3 Problems We Will Face on Twitter
The last year can also be called “the year of Twitter”. The micro-blogging social media tool where each user answers the question, “What are you doing?” has gone viral so much so that there have been a billion tweets in 2.5 years since its launch. Latest news is breaking through Twitter already and the Internet dictionary put on a few pounds thanks to Twitter. At a time when the Twitterverse is speculating about whether Twitter would monetize or not, it is natural for miscreants to take advantage of Twitter to make some money themselves.
Here are three problems all twitter users are likely to face on Twitter:
Phishing: Twittersphere is abuzz with tweets about phishing, which prompted me to make this post. There is a phishing attack spreading across Twitter at this moment. It began with what is being called “DM Deception”. User A receives a direct message from User B asking them to check out some URL. You know what happens next. I didn’t face this yet, but I have seen compromised accounts among my followers tweeting messages like, “Check out this cute pic of yours, LOL…” with another URL.
If you suspect that you may have become a victim to a phishing attack, change your password immediately. If it is beyond salvation, bite the bullet and report the user as malicious. Twitter has so far been quick at suspending suspicious users.
Shortening URLs: I am not complaining but I expected this to be more rampant than what it is now. More URL shorteners like TinyURL, Tr.im, Snurl are crowding because of the growth of Twitter. A long URL is shortened to take fewer characters so that it can be shared through tweets. The trouble is that you have no idea about what you are clicking at. It could very well be some link spreading malware. What makes this worse is that these shortened URLs are too similar to be distinguished or remembered; you could click on the same bad link twice on your bad day.
A solution is to enable the preview feature. Tinyurl, e.g., provides a cool preview feature which when enabled shows what the URL redirects to (the original URL that was shortened) and then asks you whether you want to proceed to that site. I wish that all URL shorteners implement the feature.
Twitter Apps: Hundreds of apps are being developed around Twitter. Take a look at this list of Twitter Clients being used and you will know. All these expect your Twitter username and password to login. You might come across a new app that asks you to enter your Twitter username and password to be able to use it, and what if it steals your username and password? This might seem far-fetched but I don’t see why it can’t be done.
I tend to give any new app a day or so before using it, and I keep my ears open to listen to the grapevine until then. When my work depends on trying such apps I try it with a secondary account first.
As of now, I believe that the elite Twitter users are more prone to these attacks and have more to lose. That said, having started using Twitter only a couple of months ago, I find it immensely useful and would like to be prepared to face all possible annoyances. So what other problems do you think we might face?
There are some new applications built around Twitter that are using something besides asking for your Twitter username/password for authentication.
One of the new ways is to have a Twitter account set up by the app and for you to follow that account as a way of authenticating you are that account’s true owner. Similar to how email addresses are authenticated by sending a link you need to click to your email address.
Thoughts?
Is it? It is not at all surprising that something of that kind would come up, but could you share some examples of these applications? I’m still new to Twitter as I said.
Another solution to the problem of malware links behind shortened URLs is to use a twitter client like Tweetree. This shows you the links in full.
Thank you, techandlife. Will definitely try Tweetree then.
Take a look at these two sample apps that use that authentication system I mentioned above:
http://replies.twitapps.com/ <– Sends your @ posts to your email inbox.
http://tweebay.com/ <– Classified/Market/Auctions With Twitter
Hany: It’s true that some twitter apps don’t require your credentials–TrackThis is a good example.
But there are just some things apps couldn’t provide without credentials. Say, for example, I created a service you could use to automatically send a welcome dm when someone follows you. The only way a service could do that is if the service knew your credentials.
The solution is for twitter to support OAuth (or something similar). I believe twitter is working on this. Let’s hope the recent high-profile phishing schemes will push OAuth to the head of Twitter’s roadmap.
Here’s hoping the latest phishing on Twitter prompts them to support OAuth (or something similar) soon.