Don’t Click!

Yesterday, an interesting worm spread its way through Twitter. Thousands of people started tweeting “Don’t Click:” with a link attached. Click on that link, and it posted a tweet from your account to all your friends, with the same message.

Sunlight Labs did the initial analysis:

Huzzah! the first twitter social virus!

It seems mostly harmless, just perpetuating itself and breeding. You can check out the graph of its use here:

Here’s how it works:

You can actually link to twitter and auto-fill a message box quite easily. All you have to do is write a link like this: Labs post on Don’t Click:”. What this “virus” does is, it creates an iframe of the page, hides it, and when you click that button and you’re logged into Twitter, it makes you post that message (even though you don’t see it). There’s not a bit of javascript involved. The only javascript on the page is their Google Analytics code.

So, this “social virus” simply created an invisible page that overlaid the page you *thought* you were clicking, and it essentially forces your browser to push out a link.

That fact that no scripting was involved, and your password wasn’t at all needed for this little trick means it was basically harmless, from a security and privacy perspective.

Many people on twitter remarked how the way this “virus” spread demonstrated the “power of social networking.” But that’s not true — just the opposite.

It demonstrated the frailty of social networking. It has exposed what is always the weakest link in any system — the human factor.

The spread of this “social virus” relied on the trust we all place on our online friends. When someone you know and trust says “Don’t Click,” you assume it’s a joke they are playing (like you going to get rickrolled), and so you go ahead and click on it. The fact that many of your friends started posting the “don’t click” message on Twitter simply meant that everyone else was in on the joke, and you had to find out what it was all about.

Social networking sites and programs rely on the fact that we all trust each other. This same trust we place in each other is also the way social networking site and programs can be exploited.


5 responses

  1. And the problem is that in fact via the internet…no matter how legitimate you KNOW the person you’re “talking” to is, how REAL…you know absolutely nothing. We rely on a relatively simple system of protocols founded on defining by excluding. So anything outside of the framework we define as “relevant” essentially doesn’t exist. And we fall for phishing scams…which to a sailor are just another rendition of the age-old shell game.

    Pardon my cynicism. Well-written post. Thanks for the info, although I’ve found myself unable to stand Twitter (and Digg, and cell phones; I must be getting old; almost as if I were born in 1953).

    1. @oregonnerd — Thanks for your comment!

      re: And the problem is that in fact via the internet…no matter how legitimate you KNOW the person you’re “talking” to is, how REAL…you know absolutely nothing.

      I actually disagree with this, to a certain extent. I’m working on a new post, about the notion of pseudonymity on the web, at least specific to blogging communities. But I think the same applies to something like Twitter. More to come, but the short of it is, we actually *do* know something about our online friends, even if we don’t know their “real” name/identity.

      Aside from your oldness (haha…just kidding), I’m curious what you don’t like about Twitter. It’s actually a great place, in some ways, better than a blog, because you can “tune in” on exactly who you want to hear from. (And block or ignore people who annoy you…)

      It took me a little while to actually “get” what Twitter was all about, but now I really like it, and appreciate its potential for having meaningful conversations on the web. If you’re interested, I can point you to some info about twitter…I think the main thing to keep in mind is that it’s not the individual 140-character “tweets” that matter, but more the totality of them, and the constant stream of conversation within which you can engage. (If that makes sense…?)

      I do agree with your point about phishing scams…they are in a sense a shell game, and a con. Like any shell game, they are part exploiting trust, and part misdirection.

  2. I started replying and writing a book (I mean the reply was way too long).

    I’ve known about Twitter since before its actual inception. I understand the idea.

    Then again, I tend to have problems communicating with most people. I’m also finally coming to the end of forty years of thinking about social structuring, language (and language as the DNA and RNA of society), the nature of definitions and the following kinds of decisions and protocols. Actual start was when I was 9 years old. Most people wouldn’t read this far in a reply; if you have you deserve a prize, basically.

    If you’re actually curious as to what I mean, I’m also oregonnerd on LiveJournal and you can find a manuscript of poetry at… (the ms. was essentially finished in 1980; it’s also a tad lengthy). Oddly enough, even teachers have never been all that f0nd of talking to me; I suppose they were put off by a 9-year-old reading Plato and Socrates.

    I’m not, that is to say, very interesting. Nor am I terribly interested in most reports of current events. Having had a very high security clearance as a teenager just sort of demolished my ability to believe. C’est le…vie? guerre? whatever.
    …and whatever is cracked, quite surely included is my mind. [I actually do get Social Security for PTSD, and the Vietnam war was over January 13th, 1975 as I recall, although the news wasn’t released stateside for two weeks.

  3. Thanks, Glenn. I’ll check out your LJ page when I get a chance.

    I would agree that a 9 year old reading Plato is intimidating. When I was nine, I think watching Brady Bunch and Scooby Doo was what I was into. :-)

    Take it easy…

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: