On the vulnerability of Twitter as a network of value…

Conall has a good post on the Twitter Versus Facebook debate… But the way I am feeling at the moment, I’d say think twice about using either for anything of serious value… Sometime before last weekend, I was the victim of a phishing attack that fooled me into entering my Twitter details into a site that looks like Twitter. Nothing for a week. Then last weekend, they posted a video on my account leading to the suspension of my Twitter account. I was then asked to change my password and allowed back in. Except now I find that although some of the 1017 people ‘following’ me can ‘hear’ me, I am not getting any of the highly valuable input from the 774 people I ‘follow’. It also looks to others like I’ve ‘unfollowed’ them so they cannot directly contact me any more. It is like loosing your phone book, your notebook and your mobile all in one go. Effectively, I have been cut off from my smart network (and it hurts)… Two days later, and a colleague has helped me find the Twitter help desk… It’s a warning to those of us who have become so reliant on it, that Twitter is not a resilient network.

  • sj1

    Wow. But thats the internet Mick, and is facebook any better? I mean anyone at anytime could be victim to any scam, unless you are careful.

  • Smart network Mick? Wrong choice of words surely?

  • kensei

    No network security can prevent against human stupidity, Mick. None. If you freely give away your username and password then there is nothing Twitter can do to protect you. It’s like saying your house isn’t resilent after giving away the keys and the security code to the alarm. I have nearly done it with ebay when half asleep but natural defense mechanisms switched in.

    I am certain that the URL of the site you put in your details wasn’t a twitter one; always always always double check the URL, particularly if you’ve been linked from an external source. Doubly so if that is an email. And even more so if there is any liklihood of you spending any money or entering any credit card details. I have never seen one without a tell.

    A few forums I frequent have implemented a warnign message when you link off site now; this type of phishing attack is endemic.

  • Mack

    Large element of truth in what Kensei says, but at the same time, I presume there isn’t an ‘enterprise’ level SLA to protect people using the network to do business. It’s a free to use service (and they seem to be trying to monetise it via search, branding it as a real time search engine rather than paid services), so you probably can’t expect much in terms of disaster recovery. Lot’s of marketing and pr people seem to be using social tools as part of the business, but aren’t paying for the services provided, yet anyway.. I guess most of the companies feel that the cost of providing robust SLAs would make it unprofitable.

    I’m surprised it’s become so valuable to you & that the loss has hurt so much. Maybe there is something in this twittering after all, besides the hype.

    Though I have to say, claiming Twitter is not a resilient network is nothing new, but something I haven’t heard since they ditched Ruby on Rails to switch to a message-based architecture..

  • Mack

    By the way, on Microsoft’s new search engine Bing, the terms “northern ireland” “political blog” don’t return Slugger (at least not on the first page). Oddly the first result (where I am at least) is a blog at Amnesty mentioning Slugger.

    http://www.bing.com/search?q=“northern+ireland”+”political+blog”&go;=&form=QBRE&filt=all&cc=uk

    Pretty poor.

    Google gets it right though

    http://www.google.ie/search?hl=en&q=“northern+ireland”+”political+blog”&btnG=Google+Search&meta;=&aq=f&oq;=

  • Dave

    “Maybe there is something in this twittering after all, besides the hype.” – Mack

    Nah, it just a bunch of geeks with who will all ‘attend’ your funeral via webcam, and you know it. 😉

  • Mick Fealty

    But the point is that Twitter is valuable media resource to me. I would not be recommending it to others if it no value for myself.

    I’m not a geek, and neither are most of the people who use it these days. But the network has the feel of permanence, which it is easy to take for granted.

    That it breaks is not a shock (Slugger will almost certainly coup when we try to get our estimates out on count day).

    That it breaks and cannot be easily put back together is. That’s the critical question of resilience. When it comes back up, I want it to be intact, whether I have to pay for it or not.

    And something that will give me pause for thought in how I use it in future.

  • Mack

    It’s probably worth emailing them about your experiences.

    Depending on what actually caused the problems you are seeing it might be easy or difficult to fix.

    I.e. When a hacker logs in as you, they are you, it’s impossible for Twitter to tell any malicious commands they issue aren’t from you. It would become especially complex to disentangle the effects of malicious actions when you factor in the interactions with other users who in turn may act (or have automated settings that act) on those actions in good faith.

