Tweeting in meetings….

I came across this rather interesting article from the personal blog of a Pastor in the US recently in which he suggests that Tweeting in Church might be a good idea.  Now, I have to admit that I was something of a late adopter with Twitter (and Facebook…and for that matter with SMS texting….yeah, OK, I’m a bit of a Luddite in some respects!) but I have to say that this suggestion surprised me.  I’m afraid that when I’m in Church I’m focusing on my own engagement with God, via my participation in the collective experience of the congregation in the church.  Which sounds more like an academic treatise than a celebration of faith, but that’s me!

the idea was that by tweeting ‘commentary’ on the sermon and other aspects of the service it could be regarded as a means of evangelising to the outside world and so bringing the Word to others – perhaps, but I think it’s one tweet too far for me.  Which then led me on to business meeting tweets, conference tweets, etc.

Perhaps it’s a generational thing but despite having a Blackberry, a Netbook and enough technology at home to sink a small boat, I still go to meetings armed with a pen and paper for note taking.  As far as I’m concerned, it’s reliable, no batteries to run out, makes no weird noises, doesn’t force me to think ‘How do I do that?’, will take text, drawings and doodles and isn’t ostentatious.  Pen and paper is what I like to call ‘humble technology’ – it does what it says on the tin, no muss, no fuss.  I’ve been in meetings recently where iPads have been deployed, tweets have been made (as I found out after leaving the meeting and looking at twitter) with no apparent damage to the business of the meeting…but…looking at my own notes taken in the meetings concerned, I’m wondering whether the meetings were actually needed / useful as my notes are pretty skimpy, and I take good notes.

We then have the recent debacle in the UK where some aspects of an industrial relations negotiation between British Airways and Trades Union representatives was tweeted to the outside world, resulting in a ‘pitch invasion’ of the building where the negotiations were taking place.  I’m sorry…negotiations are supposed to be delicate affairs between the parties involved and any mediators.  If someone feels they can’t negotiate without doing the equivalent of bellowing from the window, perhaps they need to be in different jobs.

As you can probably tell by now, I’m not a fan.  My own rules of Twitter are pretty straight forward:

  • If I’m in a meeting, focus on the meeting. 
  • If I’m at Church, focus on that.
  • If I’m at an event and want to tweet, I’ll wait until a ‘natural break’ and do it then.

I recently read a good tip about the etiquette of Texting and Tweeting.  Basically, imagine pulling out a crossword puzzle and doing it.  If you wouldn’t do that in the situation, then you really should think hard about whether you should tweet / text (emergencies excepted, naturally!!)  I was at a social event the other evening and I found that tweeting is sort of like smoking used to be (never smoked so maybe on tenuous ground here…) – it gives you something to do with your hands whilst you’re nervous!

In most meetings, unless you’re there as an observer or reporter tasked with providing a running commentary, I can’t imagine a need to Tweet that can’t wait an hour or so.  So just focus on making the meeting effective.

Social Search…waste of time?

I’m a big user of search engines.  Despite my grumblings and pontifications on here about Google, I still use them the most because they’re still the best out there.  I hope that Bing – despite the daft name – will one day come to challenge Google, but until then, I just Google.  It’s been interesting recently to see Tweets start appearing in search results, and I’ve commented in this blog on the topic.  The most recent work being done by Google that they feel will improve the search experience for us all is explored in this piece from the BBC, and I’m particularly interested in the comments made about ‘Social Search’.

First of all, what is Social Search? 

My definition of a true Social Search tool is one that would give weight to a number of different aspects when searching.  These would include:

  • The normal search criteria as entered in to any search engine that you care to use.
  • Your location, intelligently applied to any searches that might be expected to have a geographical aspect to them.
  • A weighting applied to favour the results based upon material that meets the criteria you’re searching on that may have been placed on the Internet by people or organisations within your personal or professional network.

To give an example – you do a search for restaurants.  The search engine makes a guess about your location based on previous searches, geocoding based on your IP address or, coming real soon, tagging provided with the search request specifying your location based on a GPS in the device that you’re using for the search.  The search engine then determines whether your ‘friends’ have done similar searches, whether they’ve done any reviews or blog posts about restaurants in the area, posted photos to Flickr, or are actually Tweeting FROM a restaurant as you search, whatever.  The results are then returned for you – and ideally would be tailored to your particular situation as understood by the search engine.

And this is roughly what the Google Social Search folks are looking at.

“….returns information posted by friends such as photos, blog posts and status updates on social networking sites.

It is currently only available in the US and will be coming to the rest of the world soon.

Maureen Heymans, technical lead at Google, said this kind of search means the information offered is personal to the user.

“When I’m looking for a restaurant, I’ll probably find a bunch of reviews from experts and it’s really useful information.

“But getting a review from a friend can be even better because I trust them and I know their tastes. Also I can contact them and ask for more information,” she said.

In future users’ social circles could provide them with the answers they seek, as long as individuals are prepared to make those connections public.”

Of course, the million (or multi-billion) dollar question is how far are people to go in terms of making their networks available to search engine companies in such a way that results can be cross referenced in this way.  Once upon a time I’d have said that folks wouldn’t, as they value their privacy, but today I’m not so sure.  Given that we have seen sites where people share details about credit card purchases, I’m not convinced that people value their privacy enough to not allow this sort of application to take off, at least amongst the ‘digital elites’.

Of course, hopefully it will be up to us whether we participate in using Social Search – I guess all of us who blog or Tweet will find our musings being used as ‘search fodder’ unless we opt out of making our contributions searchable.  Will I use Social Search?  If it’s at all possible to opt out, No.  And here’s why.

Because I doubt the results will be as relevant to me as Google and all the other potential providers of SOcial Search think they will be.  Let’s face it – these companies will not be doing it for nothing – some where along the way the ‘database of intentions’ will be being supplemented and modified based upon the searches carried out, and such information is a goldmine to marketers and advertisers.

But the relevance to me?  I’m yet to be convinced – and here’s why.

If I really want the opinions of my friends, family and occasional business contacts on what I eat, wear, watch or listen to then I’ll ask them directly.  Just because I know someone doesn’t mean that I share any similarity in viewpoint or preferences at all.  I have friends with very different interests – Christians, Muslims, Jews, Buddhists, Agnostics  and Atheists, people from the political left and right, party animals and stay at homes…the differentiation goes on.  This is because I pick my friends based on what they’re like as people – not necessarily because they share interests or beliefs.  As it happens, I’m occasionally quietly offended by what some of my online friends say – but that’s life.  We don’t always have to agree or share the same beliefs.  

Therefore, the idea of biasing my search results based on what people I know search for, prefer or comment on is potentially useless.  If I wish to know what my friends think or say – I’ll talk to them, email them or read their tweets / blogs / whatever directly. 

I feel there’s also a serious risk of ‘crystalisation’ of beliefs – a sort of friendship groupthink emerging.  Think of what it was like when you were 13 years old and spotty.  For many teenagers it matters to be ‘in with the in-crowd’; Social Search could contribute to the return of that sort of belief structure amongst peer groups.  By it’s nature, the people who will be ‘opinion leaders’ in your Social Search universe will be those friends who are most online and who share the most.  Their activities will hence bias the results returned in Social Search.  It might not be such a problem for them, though – people who have a high Social Search presence will undoubtedly come to the attention of advertisers and opinion formers who might wish to make use of that ‘reputation’.

One of the great advantages of good, old-fashioned, non-social search is taht you will occasionally be bowled a googly (pitched a curve ball for my transatlantic friends!) that might lead you off in to whole new areas of knowledge.  You may be prompted to try something new that NONE of your friends or colleagues have heard of.  Whilst these results will still be in the results, if they’re on the second page, how many of us will bother going there?  We’ll become fat and lazy and contented searchers.

So….I think I want to stay as an individual.  For now, I’ll happily turn my back on Social Search!

