Spam–the junk message type, not the tasty luncheon meat from Hormel (pan fried and served on rice, it really can’t be beat…)–is a significant annoyance on all the “Web 2.0″ services, but nowhere more so than on Twitter. Twitter meets all the criteria for an easy spam target:
- Low barriers to entry: scores of free accounts can be easily and automatically created through the Twitter API
- Large audience: some 19.2 million users in October 2009, according to ComScore
- A pervasive culture of implied trust and promiscuous sharing
If spam were a viral infection vector, Twitter would be an over-crowded, fetid swamp where not nearly enough people wash their hands.
The Stop Twitter Spam site maintains a list of tools for combating spam, and also a list of feature proposals (many of which have been implemented) that could help mitigate the problem. And while these are all good tools and useful suggestions, they’re not a panacea: the Twitter spam werewolf is impervious to silver bullets, because the open nature of the service makes spamming so cheap and easy.
Short of increasing the barriers to entry, limiting the ease of communication, or restricting the number of messages that can be sent–all things that would cripple Twitter in its current incarnation–there’s not much that can be done in a centralized fashion to solve the problem. Instead, the cost of fighting the spam lands largely on the non-spamming users. And there’s where the battle will ultimately be won or lost.
Our best weapon against Twitter spam (and other Internet spam sources) is healthy suspicion, just short of paranoia. It’s far too easy to be lulled by the fluid back-and-forth of Twitter communication into forgetting to ask, “Did this person wash their hands? What nasty germs might be lurking behind that URL?” We need to be vigilant about Twitter spam, which can come in direct messages, @replies, or follows, in order to block its spread; since much of the spam comes from accounts hijacked through “phishing” scams, making sure our own accounts are clean is a good defense against infection.
My own guidelines in assessing followers, links, and other Twitter content include:
- The follower/following ratio and number of tweets: now a part of the “new follower” notification, this is the easiest way to catch the spambots. Though Twitter tends to be asymmetrical, with most users following more people than follow them, a ratio that is too heavily weighted toward following–say, following 20 people for every one that follows them–is a clear indication that something is amiss. If that account is also not doing much tweeting–one or two messages, especially about making your teeth whiter or earning $325.42 a day or finding love in all the wrong places–then you’ve almost certainly been targeted by a spambot. Use the “Report as Spam” button to block the account and move the issue up the chain, and then get on with your life.
- The profile picture: If the account is using the default bird icon, they may be a spambot, or they may just be someone who hasn’t updated their profile yet. If the account is using a picture of a hot babe, shown from chin to bellybutton, then the odds are approaching certainty that this account is up to no good. If the account has the hot-babe profile and tweets links to weight loss miracles, the odds need not be calculated; “Report as Spam” and proceed.
- Grammar and content: Spambots don’t do so well on standardized tests of written communication. If the tweet has a lot of misspellings and webby abbreviations, the related link is suspect. If the message is “LOL u gots to c thisss” then it’s certainly spam. Don’t click.
- Context and consistency: Know the people you follow, and who follow you. If you’re following someone because of their pithy observations about Romanian poetry, or their scathing reviews of trends in script-based computer language design, and they suddenly send you a link to a Cialis offer, something is likely amiss. Out of courtesy, let them know, so they can take steps to resolve the problem; if they continue to send spam, then they’re either not taking the problem seriously, not being careful about their account, or have gone over to the Dark Side; unfollow at least, block if you must, report if you suspect a permanent hijacking.
- Look before you link: The 140-character limit of tweets is a great enabler of scary links. With the average URL length coming in at 34 characters (at least according to Kelvin Tan’s calculations), and with many news and blog sites’ URLs even longer, there’s been a proliferation of URL shortening services. Alas, it’s far too easy for malicious content to hide behind a generic shortened URL. (And this assumes that the shortener itself isn’t compromised in some way; the security implications of third-party URL shortening are really quite scary…) LongURL (available as a web site service, Firefox plugin, Greasemonkey script, or jQuery plugin), expandurl (web site and API), and ExpandMyURL (web site and bookmarklet) help by letting you preview the original URL before loading its content into your browser. If you’re not using one of these services, or a similar tool for previewing shortened URLs, you’re putting yourself and others at risk.
- Don’t be part of the problem: Keep your own account from passing spam around, or giving the impression of spamminess. Don’t give out your Twitter credentials to any service that you don’t completely trust; shorten URLs only when truly necessary; provide context for your links (“Great discussion of Hegelian epistemology” rather than “U shd c this,” though you’ll probably need to use that URL shortener after all); be as trustworthy and consistent in your tweeting as you strive to be in the physical world.
- Follow smart people: I don’t get a lot of spammy or suspicious junk on Twitter, largely because I’m careful to filter for quality up front. It’s not hard to spot the garbage when so much of the content is high quality, and smart people are less likely (I hope) to be drawn into a phishing scam, or will at least do something about it if their accounts are compromised. Be ruthless about unfollowing accounts that are frequently hijacked; it may seem cruel, but quarantine can be a useful tool in fighting virtual diseases too.
It’s a shame that the cost of combating Twitter spam falls back on the users, but that’s the paradox of the free and open model that makes Twitter so valuable to begin with. As in a free society, where we occasionally trade comfort and security for liberty, keeping Twitter from being overrun with spam is one of the responsibilities of its users.