Twitter without spam bots - utopia or privacy nightmare?


Twitter has a big problem – spam bots. In fact, almost half of Musk's followers are fake. Can the new Twitter owner weed out bots, or is that only a utopia?

Elon Musk has made some bold statements after announcing the $44 billion Twitter deal, from taking it private to opening up Twitter algorithms and getting rid of spam bots.

By now, we got to learn more about Musk's ways. His statements often seem visionary and far-sighted. Seeing a Tesla Roadster with a dummy in space paints an exciting picture of our future. We'll figure out the specifics later.

ADVERTISEMENT

Probably, Musk hasn't figured it all out yet with Twitter either, but dreaming big is his way of boosting investor confidence. Twitter without spam bots sure sounds nice, but is it even possible?

"It's a huge challenge. Musk hasn't shielded away from big challenges, and it is how he operates," Cyril Noel-Tagoe, Principal Security Researcher at Netacea, the bot detection and mitigation company, told Cybernews.

Twitter bot problem

Here's what numbers tell us. Twitter estimates that false accounts represent fewer than 5% of its daily active users. It translates to approximately 11,5 million active daily users, given that Twitter has close to 230 million of them.

When it comes to Musk, he appears to have more fake followers than any other celebrity enjoying a similar spotlight. Musk has over 90 million followers, and more than half of them – roughly 48 million – are considered fake.

The Twitter audit tool SparkToro keeps track of false accounts and defines fake followers as accounts that are unreachable and will not see the account's tweets (either because they're spam, bots, propaganda, etc., or because they're no longer active on Twitter).

"There are two main types of bots that Twitter has a problem with. One is geopolitical spam bots, which we have seen trying to influence election campaigns in the past. Elon is probably more worried about spam bots that promote cryptocurrency and scams. That's his main driver for removing bots," Noel-Tagoe told Cybernews.

In 2018, Twitter notified 700,000 users who interacted with the accounts linked to Russian propaganda efforts during the 2016 US presidential elections. Pro-Trump bot @amrightnow, with over 33,000 followers, spammed Twitter with anti-Clinton conspiracy theories. An anti-Trump bot @loserDonldTrump retweeted all mentions of @realDonaldTrump that included the word “loser,” producing more than 2,000 tweets per day.

ADVERTISEMENT

Crypto scam bots monitor tweets containing specific keywords, such as MetaMask and TrusWallet, and reply to them with malicious links, resulting in a theft of crypto funds.

Not all bots are bad

"If our Twitter bid succeeds, we will defeat the spam bots or die trying!" Musk said.

First, he will have to figure out what spam bots mean, as not all bots are bad.

"If Musk chooses to remove all bots from Twitter, that would be harmful to Twitter because there are many valuable bots," Noel-Tagoe said.

For example, through the pandemic, bots were tweeting about available slots to get your vaccine. Many organizations use bots to tweet important information if they can't do it manually.

"While removing all spam bots from Twitter is an ambitious goal to work towards and could offer a certain utopia, you don't need to remove all the spam to greatly improve the platform and its impact," Sam Crowther, CEO of cybersecurity company Kasada, told Cybernews.

He thinks Musk should focus on bots responsible for the majority of spam on Twitter.

"If 80% of the pain of spam bots is caused by just 20% of the bots, a measurable step forward would be focusing on eliminating the 20% while working towards the bigger and admirable goal," he added.

Adversaries are clever, too

ADVERTISEMENT

Twitter has taken action to combat bot problems, for example, labeling bots as automated accounts.

"It's something they want to solve, and if Musk can bring some new ideas, help them accelerate the time frame. It's not easy; that's not going to happen overnight," Noel-Tagoe said.

Cyril Noel-Tagoe
Noel-Tagoe

That's not going to be an easy task, given the speed at which adversaries innovate, being free from all the legal and bureaucratic hassle that companies must go through.

"It's a constant cat and mouse game. Both sides are going to evolve continually. If you put protection in place, the bot operators are going to try and find ways to bypass that," he added.

Musk also insisted that the Twitter algorithm should be open-sourced. Noel-Tagoe is concerned that it might aid spam bot operators by "allowing them to create strategies to circumvent systems."

A privacy concern

Musk intends to verify Twitter users manually in an effort to weed out false accounts. Asking for users' phone numbers and emails is not enough, as adversaries can easily bypass this request.

"Bot operators are quite advanced in making bots look legitimate if they need to go through residential proxies so that IP addresses look like a normal user and bypass captchas," Netecea researcher said.

He reckons Musk might be looking at more overbearing verification, including registration with ID, which immediately makes it a privacy concern and clashes with another vision that Musk has of making Twitter a platform celebrating free speech.

ADVERTISEMENT

"In certain geographies where free speech is suppressed, part of the ability to speak freely is to be able to hide your identity," Noel-Tagoe added.

Crowther, on the other hand, sees a way out.

"As long as all the data is handled responsibly and securely, the experience shouldn't be much different from other companies like banks that perform Know Your Customer (KYC) checks to make sure that customers are genuinely who they claim to be," he said.