I’m the first Twitter spammer, ugh

By Steve Poland   •   April 10, 2007

There’s a lot of things I am, but this wasn’t one of them that I expected to become — particularly given my love for the Twitter service. But things are fine with the Twitter team and me.

Spoke to Alex of Twitter yesterday morning and he was cool about the “forecast” incident:

Don’t worry about it. Our system was capable of doing something dumb, and you just happened to stumble on it. We’ll get it fixed up. I’d rather that somebody who *likes* the service came across bugs like that than somebody who actually has malicious intent.

Later he wrote:

We’re taking some code live that clamps down on multiple friend request emails. Thanks again for letting us know what happened with the bot.

And here’s some talk in the Twitter development group regarding the incident.

Below is my email to the Twitter team:

TwitterWell, I didn’t expect to become this, but apparently I am. First off, my apologies — I’ve pissed off a few people apparently, although I don’t think it’ll reflect poorly on Twitter itself. Hopefully you guys can learn from this and make the necessary fixes, so that this doesn’t happen again.

Secondly, here’s what I did — and my programmer says it wasn’t his code that caused some people to receive 80+ invite emails from the ‘forecast‘ username … but regardless, I take full responsibility and blame for everything. I just hope everything can get fixed to avoid this happening in the future.

The problem is that Twitter doesn’t allow direct messages to be received by UserA from UserB, unless UserA has acknowledged UserB as their own friend. Thus, to ensure people could use our ‘forecast’ bot (you send it a command like ‘d forecast buffalo, ny’ to get current weather back to you), we decided to add everyone as our own friend by scraping the public timeline (not to mention this would make others aware of our service).

Something happened and some Twitter users were getting reportedly “2 email friend requests from ‘forecast’ per minute” to the point that some users created email filters to auto-delete these messages.

Some of my initial suggestions:
1) If someone adds another person as a friend, they should only notify that user once — thus, if I added, then removed, then added, then removed a user.. that user should only be notified one time that I added them as a friend. I wouldn’t notify the user that I removed them, and I wouldn’t notify them in the future that I re-added them.

2) I’d love for you to allow direct messages from non-friends, although I can see the future spammers sending spam to people. Maybe there’s another mailbox in the user’s account that says something like, “Messages from non-friends”. If a person is using the ‘forecast’ bot, but isn’t the friend of ‘forecast’, then they send a message and I believe are notified via cell “you are not a friend of ‘forecast’. send ‘add forecast’”. But even then, ‘forecast’ can’t receive the direct message until ‘forecast’ befriends that person — and thus does a query of the ‘befriend_all’ URL on the website. There should be an option (specifically for bots) that allows a user to auto-add any people that ‘friend’ them.

3) Reduce # of people one can ‘friend’ each minute, hour, day? Although if something gets real hot (i.e. Paris Hilton signs up for this service and everyone learns that), and 1000 users ‘friend’ a user, then that user should be able to befriend those people back. So maybe just limit the # of outbound friending of non-friends?

Next, our ‘forecast’ bot isn’t functioning at the moment. It might be because of all the friends we have, not sure. If you want to delete all our friends (or maybe all but the ones that have befriended us — roughly 400 befriend us), do what you need to do.

I surely didn’t mean to piss people off, but did. Also never wanted to become a “spammer”, but did. The only good I’m hoping to come from this is the fact that I pushed the boundaries of the Twitter back-end, which ultimately would have happened, and you can now fix things up for something like this to never happen again.

My apologies once again. I love the Twitter service as you can tell from my blog.

Comments

2 Responses to “I’m the first Twitter spammer, ugh”

  1. MyAvatars 0.2 Dustin Hanson on April 11th, 2007 2:18 pm (perm link)

    A thought occurred to me. With today’s modern pushing technologies like Twitter, even Google’s SMS calendar reminder, etc.. i’m worried that we could one day cause a massive crash of systems.

    Imagine the a bot has 500,000 members, the Mypsace Tom of twitter. Say someone posts message, it goes to those members, say someone auto responds to that post, the hits another x thousand number of users.

    You see how the Myspace Tom model could kill the site, and even possible bandwidth and/or the txt messaging networks of mobile phones.

    Just curious if anyone else thought about this.

  2. MyAvatars 0.2 Brad on April 12th, 2007 7:13 am (perm link)

    I was never pissed off, but I am naturally good natured when it comes to Twitter, so that’s a given. It was moderately annoying but to no great extent. I look forward to using Forecast when it works properly, if it doesn’t already currently. Thanks!

Got something to say?





*
To prove you're a person (not a spam script), type the security word shown in the picture.
Anti-Spam Image