Hard-working, honest Twitter users are getting sick and tired of all the bogus follow requests they receive on a daily basis as they post updates to Twitter. It seems there are automated computer programs, AKA bots, that search for interesting topics and try to follow everyone who tweets about them in hopes the favor will be reciprocated. Once the user follows the bogus Twitter account, their time line can be spammed with unwanted links to advertising and marketing from a strange company with an unknown reputation. What measures can we take now to protect ourselves and what can Twitter do to help?

Some people I know take a conservative, guarded approach to Twitter. These users protect their accounts. They may be followed only by request and their tweets may be viewed only by approved followers. Users in this camp restrict their followers to close friends and relatives, limiting their participation in all that Twitter has to offer. These users can’t be followed by others with a legitimate interest in the topics about which they tweet and are unable to meet new people. It would seem they lose out on most of the benefits of social media. While a portion of these users really do want a private Twitter experience, others feel the need to employ these measures as protection against spammers.

In contrast, other users wish to avail themselves of all the social media benefits Twitter offers, putting up with the junk in the process. They allow everyone to follow their public tweets and revel in the prospect of connecting and communicating with people they met online. The public profile of these users exposes them to phishing, spamming, social engineering and other forms of abuse. How can public users protect themselves while enjoying all of Twitter’s benefits?

There are currently a number of ways for public Twitter users to combat abuse, but all may require significant time and effort. How does one avoid unscrupulous users while ensuring they allow participation by those who have a legitimate interest in their tweets? While much of the abuse is perpetrated by bots, it seems the defense must be conducted manually, on a case-by-case basis as attacks are attempted.

Good protection seems to start at the point where a user makes a follow request. The requester is asking for permission to see your updates on their Twitter home page or in their Twitter application. Once the user follows you, he or she typically hopes you will return the favor in order to form a connection. When two Twitter users follow each other, a two-way relationship exists permitting the private exchange of direct messages and the public swapping of Twitter updates. The malicious user can abuse this new relationship by posting pushy marketing information to all their followers or by attempting to lure their followers to questionable Web sites that try to collect usernames, passwords and other personal data.

The key is to ensure you are only forming healthy relationships on Twitter by carefully evaluating each new follow request and keeping these guidelines in mind before approving anyone:

  • Check the Twitter username. If it contains several numbers after the name, this may represent a red flag. Proceed with caution. Bots can create accounts based on a name, adding numbers until an unused one has been found.
  • Look for nonsensical names or missing biographical information on the user’s Twitter home page. If you don’t like what you see, by all means ignore the follow request.
  • Consider taking a look at the Web site linked in the user’s profile. Exercise caution, though, as this link might point to a malicious page or an attempted social engineering attack. Do not trust the page’s content and avoid entering any personal data.
  • Review the updates the user has posted. You can quickly see the 20 most recent tweets on the user’s Twitter home page. Red flags include a large number of links without context, little or no conversation with other users and a lack of information you deem interesting.
  • If you believe the user is malicious, press the Block button. If you just find the user’s content uninteresting, simply ignore the follow request but do not block. Blocking can have a negative impact on a user’s reputation and may potentially limit their future ability to use Twitter.

We can ask Twitter to develop an easy solution that would allow us to strike a balance between the limitations inherent in a protected account and the anything-goes nature of a public account. The solution is moderated following. In a moderated following scenario, anyone making a follow request would be asked to explain why they should be granted that honor. The proposed feature would work like this:

  • A user wishes to follow someone on Twitter.
  • She visits the person’s Twitter home page and presses the Follow button.
  • She is asked to provide the reason she wishes to follow the other person.
  • Twitter notifies the recipient of the follow request, including the stated reason.
  • The recipient is given a chance to accept or reject the request.
  • If it is accepted, the requester receives appropriate notification. If denied, the requester receives nothing.

Let’s all think about how a moderated follow scenario might work and, if it’s something worth pursuing, ask Twitter to consider putting it in place as a new feature. All comments are appreciated as always.