Saturday, October 31, 2009
The code EFBD89 translates to FF49 in Unicode which is a 2nd i character in the Unicode table (I wonder what is the point of this) that display as spaced characters.
This can be fixed easily, but right now any keyword filter will fail on this I think.
Thursday, October 15, 2009
Saturday, August 29, 2009
Tuesday, August 25, 2009
Tuesday, August 18, 2009
- first of all, I have started to draw up a preliminary request for spam filtering features in Twitter itself or in the clients and requested them on getsatisfaction (Twitter) and uservoice (Tweetdeck)
- Tidytweet.com is a service to filter Twitter feeds, currently in private beta, looks pretty good
- you can set up Twitter filters with Yahoo Pipes easily, I have created a few examples for this, that I will put up here later
- Tweetblocker.com (looks ok, but is very picky about follower ratio)
Monday, August 10, 2009
I have previously mentioned that I am not a fan of follower services that require you to disclose your twitter password. I have created a test account to give this a try and registered with a few of these services.
As it turns out this is even more abusive than you would expect with the account password suddenly changed and multiple requests to reset the password, but that's not the worst of it.
Today I received an email from twitter.com that the account was suspended due to a TOS violation, for cross-posting duplicate tweets across multiple accounts. Since I haven't used the account at all that means that the repeated advertisement posts by the different services have triggered the spam heuristic of twitter.
On a side note, the account had about 500 followers and was following about 1500 users, so this was not really worth it, you can get this number of followers by normal activity without spamming.
Thursday, August 6, 2009
Monday, July 27, 2009
I received the following message via IM spam:
"The world of Mexican midget wrestling is in mourning after two of its most famous stars were apparently poisoned by fake prostitutes."
This sounds like a randomly chosen headline, but I wonder what reason the spammer has to send a message without any link or other ad type content.
The headline is an actual story.
Saturday, July 25, 2009
Currently there are a few methods available to authenticate users on 3rd party sites via twitter, I'd like to make a strong case for two of these.
- The simplest solution is for a 3rd party site to ask for your twitter username and password so that they can access the account via the twitter API and do whatever is necessary, e.g. post messages on your behalf. This will work until you change your password.
- The second solution is to ask for the username only, have you follow them and send you a DM with a secret token that you can enter on their web page. This is a rather smart solution if the site has to check that you are actually who you claim to be, but the site doesn't get access to the account via the twitter API and cannot post messages or change settings. For sites that gather statistics this may be sufficient nonetheless.
- The third solution is to redirect the page to a twitter API URL that then asks you to log in and gives the site feedback that the account has logged in. This means that the site cannot keep your credentials and e.g. post messages, but it can access data from your account after the login. Due to the way a browser caches login/passwords, you cannot logout unless you close your browser. However it may be possible to logout by redirecting to a logout URL (I haven't checked if that works with twitter)
- The fourth solution is to OAuth, this basically means that the 3rd party site sends a challenge to twitter.com which returns with a authentication reply after it has asked you if you want to allow the 3rd party site to access your account after you have logged in. This means that the site can access your account and even post messages with knowing the password, since the site can keep the authentication token even after you have logged out. When you do not want a service to access your account anymore, you can block the application in the twitter settings. However most sites drop the authentication when their session expires, so you will be asked the next time for confirmation again.
Depending on what services a site offers, the choice of each of the methods makes sense, I would prefer sites that do not require the user to disclose the account password, however some very prominent sites currently do (e.g. twitpic.com).
When using a 3rd party site that asks you for your password, you have one important issue: if you are using a tool for phishing protection like pwdhash, the password will not be the same on the alternate site, so you have to calculate the pw hash in advance and enter it manually, the same would work with OAuth since the password is only entered on the actual twitter.com site.
It seems that Spam accounts have adopted a new way to appear valid, (or I just noticed that, maybe it's not that new), by copying valid tweets from different users before sending the usual "here are my naked pictures".
Take a look at one example:
Click to view my naked profile http://xrl.us/be4juv
less than 20 seconds ago from web
@onlymehdi He is not alone, God is there, keeping him strong, his heart is full and our love/prayers sent to nourish him. #iranelection
half a minute ago from web
Follow Friday! @DavidArchie, @ddlovato, @Shontelle_Layne, @ muckytown @TheRealJordin, @TheDannyNoriega! :D
less than a minute ago from web
RT @TheTorchTheatre: Sunday! @bookmans sponsors The Improvised Bookclub! This month: Harry Potter & The 1/2 Blood Prince! @Space55, 7pm!
1 minute ago from web
The most recent tweet contains a spam link, the other ones are copies from tweets a few hours ago, since the user starts mass following before the spam tweet is posted, you will not recognize that immediately.
Thursday, July 23, 2009
As you may have noticed from a previous post, I am not a fan of follow services, however it turns out that the services may be even worse than they claim to be.
The current approach of the services requires each user to enter their username and password, so that the service can use each user to post adverts (thinly disguised as praise, just use twitter search to find the identical copies a the posts). This raises some questions about the security of the sites, since nobody knows what the account will be used for.
As a test run, I have created a new account and registered it with the different follow services to check if this actually yields results and how much spam is posted (I will write a more elaborate summary of how it actually worked, until now it is not looking good).
One very odd thing happened during my tests, the account password was changed twice and the email address has received a series of password reset mails, so either an automation script is calling the wrong page or somebody is trying to compromise the account when the password is no longer working.
I will try to investigate which site is abusing the account and changing the password. At any rate, this means that the services cannot be trusted.
Saturday, July 18, 2009
- First of all, you are giving the service your twitter username and password and are giving them permission to send advertisement tweets as long as you are member of the service
- To comply to the rules of the respective site, you have to follow everbody which will leave you with a lot of "marketing" accounts that probably want to spam you even further
- You will probably follow considerably more users than you receive followers, regardless of what the site claims
- The followers you get are not topical interested in you, they are just following you due to fact that they joined the same site
- If you want to buy the "VIP" membership of such a site, keep in mind that the services may be rather short-lived and you probably not get any refund when the site goes down (see sample list below)
Sites operating with the same concept include the following (some of these sites are exact copies of each other with exchanged service names):
There are also quite a few more domains that forward to one of the services via an affiliate link, so if you end up at a domain from the list above with an added referral id, the same caveat applies, obviously.
Friday, July 10, 2009
Saturday, July 4, 2009
It seems that currently your own invite link isn't shown on the 140army.com site, here is my short solution to figure out your own link:
Send an invite to one of your followers from the page "Recruit", then go to twitter.com, click on "Direct Messages" and on "Sent". You should see a message to your follower containing a bit.ly URL, this is your invite link.
Friday, July 3, 2009
There are usually a few tweets by given users that I want to ignore without unfollowing the user, it would be very useful to be able to ignore tweets based on substring patterns or regexp, either for a given user or for all users.
The same could be useful for highlighting certain tweets.
This could be either implemented on the service itself (webpage and api) or it could be implemented in the 3rd party applications, e.g. Tweetdeck
let's how this turns out