I have been using Twitter actively since 2006 and have had the best of times as well as the worst of times there. It’s very likely to stop existing as we know it very soon, which is a real shame. It didn’t have to be that way. I would like to write more about what it’s meant to me and the world but for now I want to share this urgent advice that I wrote up for my colleagues this morning.
The Twitter situation is not a drill. It could stop working at any moment, and until it does the nastiest trolls will be running amok. I recommend you do a few things on your personal accounts:
- Put alternate ways for people to follow you in your bio. Could be Instagram, Facebook, Mastodon, TikTok, Tumblr, Discord, whatever.
- Turn on 2-factor authentication if you haven’t already. You must use an app (like 1Password or Google Authenticator) and not SMS to authenticate. Also enable Password reset protect.
- Request an archive of your Twitter data. You will have to authenticate for this by e-mail and not SMS. It can take a day or two but you’ll get an e-mail when it’s ready to download.
- Consider making your tweets private so that you have to manually approve new followers.
- You may want to deactivate your account, but DO NOT DELETE it. That could allow others to take your old name.
- Even if you’re not signed up for Mastodon, run this FediFinder tool and download a list of your follows’ addresses on Mastodon and other federated services. (You can decide whether to use it later.)
I’m 99% sure that my domain hosting and Twitter account are under attack right now. I can’t access either account and this is almost exactly what happened in 2013 when someone hacked half a dozen of my online accounts so he could get into @ruby thinking he could sell it on a hacker forum. This didn’t go well for him, but it was also an enormous pain in the ass for me.
You can see the whole story starting here: https://lotusmedia.org/tag/hacked/page/5
Amy Siskind’s heinous White Feminism was on full display this week when she responded to some very valid criticism about her oblivious White privilege and about her Republican-friendly past by attacking very intelligent and well-respected Black women like Imani Gandy instead of owning up to her mistakes.
Siskind said and did some patently horrible stuff in the past, including supporting Sarah Palin and collaborating with Alex Jones. Seems like she should take responsibility for herself and acknowledge where she was wrong. If she’s changed, she could just say so. If she hasn’t, people should know where she stands.
My friend Max raised another important issue about Siskind’s very problematic “All we have to do is get rid of the Orange Menace, and we can go back to having brunch” attitude.
I’ve seen a lot of this from Democrats and “never Trump” Republicans, and it makes me a little queasy when they talk about impeachment. It’s not like Trump is the only problem. He’s just a festering symptom of the greedy, nihilist Republican cancer. Of course Trump is a criminal and deserves to be impeached, but Congress will never do that (not even if corporate Dems make midterm gains) and more importantly, it won’t solve the problem of being ruled by a party that lies and cheats to enrich and empower themselves with no care for democracy or the future.
A funny thing happened yesterday. I decided to block the president on Twitter because I’m sick of his toxic idiocy and narcissism. When you block someone, they ask you the reason. Are they harassing you or someone else, are they spamming, is the account hacked, etc. Since All of the above was not an option, I chose to report him as hacked since I’ve been reading a lot about Russia’s hacking of our democracy and what an effective tool he is for Putin.
About 30 minutes later, his account was actually deactivated!
Maybe someone over at TwitterCorp was listening (since it was apparently his or her last day).
Trump’s use of Twitter in particular is a cancer on our nation and is literally bringing harm, financial ruin, and even death to many Americans. We all deserve a much longer break.
The media is still continuing the same behavior that normalized Trump and allowed him to walk right into office with less qualifications than a 9th grade class president. They are helping Trump block out rational conversation about real issues by treating his insane tweets as real news. Yesterday they spent all day talking about his crazy “wire tapping” story! (It’s either totally invented or proof that a court found reasonable suspicion of him last year. If the latter, let’s talk about the many suspicious ties to Russia.)
Stop reading his tweets. Stop sharing his tweets, even to criticize them. Stop treating them like they matter or like he matters. He is an unhinged loser and a complete puppet of the White supremacist Steve Bannon. Stop acting like his childish rants are the most important news of the day.
Great reminder from my favorite cognitive linguist George Lakoff:
Remember: @realDonaldTrump’s use of Twitter is strategic.
A lot of people (well certain people) have been fussing about Twitter co-founder Jack Dorsey returning to the company as it’s new CEO. While I think he’ll easily be better than his predecessor Dick Costolo, I see no cause to celebrate.
The magic in Twitter has always been the connections between people and the ability to grow and connect communities of people. The Arab Spring is the most famous and impactful example of this, but “Black Twitter” is a more current illustration. It’s a large and decentralized community which is having a real impact on people’s lives through connection, cultural critique, and shining a light on police brutality via #BlackLivesMatter.