Social Media and the mob

One of my favourite films is ‘The Fisher King’ – one of the most haunting scenes in it is where Radio ‘Shock Jock’ Jack Lucas repeats the words ‘Forgive me’ from a TV script he is hoping to star in, whilst, unbeknown to him, thoughtless comments made by himon his radio show have driven a mentally ill caller to take a gun to an upmarket bar and open fire on people there.  The next scene in the film is of him three years later in a drunken rage after his life has fallen apart in the aftermath of the shooting, with his anger being directed at the actor who DID get teh role.

A few words uttered thoughtlessly in a public arena; in the film it was talk radio, but today it’s just as likely to be Facebook or other Social Media.  Of course, Social Media is a valuable tool with which to organise groups that are angry at social and political issues, for example.  But there are also a number of groups that go beyond what is acceptable:

There have been similar items featured on YouTube and Twitter – and as long as there has been any sort of media – starting with the pub on a Saturday night – there have always been public threats made against people.  The reach of Social Media though makes these sorts of groups and viral campaigns different in some major ways:

  • Sheer numbers – let’s face it, with Facebook you have a potential audience of 400 million people for your campaign.
  • Persistence and visibility – until such a group is removed it’s there all the time and can be found via search engines inside the Social Media site and indirectly form outside the sites.
  • Speed of activity – something can grow rapidly – much more rapidly than any campaign arranged through traditional media.

The obvious immediate result of this sort of mobilisation is the generation of ‘flash mobs’ – often for very good causes – where groups of people assemble, do something. then disappear.  This can frequently be done in the space of a few hours, rather than the days or week traditionally required to get a traditional demo together.

However, a less obvious but more sinister aspect of the use of Social Media is what’s best called ‘validation’.  This is something I’ve touched on in a previous blog post here on Joe’s Jottings – ‘Gazing in to the abyss’ – and it’s possibly more dangerously relevant when we look at the role of Social Media in generating a good, old fashioned, pitch-fork and torch carrying mob.

If you’re one slightly disturbed individual who thinks that a public figure deserves death, then the chances are that until recently you’d find very few people who agreed with you – or even if they agreed with you, would be very unlikely to publicly state it.  Today, the world’s a different place.  Your views can find validation in a number of ways – someone may set up a ‘jokey’ ‘Let’s kill X’ group or web site; other nutters may be more serious about it; or you might see groups on the Internet who just don’t like the person.  And you might see all of these people as somehow validating your point of view – a little like Jack Lucas’s deranged listener.

Let’s just hope that we don’t have too many people saying ‘Forgive me’ as a consequence.

You may have missed this…the day China pulled the plug.

You might have missed this.  I certainly did – but then again for the last week or two I’ve been running around like the proverbial ‘blue arsed fly’ trying to juggle a variety of personal, professional and voluntary responsibilities whilst avoiding cat-induced sleep deprivation.  Anyway…where were you when China appeared to ‘turn off’ access to Twitter, Facebook and YouTube all over the world?

Because yes, it actually happened – from sometime on Wednesday traffic destined for the servers of these three social media giants was noticed to be going to servers based in the People’s Republic of China.   Technicians overseeing the world’s DNS systems (the ‘phone books’ of the Internet that tell servers and routers around the Internet where to send traffic to) noticed this, and eventually traced it back to a node on the DNS system in Sweden, that may have either been accidentally reconfigured or deliberately reconfigured by hackers.  Whatever the reason, it’s been an eye opener in principle, it means that any reasonably equipped government or terrorist organisation can subvert the whole routing system of the Internet – at least until the holes that allowed this to happen are secured.

The nature of the Internet is such that it has always been possible to do this sort of subversion; it’s just that the Net has never been important enough to be worth worrying about until recently.    The recent kerfuffle between Google, the Government of the PRC and the US Government has put the Internet firmly on the political stage – much more prominently than took place during the Iranian disturbances last summer.  (I’ll be commenting again on Google / PRC in the next few days, but here are my previous comments on that particular story)

It’s almost certain that this was an act either ordered or condoned by the government of the People’s Republic.  Their much vaunted ‘Green Dam’ is clearly capable of acting way beyond the borders of the PRC, especially if the remote control ‘exploits’ are used to take control of PCs running the program.  This would effectively give the PRC a massive cyberwarfare potential, with every PC legally installed in the PRC being capable of taking part in a botnet.

