How Twitter Is Making Its Spam Problem Worse

As Twitter gears up to go public, growth is a priority for the company. The short-message service is revamping its core mobile apps and experimenting with ways to get users to spend more time interacting with tweets.

That push for growth, though, may make Twitter vulnerable to spammers who have dogged the service for years.

The Spam Is Coming From Inside The House

One of Twitter's growth-pushing experiments, @MagicRecs, recently won acclaim from the New York Times for its personalized suggestions of people to follow. That coverage may have put it on the radar of opportunists.

@MagicRecs works by sending private messages to users telling them that a particular account has been followed by other accounts they follow. Because I follow many journalists and Twitter employees, it's particularly good at alerting me that a celebrity like, say, Prince has signed up for the service.

This morning, I got a recommendation to follow @DropboxOffers, an account promising extra gigabytes on the online-storage service for follows and retweets. At first, I was inclined to follow it, if only to track news about the company—peers at TechCrunch and AllThingsD had followed the account, after all. And a Twitter employee had also followed the account. Seems legit!

That assembly of social proof—your friends are all following this account, don't you want to?—is exactly how @MagicRecs does its magic.

I grew suspicious, though, and Dropbox swiftly announced it was a fake:

It's not clear if the spammers intended to make use of @MagicRecs. For most users, the offer of free storage might have been compelling enough. But several people I noticed following the account—smart tech-industry insiders, some of whom work for Twitter or have family members who work there, people you would not expect to be taken in by Twitter spam—confirmed that they had followed the account because of a @MagicRecs recommendation.

While the @DropboxOffers account has not yet tweeted out links to malware, it likely had the aim of getting users to follow the account, at which point it could send them links to dangerous websites under the guise of claiming the additional Dropbox storage it promised. At publication time, the account was still active and had more than 9,800 followers.

A Dangerous Experiment

While @MagicRecs is an experiment, it has the explicit imprimatur of Twitter CEO Dick Costolo:

So what do we learn from this?

Twitter devotes substantial resources to fighting spam. It has largely fended off traditional Twitter spam, which typically targets users by mentioning their username and offering a dangerous link to click. But as Charlie Warzel at BuzzFeed points out, spammers are now using more obscure features of Twitter, like lists, to lure users.

At the same time, Twitter devotes substantial resources to growth. It aims to encourage users to discover new accounts to follow and interact with them. Those efforts inevitably create fertile conditions for spammers.

I'd hate to see @MagicRecs shut down. It's both useful and fun, often pointing me to Twitter users who have become newsworthy before I've even heard about the event that catapaulted them into headlines. But perhaps Twitter should figure out how to put the brakes on it until its algorithms can vet accounts for legitimacy. @DropboxOffers was recently created—a telltale danger sign. Yet a celebrity who just signed up for the service would have a similarly scant track record. It's not an easy problem to solve.

Spam Will Always Be With Us

As Google found over the years with its automated ad-targeting tools, opportunists are smart and adaptive, and use technology to optimize their gambits every bit as much as the companies they piggyback on do. Spam will definitely be a risk factor Twitter must disclose to its shareholders.

Yet the answer isn't as simple as saying that Twitter must do a better job of fighting spam. It must do so without compromising experiments like @MagicRecs and other avenues for improving the service, which remains confounding to novices.

In the long term, there's no contradiction between fighting spam and growing the service: Spam turns off users, which hurts retention. But in the short term, Twitter's going to have to be awfully clever to solve the problem it's inadvertently created here.

Update: Costolo says the team behind @MagicRecs is fixing the problem: