Twitter’s “me too” anti-spam strategy

With Twitter’s continuing growth, its popularity is logically starting to attract the attention of malicious parties, likeTwitter Blacklisting spammers, phishers, and malware authors who wouldn’t mind the fact that nobody is following them when they’re actively updating several hundred users with their latest propositions.

Last’ week’s Twitter announcement that it’s “Turning Up The Heat On Spam” clearly indicates that they are not just aware of the problem, but also, admitting their current inability to deal with it the way they want to. So what is the Twitter team up to? Suspending accounts, community powered feedback on spammers accounts, and hiring dedicated personnel to look for, and shut down spammer’s accounts. Will these measures work? It’s all a matter of implementation, breaking out of the “me too” anti-spam strategies mentality, and listening to what the community has been saying for months.

Twitter is at least being realistic to the situation, and is not offering the Moon with these approaches :

Suspending a spam account only works after it’s already caused some damage. We have enhanced our admin tools to more accurately factor your feedback for a more timely diagnosis. When you block a spam account, we take note—when more people start blocking a spam account, we go to red alert. Blocking also puts that account out of sight and out of mind so you don’t have to see it anymore.

It’s unfortunate that this has to be done but we’re going to hire people whose full time job will be the systematic identification and removal of spam on Twitter. These folks will work together with our support team, and our automatic spam tools. Our first “spam marshal” is starting at Twitter next week.

As always, fighting spam is a sustained activity. There is no magic wand we can wave or switch we can flip to make it all go away. Spammers will keep finding inventive new ways to advance their motives and harm user experience and we’ll keep shutting them down and slowing their progress. We just wanted to make sure everyone knows that we are taking spam seriously.”

Spammers, phishers and malware authors are becoming harder to differentiate, with each and everyone of these getting involved in areas that used to be exclusively the other party’s territory a while ago. Consequently, what looks like a typical phishing link, may in fact be redirecting to a live exploits page, where the typical exploits set taking advantage of the most common client-side vulnerabilities is waiting for the gullible Twitter-er. Despite it’s recent limiting of followers of a particular account to 2000 in order to prevent malicious users from causing more damage than they could, if Twitter really want some creative thinking applied in the process, it should consider researching what the community has already come up with in the form of tools, strategies and recommendations for Twitter to implement.

For instance, the success of the now down Twitter Blacklist was based on the simple categorization of Twitter users inTwitter Spam order to increase the probability of detecting a spammers account using a simple logic based on the followers and following ratio - 1:5 = twittercaster, 1:2 = notable, 1:1 socially healthy, 2:1 newbie or social climber, 5:1 twitter spammer.

Another highly successful self-auditing service, again courtesy of the community is called Twitter Twerp Scan which “checks the number of followers of everyone on your contact list, the number of people they are following, and the ratio between those. If the person is following more than (n) people (can be customised), and has a Following-to-Followers ratio higher than 1:(m) (can be customised), you’ll be notified by a link.

There’s also never been a shortage of pragmatic solutions to at least make it harder to spammers to efficiently spam the network, with tips and recommendations made by Twitter users a couple of months ago :

Twitter’s successful anti-spam strategy lies within whether or not they will consider the know-how and experience offered by the community, which as always finds its ways to adapt to a specific situation long before a service has come to introduce its own solution.

Add spam button courtesy of chadspacey’s photostream.

[Source: zdnet]