I blame the Family Guy. There I was in my hotel room, where I'm staying while in NY for business, watching episodes of The Family Guy on my laptop like any other Joe the Coder on a Tuesday night. But then I ran out of episodes. None of this would've happened if there were enough Family Guy episodes to watch on Hulu.
Hi. My name is Ryo, and I'm the developer of Twitterank, which is not some grand scheme to steal thousands of Twitter accounts, but a casual experiment gone horribly horribly right. Here's my side of the story:
With no more tales of Peter and Co. to entertain me, I turned to Twitter. I was browsing through a day's worth of tweets from my friends, when something or another got me thinking about @replies. As many of you are aware, I'm sure, @replies allow users to essentially "send" tweets to other users, which effectively turns Twitter into one giant semi-public conversation. In my head, these @replies started looking like edges in a hidden graph. Hidden, because while you can see @replies directed at you, you can't necessarily see @replies that other people are receiving. Yet, it seemed like this information would reveal quite a bit about the user. Who's talking to them? How often?
That, is the "secwet" behind Twitterank. Similar to how Google's PageRank algorithm judged a web page based on the number of inbound links and the origin of those links, Twitterank attempts to quantify a Twitter user by analyzing their incoming @replies. In essence, the more people talk to you, the higher your score. So yes, the number you'll get may not necessarily reflect the number of followers you have, how often you tweet, or even how big your ego is. That also brings us to passwords. In order to analyze your @replies, I need to make a web service request to Twitter, which requires your user name and password. As I've mentioned in my blog, there are alternative authentication mechanisms out there, but for whatever reason, Twitter hasn't adopted them yet. So I went ahead and hacked together a simple app, which asked for a user name and password. Those of you who used the site early on might've seen a big red box with a rather lengthy warning about how "you should be afraid." That text, which someone later found commented out and then misinterpreted, was there to prompt users to think twice before entering their passwords. If people were turned away by it, that would've been fine by me. Frankly, I only expected a few of my friends to use it.
All in all, from inception to launch, Twitterank took me about 5 hours to build. I finished around 4:30am, posted my Twitterank to Twitter, and went to bed. The next morning, I sent a single tweet to my friends asking them to check out Twitterank, and the beast was unleashed. One hour I had 8 new users. The next hour I had 109. The next 400. Then 1500. Then 2400. All this happened while I was at work, and my primary concern was keeping the site up (my hosting service got overwhelmed, so I eventually switched to a friend's dedicated server). Unfortunately, it wasn't until much later that I fully grasped the extent of the rumors, and was able to begin addressing some of the concerns people had.
That's my story. Who'da thunk a silly idea and a few hours of hacking would turn into... this? But this ain't over yet. As I write this, Twitterank is less than a day old, and there's more work to do. We don't even know if it's any good. This episode also started some conversations about phishing, about authentication, and social behaviors. There are many ways this story can play out, but it's far from over. If you want to talk, I'll be on Twitter.