Blog  |  Publications  |  Puzzles
Fun & Games  |  About

A Twitter Honeypot

On Twitter, there are a lot of bots that will auto-follow you if you say certain magic words. This is easily accomplished using the Twitter API – I’ve done it for fun (try saying “Beetlejuice” on twitter), and I’m definitely not the first. I’m sure some of you have experienced being mysteriously followed on twitter by a robotic-looking stranger.

I thought it would be interesting to measure the level of activity, so I made a “Honeypot Bot” script, that uses the twitter account HoneyPotBot.

Every minute and a half, this bot recites a collection of words which come from a dictionary. In addition to common English words, the list includes celebrity names, the names of music acts, place names, and the names of all the companies in the S&P 500. Those words are the honey that attract the bots – scripts other people have written that are targetting certain keywords, or scripts that just auto-follow people at random.

I’ve been running the Honeypot Bot since March 26th, and as of this writing (March 31), it has collected 152 followers. If you look at the account, you’ll see fewer followers, because some of the accounts have been invalidated by twitter, and some have ‘unfollowed’ after a few hours.

If you look at the accounts, you’ll see that most of them have much bigger “following” lists than “follower” lists, which is a telltale sign of a auto-follower script at work. Looking at the lists of people these bots are following, you can identify the words the bots are interested in, which include

airplane
ballet
Beckett
Berlin
breakfast
Brisbane
chiropracter
cinema
coed
Deepak Chopra
Dr Phil
dressage
flexible
frugal
gallop
golf
harpo
kobayashi
moroccan
Oprah
poker
Ringo Starr
shoes
Whitest Boy Alive
Zend

…just to name a few.

Among the automatic followers are a network of chiropracters (I’ve been followed by eleven so far), who all appear to be based in different cities, but have identical looking webpages and twitter accounts – most with the same identical avatar – I assume they are all using the same marketing service for chiropracters.

Now, to be clear, my bot doesn’t show that there are only 152 auto-following bots on twitter. I imagine this is a mere fraction of the true total. The cleverer bots don’t follow on single words, like “chiropracter.” They combine words, like “need + chiropracter”. The problem with single words is that you really have no inkling about the context the word was used in.

For example, TheHobbyGuy is auto-following everyone who says “airplane” and “helicopter”. But why are those people saying those words? It could just as easily be to say “i wish the helicopter would stop flying over my house” as to say “I have an insatiable love of model helicopters”.

Clearly, OprahToday is not being very discriminating by following every person who mentions “Oprah,”, “Harpo” and “Dr. Phil.” How many of those people are fans of Harpo Marx, or complaining how Dr Phil is exploiting that crazy octuplet woman?

And unfortunately, those undiscriminating bots are going to ruin it for the discriminating ones that are trying to use more accurate targetting, and provide useful services. There are lots of folks jumping on the Twitter-marketing bandwagon right now, and these 152 undiscriminating auto-followers are just the tip of the iceberg. In a few months, the twitter spam problem is going to get significantly worse, and the signal-to-noise ratio much, much lower.

Share and Enjoy:
  • Digg
  • del.icio.us
  • Facebook
  • Google
  • Design Float
  • E-mail this story to a friend!
  • HackerNews
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon
  • Suggest to Techmeme via Twitter
  • Twitter

6 Responses to “A Twitter Honeypot”

  1. rob friedman Says:

    the Chiropractors are following me too!

    Also I hate the mass messengers who look for terms, and then auto ping you a url in spam bot fashion.

    http://www.flickr.com/photos/playerx/3399816271/

  2. Wally Says:

    Awesome experiment… but then, so is everything else you do…

  3. Senthil Says:

    Very good experiment, i think twitter should do something about finding the pattern by which these bots make the API call and kill -9 bot(i)

  4. jbum Says:

    Senthil: It’s pretty obvious how they’re doing it – they are finding people via search.twitter.com, and then following them – but pretty hard to weed out the bad ones from the good ones. I don’t think all automatic uses of the Twitter API are inherently bad.

    Wally: Thanks :)

    All: If you find some egregious offenders, I suggest reporting them by sending a direct message to the http://twitter.com/spam

  5. Verious Says:

    Applying the principles of a spam honey pot to Twitter is a very clever way to identify bots.

  6. Adam Says:

    sure you know this, but dm-ing @spam with the usernames of spammers is the recommended way of bringing them to the attention of the Powers That Be.