The Good NET Guide

Posts Tagged ‘down-on-whether’

A spam-less Twitter feed might just be too good to be true. Spam is becoming an increasing problem on Twitter and something has to be done to separate the wheat from the chaff. Spammers are using Twitter as a tool by replying to your @username, which then causes the Tweets to show up in your timeline. There isn’t really a way to filter Twitter spam directly from a Twitter client. But there may be soon.

Loic Le Meur has proposed to add a “report as spam” button to the Twitter desktop clients his company has created, Twhirl and Seesmic Desktop. This button would flag the spammer to Twitter (or to a separate database of users) and Seesmic or Twhirl could then exclude the spammer from its client apps after a sufficient number of users report them as spam. Le Meur also says that the clients would manually check the potential spammers to ensure that they are actually spammers.

After the clients are established as spammers, Twitter could then delete or block the user accounts. Le Meur says that his Twitter clients will soon include a “report as spam” button and is calling on fellow popular Twitter clients, Tweetdeck and Tweetie, to follow suit. The one potential issue with the flag button, says Le Meur, is that Twitter prefers spam to be reported by a direct message to its spam account “@spam.” But you need have @spam to follow you first (it seems to be autofollowing) before hitting the flag button on a Twitter client. It’s an extra step the user would have to take to make the button usable, says Le Meur.

Flagging is a good idea and a great first step to battling spam but what Twitter really needs is an Akismet-like plug-in. Akismet, created by Wordpress developers, filters link spam from blog comments and trackback pings for blogs. When a new comment, trackback, or pingback comes to a blog site, it is submitted to Akismet, which runs hundreds of tests on the comment and returns a thumbs up or thumbs down on whether it is spam. Akismet says that its plug-in has caught 10.7 billion spam comments from blogs since its launch in 2005.

There are a few Twitter applications that let you flag possible spam, but none are tied to the Twitter desktop clients, like Seesmic Desktop or Tweetie. Twimailer gives you a suped-up version of the standard New Follower email offered by Twitter, by providing the user’s Bio, Follower/Following numbers, the user’s last 10 tweets and the ability to block and report spam directly from the New Follower email. Twerp Scan scans through your followers and flags Twitter users who could be potential spammers. You can control the filtering options that determine who is a spammer (i.e. number of followers vs. following). But Twitter may have to develop or license its own spam blocking software if the problem becomes more prevalent.

>Information provided by CrunchBase

Crunch Network: CrunchBoard because it’s time for you to find a new Job2.0

The Cloud is looming large, offering us ways to store and share our data in ways that were never before possible. We can effortlessly share our documents and photos with our families and friends, while maintaining control over their spread using powerful granular privacy controls. But it’s quickly becoming clear that the cloud isn’t ready for us. Because the services we rely on are letting us down with a frequency that is simply unacceptable.

I’ve been putting this post off for a while, mostly because I didn’t want to point to a single breach and call it a trend. But in only the last two months, we’ve covered at least three major web services that suffered security lapses tied to software bugs or scaling issues. In our posts covering these problems, one of our commentors will inevitably say something along the lines of, “that’s what you get for uploading your data to X service“. And the more problems I see, the more I’m beginning to agree with them.

For a recap, let’s revisit some of the problems we’ve recently seen.
In March I wrote about a bug in Google Docs that would share your files with people whom you’d never given access to. Granted, it would only share these files with contacts you’d previously interacted with, and not the entire world, but this did little to ameliorate the issue - in some cases it would be better to share a supposedly private document with a stranger than a coworker.

Two weeks later, we were alerted to a bug on Facebook that would allow users to circumvent any ‘limited profile’ lists they’d been placed on by their friends. For example, if you had placed your boss on a ‘Limited’ profile list so they couldn’t see your latest party photos, they’d be able to get around it. This ‘exploit’, if it could even be called one, was so easy to carry out that I’m sure many people did it accidentally.

Finally, earlier this week Twitter posted a note to its Status blog saying it was having issues with “misdelivery of direct messages”. In other words, some supposedly private messages were being routed to the wrong users. Given Twitter’s problems with bugs in the past this didn’t come as a huge surprise, but it’s unnerving nonetheless.

When faced with such security lapses, most services try to downplay them by pointing out how few people (relatively speaking) were affected. In the case of the Google Docs issue, Google promptly explained that only .05% of all documents were wrongly shared. But when we’re talking about userbases of millions, even an apparently trivial percentage becomes significant, with thousands of people affected. What’s worse, I’m sure this sort of phenomenon is far more common than we realize. The other services involved just aren’t big enough (or honest enough) for anyone to notice.

So why is this happening? There seems to be an accepted notion among many engineers that as their service scales, there is no way that it will be 100% secure. To some extent, I acknowledge and agree with this. Very smart people are always going to be trying to access valuable data by whatever means necessary, and complex security exploits are unfortunately a fact of life on the web. But that doesn’t mean that it’s acceptable for the service to wrongly share user data simply because of a bug. It’s the difference between having your bank apologize for losing your money because someone robbed it, and it telling you that the teller accidentally withdrew a few thousand dollars from your bank account and handed it to someone else. This sort of thing just can’t be happening.

My real issue with these security lapses isn’t so much about the misdirected messages or the wrongly shared photos - the odds of these being truly damaging really are quite low. It’s that these problems serve to undermine the public’s trust in ‘the cloud’. Once we get past the security problems, having our data immediately accessible no matter where we are is incredibly valuable - and probably inevitable. It’s only a matter of time before our health records are going to be stored online in some form, simply because having instant access to them can be lifesaving. But if the public loses faith in the integrity of their data stored online, or the security measures protecting it, then it could take years to regain its trust.

So what can we do? Though I’ve dabbled in programming for years, I unfortunately am not an engineer by trade (a fact that I’m sure opponents of this post will promptly point out to show that I can not possibly know what I’m talking about). But the answer seems clear regardless. If an application is cracking under load, or is too complex for its own good, then new signups and features should be put on hold until the damn thing actually works properly. The word ‘private’ should not mean “this will remain hidden until we accidentally break something”.

To close, I want to make clear that I understand that these engineers are dealing with extremely difficult problems, scaling their incredibly complex services at unprecedented rates. And I respect the hell out of that. But the more often issues like these pop up, the more the general population is going to distrust the security protections of these online services, no matter how good they eventually become. Which is why we need to sort these problems out now.

Crunch Network: CrunchBoard because it’s time for you to find a new Job2.0