Stop Twitter Spam

We mentioned yesterday that Twitter wants your feedback on the best way to report spam on Twitter. There are some great ideas flowing, like this one from @nazgul…

It needs an inline command (ala @/d) so I can do it at any time, whether on the road or on the laptop.

You need fast reaction, so that spamming is never worth while, even if bot automated. That means automatic reaction, but you want to avoid human reporting errors.

So add a “spammer @foobar” command. It flags the account and reduces # of posts account can make per minute. On the fly guessing here. Have each report reduce outbound by 20% of total. So 5 reports makes it hit zero. At some level (which you can decide internally) you get notified to check it out. Otherwise a given spam report will wear off after, say, 24 hours. Accounts that hit zero might require manual re-enable, up to you.

Oh yes, and you can only use the “spammer” command on someone who has recently sent you a message.

Open question on how to notify sender. They ought to be told, but should they be told who did it? I guess not explicitly, but keeping them from figuring it out by timing is too hard. So just send them a system DM alerting them that they’ve been rate limited by a user who thought they were spammer. If they aren’t, no problem, they’ll be back to normal in a day. If they are, take a hike.

Other considerations.

You could require a CAPTCHA in addition to (but I wouldn’t do instead of) the 24 hour period.

Do you allow people to flag as spammers only @reply messages, or also messages from people they follow? After all, they can always unfollow. You might want to have a different mechanism in the follow case (e.g. an option on the unfollow form and/or command to give spam as the reason).

You need to consider both sides of the equation. Always consider what the next spammer escalation might be. In this case, my immediate thought is that they might try to overwhelm the system with false spam complaints. E.g. set up an account, and then report a bunch of people they follow as spammers. (Particularly ones who are reporting on their other bots.)

This isn’t as much of a problem for the @reply case. But it’s a problem for the general case of my following back someone, only to discover he’s a spammer.

Short term, you could decrease impact for people who reporting multiple spammers in short period of time, but that’s not great. Or you could only count reports from such a person if others do the same. But it all gets messy. Down the road I think the right solution to that is to assign a reputation to a person based on age of account, connectivity and activity, and then assign more weight to reports from accounts with good reputation, and have less tolerance of spam reports on accounts with low reputations.

Two things to always keep in mind.

This isn’t a technical problem, it’s a social problem. In particular, it’s a war against an intelligent enemy. Don’t treat it like static that you are trying to remove from a phone line.

There is no winning this battle. It’s about tradeoffs between ease-of-use and security. And it’s about strategy and anticipating what the next move will be when you close a door. All you can do is try and make the cost of spamming sufficiently higher than the cost of defending from spam.

I’d be happy to talk about this more directly. I’ve spent a lot of time on the email anti-spam side of things. The technologies are slightly different, but the overall tradeoffs and strategies are not.

@nazgul