The cost of Musk's war on spam
May 26, 2022 / Wesley Sukh
One tweet to rule them all
Are you ready for another chapter in Elon Musk’s Twitter acquisition saga? This one's a doozy, and like all great Internet dramas, it all starts with a tweet.
The prevention of spam bots, great — an admirable fight which would definitely improve Twitter's user experience. Except, this is something Twitter has been fighting for quite some time — decades in fact. The thing is though, "preventing spam" isn't such a simple problem to solve (funny that). The more developers fight to mitigate the impact of spam traffic, the greater the negative impact could be on Twitter-goers (what's that old saying; for every action... you know...). Unfortunately some gnarly privacy and UI consequences do come with spam prevention.
Enter "Authenticate all real humans!". This sounds great and all (on the surface) but don't forget, Twitter has a foundation built by pseudonymous creators. It's something we've actually talked about before, but this digital anonymity paved the way for the online homogenisation of culture and discourse. But authentication probably means implementing some form of "Know-Your-Customer" or KYC (booooo), killing digital anonymity on Twitter.
And TBH we’re not here to stir the pot, but we gotta call it how we see it. When it comes to user authentication, Musk’s intentionally vague plan undercuts the ethos of the platform and what that ethos has meant to its users, for so many tweet-filled years. We’ll get to that — fear not.
Historically, Twitter’s ethos (last time saying ethos I swear) has promoted digital freedom and creative expressionism. And yes, we all really hate spam (it's an awful can of meat, truly) but, it’s mitigation shouldn't cost the Pseudonymity of its users, and here's why.
“The Captcha Tech”.
Excuse my Seinfeld impression, "but what's the deal with spam prevention these days". As we mentioned earlier, preventing or eradicating spam isn't as simple as a certain tweet may lead you to believe — especially if your plan also involves user authentication. That does, however, segue us nicely into this little chat about Captcha technology and the issues it brings to the table.
It's the logical (but flawed) thing that springs to mind when we think about spam mitigation. Despite its flaws, Captcha Tech has kind of become the default security measure against spam prevention for the last decade. You know the one, "click all the pictures in the grid with a bus" or "enter this weird code of letters" (that everyone gets wrong at least 3 times).
Being both low/nil in cost to run as well as requiring almost no management — Captcha tech boomed in popularity, sold on the premise that they were easy for us mere mortals to use and impossible for bots to crack. But that just ain't true, like at all. Current Captcha technology either sucks to use — or if if it's the current more popular embedded V3 version of the tech — is a privacy nightmare that reads through both your metadata and cookie history. Yeah sick. And according to this study both can be easily beaten by current spam bot tech. Double sick.
Let's talk about KYC:
So if our first and most obvious choice for spam mitigation is off the table, what are we left with? Well, KYC has entered the chat.
"Know Your Customer" can be best described as the evil stepmother of spam prevention technology. If we look at it from a functionality standpoint, then sure, it will probably reduce spam and do, like, the bare minimum — but boy does it kill the soul of privacy and just overall really suck. What we mean by that (and yes, I’m sticking to this analogy) is that after Captcha technology, which we know doesn't really work, KYC is currently the next most popular way to mitigate spam whilst authenticating human users. But it's a system that was not designed to be implemented on social media.
KCY tech is pretty simple, in order for your account to be activated you have to lodge (usually government issued) identification with the platform you wish to access or prove that it is actually you using your account (usually with some form of 100 point ID checking). This pretty simple solution but it does come with some pretty complicated consequences, — specifically linked to some gnarly social and privacy implications. If we take another hot minute to look at Twitter's ethos (the one I kept bringing up earlier) it's super clear that pseudonymity and user authentication don't mix well . KYC drags the good name of anonymity through the mud, and strips much of Twitter's pseudonymous credibility from the platform.
There are countless examples (but here's a good one) of times where marginalised, at risk or minority communities have relied on the anonymous affordances that came with communicating on Twitter. If Twitter was to introduce a system where government issued ID was stored on (most likely) centralised servers — the risk factor for those communities rises exponentially.
I feel like it’s obvious without explanation — but it's kinda clear to see why giving incredibly personal information to a platform that makes money from your metadata is, you know, a really bad idea. Particularly when it's already common-practice for government and police bodies to work with these media giants to gain access to our metadata, as they see fit.
"But dear writer, what about me — someone who uses Twitter for just, like, entertainment, and you know, a bit of banter? I don't like spam — so won’t Musk's plan make it better?"
Well again, unfortunately no — but this time I can show you why...
To set the scene, it's important that you firstly consider that pseudonymity can bring the safety which fosters creativity, and from creativity comes greatness.
Now that we're on the same page, let's talk about the rise to fame of a beloved podcast that normalised pop culture consumption for an Australian audience. “Once upon a time” there was a creator releasing content under the pseudonym, Mr Sunday Movies. This anonymous Melbournian, revolutionised the landscape of Australian digital content, utilising Twitter, created, built, and engaged with a rapidly growing fan base. Though his identity is now public knowledge, his fan base was built and maintained (and for quite a while) without his identity being made public. He had his reasons — at the time, he was also a full time primary school teacher, and he didn’t want his side-gig to get tangled up with his day job.
Though the success of his podcast cannot by any means be attributed to Twitter alone — it does help illustrate that through true digital anonymity, creativity can blossom.
But what's the point? Well, my patient reader, our little case study is the perfect example of how a (flawed, but still) pseudonymous platform can allow creativity to flourish and birth some truly entertaining content. But it did showcase the relevance of (anonymously used) social media; not only in the entertainment industry, but also why some people can't mix their personal and professional lives. Remember, you shouldn't have to hand over your life to use Twitter.
So, let's look back on our time together:
So yeah, I think it’s safe to say that it's not actually that simple to rid Twitter of Spam. It shouldn't be either, especially when we're also throwing in a process as complicated as user authentication. I swear this isn't a cheap shot, but unfortunately the vague nature of Musk's tweets kinda just make them click bait (without a will there is no way).
Spam sucks, like a lot, but it's also not worth potentially destroying the pseudonymity of twitter during the conquest. Ultimately you have to think about the needs and benefits of the user experience — which for Twitter, can be traced back to its roots of pseudonymous free speech.
Anonymity and online dating
June 27, 2022 / Alex Linton
Familiar faces: Has facial recognition tech gone too far?
June 14, 2022 / Wesley Sukh
Session ID vs phone numbers
June 08, 2022 / Alex Linton
Human rights in the digital age: Why you should join us at RightsCon
June 01, 2022 / Wesley Sukh
Behind the scenes: Session network and client update
May 19, 2022 / Kee Jefferys
Holistic privacy: How to remove the target on encryption's back
May 13, 2022 / Alex Linton