Tag Archives: Twitter

Reports of Twitter shifting to an algorithmic timeline raise concerns about user control and experience

Twitter is signaling that it’s going to change how it shows the timeline to users, or at least experiment with it. Here’s what the company CFO actually said yesterday, as reported by the Wall Street Journal.

“Twitter’s timeline is organized in reverse chronological order, a delivery system that has not changed since the product was created eight years ago and one that some early adopters consider sacred to the core Twitter experience. But this “isn’t the most relevant experience for a user,” Noto said. Timely tweets can get buried at the bottom of the feed if the user doesn’t have the app open, for example. “Putting that content in front of the person at that moment in time is a way to organize that content better.”

Mathew Ingram read the WSJ report and interpreted it to mean that a “Facebook-style feed is coming, whether you like it or not.” Twitter CEO Dick Costolo objected to that headline and characterization:

After Ingram’s post, both Mashable’s Karissa Bell suggested and Buzzfeed’s Charlie Warzel have suggested that users shouldn’t freak out about a filtered feed because Twitter isn’t turning into Facebook — yet. Like Ingram, Warzel notes that this change to product might be an improvement for normal or new users:

For average Twitter users, an algorithmic feed might be just the incentive to head to Twitter for breaking news like so many journalists and news fiends. Given the newsgathering makeup of the social network, the content is already there. And this would certainly help expose a great number of tweets to a larger audience.
Of course this is a terrifying prospect for Twitter’s most obsessive crowd. The ones who live on Twitter. And for good reason! For plenty of journalists Twitter is a key tool in their day to day work and, for some, an integral platform in advancing their careers. But there’s nothing in Noto’s comments to suggest that this incarnation of Twitter — the core component of the social network that’s led to the platform’s meteoric rise, IPO, and global success — can’t co-exist with an algorithmically-driven timeline.

At the risk of giving Twitter too much credit, it seems preposterous that the company’s executives and product team would toss out the very core of the site and almost maliciously alienate its most ardent supporters and users. Sure, there’s wide concerns that Twitter’s product team doesn’t have the same relationship to the product as most intense newsgatherers, but it seems odd that the company, which employs a Head of News executive and frequently touts the importance of the raw feed during live events, would be clueless as to the platform’s standing in the news community.

Still, even the possibility of the change has riled a lot of people up, particularly media, and for good reason: the defaults do matter, particularly when the vast majority of users access the service using Twitter.com, m.twitter.com or the official mobile applications. There’s good reason to be concerned, as Ingram highlighted:

The most recent example of how stark the differences can be between a filtered feed and an unfiltered one was the unrest in Ferguson, Mo. and how that showed up so dramatically on Twitter but was barely present for most users of Facebook. As sociologist Zeynep Tufekci noted, that kind of filtering has social consequences — and journalism professor Emily Bell pointed out that doing this makes Facebook and Twitter into information gatekeepers in much the same way newspapers used to be.

Tufecki holds that Twitter should not algorithmically curate users’ timelines, even if algorithms will always serve tweets:

It’s simple: Twitter’s uncurated feed certainly has some downsides, and I can see some algorithmic improvements that would make it easier for early users to adopt the service, but they’d potentially be chopping off the very—sometimes magical—ability of mature Twitter to surface from the network. And the key to this power isn’t the reverse chronology but rather the fact that the network allows humans to exercise free judgment on the worth of content, without strong algorithmic biases. That cumulative, networked freedom is what extends the range of what Twitter can value and surface, and provides some of the best experiences of Twitter.

I’m inclined to take these concerns seriously but I’ll keep my powder dry just yet, with respect to upset. My take (yeah, I know) is that if Twitter experiments with giving users of its website an algorithmically curated stream to improve the relevance of what they see, OK… new users may appreciate that product. Or not. Either way, I hope that the company preserves API access for 3rd party clients, like Tweetbot. I hope Twitter preserves user’s ability to use Tweetdeck to view the timeline of people you follow and lists in reverse chronological order. I want to be able to decide, just as I do on the Facebook newsfeed with “Most Recent” vs “Top News,” and just as I want to know that I see every tweet from the people I’ve chosen to follow or put on the list.

