Slashdot Mirror
Twitter CEO Jack Dorsey Says Biometrics May Defeat Bots (duo.com)
Trailrunner7 shares a report from Duo Security: From the beginning, Twitter's creators made the decision not to require real names on the service. It's a policy that's descended from older chat services, message boards and Usenet newsgroups and was designed to allow users to express themselves freely. Free expression is certainly one of the things that happens on Twitter, but that policy has had a number of unintended consequences, too. The service is flooded with bots, automated accounts that are deployed by a number of different types of users, some legitimate, others not so much. Many companies and organizations use automation in their Twitter accounts, especially for customer service. But a wide variety of malicious actors use bots, too, for a lot of different purposes. Governments have used bots to spread disinformation for influence campaigns, cybercrime groups employ bots as part of the command-and-control infrastructure for botnets, and bots are an integral part of the cryptocurrency scam ecosystem. This has been a problem for years on Twitter, but only became a national and international issue after the 2016 presidential election.
Twitter CEO Jack Dorsey said this week that he sees potential in biometric authentication as a way to help combat manipulation and increase trust on the platform. "If we can utilize technologies like Face ID or Touch ID or some of the biometric things that we find on our devices today to verify that this is a real person, then we can start labeling that and give people more context for what they're interacting with and ideally that adds some more credibility to the equation. It is something we need to fix. We haven't had strong technology solutions in the past, but that's definitely changing with these supercomputers we have in our pockets now," Dorsey said. Jordan Wright, an R&D engineer at Duo Labs writes: "I think it's a step in the right direction in terms of making general authentication usable, depending on how it's implemented. But I'm not sure how much it will help the bot/automation issue. There will almost certainly need to be a fallback authentication method for users without an iOS device. Bot owners who want to do standard authentication will use whichever method is easiest for them, so if a password-based flow is still offered, they'd likely default to that."
"The fallback is the tricky bit. If one exists, then Touch ID/Face ID might be helpful in identifying that there is a human behind an account, but not necessarily the reverse -- that a given account is not human because it doesn't use Touch ID," Wright adds.
Twitter CEO Jack Dorsey said this week that he sees potential in biometric authentication as a way to help combat manipulation and increase trust on the platform. "If we can utilize technologies like Face ID or Touch ID or some of the biometric things that we find on our devices today to verify that this is a real person, then we can start labeling that and give people more context for what they're interacting with and ideally that adds some more credibility to the equation. It is something we need to fix. We haven't had strong technology solutions in the past, but that's definitely changing with these supercomputers we have in our pockets now," Dorsey said. Jordan Wright, an R&D engineer at Duo Labs writes: "I think it's a step in the right direction in terms of making general authentication usable, depending on how it's implemented. But I'm not sure how much it will help the bot/automation issue. There will almost certainly need to be a fallback authentication method for users without an iOS device. Bot owners who want to do standard authentication will use whichever method is easiest for them, so if a password-based flow is still offered, they'd likely default to that."
"The fallback is the tricky bit. If one exists, then Touch ID/Face ID might be helpful in identifying that there is a human behind an account, but not necessarily the reverse -- that a given account is not human because it doesn't use Touch ID," Wright adds.
By "Force" I mean the Shadow Ban engine.
If you are not a blue check, or not authenticating via touch/face, maybe you get some lower views on your tweets, maybe they only show for 10% of your followers.. something like that. Explain that and it doesn't matter how "easy" the other paths are.
I still feel like bots will figure out some way around those systems though... also not sure how that works in a world where Twitter themselves have driven people to use the web more by killing off as many native clients as possible - including some of theirs.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Are good methods
Being an old school fart, the vast majority of my Twitter usage comes while I'm sitting at my computer, not on my phone.
- Necron69
Also, biometrics are very very easy to defeat.
-- Tigger warning: This post may contain tiggers! --
i honestly feel like jack dorsey is just flailing at this point looking for a way to not pay people to just sit down and get rid of the creeps
biometrics won't solve anything. nobody has or wants the devices. i'll leave twitter before i start giving them my biodata, and i almost guarantee everyone else will
this just comes down to twitter can't accept that their absurd extremist free speech stance leads to constant abuse and a dramatically limited platform
StoneCypher is Full of BS
Why all the need by social media to control what people read and think in free nations?
People are sharing their own links and self publishing their own ideas.
The content on social media is user created.
Let the users create, share and link as they want.
Should a social media site want to be a news publisher they can do that and have no comments.
What happens when someone publishes a comment found to be blasphemy? A user who wants to publish about the 1989 Tiananmen Square protests?
To share a funny meme about a politician who gave a short speech?
Now that needs an ID approved by social media? An ad company gets to look after a persons ID?
