Twitter Identity Fraud: theory and practice

First of all: apologies to Pingstate.nu. They're a wonderful community and I actually wish them all the best.

The ridiculousness of Twitter continues to amaze me. It is a reasonable news filter for personal areas of interest, I'll give it that much. But there must be better ways to filter news based on identity. See, Twitter has no respect for identity.

Here's an example. Pingstate.nu is a large, thriving community of creative professionals and students in Finland. They have 6,500 active daily users (registered users, I gather). Just now, I created a Twitter account under their name and used their RSS feeds to populate the profile. I grabbed their logo and placed it as the image (that hurt a bit already). There's nothing in the profile that doesn't look authentic enough (except that there's a disclaimer in the profile description). I did a rudimentary search for Finnish creative types and added some on the follow list - nothing too much (and nothing personal, in case you read this at some point). This took me about 4 minutes in all, and you could easily keep this going, increase the follower base with someone else's quality content, and then start using it for spam/advertising/PR (pick one according to semantical preference). Here is twitter.com/pingstate. It keeps getting fresh content with the feeds, so I could now just leave it there to slowly gather followers.

Now, I wish Pingstate no ill (I've contacted them to let them know I've done this, and will happily turn the account over or delete if they wish me to). I did this to test just how far you can get with Twitter identity fraud, and I had to stop since it got too uncomfortable to carry on any further. Besides, I don't want the wrath of thousands of people more capable in Photoshop upon me.

I took Pingstate as an example because they happened to have a feed I was following, and I didn't want to actually pretend to represent them. This way, the content was still theirs. It's just that the container was mine, and in Twitter's case, you are the container (sometimes a hollow one, echoing with re-tweets of other people's echoes).

Bottom line: yes, Twitter continues to be a terrible wild-wild-web platform with no restraints. There must be a landgrab of usernames going on. The terms of service prohibit all but parody impersonation. But this is weak protection, friends. Very weak. Enforcing terms of service for millions of users is impossible. And no, you don't even need unique email addresses for each new account, there's an easy way around that.

I don't know if more control is the answer to chaos, but there might be an opportunity for a precedent case where communication security could be interpreted to encompass all digital communication, including existing and potential instances of a person's or an entity's communication channels? It's a bit like reading someone's mail just because it accidentally fell from the mailman's bag in front of your door. But INAL. Here's an analysis of a court case over identity on Twitter.

What's next? I think it is too late for Twitter to enforce identity requirements. We'll see a Twitter bubble burst at some point. The initial quality will be diluted rapidly as identities are compromised and spam, spoofs and other dirty forms of marketing permeate it. We need more transparency and trust in a platform - even if the public profile is a pseudonym or a pen-name, we should be able to trust the structure in background, that there is enforcement even if it doesn't show. Of course, we don't have a universal system, and won't for another 20-50 years (pure speculation). But even a local one would be a step ahead, and the next platform that takes such a step will be the Next Big Thing.