This action very much appears to be a shot across the international community’s bows; the PRC demonstrated their ability to break the Internet.  There are ways around this intrusion, of course, and steps will be taken to deal with it, but it does show that the gloves are off in what is increasingly a battle of wills between governments wishing to restrict what their citizens can read online and those that aren’t interested.  And I’m afraid that I have to include some democratic governments – like Australia – in that list.

The Internet is a political weapon; last Dceember I commented on how the rules of online civil unrest might be changing, as people on the receiving end of protest decided to do something about it – in that item it was Iran and Twitter.  It may well be that that was simply the beginning of ongoing efforts from repressive regimes to control the streets of cyberspace as well as the streets of their own cities.  What is important to realise is that the nature of the Internet – it’s flexibility, expandability, it’s ability to be used for things that the original creators had never even thought of – is at the root of the relative ease with which people can break it.

Unfortunately I expect the ‘powers that be’ to react to this sort of threat by using it as an excuse to tighten up various aspects of security and surveillance on the Net.  Expect legislation such as ACTA and The Digital Economy Bill to be tightened up in a ‘9/11’ style response to this act of online retaliation.

Facebook user hypocrisy or common sense?

I came across this article in my Twitstream today about how young professionals are changing their name and doing other things to camoflage their presence on Facebook and other social networking sites in order to cover their tracks from potential employers or head hunters who might find some aspects of their personalities or character less employable than might be desired.

For a while now there has been a suggestion that people should run separate Facebook accounts for their ‘private’ life and their ‘professional’ life, and make sure that all the partying, socialising, membership of bizarre societies, etc. ends up in the ‘private’ account with the privacy restrictions applied to restrict access to friends only, and ideally with a suitable disguised name.  The suggestions made in the article above have included people setting up accounts under their middle names for one account, for example.

At first glance it seems to be a rather sensible idea; but recently I’ve started wondering whether the establishment of public and private personas in this way is not so much common sense as hypocrisy or even dishonesty.  Let me elaborate…

Many years ago – in the days before Facebook, MySpace, Twitter, what have you, the general rule of thumb was to believe that anything you posted on the Internet would most likely come back to haunt you at some point.  this is more the case today.  My personal way of looking at this is to imagine anything you post on a public forum, blog, Facebook or Twitter being read out to your mother, bank manager, boss and spiritual leader on a busy afternoon in the middle of the local High Street. 🙂 

So at first glance it might make sense to get all the less reputable stuff tucked away somewhere safe….

But hang on a minute – it’s still you!  If your politics, religion or sexuality is such that you fear that they may put potential employers off of recruiting you, then perhaps you need to think about whether you would really want to work for such a company, and whether you would be happy there.  Getting recruited in to an organisation where you have already hidden some core aspects of your personality is not the best start to a working relationship; let’s face it, it will turn up at some point in your career!  And if it’s some aspect of your behaviour, then again – it’s still you.  We all have occasions when we get a little worse for wear on drink, and get photographed in that state, and we all make the occasional ‘off colour’ jokes.  As soon as you start hiding these things away from people who’re wanting to employ you then you’re basically selling a false personality to your recruiters – again, dishonest.  And if you’re dumb enough to post up details of serious indiscretions – drugs use, minor crime, etc. – then to be honest you’re an idiot who deserves what you get.

Of course, it’s not always that easy; some employers are so ‘straight up’ that any deviation from the straight and narrow is regarded as evidence of gross moral turpitude.  And you can’t always determine what photographs your friends take and display – I’ve spoken about this elsewhere on this blog – but then again, there is the old saying about ‘A man is judged by the company he keeps.’

My own advice, for what it’s worth?  Don’t bother having dual Facebook accounts; just stick with the one, set up good privacy settings and be civilised with what you post to it.  Anything else is hypocrisy.

It’s for our own good….