How about going back to freedom of speech, freedom after speech and the freedom to publish on social media.
Domestic spying is now "Benign Information Gathering"
Good news for any moron who has a Twitter account and a phone with FaceID or a goddamn fingerprint reader, I guess?
This isn't about bots. This is about making sure that the message stays on track.
bears beats battlestar galactica
Does Dorsey not understand how 'biometrics' are used in this context? You don't send a picture of your fingerprints/retina/whatever to the remote host(indeed, doing the processing on-module so that the main OS never gets a crack at the data is a feature you typically brag about on your spec sheet if you've avoided cheaping out enough to support that).
The biometric widget is just used by the local device as a mechanism for controlling whether or not to unlock the actual authentication material(whether it's just a tepid shared secret in the case of a password manager or one of the fancier FIDO/etc. cryptographic things).
Now, the part of this plan that might work would be coupling it with a platform that (in a feature technically unrelated to biometrics but probably implemented in the same securi-SoC) doesn't use something generic like a password; but includes an element that's hard to spoof without access to a slightly expensive device. Like, not terribly hypothetically, a private key or device certificate signed by the platform vendor. This has nothing to do with biometrics whatsoever; but it could make it much harder to just spam new accounts without also finding a source for extremely cheap TPMs or iphone secure enclaves or the like to pop up as a new device.
https://www.youtube.com/watch?...
Requiem for the American Dream
The ripple of dystopian fear which starts at my sphincter when I read these words is hard to describe.
So, Twitter should have access to biometric access for billions of users, and we should all think this is going to be for our own good?
*shudder*
When the internet requires biometric identification, I'm pretty much going dark.
F him
Now they want me to hand over biometric data to read bad bot posts?
Nah. Reading some bullshit from Twitter twats ain't important enough for this. Anyone know an alternative that doesn't suck?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I mean, please add all the methods possible to discriminate between bots and humans. For instance, if someone replies to a tweet in less than 5 seconds with a 200+ character response, mark it as a potential bot post. Other sorts of controls could be added too that mark potential tweets as sent by bots or automated accounts. With all the tools at Twitter's disposal, it seems that they are explicitly NOT looking for ways to discriminate between bots and humans. This is likely for commercial reasons.
Twitter can be a playground for both bots and humans, but detecting the bots and marking their tweets as such could be a great way to help level the playing field and would help humans understand how the information is really flowing through the site. It doesn't have to be all blue checks and biometrics, but those are good as well.
organs and entities. Banking on biometrics instead of a receipt credential exposes life itself to counterfeiting. Criminal Complaints must be filed as soon as possible on felony statutes. Twitter CEO is a felon.
oh right that shitstorm place where all the fucking fruits fairy's and there friends chat on and some president and dumbocrats ...cause us intellect is devoid of reason
Twitter
Google
Facebook
Apple
ALL must be broken up into several companies.
Corporatism != Free Market
It is better, not American, more configurable, can run off your own server and still connect you with EVERYONE.
Creating computer generated realistic bio-metrics is not that hard. See link below filled with very real looking computer generated faces.
https://youtu.be/kSLJriaOumA
What Dorsey is saying is that they want to move to authentication based on whether you own a recent Apple device. Still not that hard to beat by a bot, but sure, will filter out low cost bots (and 80% of the smartphone market with it).
A company wants verifiable identities on the people who use their site, which will increase the value of the data that company sells to their customers.
Convincing the users (product) to go along is just marketing.
Jack Dorsey: 'It won't do anything about bots or fake accounts, but we want your biometric data, too.'
Anyone that gives it to them is a moron.
The thing on your phone will happily say gummy bear or a sausage is "human". New identities there those can be also trivially conjured by the simplest of generative models, with no tissue or hardware to scan it. See, real, bot-proof biometrics means government authenticated biometrics. A fingerprint scan digitally signed on your ePassport is a pretty decent proof that you're alive somewhere, and probably paying taxes. And our social network overlords are itching to get hands on that data.
That is, until someone dumps a public torrent full of scans of a whole country of real people, along with the CA private key, and hilarity ensues. Reminder that privacy preserving biometric schemes (PIR) exists to avoid catastrophic failures like this, but so far no government has been competent enough to be bothered. Why prevent identity theft, when you can just outlaw it?
Try first with simple, easy biometric steps, no orange people allowed.
you can use a fake name to allow free expression, but you must use real biometrics.
On a long enough timeline, the survival rate for everyone drops to zero.
They're trying to lay the groundwork for having police kick in your door for posting wrongthink.
Jack Dorsey- noted idiot - says idiot things in an idiotic way. What a surprise.
I'll believe it when I see it.
Idiot's gonna idiot.