After reading about the tweets attributed to NY Representative Anthony Weiner this past weekend I took a look at what the “right” way of dealing with the compromise of a Twitter account would be. The folks at twitter do a pretty good job at providing support for their service. The best way to find out anything about Twitter in my opinion is to login to your Twitter account and look at your Twitter Support page.
A word of warning. If you receive an invite via email that includes a link to Twitter; don’t follow that link. If you already have a Twitter account use your bookmark or simply type “https://twitter.com”. It’s especially important to use https especially if you are connecting to the Internet via wireless either at home or any connection away from your home.
Looking at the Twitter website from my Support page I noticed a page titled Safety: Keeping Your Account Secure. At this page the folks from Team Twitter educate users about a number of important safety precautions such as: using a strong password; be careful about fraudulent links to the Twitter site; use HTTPS; know that no one from Twitter is ever going to call or email you asking for your Twitter password; and keeping your browser up to date and virus free. There are two other safety precautions that the folks at Twitter write about.
The first is about URL shortneners. You and potentially many other people want to share content from other Internet sites on the Internet in less than 140 characters. To make it easier to fit URL strings into Twitter messages there are URL shortners; servers that convert a long URL string into a shorter URL string. Those URL shortners accompish that by creating a new URL from their site to a linked site. The URL shortener is under the control of a third party; they aren’t you and they aren’t Twitter. You link to the URL shortneer who then links to some page out on the Internet. There are a couple of potential problems here.
To quote the Twitter page: “URL shorteners can also obscure the end domain, making it difficult to tell where the link goes to.”. When you click on a shortened link in a Twitter message you have to trust the party that posted the Twitter message and the people behind the URL shortener. As the folks at Twitter point out there are a number of well known URL shorteners like bit.ly and tinyurl.com. There are many other URL shorteners out there and the technology needed to create a URL shortener is difficult to locate or to host.
The risk here is twofold: that someone will obscure a bad link in a shortener or that the shortener can be compromised and link to bad content. The risk that someone could post a Twitter message with a shortened URL that points at some bad content or a site hosting malware can be elimninated by not clkicking on links in Twitter. That risk can be minimized by clicking only on links from people you know and trust.
The other threat is that the URL shortener could substitute links to bad content or malware in an otherwise trusted tweet. When there were only a few URL shorteners available this was less of a problem. It was easy to rember and trust just bit.ly and tinyurl.com. Today many content providers (like the New York Times) want to provide that shortened link in an attempt to make the reader more aware of their brand.
The other safety precaution that the folks at Twitter warn users about is linking your Twitter account with other accounts and to applications around the Internet in their section titled “Select Third-party Applications with Care”.