things have changed for the time being:
1. Clicks on “not spam” are deducted from blocks;
2. Blocks are diluted by the size of a user’s following. 10 points are added for every 1%. So, if you’re blocked by 40 people, but are followed by 8,000 this will only yield 5 points.
Although this has stemmed the complaints, the scanner is less aggressive and lots of real spam accounts are not showing up with high enough scores. I am struggling to find the balance in the face of all of this and may have to tweak it again.
- or – “I told you it was in Alpha”
I’ve rolled out an experimental TwitBlock feature designed to reduce “false positives” for legitimate accounts that are being blocked. Whitelist entries are now subtracted from blocks. i.e. accounts marked as “not spam” will have their blocks counteracted on a 1:1 basis. If this feature is abused, it will be removed. It survives on the premise that the spam bots are not capable of whitelisting each other.
Here’s the full story:
Read more…
As we approach 3,000 TwitBlock users, we know of over 100,000 blocks and have stored 20,000 profile pic checksums. I figured it was time to start crunching some numbers.
The first of many reports shows the top 20 most duplicated avatars that we know about.
Many spam accounts use identical avatars across hundreds of accounts. TwitBlock uses this fact as an indicator of a likely spam account. This report just shows the top 20 that we’ve identified, but there are many more.
This indicator is one of the best ways Twitter could prevent spam accounts from signing up in the first place. Clearly bots have been developed that continually generate new accounts and Twitter does not seem able to prevent this despite the most prolific accounts displaying such identical properties. With a tiny 0.01% of Twitter accounts authenticated with TwitBlock one can only imagine how many of these accounts are out there.
The list of Twitter accounts below all have something in common – They all have an identical profile image, which looks like this:
At the time of writing none of these accounts have been suspended. Whether they are breaking any laws or not I don’t know, but it is clearly a syndicate whichever way you look at it. The profiles all point to a Korean-registered “Cash generator” website, which [I would hazard a guess] is a con.
TwitBlock unearthed this statistic from a list of only 18,000 100,000 blocked accounts provided by under 400 3,000 TwitBlock users . When you consider the size and growth of Twitter, you can well imagine that there are far more than 120 288 profiles in this syndicate. You also have to wonder how much of Twitter’s growth figures can be attributed to this junk.
[ UPDATE: 18 Aug ]
Many of these accounts have been suspended, but TwitBlock is discovering new ones each day – currently 248 accounts known with this image.
[ UPDATE 19 Aug ]
I’ve produced a report of the top 20 most duplicated profile pics identified by TwitBlock
Read more…
A detailed explanation of the scoring mechanism used by TwitBlock.
Some people have complained that they get a high spam score and point out that they are not spammers. There are a number of important things to note about this.
- This software is in alpha – these indicators and the scoring mechanisms attached to them will change.
- As the system gathers data it will rely less on heuristics and more on cross-referencing (e.g. how many people have blocked an account)
- Some of these tests are only indicators of automation, not specifically of malicious behaviour.
- The spam rating has no limit – Scoring 40 may be high for a “legimate” account, but in a list with real spammers scoring 300+ you’ll be way down the bottom.
- If you display characteristics of a spammer then perhaps this amounts to the same thing as being a spammer. Most normal users score zero.
Roughly in order of accuracy, here are the 8 tests currently performed in the standard TwitBlock scan.