Tagged: twitter

Councillor Carl Thomson's Deleted Tweets

Regular readers will know that I think Woking Council's subsidy of curchgoers is ridiculous, illegal, and unfair. It's an issue I've raised with local councillor Carl Thomson in writing and on Twitter.

A few days ago I entered into a discussion with him online about the issue. He has since deleted the tweets. But, as we know, the Internet has a long memory - so here they are. I've reordered a few to make our conversation clearer. None of my tweets have been deleted.

It started when I saw him talking about Lords reform.


I'm quoted on the front page of this week's @, discussing #lordsreform with @.
16/07/2012 21:01 via webReplyRetweetFavorite
@CllrCarlThomson
Carl Thomson

As far as I am aware, local councillors have very little impact on the subject. Of greater concern to this resident is the religious discrimination promoted by him and the Tory council. I asked about it, and got a very curt reply.


Suddenly, Carl sent this rather passive aggressive tweet. (NB due to GMT/BST this next tweet was sent 15 minutes after the previous one.)


Political discourse in this country deems that if you disagree with someone, you're ignoring residents or are personally corrupt. #facepalm
16/07/2012 21:48 via webReplyRetweetFavorite
@CllrCarlThomson
Carl Thomson

I couldn't see anyone accusing him of corruption, certainly not me. I can't even imagine why he bought it up.


@ I don't think you're corrupt. But shouldn't elected officials try to reflect to wishes of their constituents?
16/07/2012 21:55 via Twitter for AndroidReplyRetweetFavorite
@edent
Terence Eden


@ but what I don't get: majority of churchgoers said reintroduced fees wouldn't stop them attending. So who do you represent?
16/07/2012 22:08 via Twitter for AndroidReplyRetweetFavorite
@edent
Terence Eden


@ it would be a pretty daft form of corruption if you *were* taking advantage of free church parking. Tens of £ per year! :-)
16/07/2012 22:00 via Twitter for AndroidReplyRetweetFavorite
@edent
Terence Eden


@ no car? The perfect crime ;-)
16/07/2012 22:08 via Twitter for AndroidReplyRetweetFavorite
@edent
Terence Eden

And that's the sum of it. It baffells me why he has deleted the tweets. Sure, he was slightly rude to start with - but given the late hour it's not the worst of crimes. I'm no Paxman, so I can't imagine my questions taxed him - although, like Paxo, I never received an adequate reply.

In the meantime, Woking continues pouring away money to religious groups who neither need nor want subsidising. But that's a subject for another blog post...

Interesting Twitter Hashbang Bug

Did you know that you can to link to a specific Tweet on Twitter? The URL looks like this:
https://twitter.com/#!/edent/status/197967209459499008

Pretty obviously, that's the user's name and the ID of their tweet. Simple, right?

Not really, click on that link and you'll see this:
twitter bug screenshot
That's my name in the URL bar - but the Number 10 Press Office's tweet on the page.

What's Going On?

Have I retweeted that status? Nope!
Am I a 1337 h4x0r who has hacked Number 10? No sir!
Is the screenshot a fake? Nuh-uh. Check the link yourself.

It's actually a curious bug / feature of Twitter. Each tweet you send has a unique ID. So there can only be one tweet with the ID 197967209459499008. And that ID will always belong to @Number10press.

The username part in the URL is redundant. It seems that it is not used except to give information to the user / search engines. It can be safely omitted or manipulated.

Malicious Use?

It strikes me that there is a slim chance of malicious use.

One could create a fake account - say Number1Opress (where the 0 has been replaced with a capital O). Make it tweet something ridiculous, then share a URL which has the real Number10press in the URL. Minor embarrassment is probably the worst consequence.

It's an interesting usability / security nexus. The username is placed in the URL to make it easier or more useful for users - but it is ignored by the back end system. As it's part of the hated hashbang syntax, I wonder if it could be simply be rewritten if there's a mismatch?

The OAuth / App Anti-Pattern

OAuth was designed to combat an anti-pattern.

