Wednesday, August 18, 2010

Black hat peer-to-peer

If you've ever heard the term 'SEO' bandied about you're likely familiar with the concept of 'black hat' and 'white hat' SEO (Search Engine Optimisation).
The good guys wear the white hats - and the bad guys don't.
Just as I expect a whole industry of 'twitter follower optimisation' snake oil salesmen to rock up at brands' doorsteps any day now, so I am fearful of an emerging new style of peer-to-peer corrupters: Those who spam your friends in your name.
We saw an example yesterday on Twitter - albeit (according to the coder behind Twifficiency) by mistake.
Twifficiency was (is?) one of the many borrowers of twitter's API to tell the user something about the way they use twitter - their effectiveness/reach/influence/rank whatever... (image, Lee Marvin via Cinebeats)
This particular version rewarded the visitor with a % score for putting their username into the magic box. The trouble is, Twifficiency then, under the cover of the obfuscating small-print of the Twitter 'allow/deny' screen (below), automatically tweeted that score with an invitation to all your followers to try theirs.
The convention has been to ask for further approval before granting permission to share - often via a tweet which you get to edit, approve and then decide whether or not to share with your peers: White Hat. White Hat doesn't hide behind obfuscation.
The black hat get out clause here is (see below) "access and update your data on twitter".
This apparently can be translated as meaning: "Tweet as if you were me, tweet what you like, and whenever."
If you wear a black hat.
If you wear a white one you know that wouldn't be very nice. You wouldn't like that to happen to yourself. So you don't do it to others. Social beings feel this and know this.
Passing yourself off as someone else to gain benefit has another name in law. Fraud. Not nice is it?
Twifficiency is a benign case. But it's not hard to imagine how less scrupulous developers could exploit the frailties of human nature by making 'you' tweet no end of scurrilous and self-serving content.
It's not good enough to lay the blame on the human desire to hear good stuff about yourself, as some have.
Those that blame ego (why do you want to know how popular/influential etc you are, anyway?) are likely the same people who never google themselves and claim to have zero shared performance anxiety or fear of public speaking.
If you meet one be sure to share the last of my stash of rocking horse shit with them.

Now, we don't want to suggest young James Cunningham did anything more serious than fail in his duty to fellow twitter users yesterday. Next time around, James, take a look at what others do - perhaps learn a few best practice lessons, then try again. We'll forgive a mistake - we've all made them.
Twitter is open. It's API is open. Which means there are doorways open to abuse.
What we have to do in response to this is become ever better at crap detection, at sharing warnings, and at defending the community against those who would more deliberately take advantage.
Let's start with defining what Black Hat Peer To Peer is:
  1. Attempting to pass yourself off as another person, in order to access that other person's social graph
  2. Hiding behind the small print instead of doing the right thing
  3. Using automation to acquire friends/followers
  4. Automating the process of dumping those followers who don't follow you back
  5. Sending unsolicited and irrelevant commercial messages to users based on shoddy algorithms (if based an anything at all?!)
...er that's mine for now - can you think of examples?
Enhanced by Zemanta

3 comments:

  1. Hmm. I use tweepi.com to find Twitter accounts that have become inactive/haven't posted in months. I often decide to unfollow these accounts.

    That's a form of automation. Tweepi.com automates the discovery of these accounts and then allows me to select form that list for the unfollow.

    It's a form of automation. Are you suggesting that its use makes me a form of social media black hat?

    ReplyDelete
  2. No, I'm thinking of the kind of thing beloved of midwestern 'social media experts' that go off spidering for people to autofollow and then, a few days later if they haven't been followed back, go back and autounfollow.
    No objection to something helping to surface people you aren't getting value from following enabling you to make choices about decluttering. Automation isn't inherently wrong (the web of things requires it)

    ReplyDelete
  3. Hidden scripts that harvest user data is like Web 2.0 versions of the fine print in printing days. People loathe them. It's like having someone opt-in to your mailing list without their permission. You might be building your followers/DB in the short run, but you'll have BIG reputation problems in the long run. It's going to kill your brand equity.

    ReplyDelete