And I’m sure that Twitter will not be doing anything else – at least not yet – with their code when they’re making the Twittersphere safe for us all to Tweet in by screening links.  The logic of the Twitter people is sound; by vetting links they can reduce or totally remove the number of phishing and malware links that are made available to Twitter users.  They’re effectively developing a Twitter ‘Killbot’. One thing that has become clearer over recent years with the explosion of Social Network sites like Twitter and Facebook is that no matter what you say to people, and how often you say it, folks will still click links from total strangers and get themselves in to trouble.  Despite warnings, they’ll hand over user names and passwords because they’re asked for them.  And even savvy Net users are occasionally caught out by well crafted ‘targetted’ phishing scams.

 So checking and validating links – including those in DMs – is at first glance a good idea.  It only takes a few people replying to spam or filling in details on phishing sites to keep the problem going, and as education seems to be woefully inadequate at changing people’s behaviour on these issues; let’s face it, after nearly 20 years of widespread Internet use by the general public, the message about not replying to spam and not buying from spammers  has still not penetrated a good many thick skulls.

However – and it’s a big however – the technology that stops dodgy links can also be used to stop any Tweets, simply by tweaking the code.  There is a line that is crossed when you start using automated filtration techniques on any online platform.  It’s obvious that on fast growing, fast moving systems like Twitter it’s going to be impossible to have human beings realistically monitoring traffic for malware of any sort, and it’s inevitable that some form of automated techniques will be in use.  But once that line’s crossed, it’s important that we don’t forget that the technology that stops these links can also be used to stop anything else that ‘the Creators’ don’t wish to be on the system.

A wee while ago I wrote this item, in which I suggested that so much of the responsibility for ongoing phishing attacks on Twitter falls on folks who’re clicking those links; whilst spammers and phishers get bites, they carry on trying.  So, if you ARE still falling for these phishing scams – get wise and learn how to spot them!

One final observation – the code that can spot a malware link can also spot keywords.  And when you can spot keywords you can start targeting adverts.  And combined with Twitters newly activated Geolocation service, we might soon see how Twitter expects to make money from location and content targeted advertising.

The further perils of real time search…

A short while ago I wrote a couple of posts about the issues around Real time Search (How important is Real Time Search and Google and the Dead Past) – that is, Internet based searches that include Internet content that has been generated in the few minutes (or even less!) prior to the search.  Those of us who’ve been around the Internet for long enough will remember the days when you could wait days or weeks for stuff to show up in a Google search; nowadays Tweets can turn up in search results almost immediately.

There are many reasons – most expressed in the two posts above – that I have for feeling rather uneasy about the whole idea of real time search, particularly around personal privacy.  I think the main mistake I made when I wrote those two posts last year was to underestimate the speed with which things would move.  Recent developments in geolocation based systems – that record the location from which a post is made – such as FourSquare and the geocoding side of Twitter have made it easy for Tweets and similar online posts to locate people in the real world.  A particularly fine example of this phenomena is the suitably named ‘Please Rob Me’ – this site uses some clever coding to detect when people Tweet that they’re away from home. 

The publication of ‘exploits’ for web browsers and other software could also become a hot topic.  At the moment, a hacker may determine how to ‘poison’ a website with a specially manufactured piece of code that can infect an unprotected PC with a virus or Trojan Horse program.  The hacker can then publicise the fact via various means, hoping that others will get the chance to use it before the manufacturer of the browser relaeses a ‘patch’ for the bug that the code exploits.  Real time search could very much help hackers – by releasing details of an exploit, then linking to it from a few sites, then tweeting it, it’s quite possible that details of such exploits could be showing up in search results within minutes or hours of the exploit being identified.  Unless the search results are sanitised in some way to prevent this happening – highly unlikely – then this will surely lead to decreasing online safety.

A related problem might be in the creation of online Pop-up Shops’ for ‘warez’ or other illegal content.  For those who’ve never come across a ‘Pop-up Shop’ these are shops that take out a very short lease on a retail property – typically a month or so around Christmas or some other busy event that will guarantee good local footfall.  They then sell cheap goods, Christmas cards, etc. and then shut up shop and disappear – whilst these shops are totally legit business, the Internet equivalents are frequently not.  Given real time search, a suitably optimised ‘instant site’ with an arbitrary URL could be put on a server, show up in search engine indexes / Tweet indexes within the hour , make material available and be gone before the authorities even know it was there.

