verification - TheWayoftheWeb

A solution to the loss of trust in Twitter apps?

January 9, 2009 By Dan Thornton 2 Comments

The trust that many people have in Twitter has been shaken recently by three major events – but there’s one idea that could solve some of the problems.

The events have been:

A major Twitter phishing attack, which resulted in spam Direct Messages from comprimised accounts.
High profile Twitter accounts being hacked – apparently by a fairly simple brute force dictionary attack on someone with access to Twitter support tools.
Strange Display Errors – which turn out to be due to the combined forces of mass tweets from Macworld and CES.

Stopping anyone with admin access from using a password like ‘happiness’ should cure point number 2, and deadling with mass traffic is something that only Twitter itself can solve.

However, the loss of trust in applications is something that effects the whole Twitter ecosystem, as Mark Evans writes on Twitterati. And even implenting the much-requested OAuth as a technical solution doesn’t guarantee a rogue app can’t affect people. (via the MrTweet Blog)

So what’s the solution then?

It’s a simple idea – there are a lot of sites currently listing Twitter applications as soon as they become available to be the first to carry the news, and also to be a useful resource.

But what about an agreement between some of the Twitter bloggers and established app developers to implement a testing and approval procedure – a relatively simple process which could then list approved and tested applications, and allow them to display an badge of approval.

What gives bloggers the right?

The reason for pulling together reasonably prominent bloggers to implement approval is that we have something to lose if we’re not utterly honest – anyone can update the Twitter wiki with a link to a malicious application, but if 5 prominent Twitter bloggers did it, we’d all lose trust and social reputation, so it keeps us honest.

So what are the benefits?

A list of Twitter applications which are being used and monitored to ensure they work as stated
An independent approval system by people with a vested interest in keeping things honest
More authoritative testing, and a larger quantity of apps being tested than each of us stating individually which apps we use – and a safeguard in case we’re tempted to recommend something without taking a proper look because we’re busy or going on holiday that week.
And it means developers can display something to give them a trusted status without the need for a paid store (like the iPhone store), or worrying about being tarred with the same brush as malicious scammers?

So I’m throwing it open – good idea or bad? And are my fellow Twitter bloggers interested?

Want to spread the word? Copy, paste and tweet:

A quick and simple solution to sort the trusted and honest Twitter apps? http://bit.ly/vL48

Buffer

Filed Under: Tools, twitter Tagged With: applications, approval, bloggers, oauth, trust, twitter, twitter blogs, verification, verified

How CNN and Citizen Journalism can move forwards…

October 5, 2008 By Dan Thornton Leave a Comment

I’ve already covered why the fake Steve Jobs heart attack story published on CNN’s iReport shouldn’t be seen as a fault of Citizen Journalism as a whole, and why we should all be encouraged to verify and fact check articles before we take them as gospel, or reprint them.

The Silicon Valley Insider has published a defence of their repeition of the story, but for me, it does little to convince me that they did anything other than repeated the story quickly to grab page views.Especially when they appear to justify reprinting any rumour that is possibly credible enough to be worth publishing.

‘Sometimes this information is fact. Sometimes it is rumor or scuttlebutt. Sometimes it is speculation. Always it is information that we believe is credible or interesting enough to bring to our readers’ attention.’

In their defence, the original story did contain a disclaimer: ‘We’re making calls, but as yet we have no idea whether it’s true. Confirmation/denial the moment we get it.’

Anyway, in my opinion, as someone who has worked on websites with User Generated Content, and various levels of moderation, I think there are a few ways that sites containing Citizen Journalism can evolve.

