Interesting Point of View: Twitter Spam and Motivation to Report it

Point of view from Marco Arment

I don’t know how Twitter handles spam internally. They’re probably devoting a lot of time to fighting it.

But I don’t think it’s unreasonable to observe so much repetition in the still-visible spam techniques and conclude that Twitter is being extremely conservative about deploying automated heuristics, relying heavily on the “Report Spam” feature instead.

Spam-fighting is always a tricky balance: if it’s too aggressive and automated, it’ll prevent some legitimate messages from reaching their recipients. But if it’s too conservative or manually triggered by user reports, a lot of spam will get through.

The operators of spammable services need to decide where their priorities are on that spectrum: severely annoy a small number of your users by not delivering some legitimate messages, or moderately annoy a large number of your users by showing them too much spam.

Twitter seems to have chosen the latter. At this point, given their resources, it’s almost certainly a philosophical choice — e.g. “every message must be delivered” — and not because of a lack of spam-fighting abilities.

There are three big problems with this approach:

• A lot of spam is shown to users before it’s cleared away by the few that report it (and whatever actions result from that). The spam succeeds. And if only, say, 1 in 100 people report spam that they’re shown, the spam is annoying quite a lot of users before anything is done about it.
• It appears to users that the service is taking a passive, almost neglectful approach to spam, which diminishes the motivation to use that “Report Spam” button. If the ratio of spam views to reports gets worse — say, if only 1 in 500 people report it — then spam starts to anger even more users before anything is done about it.
• Report-and-respond-later systems are far less effective when the barrier to posting new spam is extremely low. In Twitter’s case, who cares if they ban a spam account after it has spammed 500 users, if the spammer has hundreds or thousands of other accounts that it can keep creating at nearly zero cost?

Fundamentally, I believe Twitter’s priorities here are wrong. Twitter needs a far more aggressive, automated, proactive, heuristic-based anti-spam system. And if someone has trouble legitimately tweeting a link with no text to 100 people in a row who don’t follow them at precise 1-minute intervals, that’s just the price we’ll have to pay.

In the meantime, I’m never using the “Report Spam” feature again, because it just seems like I’m wasting my time.

via marco.org

I have to admit, I still report Twitter spam, but it does seem like it's increasing. Doesn't that happen with each Social Media platform we see? What do you think?

A quick word about passwords

Considering the latest swath of phishing and account hijacking on Twitter, I thought I'd post this reminder. If you have a strong password, hackers will pass by your account and attempt to hack an easier target.

Picking a good password is not as thought-free (but is twice as important) as it may seem. Whoever has your password can (in effect) "be you" anywhere on the web — posting comments, sending spam, and leaving dangerous feedback for others. Basically, such an impostor can ruin your online reputation — and possibly cause you serious financial grief.

With any online password, you should follow these common-sense rules to protect your privacy:

• Don't pick anything too obvious, such as your birthday, your first name, or your Social Security number. (Hint: If it's too easy to remember, it's probably too easy to crack.)
• Make things tough on the bad guys — combine numbers and letters and create nonsensical words.Use upper and lower cases.
• Don't give out your password to anyone — it's like giving away the keys to the front door of your house.
• If you even suspect someone has your password, immediately change it 
• Change your password every few months just to be on the safe side.