If any of that access or control actually changes, then you’ll see me getting genuinely upset about Twitter breaking Twitter, just as I was when they crippled the free flow of information over the service in the name of spam and phishing prevention. Ironically, the Wall Street Journal also reported that Twitter is going to put more emphasis on messaging after it neglecting it for years, perhaps enabling “group chats” after adding pictures earlier this year. If so, I hope the company adds more domains to the small white list it currently allows. Tufecki, for her part, has an even longer wish list for improvements:

…there are many, many things Twitter could do to address all of that without breaking its networked, human-prioritizing logic. Much much better tutorials seems like such an obvious step (I have hardly seen good ones). Better suggestions for users to follow, perhaps a dozen at a time, and better ways of trying following groups of people. Right now, it’s all individual and arduous, and that should remain the core option, but the entry ramp could be much faster. Better filtering, too, especially of mentions would be very welcome. I’m craving a timed mute, for example—let me mute out someone who I don’t happen to want to listen that day or that week, without having to mute them permanently. Group chat for DM? Woohoo. DM is among Twitter’s most powerful features because it only allows contact from people one chooses to follow which is a better filter than email, but not as strict a one as Facebook which operates differently. Also, brevity makes DM more powerful. And lists! Twitter can do so much more to make lists more useful to its users to let users decide how to deal with signal/noise and interest ratios.

There is so much Twitter can do try to improve the user experience, for both the experienced and the beginner. But I hope that it does not algorithmically curate the feed, not because I love the chronology per se, but because I value people’s judgement. Yes, Twitter can make it easier to access that judgment in more varied ways but stepping between people I choose to follow and me is not the answer.

Asked for comment on these reports, Twitter spokesman Jim Prosser pointed me to Costolo’s reply to an analyst during Twitter’s earning call this July:

Vis-à-vis the additional products we could see I mentioned that I really again the kinds of experiences we created around topics and live events during the World Cup. We will run a number of experiments to that broader audience those unique visitors I talked about and I wouldn’t want to be specific about the sequence with which roll those out or when you would see those. On your second question, algorithmic timelines for example versus manually curated follow lists I think it’s fair to say that we are not ruling out any kinds of changes that we might deliver in the product in service to bridging that gap between signing up for Twitter and receiving immediate value and you will see a number of kinds of experiments that we produce there.

Leave a comment

Filed under Uncategorized

Twitter opens analytics platform to public [TL/DR: images get more engagement]

I briefly logged into Twitter’s free analytics service again today, prompted by a conversation on (you guessed it) Twitter about the demographics of an account’s followers and the news that it was now open to all.

Today, any Twitter user can log in and access the online dashboard and see what Twitter says about how people are interacting with your tweets, among other insights.

I was glad to see that dashboard is definitely working better now than when Twitter first gave me partial access. (I could see follower demographics but not impressions). I know that some people may see these stats as fake-ish numbers, but I wish Tumblr, Pinterest, Vine, Instagram & Google+ offered similar free dashboards for their users — certainly, it would be great if Facebook did for people who turned on the Follow feature.

What did I learn?

digiphile-Twitter-follower-demographics-august-2014First, looking at the highest impression number (155,000 impressions on this tweet) I was reminded that the concept of “free speech zones” remains controversial in the United States, and that tweeting about them can result in a different kind “engagements” than RTs or Favorites: angry @replies from lots of strangers.

This is particularly true if combined with a journalist embroiled in controversy over a misidentification of ammunition and the #Ferguson hashtag.

Second, the gender numbers in the demographics of my followers continues to be heavily skewed toward men (81% vs 19%), a situation that has endured more or less ever since the beginning of 2010, when Twitter began recommending me to new users in its technology vertical.

I invite and welcome any and all women who like to follow me to do so here, if you’re interested in the sorts of things I tweet about, just as I do on Facebook or other social networks.

digiphile-engagement-twitter-august-2014Finally, what Twitter Media and News staff had already told people who are listening is backed up by what they’re showing me: including pictures, maps and graphics in your tweets will raises your “engagement” numbers, at least as measured by people resharing tweets, favoriting them, @mentioning or @replying to them.

I’ve intentionally done that more over the latter half of August, and it shows up in the data.

It takes longer to find the right image for a tweet but the effort can pay off.