Scott Karp covers one method. Rather than a totally open system that just requires an email address and solving a Captcha code – effectively meaning anyone can publish fairly anonymously, CNN and other site owners could actively search out anyone already publishing content, and select people who demonstrate a verifiable responsibility/ability. Increasingly this will be the role of professional Editors online, and although it goes against the ‘open ideal’, the main downside is that it costs organisations time and effort. Scott goes into more detail, and the restrictions he’s applied to Publish2 in a post well worth reading.
Sam‘s post on my previous article highlights the legal dilemma – moderate everything at a huge cost, or let it be a free for all. I disagree that we shouldn’t blame a company that encounters problems because they’re not willing to pay for the resources to moderate a service – but I think there is a third alternative – crowdsource the moderation. An effective rating and reputation system would indicate reliability and past success rates in the hands of fellow Citizen Journalists. And although it will be tough to make a system than cannot be ‘gamed’ to a large extent, it would have avoided an event like the CNN one – where an account is used to make one fake story then disapear. The better the system and the more effort it takes to game it, the smaller the amount of fraudulent users that will make the effort.
Increase the private identification of users. One easy way is to offer a small payment for articles, which requires bank details/paypal account details etc – or even some proof of identity before being allowed to post. It may add to the need for resources – but it’s less work than moderating every article, and would also weed out many of the fraudulent accounts.

That’s three possibilities with a bit of thought. I’ve actually been thinking about this problem for a while, and I’m working on some ideas which may help to increase the reliability of Citizen Journalism and Blogging, whilst also removing some of the barriers the citizen journalists and bloggers undoubtedly face – if I heard Steve Jobs had suffered a heart attack, would I know who to contact for a fast response, and would they be likely to respond? Or would my attempts to verify the facts mean I get scooped by a larger site or mainstream media and miss out on the benefits of getting the news first?

In a 24 hour, second by second online world where every moment counts if you want to break a story first, we shouldn’t blame people for falling for the idea that accuracy can be discounted in the rush to publish before anyone else – especially as the result of it backfiring can be a loss of respect, authority and readers.

But I also don’t think we should excuse it as a necessary byproduct of online journalism which can’t be evolved and solved. That’s just laziness. And many of the comments on the Silicon Alley Insider story pick up on this. In our efforts to evolve online journalism, it’s just stupidity to disregard all that preceded us in ‘dead tree’ publications simply because the digital world offers new opportunities and challenges. In my next post, I’ll outline some of the things that should make the transition from ‘traditional’ to ‘digital’ journalism, if the online world wishes to base itself on solid foundations and be taken seriously in terms of reputation as well as numbers and revenue.

Buffer

Filed Under: Digital Publishing Tagged With: citizen journalism, cnn, content, crowd source, Digital Publishing, future, heart attack, legal, legality, moderation, news, options, publish2, publishing 2.0, reliability, reputation, sam shepherd, scott karp, solutions, steve jobs, subbed out, success, verification

Why I hate Yahoo right now…

July 31, 2008 By Dan Thornton Leave a Comment

I totally accept that part of this problem is my responsibility. I’ve been on the web for a long time, and I should know enough by now to make sure I don’t lose user names and passwords. But when I’m stupid enough to make a mistake, do I have to be punished by losing a number of services – and deal with the clunky Yahoo Customer Support process?

So basically I seem to have confused by Yahoo password. No big deal. But, of course, thanks to Yahoo buying and aggregating MyBlogLog and Flickr, the same password controls those services. And at some point I cleared all my cache and saved bookmarks!

So I try to get an id and password reminder, but bearing in mind I set up the account years ago, I have about 4 options for the postcode I set, for example, and the same number of alternate emails. And that’s assuming I accurately filled in my information in the first place.

Having torn my hair out, I email Customer Services. And I get a reply asking me to call the Account Verification team between 6am and 6pm Pacific Time. Bearing in mind I’m in the UK, I’ve now got to work out the time difference. And when I do get through to them, they’re going to ask me for my verification information again – which I obviously don’t have, or the automated service would have worked!

Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaargh.

Bearing in mind the drive towards single identities etc online, I can only pray someone is working on a better mechanism to ensure users don’t lose all their services in one mistake.

Edit: I eventually managed to get back in after guessing the right username and password combo. Everything is now updated to prevent future problems – except for my email address. Every time I try and update by clicking on the validation link for an email account I actually use, it tells me it’s timed out after five days, despite the fact the request and email were sent within the last hour!

Buffer