Twitter is rampant with bots, how do they get past the whole “Are you a Robot” section? Does this make “Are you a Robot” questions useless?


Twitter is rampant with bots, how do they get past the whole “Are you a Robot” section? Does this make “Are you a Robot” questions useless?

In: Technology

Twitter has several programs, called clients, that can send, like, delete, retweet posts, and do most of the things you can do on the site. The official ones are written by Twitter and include the website, and apps for mobile phones. However, the company allows others to make clients; someone wanting to make a client just needs to fill in a survey explaining why they want to make their own Twitter client. This survey is reviewed and is either approved or rejected.

Twitter clients communicate with Twitter using something called an application programming interface (or API). When you ask Twitter about making a new client, if they approve your request, you’ll get a unique username (key) for this API.

Since the API is designed for programs, there’s no “are you a robot,” check. Instead, Twitter uses various techniques to detect when a computer on the internet, a Twitter user, or a custom Twitter client (regardless of computer or user) is doing suspicious things. In response to suspiciousness, Twitter may reject a portion of requests until the suspiciousness stops. For example, if Twitter got a blast of likes from a user, or a large blast from certain machine on the internet, or an even large blast from a specific Twitter client, it’ll start rejecting a portion of the like requests until the suspiciousness stops.

If I was a mad haxor, happened to have the credentials to a lot of Twitter clients, had control over a lot of Twitter users, and had access to a lot of different looking machines on the internet, and distributed like requests across all of these, it may be difficult for Twitter to see these as suspicious: The posts I’m liking using this technique may actually be like-worthy.

This is one of the ways bots circumvent Twitter’s defences. Other less sophisticated ways involve old fashion approaches like getting a large number of humans to log into Twitter and carry on fake conversations and other interactions. Humans using the official Twitter clients may get “are you human,” challenges, but…they’re human.

Twitter doesn’t want to end all automated posting, scheduled postage, auto replies, etc. A lot of it is essential to running business online, but there’s a fine line between automation and spam, so people who sell the tools to automate this stuff have to abide by twitters rules and api or risk being specifically blocked by them.