Adding that to the process reminds me of how I described Twitter back in 2008: a distributed microblogging platform.

While a few tweets may still be produced and received as simple, humble text messages, as in 2006, many more are much more complicated, and have been for some time.

Back in 2010, the map of a tweet already looked like this under the hood, with some 30 lines of meta data.

raffi-anatomy-of-a-tweet

Years later, updates to the platform are much more complex, with integrated cards, videos and pictures. As Twitter rolls out e-commerce from within tweets, I wonder if better dashboards for sales, subscriptions and other conversions might be on the way for the social media company’s customers, if not, perhaps, all of its users.

2 Comments

Filed under article, blogging, microsharing, social bookmarking, social media, Twitter

Under pressure, Twitter prepares to extend reporting abuse to all users

Under increased scrutiny, Twitter will be extending the ability to report tweets to all of its hundreds of millions of active users around the world.

A statement from Twitter, emailed to the BBC and GigaOm, urged users to report abusive behavior and violations of the relevant policy and Twitter Rules using an online form and shared plans to “bring the functionality to other platforms, including Android and the web.” Twitter hasn’t shared timelines for that extension yet, but aggrieved users in Britain and beyond should gain the ability to flag tweets with a couple of taps eventually.

report-tweet-button

Twitter users have been able to report violations and abuse for years, with decisions by the service’s Safety team as tickets or law enforcement interest comes in. Twitter’s Safety team, headed by Del (@delbius) Harvey, has been quietly, professionally handling the ugly side for many years.

Adding reporting to individual tweets, however, is a relatively new change that was not announced on the Twitter blog or through the @Safety or @Support accounts.

Here are the relevant details from Twitter’s FAQ:

You can report Tweets that are in violation of the Twitter Rules or our Terms of Service. This includes spam, harassment, impersonation, copyright, or trademark violations. You can report any Tweet on Twitter, including Tweets in your home timeline, the Connect or Discover tabs, or in Twitter Search.

To report a Tweet:

  • Navigate to the Tweet you’d like to report.
  • Tap the ••• icon to bring up the off-screen menu.
  • Select Report Tweet and then one of the options below.
  • Select Submit (or Next if reporting abuse; see below for details) or Cancel to complete the report or block the user.

Reporting options:

Spam: this is the best option for reporting users who are using spam tactics. Please reference the Twitter Rules for information about some common spam techniques, which include mass creation of accounts for abusive purposes, following a large number of users in a short time, and sending large numbers of unsolicited @replies.
Compromised: if you think the user’s account has been compromised, and they are no longer in control of their account, select this option, and we will follow up with them to reset their password and/or take other appropriate actions.
Abusive: for other types of violations, including harassment, copyright or trademark violations, and impersonation, select this option. When you select “Next’”, you’ll be taken to a form where you can complete and submit your report to Twitter.
Block account: instead of reporting a user, you can select this option to block the user. If you block a user, they will not be allowed to follow you or add you to lists, and you won’t see any interactions with the user in your Connect tab.

Icebergs ahead

Twitter has successfully scaled the ability to flag media to all of its users. They’ve kept the Fail Whale from surfacing by vastly increasing the capacity of the service to handle billions of tweets and surges in use during major events. They’ve already rolled out tweet reporting to Twitter to iPhone users. Now, they’ll simplify reporting of abuse tweets for everyone.

There may be hidden tradeoffs in adding this function, as Staci Kramer pointed out on Twitter: previously available options, like “tweet link,” “mail link” and “read later” aren’t in the new version of Twitter’s iOS app.

What may prove more difficult than adding this function to other official apps and the Web, however, will be adding the human capacity to adjudicate decisions to suspend or restore accounts.

Twitter will be doing it under increasing scrutiny and a fresh wave of critics who are taking the company to task for being slow to respond to threats and abuse. More than 18,000 people have signed a petition at Change.org demanding that Twitter provide a an abuse reporting button. The petition was filed after a stream of rape threats were directed at Caroline Criado-Perez on Twitter for 48 hours.

Criado-Perez, a freelance journalist and self-described feminist campaigner, was in the public eye because of her successful efforts to keep pictures of women on paper money. She began receiving abusive tweets on the day that the Bank of England announced that author Jane Austen would appear on its newly designed £10 note.