Real time search is here – faster and probably more effective than I feared.  And it’s not going to be pretty.

Twitter – the medium is NOT the message!

Regular readers of my ‘jottings’ might recall a recent post of mine in which I debated the value of Tweeted Wisdom.  Always one to consider returning to the scene of past musings, I was today motivated back in to Twitter criticism territory after I read a Tweet that suggested that:

 “100 is the new 140 for massive retweetlove”.

Now, I have enough problems with 140 characters, but then again I’m using Twitter to communicate ideas and concepts as well as gossip, funnies and bon-mot to the good folks following me.  Whether I get re-tweeted or not is not the first thing in my mind when I put a Tweet together – what matters to me is whether I can marshall the idea effectively in to the 140 character limit.

Starting to apply lower character limits to Tweets based purely on the possibility of re-tweeting does seem rather ‘arse about face’ to me – it IS putting the process of communication ahead of the content – i.e. putting the medium before the message.

Some years ago, the Ford Motor Company were in pretty dire straits – losing money and market.  There was a serious concern amongst the higher echelons at Deerborn that Ford might actually go under.  Various policies were implemented throughout the organisation, including cuts to the design and manufacturing base of the company.  The story goes that at one Board Meeting, some of the directors were commenting that they had managed to get the books looking better by reducing costs, and that most of the cost reductions had come from savings made by closing down manufacturing facilities.  A grizzled old veteran who DID know the difference between a carburetor and a Carbonara pithily pointed out that, based on that thesis, the best way to save the company was to close ALL the company’s manufacturing facilities and stop making cars altogether….

And this is how this sort of emphasis on the mechanism of Twitter strikes me; people get way too wound up with the phenomena and culture and technology of Twitter rather than the function – and the function of Twitter is to allow rapid, succinct communication and conversation between people.  Or even between people and other computer programs!  But the emphasis is on communication and conversation – and when we start emphasising the possibility of a re-tweet over the quality of content, we are in danger of making Twitter more ‘gimmicky’ – something that is not good.

So, for what it’s worth – use that character allowance for the purpose it was originally given to us – to communicate.  Giving 30% of available space up for posisble re-tweets seems pointless.  What matters is what you say; not necessarily how many times it gets re-tweeted.  The ultimate re-tweetable message accoridng to some folks would be a single word – don’t let the usefulness of Twitter be compromised by ego.

The problem with Tweeted Wisdom….

Like many of us on Twitter, I follow a number of Twitter users who post aphorisms, quotes, sayings, etc.  A sort of electronic review of the ‘Wisdom Literature’ of the last 2000 years.  This can be pretty cool; I do wish that some folks would post their tweets across the day rather than in large floods, but, hey, it’s tolerable.

However, I recently started wondering about aphorisms in general – just how much wisdom can you cram in to 140 characters?   There is a lot of really smart stuff that gets posted, but just how much of it ‘sticks’ with us – indeed, how much of it is actually thought about by the people who actually post the wit and wisdom? 

Don’t get me wrong – there is quite a bit of good stuff that comes up.  My main issue is just how much we think about what we see – indeed, how much time do we have to think about what’s presented to us in the Twitter-stream.  After all, Twitter is fast and ephemeral – that hardly seems a suitable medium for something designed to stimulate thought and insight.  There is a serious risk when we start delivering and consuming ‘bite sized’ wisdom literature, and that is that the interpretation  and assimilation of what we read gets forgotten about.  

the whole idea of ‘widom literature’ is that it delivers to us something to chew on; it’s not a finishing point, it’s actually a starting point from which each of us may trace our own journey starting from the same starting point.  There is a Christian practice called Lectio Divina – literally ‘Divine reading’  which is based around reading a piece of spiritual writing – maybe scripture, maybe something generally spiritual – and then study it, ponder on it, interpret and then use as a basis for prayer or other worship.  And this is a process that takes time, and isn’t rushed.  While a piece used in Lectio Divina might easily be short enough to encompass in a Tweet, the time taken to interpret it certainly isn’t ‘Twitter-Time’.