Today I followed a link posted by an old Twitter friend. It was a collection of reactions of “Twitter influencers” to Jack’s return. They were all white, a couple were my friends. Responses ranged from “we’ll see” to “Jack is my BFF.” There was not a single concern raised. It should come as no surprise that all of the white, male CEOs of Twitter were hired by a board which is itself nearly all white men (with the exception of a few Asian men and one very powerful woman).
Twitter has been making moves to try to compete with media companies (and Facebook) by pushing big news and events, memes that trend via their mysterious algorithm, and celebrity tweeters. This ground has been covered and there will always be someone who does that better than them. Twitter’s unique value proposition is the ability to find and directly connect with real people who you don’t already know but who add value to your life. To be a participant in a movement (whether it’s for democracy or your favorite TV show) rather than just a consumer. I have rarely seen Twitter’s corporate policies show that they understand or appreciate this value. In addition, their continuing lack of interest in doing anything serious about the pervasive abuse of women online further shows that they just don’t care about us, the users that give their platform meaning.
So I wrote a few tweets about this, but it’s hard to convey the complexity and the importance of this in 140 characters so I wanted to expand in this blog post. If you share my concerns, I’d appreciate a retweet or other show of solidarity.
I have finally finished compiling my detailed timeline of how I got hacked and then unhacked myself. It includes the exact times that I received password reset messages, when I wrote to support, when they wrote back to help, when they gave me the finger, etc.
I’ve got it all in a spreadsheet. Now, how can I display this publicly? I’d love to make a timeline like this http://www.simile-widgets.org/timeline/ Or is there a Google widget I could connect to a Google Doc Spreadsheet?
This would also make great fodder for any reporter who wants to help people understand and avoid this, and/or to write about how shockingly unresponsive certain companies can be (cough, Twitter) when their own services are compromised.
So, on Monday I attended an historic protest at the North Carolina General Assembly. My phone was in-hand nearly the entire time (see goofy pic), as my main goal was documenting the civil disobedience and arrests of five elected officials from Orange County, NC. However, I found myself only able to retweet others from the Hootsuite app I use on my Android phone. I could post with other apps like Instagram, but my tweets (as @ruby and as @orangepolitics) just sat in Hootsuite’s outbox.
In the chaos of the day I chalked this up to the ongoing tangle left by last week’s hacking, so today while I was at a computer I made sure to fully authorize Hootsuite using the 2-step verification that I enabled for @ruby about a week ago. It seemed to work. This evening I tried again to use Hootsuite from my phone and found that I still can’t send from any of my Twitter accounts. So I asked @hootsuite, and amazingly, they said:
We are unable to guarantee full functionality with Twitter 2-step verification at this time. ^TF
Now I know that Twitter only enabled this feature less than 2 weeks ago, but here I am – a paying customer of Hootsuite (through work) – and now that I have enabled better security on ONE of my accounts, I can no longer post tweets from ANY of my accounts from my phone.
Amazed again that huge companies that rely on their web services don’t seem to care much about the security of their accounts. They should be pushing US (customers/products) to get more secure, not the other way around!
So right after my Twitter account was hacked I learned that Twitter had finally implemented 2-step authentication just days earlier. I have now turned it on, of course.
But the really gigantic part of getting hacked was losing control over my entire Dreamhost account including several websites, e-mail addresses, and domain names. Today I learned that Dreamhost also offers 2-step authentication. But they are not doing much to encourage people to use it. I Googled and was able to find these instructions and am so relieved to have this in place now.
I already had this enabled for Google and Facebook, but now that I’m looking at it, there are many other services that offer 2-step (a.k.a. 2-factor) authentication, including Dropbox and Paypal. LinkedIn just started using it this week. I’m a little annoyed that I had to go looking to find out about many of these.
So here’s my list so far who supports 2-step:
Did I forget any? The best way to find out if your favorite web service supports this is to Google “2-step” and the name of the service.
I think this makes it pretty clear how seriously Twitter takes their security: The guy who hacked my account is still happily tweeting away about the latest social engineering methods and how it was my fault that he hacked into my personal accounts so he could try to sell @Ruby on hackerforum.net.
Better late than never, Twitter added two-step authentication for accounts last month, but it’s clear they aren’t really concerned about their users when they do nothing to help protect users like me or @Mat, even when we know people are targeting us, and let genuine security risks chill out indefinitely.
Please share this post if you agree that Twitter should take action against “Isolate” and any users who are known to have hacked other people’s Twitter accounts in the past.