The signatories on the petition were asking for a function that already exists for the millions of Twitter users that access the service on an iPhone, as the head of the social networking service’s United Kingdom office tweeted earlier today, responding to heated criticism in the British press.

To mollify critics and offer a users a better experience, Twitter staff will need to proactively detect waves of abuse, aided by algorithms and adjudication systems, and make judgements about whether tweets break its stated policies or represent threats that must be reported to law enforcement.

“I don’t know what proportion of posts are abusive, nor do I know the volume of complaints handled by Twitter staff and their response time, which are obvious factors in how and when abuse reports are handled,” commented veteran journalist Saleem Khan. “If there’s a problem with complaint-handling, Twitter needs to examine its processes and staffing. That said, if abuse and/or non-responsiveness by staff are perceived to be a problem, then it is a problem.”

To state the obvious, this will be an ongoing headache for Twitter.

Like other social media companies, Twitter has been navigating deep, troubled currents of censorship, privacy and suspensions in recent years.

Creating systems that offer fair, efficient moderation and adjudication of reports is a conundrum that code alone may not be able to solve. That challenge is extended by the presence of organized campaigns of humans and bots that game governance systems by flagging users en masse as spammers, leading to suspensions.

That may well mean that Twitter, like other social networks with millions of users, will need to expand its safety team and train the rest of its public-facing employees to act as ad hoc ombudsmen and women, as aggrieved users inevitably turn their ire upon staff using the network. They’re well positioned to do so, perhaps better than any other social network, but the service is inevitably going to face tough decisions as it operates in countries do not have legal protections for freedom of expression or the press.

As Rebecca MacKinnon, Ethan Zuckerman and others have highlighted, what we think of as the new public square online is owned and operated by private companies that are setting the terms and conditions for expression and behavior on them. Giving users the capacity to report abuse, fraud or copyright infringement is a natural feature for any major website or service but it comes with new headaches. If Twitter is to go public, however, it will need to develop more matures to handle being a platform for the public.

“The question remains,” commented Khan: “What rights and powers do we delegate to private, for-profit, unregulated platforms that increasingly mediate the majority of our discourse, and where is the line that we draw in that deal?”


Editor’s Note: I sent Twitter a series of questions regarding the new reporting function on Sunday morning. On Sunday night, Twitter declined to comment further than the statement they have released. On Monday afternoon, Twitter CEO Dick Costolo responded to tweeted queries. Following are the questions I posed over email. If you have answers, feel free to comment or contact me.

When was this added? Was there an official blog post or tweets from staff, @safety and @support about it?

What’s the timeline for it rolling out to all users? Will Twitter for Windows and BlackBerry and get it?

Will it be added to the API, so that TweetBot and TweetDeck users, along with other clients, can use it after updates?

Will Twitter increase staffing at Safety and Support to handle an increase in reports? To what levels?

Will there be designated ombudsmen or women?

Will there be any transparency into the number of tickets received regarding abuse or someone’s status in the queue?

Will Twitter release aggregate data of abuse (or spam) flagging? How will Twitter deal with false positives or organized/automated campaigns to flag users or tweets?

Will there be any consequences for users that repeatedly abuse the ability to flag people or tweets for abuse?


Postscript

On August 3, Twitter responded with an update to its rules to help address abusive behavior, including extra staff to handle abuse reports.

“It comes down to this: people deserve to feel safe on Twitter,” said Twitter’s UK lead Tony Wang and Del Harvey, senior director for trust and safety, in a blog post.

We want people to feel safe on Twitter, and we want the Twitter Rules to send a clear message to anyone who thought that such behaviour was, or could ever be, acceptable.”

The updated rules apply globally. “As described in the blog post, this was a clarification of existing rules — we discussed harassment in our help center in connection with abuse, but this makes it explicit in the rules as well,” said Twitter communication lead Jim Prosser, reached by email.

Wang also tweeted an apology to the women who have been targeted by abuse on Twitter.

“I personally apologize to the women who have experienced abuse on Twitter and for what they have gone through,” he said. “The abuse they’ve received is simply not acceptable. It’s not acceptable in the real world, and it’s not acceptable on Twitter.”

So yes, there are limits to free speech on Twitter.

