Thursday, September 17, 2009

Twitter SpamBot

I noticed a random follow on Twitter this morning and it looked suspiciously like a spambot for the semi-ad as the latest post. It may very well not be, but it got me to thinking how easy Twitter makes SpamBots over something like IRC or other personal mediums:
Twitter is public facing. Tweets are generally aimed at no-one in general, just informative.
- This model makes it easier to construct spam as a likely tweet that may be taken as a legitimate message

People generally tweet something of interest with a link to follow.
- This is and almost perfect medium to do short pitches.

More and more people are using link shorteners.
- With the actual link obfuscated, and the increased tendancy of people to click on the link, it opens the possiblity of bait and switches.

Not all tweets are statements, there are fair few that are responses to others. In fact most of my tweets are responses or queries, but that's probably more my style. Could SpamBots mimic responses?
Twitter exposes many half-conversations and non-relevant conversations into your stream.
- With increased tolerance to flotsam in the stream, even short pitches sent as a response to a random person (who would have no idea what it was about, but couldn't do anything about the way it was structured or composed) would fit into the stream quite easily.

Not all tweets are promotions either. All the flotsam makes up a persona and the one thing that the turing test has taught us is that representing personas is damn hard to do with AIs. But why build one when you can copy one?

Twitter exposes millions of personas in their entirety to the world.
- Simply pick an identity at random and copy their tweets onto the spambot, inserting relevant pitches where necessary.
- In later evolutions, copy people that give the types of responses you want to emulate and the volume to limit any jarring differences. Don't target people that have the mimicked person in their friends list, but are on their recommended list (similar interests / many FOAF) for greater appeal of copied information.

And why stop at one? You could easily find a group of people that have a good conversation going and emulate the lot of them, while inserting pitches, pitch responses, and even legitimate RT's! A veritable soap opera played out on your twitter feed to help sell .. err ... soap.

So many opportunities and so many fundamental traits of twitter to feed off that it's almost inevitable. The intriguing thing is not that spambots could exist under twitter (they do already), but that they have the ability to easily embed themselves for a long duration. Maybe we need xkcd's couple testing: