Slashdot Mirror

← Back to Stories (view on slashdot.org)

Twitter Bug Lets Users Force Others To Follow Them

Posted by Soulskill on from the take-that-conan dept.

Several readers have sent word of a Twitter bug which has been allowing users to make any other user follow them by simply tweeting "accept [username]." People have been abusing it to make the accounts of various celebrities and publications follow them. Twitter acknowledged the bug and disabled the follow/unfollow system until they can get it fixed.

30 of 143 comments (clear)

  1. Bug fixed by PeekabooCaribou · · Score: 2, Informative

    Twitter says they have resolved this bug. http://status.twitter.com/post/587210796/follow-bug-discovered-remedied

    --
    "I'll say it again for the logic-impaired." -- Larry Wall.
    1. Re:Bug fixed by Scrameustache · · Score: 5, Funny

      Twitter says they have resolved this bug.

      http://status.twitter.com/post/587210796/follow-bug-discovered-remedied

      It's not so much fixed as unreproducible by way of disabling the entire "follow" feature. The twits are in a panic, wondering if they've offended people since their followers have all disappeared.

      --

      You can't take the sky from me...

  2. That might explain Chavez's Top Twitterer Status by ZuchinniOne · · Score: 3, Funny

    http://news.bbc.co.uk/2/hi/americas/8671581.stm

  3. Re:Solution... by PeekabooCaribou · · Score: 4, Interesting

    Slashdot has comments, friend/foe, and journal (blog) space. What's to prevent you from getting fired for using Slashdot?

    --
    "I'll say it again for the logic-impaired." -- Larry Wall.
  4. Probably not a bug by BadAnalogyGuy · · Score: 5, Interesting

    Consider that selling a list of users and their preferred content information to advertisers could result in a huge profit for Twitter. Then imagine a captive audience forced to receive what is essentially spam tweets.

    This is definitely a feature, not a bug. And this disabling of the feature for the time being is a temporary measure to let the furor blow over before reactivating it later.

    Twitter isn't a public utility. It's a business just like Google and Microsoft. They will find a way to monetize your behaviors.

    So what should you do? Stop using Twitter?

    1. Re:Probably not a bug by Yvan256 · · Score: 5, Insightful

      So what should you do? Stop using Twitter?

      Yes.

    2. Re:Probably not a bug by fotbr · · Score: 5, Insightful

      A strange game. The only winning move is not to play.

    3. Re:Probably not a bug by fustakrakich · · Score: 5, Funny

      That might not be allowed. If you don't sign up with these social networks, you will be flagged as a "loner" type , and put on the no fly list. Customs already does this to people who don't have a credit card. I speak from experience. So, what have you got to hide? Sign up already!

      --
      “He’s not deformed, he’s just drunk!”
    4. Re:Probably not a bug by Dalambertian · · Score: 3, Insightful

      The suggestion that we should stop using twitter because of spam is quite strange. Has spam stopped you from using email?

    5. Re:Probably not a bug by Jer · · Score: 2, Insightful

      Whether or not this would be useful for spam, it would be more profitable for Twitter to be able to control it, rather than letting individuals force other people to follow them. This is clearly a bug - there's no financial benefit to Twitter with this and if it went on for too long they'd lose users (which is probably why they shut off the follower mechanism as soon as the bug was publicized).

      Not to say Twitter couldn't introduce their own advertising scheme. Just that if they did they'd want it to be one they controlled - and took payments for - not one that random spammers could exploit for free.

    6. Re:Probably not a bug by Anonymous Coward · · Score: 2, Insightful

      That would imply starting to use Twitter.

  5. That sounds more like a by abbynormal+brain · · Score: 3, Insightful

    test command embedded into the code that allows "dummy" testing within the development environment. Either way - oops.

    --
    L'esperienza de questa dolce vita (The experience of this sweet life) - Dante Alighieri, The Divine Comedy
    1. Re:That sounds more like a by squiggleslash · · Score: 3, Insightful

      I'm going to stick my neck out and suggest it's more a case of someone deciding not to check for errors in a bit of code.

      In Twitter, you can have either protected tweets or unprotected tweets. If the former, then if someone wants to follow you, they have to request it, and you can either "accept" them following or deny it.

      It looks to me that the commands are sent in-band, and that the command "accept " is related to the above code. What isn't happening is any check that the person identified ever actually sent a request in the first place.

      So, this isn't an evil conspiracy to send people advertising (was BAG being serious?), and I doubt it's test code either. The above just "fits" with everything we know about twitter.

      --
      You are not alone. This is not normal. None of this is normal.
    2. Re:That sounds more like a by AndrewNeo · · Score: 3, Interesting

      They're likely sent in-band because most SMS commands are the same as the web interface. You can follow, direct message, etc. through both SMS or the update interface.

  6. So...? by fahrbot-bot · · Score: 5, Funny

    All your tweets are belong to us?

    --
    It must have been something you assimilated. . . .
    1. Re:So...? by Abstrackt · · Score: 5, Funny

      "In Soviet Russia, celebrities follow YOU!"?

      --
      They say a little knowledge is a dangerous thing, but it's not one half so bad as a lot of ignorance. - Terry Pratchett
  7. Does this work on Slashdot? by InvisibleSoul · · Score: 5, Funny

    accept +1 Funny

    1. Re:Does this work on Slashdot? by capo_dei_capi · · Score: 2, Funny

      This board does not have Super Cow Powers.

    2. Re:Does this work on Slashdot? by Yvan256 · · Score: 2, Funny

      Damn, I went back to Tristram for nothing.

    3. Re:Does this work on Slashdot? by Idiomatick · · Score: 3, Interesting

      I like that this was marked troll as if the mods were personally offended that someone dare suggest that /. doesn't have 'Super Cow Powers'.

  8. In-Band Signalling by captaindomon · · Score: 3, Insightful

    This is one of the difficulties of In-Band Signaling. Their communication channel is so limited that handling secure signaling is difficult.

    --
    Just because I can hook a shark from a boat, I do no offer to wrestle it in the water.
    1. Re:In-Band Signalling by Amouth · · Score: 2, Insightful

      not exactly.. their failure was not implementing some type of request/accept queue system.. and if they did they bypassed it and gave the accept message the ability to add people even if they where not in the queue, which is just stupid.

      while i agree that In-Band Signaling is not easy to do right, and that they do have a limited communication channel.. they do not have a limited processing or back-end infrastructure..

      there is no excuse for this type of screwup..

      --
      '...if only "Jumping to a Conclusion" was an event in the Olympics.'
  9. Blue Box by John+Whitley · · Score: 5, Interesting

    Heh, it's tempting to view this as an accidental homage to the blue box.:

    An early phreaking tool, the blue box is an electronic device that simulates a telephone operator's dialing console. It functions by replicating the tones used to switch long-distance calls and using them to route the user's own call, bypassing the normal switching mechanism. The most typical use of a blue box was to place free telephone calls - inversely, the Black Box enabled one to receive calls which were free to the caller.

    For those new to the party, on early telephony networks the telco's control signals were sent on the same channel as the content (voice) signals. Some bright folks figured out how to exploit this weakness. Oops. ;-)

    1. Re:Blue Box by BlueBoxSW.com · · Score: 2, Interesting

      Interesting...

    2. Re:Blue Box by hitmark · · Score: 3, Informative

      yep, telcos operated on the "security by obscurity" system. Only their own personnel should in theory know the unlisted numbers to the switches and so on. But thanks to anything from grabbing manuals from the back of repair trucks, to wardailing whole area codes, this didnt work in the long run.

      --
      comment first, facts later. http://chem.tufts.edu/AnswersInScience/RelativityofWrong.htm
    3. Re:Blue Box by cgenman · · Score: 2, Insightful

      The main difference being that back in the blue boxing days, security was an afterthought and now it's a multi-billion dollar industry.

      It's a multi-billion dollar industry... that gets called in after-the-fact once a tool gets really popular.

      --
      The ______ Agenda
  10. this only worked in Twitter's Web interface.. by tirnacopu · · Score: 2, Informative

    ..not on third-party apps?
    Twitter, meet WWW::Mechanize.
    WWW::Mechanize, meet a twat.

  11. Testing by Dan+East · · Score: 4, Funny

    modfunny 318230

    --
    Better known as 318230.
  12. Re:Solution... by ls671 · · Score: 2, Interesting

    Sorry I posted on the wrong topic, I had a FA linking to a topic about social networking sites and jobs in "sensible activity fields" on my /. front page and it doesn't seem to be there anymore ;-))

    Here is the link I posted to, it apparently has been rescheduled from 1:27 PM to 3:09 PM eastern time. So it seems like a /. problem.

    http://tech.slashdot.org/story/10/05/10/1652245/Businesses-Struggle-To-Control-Social-Networking?art_pos=1

    --
    Everything I write is lies, read between the lines.
  13. Re:Recursive twittering by SlowMovingTarget · · Score: 2, Funny

    And so dawns the age of the auto-lobotic circle-tweet.