What are they? Well, that’s the sticky wicket. The updated rules now include a section that Harvey said already existed. Twitter “actually always had that as a note on our abusive behavior policy page; we just added it directly to the rules,” she tweeted.

Targeted Abuse: You may not engage in targeted abuse or harassment. Some of the factors that we take into account when determining what conduct is considered to be targeted abuse or harassment are:
*if you are sending messages to a user from multiple accounts;
*if the sole purpose of your account is to send abusive messages to others;
*if the reported behavior is one-sided or includes threats

This was “no real addition, just [a] clarification,” tweeted Harvey. “Twitter “just added the explicit callout to our preexisting policy under the abuse & spam section.”

There is no functional difference in how Twitter’s Safety team will now assess abuse reports, she further clarified.

“We’ve been working on making the reporting process easier for users & clarifying our policies.”

4 Comments

Filed under article, journalism, social media, Twitter

In defense of Twitter’s role as a social media watchdog

Mike Rosenwald is concerned that overzealous critics will make Twitter boring.

twitter is ruining

Rosenwald, who has distinguished himself in articles and excellent enterprise reporting at the Washington Post, appears to have strayed into a well-trodden cul de sac of social media criticism.

Writing in the Post, he quotes from series of sources and highlights a couple of Twitter users to arrive at a grand thesis: online mobs taking tweets out of context could chill speech. Rosenwald’s point was amplified by Politico chief economic correspondent Ben White, whose tweet is embedded below:

When I went to grab the embed code for the tweet above, however, I found something curious: I couldn’t generate it. Why? After I strongly but politely challenged White’s point twice on Twitter, he’d blocked me.

Here’s what I said: I am disappointed that the democratization of publishing and speech continues to be resented by the press. Celebrities, media and politicians will be criticized online by the public for inaccuracy and bias. It’s not 1950 anymore. And for that, a journalist blocked me.

Irony aside, I wish White hadn’t taken the nuclear option. I’m no absolutist: when George Packer slammed Twitter 3 years ago, I suggested that he take another look at what was happening there:

Twitter, like so many other things, is what you make of it. Some might go to a cocktail party and talk about fashion, who kissed whom, where the next hot bar is or any number of other superficial topics. Others might hone in on politics, news, technology, media, art, philosophy or any of the other subjects that the New Yorker covers. If you search and listen, it’s not hard to find others sharing news and opinion that’s relevant to your own interests.

Using intelligent filters for information, it’s quite easy to subscribe and digest them at leisure. And it’s as easy as unfollowing someone to winnow out “babble” or a steady stream of mundanity. The impression that one is forced to listen to pabulum, as if obligated to sit through a dreary dinner party or interminable plane ride next to a boring boor, is far from the reality of the actual experience of Twitter or elsewhere.

Packer clearly read my post but didn’t link or reply to it.

Given his public persona, I suspect Rosenwald will be much more open to criticism than Packer or White have proven to be, although I see he hasn’t waded into the vitriolic comments on his story at the Washington Post, which slam Twitter or the article — or both. Here’s what I’ve seen other journalists and Twitter users tweet about the piece:

For my part, I tend to lean towards more speech, not less. Twitter has given millions of people a voice around the world, including the capacity to scrutinize the tweets of members of the media for inaccuracy, bias or ignorance.

That’s not to say that a networked public can’t turn to an online mob and engage in online vigilantism, but the causality that Politico chief White House correspondent Mike Allen trumpeted regarding Twitter use in yesterday’s Playbook was painful to read on Saturday morning.

Twitter makes people online vigilantes? Come on. Facebook, Twitter, Tumblr, Google+ and other social media platforms have taken nearly all of the friction out of commenting on public affairs but it’s up to people to decide what to do with them.

As we’ve seen during natural disasters and revolutions across the Middle East and North Africa, including protests in Turkey this weekend, an increasingly networked public is now acting as reporters and sensors wherever and whenever they are connected, creating an ad hoc system of accountability for governments and filling the gaps where mainstream media outlets are censored or fear to tread.

That emergence still strikes me as positive, on balance, and while I acknowledge the point that White and the sources that Rosenwald quotes make about the potential for self-censorship, I vastly prefer the communications systems of today to the one-to-many broadcasts from last century. If you feel differently, comments — and Twitter — are open.