    But if the problems were a function of being banned & then unbanned, then I’d imagine that would be easier to fix than any hacker inflicted damage. Unfortunately they may not have many resources dedicated to sorting these problems out (but given Slugger is popular blog it would be well worth their while)..

  • Mack

    A help desk ticket will get you a support engineer, try and find a higher up (e.g. a product manager) and make them aware of the more serious issues you have.

  • RG Cuan

    Is oth liom sin a chluinstin Mick.

    I have been using both Facebook and Twitter for my business for quite a while now and they are invaluable resources for attracting new interest and reaching your target audience.

    However, I have noticed some spam messages coming through Facebook recently and, no matter how useful these networking sites can be, it’s always recommended to have a more traditional method of contact/database/promotion as well.

  • kensei

    Mack

    Large element of truth in what Kensei says, but at the same time, I presume there isn’t an ‘enterprise’ level SLA to protect people using the network to do business.

    Perhaps I’m misunderstanding here, but I didn’t read this as a software problem or as a network outage. Mick gave his account details away. Once hacked, the bad guys can do whatever the hell they like to your account. They can completely monkey up your contact list, because they have complete access. They log in as you, they are you.

    What exactly is an SLA going to cover? This is not a software bug. It isn’t compromised security. It’s not network downtime. The absolute best they could is roll back your account to a known point in time. But I imagine people would be wary of promising anything beyond stopping access and resetting the password. It is such a catastrophically bad thing to do.

    Third – who exactly is paying for the SLA?

  • Dave

    I take your point, Mick – and it clearly has value for a great variety of others. But who really needs online social networking sites other than media geeks and celebrities? I’ve yet to be presented with a business card that has a twitter account or a bebo page on it. Phone, fax, mobile, and e-mail, but no social networking sites. Therefore I hold that these services have no real value other than to, well, geeks.

    Anyway, I think you are confusing it with an established telecoms service (“the feel of permanence”) that is provided by a plethora of companies rather than a proprietary service provided and controlled by a particular company that is expanding faster than its own infrastructure allows. If so, then that is your mistake.

  • Dave

    “I have been using both Facebook and Twitter for my business for quite a while now and they are invaluable resources for attracting new interest and reaching your target audience.” – RG Cuan

    What ‘target’ audience could be comprised of a random collection of Internet users who sign up to these services? Presumably you have a product that you can sell to a generic non-targetted audience like insurance, e-shop, or music? And what exactly is the marketing model? “Here is my face, a bit about me, and some pics of my kids/dog/skiing trip – now would you like me to pretend to be your online buddy so that I can make money by selling you things based on what you know about me rather than on what you know about the product?”?

  • Mack

    Kensei –

    I agree with all your points, but I imagine if a business were paying for the service they would expect and get some form of disaster recovery. I think Mick has been largely on his own. Because a hacker, once they have your account details can wreak absolute havoc the recovery process could be quite complex. It’s not something you’d normally offer on a highly volume consumer website, but it’s something that’s essential for critical businesses data.

    There could well be a lot of latent demand for a fee-paying business accounts on Twitter (and other social networks – marketers and businesses are certainly using them, but not paying at the moment), I don’t think the company will move in that direction unless they hear customers scream for it…

  • kensei

    Mack

    Critical business data would be backed up at regular intervals for disaster recovery – stuff checkpointed off for really serious problems. I suppose a mirrored account or something could also be a possibility. But support is expensive and I wonder if it is viable for individuals rather than bogger entities. There would need ot be a certain critical mass that effectively covers the R&D required before it could be rolled out on a mro elimited basis. A third party could theoritically provide some level of supprot Mack – perhaps a business opportunity?

    Mick is on his own because he is piggybacking on a free service and bluntly, did something utterly stupid. To give another example – he left his keys in his car, and is then miffed to discover that the burnt out wreck left cannot be easily fixed again. And he has no car insurance.

    There is plenty to kick IT companies for and plenty of exampels of poor reliability or robustness. But this one is not Twitter’s fault.

  • Mack (5.) Sounds to me like Bing is working all right 😉

  • Mack, try out ‘antrim rathlin ferry’ to see which one picks up the fine detail 🙂