Twitter authority frenzy led to Twitter phishing meltdown

Folks like to know where they stand, and in recent weeks people on Twitter have been, well, all a-twitter about the idea of Twitter Authority. They want to know who is most influential—a repeat of the phenomenon that swept the blogosphere a while back.
Written by Mitch Ratcliffe, Contributor

Folks like to know where they stand, and in recent weeks people on Twitter have been, well, all a-twitter about the idea of Twitter Authority. They want to know who is most influential—a repeat of the phenomenon that swept the blogosphere a while back. It's a human thing, but it is also the kind of self-absorbed thinking that attracts scammers and theives who sense people's guard is down. This is why, over the weekend, so many prominent Twitterers saw their accounts hijacked and used to send phishing offers to their followers. Valdis Krebs made this point in a tweet, but I am certain he is right about this.

You see, many of the Twitter ranking sites ask for both your Twitter username and password, claiming they need to access the Twitter API to do their calculations. There is no other plausible explanation for the explosion of phishing direct messages on Twitter than one of the many sites offering to give you some tweet whuffie. It's a classic case where the social engineering was done for the phisher. In some cases, people's Twitter accounts are being resold for use in email marketing.

But I don't come here to question the people scammed, rather to damn the notion of authority in toto. Given that we are attempting to build systems that don't reinforce old power structures, which is a cardinal rule in the hacker ethic, there should be no need for ranking systems. A tiny fraction of the world's population uses Twitter, so we don't need to tell everyone who is "best," "most influential" or otherwise, except, perhaps a form of cocktail party game. Beyond that game, it doesn't matter, but everyone seems set on codifying the tweet powers that be.

The Twitterverse is full of ideas about how to measure authority and influence and popularity. For example, at Mr. Tweet, a site that suggest people to follow, written up by Rafe Needleman of CNET yesterday, the main factor in suggestions is the number-of-followers rank of the people following someone. But, because many popular bloggers simply follow everyone who follows them (for their own good reasons), this is absolutely worthless as an indicator of whether a third party, such as someone following Guy Kawasaki or Mike Arrington, is worth following. This bias toward meaningless relationships is compounded by limiting the analysis—at least as far as I can tell—to popular people in the querying party's Twitter follow list. The result is that you get an increasingly self-referential discussion.

The idea of authority and popularity are deeply confused in this discussion. Influence, in my opinion—and it is what I built BuzzLogic's influence algorithms around—is the ability to change or reinforce ideas in networked conversation over time. It is also closely related to specialization, since some authority is simply the ability to popularize, while much authority has to do with expertise and accuracy. This is not what happens in Twitter.

Instead, people retweet others' messages, which tells us very little about the initial tweet, its author (who may simply be pointing at another source) or the the retweeter. Over time, if the retweeting shows a topical or relationship persistence, then you can start to say something about one person's influence on another. But when retweets range across many sources and many different topics, all it shows is that there is an underlying tendency to retweet by the community as a whole, either for reasons they believe explain the action (which, as people, tends to be to pursue some reason or order in the randomness of this activity) or simply because media encourages reuse. Reuse is the basis of the whole media industry monetization model.

Popularity, on the other hand, is only a factor in high school and mass media. Popularity explains why some television actors make millions and others thousands of dollars a year. Popularity quickly dilutes the strength and quality of any individual connection between the popular person and any member of their audience, to whom they are providing a form of performance. This works great for some people, but it is not the basis of a social economy. As Valdis Krebs showed in an excellent posting, the value of small networks is much higher for people who need to have essentially "local" (to a place, industry or subject matter) networks to draw on economically and intellectually.

If you don't know what Twitter is, here's a brief explanation. If you have a Twitter account, change your password and be very careful about the sites you share it with.

If you care about social evolution, stop trying to lock relationships into place with statements about authority.

UPDATE: It is utterly ridiculous that the fact celebrities got caught up in Twitter's security issues has become the story. That's a coincidence related to Twitter's growing popularity, but not an indication that, gasp!, we are any less safe only if we practice good data hygiene. "Oh, the celebrity isn't even safe" doesn't reflect any new or more useful information. Don't share your passwords!

Editorial standards