7 Comments

Filed under article, blogging, journalism, microsharing, research, social media, technology, Twitter

Tweaser: noun — a movie teaser cut into a 6 second Vine video and tweet

I never expected to associate a “tweaser” with The Wolverine. (I assumed Wolverine’s healing powers would always extrude any splinter.)

That changed yesterday, when James Mangold, the director of the most recent cinematic treatment of the comic book hero’s adventures, tweeted the first “tweaser” of the new century. He used Twitter’s new Vine app to share the short clip, a tightly edited 6 seconds of  footage from the upcoming film. You can watch Vine’s big moment in tweet embedded below.

Twitter certainly has come a long way from txt messages. As Lily Rothman quipped at Time, the emergence of a 6 second tweaser that can be retweeted, tumbled and embedded gives “new meaning to the intersection of Hollywood and Vine.”

Jen Yamato has the backstory behind 20th Century Fox’s debut of a 21st century tweaser over at Deadline, including credit to Fox executive Tony Sella for the coinage:

Last week FilmDistrict was the first studio to use Twitter’s new looping app as a marketing tool. Here’s an even buzzier use of Vine: A 6-second “tweaser” (that’s Twitter teaser, or “TWZZR”) previewing Fox’s July 26 superhero pic Wolverine.

I suspect that at least a few of the tweasers that go flickering by on Twitter, Vine and blog posts will lead people to do what I did: become aware of the upcoming and film and look for a longer version of the teaser trailer elsewhere online. If a tweaser comes with a custom short URL, so much the easier.

To that point, If you want to watch a higher quality “full-length” version of the teaser, there’s now a teaser trailer available on the iTunes Store and a YouTube version:
… which, it’s worth pointing out, can also be embedded in tweets.

Hopefully, history remember will remember “The Wolverine for more than being the subject of the world’s first “tweaser.” Then again, our attention spans may not be up to it, particularly if the length of the interactive media we consume continues to shorten at this rate.

1 Comment

Filed under article, blogging, microsharing, movies, photography, social media, technology, Twitter, video

Can journalists change their social media avatars to political symbols?

Nisha Chittal asked a number of journalists (including me) about where they stand for on using same-sex marriage symbols on their social media profiles.

Here’s what she found: “The answer is a multi-layered one: it depends on the journalist, the outlet they work for, the social media platform, and whether the journalist is covering this week’s Supreme Court hearings.”

hrc-fb-page

I was honored to see that Nisha gave me the “kicker quote” at the end. If you’d like to weigh in on your stance on this ethical issue, comment away.

Here’s the statement I submitted to her inquiry:

In general, the consensus answer amongst the journalists I respect is that changing your avatar to a symbol like this is not OK, based upon the ethics policies of places like the AP, WSJ, NYT, PBS or NPR.

I think the capacity to demonstrate support for one side of a contentious social issue like this varies, depending upon the masthead a journalist is working under, the ethics policy of that masthead, the role of the journalist and the coverage area of the journalist. Staking out positions on a reporter’s beat is generally frowned upon.

Opinion journalists who regularly take positions on the issues of the day as columnists have often already made it clear where they stand on a policy or law. Advocacy journalism has an established place in the marketplace for ideas. Readers know where a writer stands and are left to judge the strength of an argument and the evidence presented to back it.

If a reporter takes on overt, implicit position on an issue that she is reporting on, however, will it be possible to interview sources who oppose it?

On the other hand, there are a number of social issues that may have had “sides” in past public discourse but have now become viewpoints that few journalists would find tenable to support today.

How many journalists were able to remain neutral or objective in their coverage of slavery in the 1860s? Womens’ suffrage in the early 20th century? Civil rights in the 1960s? Child slavery, sex trafficking, so-called “honor rape” or the impression of child soldiers in the present?

Interracial marriage was illegal in some states in the Union, not so many years ago. That is not the case any longer. It seems to me that gay marriage is on the same trajectory. The arc of the moral universe is long indeed, but I tend to agree with Dr. Martin Luther King Jr. on its trajectory: it bends towards justice.