Twitter is a great medium for certain types of message, but I am starting to wonder whether it’s a valid medium for wisdom literature ; I toyed with the idea of launching a ‘blog’ type site last year based around publishing a suitable quotation each day and writing a short piece based around my own thoughts on that topic – but then ditched the idea after a week or two because I realised I was subjecting others to my own interpretation. 

At least Twitter removes the ego from the posting of such literature quotes; there’s no space to post an interpretation, after all!!  But Twitter reduces everything submitted to it to something that exists in the reader’s ‘window of opportunity’ for just a few minutes before it’s forgotten.  Is that really how to treat this type of post?

Twitter Phishing…YOUR responsibility!

The recent spate of Twitter ‘phishing’ attacks have been interesting for me in a number of ways. First of all, my wife received one of the phishing DMs from a contact of hers whose account had been compromised. Fortunately, she knew enough not to enter any details in to the page she was directed to, and there was no harm done. A quick change of password just to be on the safe side, and that was that.  Fortunately, she knew enough not to enter any details in to the page she was directed to, and there was no harm done. A quick change of password just to be on the safe side, and that was that.  This particular DM was one that was a ‘social engineering’ attack – an invitation to check a website out to see if the recipient of the DM were featured on that site.  A nice try – after all, most people are interested in finding themselves on the Net!

 

The second point of interest is why the sudden flurry of attempts to compromise Twitter accounts. It’s been suggested that one reason is that the compromised accounts will be used to promote sites in to search engines, based on the recent development of search relationships between Yahoo and Microsoft’s ‘Bing’.  Getting hold of the Twitter accounts would have been the first stage of the operation; the idea would be to automate those accounts to ‘spam’ other users with  other links over the next few weeks to attempt to increase the search engine standing of those links.

But the thing that’s surprised me most is how often people have actually gone along with the phishing request – to enter your Twitter user name and password into an anonymous web page, with no indication as to what the page is!  To be honest, it stuns me.  And it isn’t just Internet neophytes – according to this BBC story an invitation to improve one’s sex life was followed through on by banks, cabinet ministers and media types.  Quite funny, in a way, but also quite disturbing – after all, these are people who’re likely to have fairly hefty lists of contacts on their PCs, and whilst an attack like the one detailed in this article is quite amusing, a stealthier attack launched by a foreign intelligence service against a cabinet minister’s account would be of much greater potential concern.

There are no doubt technical solutions that twitter can apply to their system to reduce the risk of the propagation of these Phsihing attacks.  For example, looking at the content of DMs sent from an account and flagging up a warning if a large number of DMs are sent containing the same text.  Twitter have also been forcing password changes on compromised accounts – again, this has to be a good move.  It might also be worth their while pruning accounts that have been unused for a length of time – or at least forcing a password change on them. 

A further part of the problem is with the use of Link Shortening services like Bit.ly to reduce the length of URLs in Tweets.  This means that you can’t even take a guess at the safety or otherwise of a shortened link;  a link that is goobledegook could lead to the BBC Website to read the story I mentioned above, or to a site that loads a worm on to a Windows PC – or prompts you for your Twitter credentials.  perhaps a further move for Twitter would be to remove the characters in URLs from the 140 character limit.  That way, full URLs could be entered without shortening.

But ultimately a lot of the responsibility for Twitter phishing attacks lies with us users.  We need to bear the following in mind:

  1. If you get a DM or Reply from ANYONE that says ‘Is this you’ or ‘Read this’ form a friend, then to be honest, check with the person concerned to see whether they have sent them.  If you get such a message from anyone who’s not well known to you, then just ignore the message.
  2. DO NOT enter your Twitter username and password in to any website that a link takes you to.  If you do do this, change your password as soon as possible, and don’t use the Twitter password on ANY other system.
  3. Keep an eye on your Followers – if there is someone you don’t like the look of, just block them.  It may seem extreme but it stops possible miscreants ‘hiding in plain sight’.
  4. Ensure your anti-virus and anti-malware software is up to date – this is your last line of defence designed to stop malware that YOU have allowed on to your machine by falling for phishing scams. 🙂

So…play your part in reducing the impact of Twitter Phishing attacks by not clicking those links!