The bots of Twitter

I hate social networks! I hate their invasive policies! Can I have some privacy on the Internet? Goddammit people! Rule number five of the Internet: We do not forgive, we do not forget.

That’s right. No data on the Internet is safe from scrutiny. No mistake is ever forgiven. Everything is indexed, cached, stored several times over by numerous parties. I can name three off the top of my head: Wayback machine, Google cache and the NSA. Technological advancement makes it cheaper to keep data than to delete it. And people still wonder why it’s a good practice to consciously limit the amount of personal and identifiable information they submitted to the web.

Phone numbers are lucrative targets

A phone number is not something I would carelessly disclose. It’s a direct line of communication to my real-life self. It’s a 2-FA authenticator for my key services. It’s linked to countless of cloud accounts and cloud storage. And it’s something I need to call my bank and approve large, outgoing transactions. As far as network security nowadays is concerned, the risk has been shifted from passwords and PIN codes to a physical “key”, a smart device, and more specifically: the phone number.

Real life hackers don’t sit in basements running Bash scripts. They scrape the net for personal information and connected accounts. As soon as a profile of the target is been created, they will be calling the target’s cellphone provider, impersonating the victim and requesting a lock down of the number with the information they acquired. Now if they’re nefarious and have sufficient information, they can even attempt to claim the victim’s phone number. Oh trust me, the claiming process is as simple as providing the latest 5 outgoing calls. No ID is necessary.

By the time the victim can prove he’s the legitimate owner of the phone number and get it back. Boo hoo! The associated online accounts would all be gone. Knowing where the security risk lies and actively keeping the key hidden and in check is the only effective protection.

There’s a notion in cryptography called “Perfect secrecy“. Watch the game in the video. The box is Twitter, the locks are the encryption promised by it and the chosen card is the phone number. Putting my card in the box, decreases the security level of the card and I’m not going to do that unless I’m promised an equivalent benefit for the risk I’m taking.

And in case any of you are wondering, I’m against using temporary phone numbers on long-term accounts. It’s the same as throwing the key away and hoping it won’t be needed ever again. As for keeping it tucked in a shoebox somewhere, that’s still a bad idea because it’ll end up flagged as inactive by the mobile provider after a few months and I won’t be able to remember to maintain its activity.

My brief history with social networks

So back to Twitter, almost two years ago, when Facebook locked my account for refusing to disclose my real name, I gave Twitter a try. At the time, Twitter required a phone number to complete the registration. I refused to give up my contact number and created this WordPress blog instead.

A few hours ago, I checked back on Twitter’s policies again. Things had been too calm these days with KanColle Wikia Chat now on saving throws and EGScan’s Noblesse forum is practically dead. Hence, I have been looking for ways to get back into the social network game. Twitter appears as a silver lining in this increasingly invasive cyber world and I’m willing to give the humming bird a second chance.

Twitter’s account locking shenanigans

I got through the sign up smoothly with my email address. There’s now a “Skip” button under the “add your phone number” step. How nice of them! And then, everything takes a turn for the worse. To my dismay, my newly created account was immediately suspended! The reason given was:

“Your account appears to have exhibited automated behavior that violates the Twitter Rules:”

Automated behavior? I didn’t even see any captcha during the sign up.

Oh you know the drill, I’m not going to give up that easily!

I went ahead and sent a support ticket to Twitter. Telling them that I would not give up my phone number or pay their call fee and that neither their Terms of Service nor Twitter Rules had stated anything about a must-have phone number (In fact, in the Terms of Service, in “Using the Services” section, under “Your account” subsection, the statement “If you added your phone number to your account…” implies a phone number is optional) and urged them to unlock my new account.

Soon afterwards, I got a mail notification from Twitter Support. An automated, boilerplate response echoing the same account locked notice from before. At the end of the mail, the mail bot told me that I could reply to the message for further assistance.

Alright, let’s get a human support through this channel.

Sent a reply with the same content as before, plus a request for a human support staff.

Two hours later, I got a positive reply. And I didn’t get one of it, I got FOUR of it back at the time of one minute between each email:

I cracked at the irony. An automated anti-spam bot is accusing me of being a spam bot and then when I call for support, they send a spam bot to support me. Well, I got my account unlocked, that’s the end of it, right?

Wrong, dead wrong!

I logged in my account for the first time ever. Confirmed the email and uploaded the avatar. As soon as I tried to update the biography, I got locked out of my account for the same reason again! I checked the clock. It had been only 10 minutes (precisely, not missing any minute) since they sent me the first unlock email. This is another automated suspension!

#Not A Bot

Mildly ticked off at this point, I looked up for a solution and found #NotABot hashtag. Apparently, I’m not alone. The issue with Twitter automated banning system is a long lasting and widespread one. Users have been admirably creative when it comes to avoiding account locks:

These are just sad, sad tweets to read. It dawned on me how serious the botting issue had been on Twitter. I’m not surprised though. This social network is the place where the devil spawn Tay arose after all. Its trolls and its inherent bot-friendly nature is a recipe for disaster.

Needless to say, I could tell from the email pattern that Twitter Support bot would unlock an account suspended in this manner within 1 hour and 55 minutes (give or take 1 minute) after a reply to the first email and continue to spam a few more “Your account is now unlocked” emails. Then my account would be locked again after 10 exactly minutes if I logged in and didn’t post my first tweet (with typos to prove that I’m #Notabot).

I’m not going to jump ropes to engage in a social network. I have my fair share of the internet over at KanColle Wikia with trolls, spam bots and VSTF (Volunteer Spam Task Force) IP-range blocking our staff members by accident. I called it quit and deactivated my Twitter account during my second grace period.

And that concludes my adventure with Twitter. I know this is not entirely the platform’s fault but this is the end. Farewell, the mocking bird. May fate be kinder with us in a parallel dimension.

Rest in peace @fujihita (4 hours old).

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s