2 Comments

Filed under journalism, social media, technology, Twitter

Hacks at Twitter, New York Times, WSJ and Washington Post highlight need for better security hygiene

email_header_710Earlier tonight, I received an email I would just as soon not have gotten from Twitter, along with 250,000 Twitter users who had their password reset. Twitter security director Bob Lord explained why I’d received the email on the company blog:

“This week, we detected unusual access patterns that led to us identifying unauthorized access attempts to Twitter user data. We discovered one live attack and were able to shut it down in process moments later. However, our investigation has thus far indicated that the attackers may have had access to limited user information – usernames, email addresses, session tokens and encrypted/salted versions of passwords – for approximately 250,000 users.”

Mike Isaac has been following the story the hack at Twitter at AllThingsD, if you want the latest news tonight.

After the password reset, I went through revoked Twitter authorization access to a number of unused apps, something I’ve been doing periodically for years now. That habit is among Twitter’s security recommendations.

I’m thinking about other social media accounts now, too. Shortly after Nicole Perloth began covering IT security for the New York Times, she shifted her practices:

“Within weeks, I set up unique, complex passwords for every Web site, enabled two-step authentication for my e-mail accounts, and even covered up my computer’s Web camera with a piece of masking tape — a precaution that invited ridicule from friends and co-workers who suggested it was time to get my head checked.”

She talked to two top-notch security experts and wrote up a useful list of good digital security practices. Unfortunately, it may be that it takes getting hacked and embarrassed (as I was on Twitter, on Christmas Eve a couple years ago) to change what how people approach securing their digital lives.

I don’t recommend that sort of experience to anyone. I was lucky, was tipped nearly right away and was able to quickly get help from the remarkable Del Harvey, head of the Twitter Safety team.

It could have been much, much worse. I’m thinking of Mat Honan, a Wired journalist who experienced an epic hacking that came about through a chain of  compromised accounts at Amazon, iTunes, Gmail and Twitter. After a lot of work, Honan managed to recover his data, including some precious pictures of his child. In the wake of the hack, he turned on 2-factor authentication on Google and Facebook, turned off “Find my” Apple device, and set up dedicated, secret accounts for password management. Honan isn’t alone in the tech journalist ranks: he just happens to have a bigger platform than most and was willing to make his own painful experience the subject of an extensive story.

A jarring reality is that even people who are practicing reasonably good security hygiene can and do get p0wned. Unfortunately, the weakest point in many networks are the humans — that’s reportedly how Google ran into trouble, when key employees were “spear phished” during “Operation Aurora,” targeted with social engineering attacks that enabled hackers to access the networks.

The last paragraph of Lord’s post suggests that a similar expertise was at work at Twitter, although he does not specify a source.

“This attack was not the work of amateurs, and we do not believe it was an isolated incident. The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked. For that reason we felt that it was important to publicize this attack while we still gather information, and we are helping government and federal law enforcement in their effort to find and prosecute these attackers to make the Internet safer for all users.”

It’s been true for a decade but it’s even clearer in the second month of 2013: practicing basic information security hygiene is now a baseline for anyone else online, particularly those entrusted with handling confidential sources or sensitive information.

Chris Soghoian was clear about the importance of journalists and media companies getting smarter about keeping sources and information safe in 2011. Tonight, I am not sanguine about how much has changed since in the news industry and beyond.

Two days ago, the New York Times disclosed that hackers had infiltrated …the New York Times. The next day, The Wall Street Journal has disclosed similar intrusions. Earlier today, Brian Krebs reported that the Washington Post was broadly infiltrated by Chinese hackers in 2012. The Post confirmed the broad outlines of an attack on its computers.

If you’re a journalist & you’re not using a password manager+unique, long random passwords per website: stop, install and configure one now.

— Christopher Soghoian (@csoghoian) February 2, 2013

If you have a moment this weekend, think through how you’re securing your devices, networks and information. If you use Twitter, visit Twitter.com and update your password. If you haven’t turned on 2-factor authentication for Facebook and Gmail, do so. Update your Web browser and use HTTPS to connect to websites. disable Java in your Web browser. Think through what would happen if you were hacked, in terms of what numbers you would call and where and how your data is backed up. Come up with tough passwords that aren’t easily subject to automated cracking software.

And then hope that researchers figure out a better way to handle authentication for all of the places that require a string of characters we struggle to remember and protect.

3 Comments

Filed under journalism, security