Wednesday, August 18, 2010

Black hat peer-to-peer

If you've ever heard the term 'SEO' bandied about you're likely familiar with the concept of 'black hat' and 'white hat' SEO (Search Engine Optimisation).
The good guys wear the white hats - and the bad guys don't.
Just as I expect a whole industry of 'twitter follower optimisation' snake oil salesmen to rock up at brands' doorsteps any day now, so I am fearful of an emerging new style of peer-to-peer corrupters: Those who spam your friends in your name.
We saw an example yesterday on Twitter - albeit (according to the coder behind Twifficiency) by mistake.
Twifficiency was (is?) one of the many borrowers of twitter's API to tell the user something about the way they use twitter - their effectiveness/reach/influence/rank whatever... (image, Lee Marvin via Cinebeats)
This particular version rewarded the visitor with a % score for putting their username into the magic box. The trouble is, Twifficiency then, under the cover of the obfuscating small-print of the Twitter 'allow/deny' screen (below), automatically tweeted that score with an invitation to all your followers to try theirs.
The convention has been to ask for further approval before granting permission to share - often via a tweet which you get to edit, approve and then decide whether or not to share with your peers: White Hat. White Hat doesn't hide behind obfuscation.
The black hat get out clause here is (see below) "access and update your data on twitter".
This apparently can be translated as meaning: "Tweet as if you were me, tweet what you like, and whenever."
If you wear a black hat.
If you wear a white one you know that wouldn't be very nice. You wouldn't like that to happen to yourself. So you don't do it to others. Social beings feel this and know this.
Passing yourself off as someone else to gain benefit has another name in law. Fraud. Not nice is it?
Twifficiency is a benign case. But it's not hard to imagine how less scrupulous developers could exploit the frailties of human nature by making 'you' tweet no end of scurrilous and self-serving content.
It's not good enough to lay the blame on the human desire to hear good stuff about yourself, as some have.
Those that blame ego (why do you want to know how popular/influential etc you are, anyway?) are likely the same people who never google themselves and claim to have zero shared performance anxiety or fear of public speaking.
If you meet one be sure to share the last of my stash of rocking horse shit with them.

Now, we don't want to suggest young James Cunningham did anything more serious than fail in his duty to fellow twitter users yesterday. Next time around, James, take a look at what others do - perhaps learn a few best practice lessons, then try again. We'll forgive a mistake - we've all made them.
Twitter is open. It's API is open. Which means there are doorways open to abuse.
What we have to do in response to this is become ever better at crap detection, at sharing warnings, and at defending the community against those who would more deliberately take advantage.
Let's start with defining what Black Hat Peer To Peer is:
  1. Attempting to pass yourself off as another person, in order to access that other person's social graph
  2. Hiding behind the small print instead of doing the right thing
  3. Using automation to acquire friends/followers
  4. Automating the process of dumping those followers who don't follow you back
  5. Sending unsolicited and irrelevant commercial messages to users based on shoddy algorithms (if based an anything at all?!) that's mine for now - can you think of examples?
Enhanced by Zemanta

The rate of change is so rapid it's difficult for one person to keep up to speed. Let's pool our thoughts, share our reactions and, who knows, even reach some shared conclusions worth arriving at?