Google’s seemingly automatic trust of popular social media sites like Twitter, Facebook, and Wikipedia make all of them—and by default, you, the end game—a target of spammers, scammers, and hackers. Combine that trust with Twittter’s foray into realtime search, and you’ve got yourself some spammer’s delight.
No doubt the type of realtime search Twitter is very recently touting is useful. My DVR cut off the last two selections of American Idol last night and Google couldn’t help me find the answer right away. But Twitter could, and I learned Ricky Braddy was robbed by the selection of Anoop, hence to be known as the Butcher of Brown.
Now Google, for all its speedy entire-web indexing, wasn’t fast enough to find that answer, but I was reminded of a Firefox addon script that recently came to light that drops Twitter results right into Google search results. It was apparent quickly, especially if Google were to do the same overall, that Twitter could be abused by spammers to get into the trusted search results.
Because of its popularity and because Google seems to like user-generated content sites, Twitter tweets tend to rank highly in the search results already.
We know from recent events, too, that spammers and hackers are getting much more adept at search engine optimization and are taking advantage of popular social networking sites like Facebook and Twitter to dupe people into visiting malicious and spoof sites.
And now we have explicit instructions from SEOBlackhat.com about how to take advantage of Twitter for purposes of “parasite hosting,” which is a method of leveraging the trust of “an over trusted domain” to rank one’s own site or sites well in the search results and drive traffic to a specific landing page.
“…as long as twitter pages continue to rank in Google for everything under the sun, you’re a fool if you’re not using twitter accounts for parasite hosting,” the author writes, before explaining that the deed is done via keywords in the Twitter user name and linking to the profile externally. Google’s algorithm uses external links as a measure of how trusted and popular a URL is.
Commentators in that post express surprise at how many “hot” Twitter names are still available, and they advise others to find trusted sites that allow users to post content with little moderation for parasite hosting.
“I’ve been using my_twitter.php which I got right from Twitter’s API page,” writes one commentator. “I just modified it a bit so that I can do a search for a given term, then grab all the people who’ve tweated about that term and then I add those people to my account – and about 20% or so add me back. Then I remove all the non-followers, rinse and repeat. I set it on a cronjob so it’s easy as hell and it’s working pretty well for many of my blogs.”
Twitter has been criticized recently for not verifying emails of those who sign up, adding to the phony account numbers. The necessity of URL shorteners for using microblogging and SMS services compounds the risk of exposure to malicious sites because users can’t tell where a link is pointing them. This was the driving development behind the “Rickroll” Internet meme, the practice of tricking friends into clicking a link that redirected to a Rick Astley music video, a practice now taken up by real scammers pointing to other places.
Fortunately, according to reports, Twitter does not allow these redirected links to pass Google PageRank to destination sites. But Twitter itself is trusted enough to be an unwitting accomplice.
We contacted Twitter cofounder Biz Stone to ask what Twitter is doing to control for realtime spam and authentication now that the site is hitting critical mass. Stone did not respond.