(Originally published September 2012.)
It’s been over five years since I first wrote about my problem with spam on Twitter, and not a single thing has been done about it. Shockingly, the site seems to be vulnerable to the most basic, easily detectable techniques imaginable.
New accounts are permitted to send hundreds of nearly-identical tweets with many unrelated users tagged. Account-bans are occasional (usually after several days of sending spam), but ip bans seem to be missing entirely. Plus there’s the well-used problem of users being able to follow and unfollow thousands of users a day (which, of course, generates a new follower notification for those followed).
Twitter has been claiming recently that supporting the number of api calls made by third-party clients has taken a huge toll on the company financially, but if that’s truly the case, how is it that the several spam messages most users receive daily aren’t of any concern? Even if solving these problems would likely result in more complex attacks, even the most basic protections haven’t been added, showing that it was never a concern at all.
To me, this seems to indicate just how little Twitter actually cares about anything but money. (This might seem ironic, given how long it took them to get a business model together, but even that can be explained by a reasonable gamble which ended out paying off.)
Update: Not long after writing this entry, this post from Leo Traynor made it onto the frontpage of Hacker News. While it’s certainly not the focus or point of the entry, the lack of any effort from Twitter continues to disappoint. It seems that not even an IP ban was implemented after blocking and reporting multiple accounts.