Hackers Are So Fed Up with Twitter Bots They’re Hunting Them Down Themselves

I got fed up with Twitter's lack of enthusiasm in blocking all sorts of shitposts that I stopped using it. I've been significantly less angry ever since...

This is a great effort. I wrote about this at the end of January (https://research.satnam.co/2018/01/30/scammers-impersonating...) and was working on a script last month that did the same thing but I was searching the Streaming API for specific keywords that I knew were triggers for their tweets. I set-up a Twitter account to also identify and report these scammers accounts. The problem I was having was I did not account for the variety of currencies that were being utilized, so I had to write new regexes for the different address types. By then, they had switched up tactics and I hadn't followed up on it since.

Are you aware that many ICOs give free torkens to people who share a specific tweet or tweet a specific url?

I’m a total Twitter n00b.

But are we really supposed to retweet more than we like? I was treating retweets as a stronger version of ‘like’, in a sense. Assuming too much retweeting will clog my followers’ feeds, and make them more likely to mute or unfollow me.

So yeah, I like far more than I retweet. I also have well less than 1000 followers, being a n00b.

I DO have a link in my profile, but don’t actively request people visit. But figure they eventually might (I do much tweeting within the aspiring author community, mentioning my WIP, or Work In Progress, so figure potentially-interested parties could click. But no, not actively marketing, yet...)

I have an account like that. I just retweet and like stuff sort of like a public bookmarking system. I just go through them when I get enough leisure. I wonder if having a profile photo would help avoiding false positives.

Well, they're obviously not the only criteria, as the text you mention was immediately preceded by "Not only did these Twitter accounts typically include profile photos of adult actresses, but they also had similar bios, followed similar accounts... "

We have so many better systems with tons of literature. We -- us, the humans in bulk, as a species with brains -- have so, so many things figured out for this.

Googling for "random walk" and "sybil attack" will dump so many solid research papers in our laps it's just a tragedy nobody can be arsed to do something useful.

I refuse to create accounts on site that require even a phone number, let alone government ID. It will eventually get lost and things like passports being faked can land you in prison or watchlists if someone like Israel decides to steal your identity while committing an extra-legal assassination.

I upvoted because I assume you meant that verification would be optional. I believe Twitter is actually moving toward that solution.

I'd be on board. Anonymous users would stay anonymous; users that are comfortable confirming their identity would get a blue badge. I don't see a downside, and I see plenty of upsides.

I couldn't agree more. If there are more accounts than people in a region, you know you have robots registering. They need to employ better captcha and verification for registering new accounts.

I wouldn't go as far as to require government ID, (some folks have issues getting government IDs for voting purposes) and many undeveloped nations have large portions of their populations that have no birth certificates.

I would however require that a human be present to create a new account and that it be tied to a phone number for 2FA or something along these lines that makes mass registration cost prohibitive.

I think there should be two potential badges for twitter users: 1) Verified identity (as you described) 2) Suspected bot

And you should be able to filter out posts accordingly, like "only showed verified" or "don't show suspected bots".

And by default, Twitter should hide suspected bots in reply/hashtag threads, so they don't get increased exposure.

I like this idea, a simple tag on an account that says "we have verified this person is real" and a filtering mechanism in the UI would do wonders.

Human / not human is probably worthwhile, but a ton of twitters value would go away if everyone had to use their real identity to post.

Maybe something like Selfkey would be useful...

https://selfkey.org/

I could go for a service like that. Even without the anonymous option.

Facebook desperately needs this feature.

If you follow any billionaires and read their comments they are full of crypto scams.

Things like @elommusk replying to @elonmusk saying "to celebrate this awesome news I'm going to hand out some free bitcoins!, just send 0.1BTC to <address> and i'll return 1BTC!" then 100 replies from other accounts saying "thanks Elon, you're the greatest!"

Did you read the article? It's political.

"n October, Twitter’s general counsel told a Senate committee investigating disinformation that Russian bots tweeted 1.4 million times during the run-up to the last presidential election, and such bots would later be implicated in hundreds of tweets that followed a school shooting in Florida."

some of these bots, were not bots btw

As a system, Twitter is easy to "game", if your goal is to spread information.

It's trivial to boost the apparent "credibility" of a given account with followers, likes, and retweets.

There is essentially no barrier to exploiting these "commodities" with networks of bots artificially boosting these stats.

Soon, the synthesized noise from bot accounts drowns out the organic signal of genuine accounts.

Waves of content reverberate through the Twittersphere, into and from other channels like 4chan, Facebook and Instagram.

They can still follow you, comment, like and retweet your posts. You can block them but if you are popular enough it might be a problem. They also make search a lot worse and the hashtag system for some tags completely useless since all the posts you'll find under that tag are spam posts.

I think Twitter's biggest problem with fake accounts is not that they are hard to identify, but that if they do identify them and shut them down, it'll hurt their "number of active users" stats

I haven't been able to create a Twitter account for over a year now. Home IP.

(Not giving Twitter my phone number)

I think it's deliberate b/c bots seem to be exempt from this phone number requirement.

> it's not hard to detect a bot. So, why can't Twitter just do it?

Presumably a significant part of that is that Twitter cares more about false positives than random third parties do; they're going to get some vicious criticism if they start flagging/closing real accounts as bots. They might also worry more about false negatives, because as soon as they act on bots they'll be accused of bias and only targeting certain positions. (That accusation will hit regardless, but presumably they'd like it to not be true.)

It's easy to whip up a tool that gets lots of true positives, but much harder to get a success rate good enough to use.

This whole bot thing is turning into a classic hysteria.

I really hope it doesn't end up harming a bunch of the 'good guys' like most of the quickly assembled shoddy 'solutions' most public hysterias generate, rather than stopping the legit 'bad guys'.

There have been countless examples of well-intentioned but heavy-handed intervention being a net-negative for society [1].

There could very well be some really interesting legitimately useful bots that will get swept up in this. Or platform limitations added which cripple the utility of all bots...with some an unmeasurable potential loss via future bots which were never created as a result. ....Meanwhile the 'bad guys' find a hundred loop holes to keep operating.

The key is keeping this to a case-by-case enforcement...whether at an individual or specific use-case based level. Not some overarching limitation or stigmatization of bots (across all social media).

[1] See: the drug war, 1970s NYC/Toronto rent control laws resulting in a far lower supply of affordable housing and more dilapidated tenements, anti-oil pipeline activism resulting in more environmental harm via rail and truck transit, pro-poverty housing regulation creating isolated urban ghettos, wage laws reducing total long-term net income for all low-income workers than it gains employed workers in the short term, etc, etc.

What gets me is that most news organisations are probably heavy Twitter bot users themselves.

They report them. And then nothing happens because its in the interest of Twitter's business to not do anything about it.

To be fair, I'm sure some will be blocked but the problem with Twitter bots is that the only way to get rid of the problem is to ignore false positives. That will fix the issue but replace it with a different problem, as it clearly won't make for happy users.

I've been using Mastodon quite heavily recently and the "ban first" approach is taken by many instances. They can do that since the network is decentralised. Twitter, on the other hand can't do the same thing.

No, it's that some article titles use all-caps typography and then HN users copy it.

We're going to write a bit of software to convert these, or at least ask submitters to revise them. In the meantime we've edited the title above.