Typing your username and password into a third party site is bad idea. A really bad idea. I mean, you may think it's a bad idea to give your bank details to a Nigerian prince but that's just peanuts compared to giving away your password to an untrusted site!

So, that's why we use OAuth. Rather than handing details to a random site, we authenticate against a trusted site which then redirects us back with an authentication token.

That's all well and good on the web, but on mobile apps it becomes a little more difficult.

This is the popular mobile game Temple Run. After dying in the game (as I frequently do!) you can Tweet your score. But, first, you need to connect with Twitter.
Temple Run Twitter

However, clicking the button, presents this screen:
Temple Run Twitter OAuth
This is a pop-up within the game. What you see in the screenshot is the totality of what the user sees.

There are now two important questions:

  1. How can the user tell if this is the genuine Twitter site?
  2. Why is there no indication that the site is served over HTTPS?

This is a clear anti-pattern! We're teaching people to give over their usernames and passwords to sites that appear to be genuine - yet offer no way to validate their legitimacy.

We've been trying to educate people to look at the URL bar - to check that they've visited the correct site and that there's some form of SSL verification (commonly a padlock).

I'm not suggesting that Temple Run is doing anything other than pointing to the correct site. Just that they aren't giving the user a chance to verify the authenticity.

How To Solve This Problem

I haven't the foggiest! Thoughts?

We can't rely on the user having the Twitter app installed and firing via intent (or similar).
Due to the huge variety of phones and Operating Systems, there's no easy way (that I know of) to redirect from a website back to the app.
There needs to be a way to keep everything in-app to keep the user experience.

So, come on then oh great minds of the Internet, how do we fix this?

#TeaCamp - Social Media Guidance for Civil Servants

On Thursday, I attended my first TeaCamp. It's a mini-meetup for UK Gov folk doing interesting digital things.

These are some random jotterings based on the discussions both at the event and at BeerCamp afterwards. All conversations were under Chatham House Rules.

Social Media is a problem for all organisations - whether public or private. Rightly or wrongly, the "public" see an organisation as having a single mind and a single focus. Anything which gives the impression of a lack of unit cohesion is extremely troublesome.

But troublesome for who exactly? Part of the issue with social media is its novelty - especially among the press. There's a belief (particularly prevalent in the gutter press) that because it happens "on the Internet" that it's somehow new and exciting and - therefore - relevant.

Would a civil servant writing a letter to the paper about a topic be as "controversial" as them tweeting about it?

Would an essay at university be as newsworthy as a blog post?

We all have a digital footprint which is trivially easy for anyone to discover.

So should we try to remain anonymous? Or, at the very least, keep our personal and work lives separate.

Even if we take steps to hide our tracks, it's pretty easy to triangulate a person. FourSquare checkins with a careless friend, geotagged twitpics, who your follow, who follows you - if you can identify sexual preference from Facebook, why not who you work for and what your political agenda is?

There are, to me, three main points of contention.

  1. Should employees have personal opinions which conflict with their organization's?
  2. Can an employee express those opinions publicly?
  3. What should an organisation do in response to a problematic social media interaction?

It seems obvious to me that even the most politically-restricted civil servant has opinions. But I see the sense in keeping them as private as possible.

The privacy question is an interesting one - simply because people don't yet really understand what "private" means in the context of social media. Ranting about your boss over a pint - the words just vanish into the wind. Mostly because you don't expect people to have tape recorders running continuously.

But online? I think I've locked down my Facebook settings pretty well - but I'm still paranoid that my kvetching will leak into my "real" life.

The final one is the killer. Even the most responsible employee is going to run into a problem - either through an innocent misunderstanding, or a deliberate corruption of the position by a malicious external presence.

The key is a good HR team who will back the employee's right to a private life, and ensure that they are not castigated for expressing their opinions.

All the guidelines in the world won't stop people from making mistakes. No policy can stop a newspaper twisting every word you say.

What's equally needed is policies for how the workplace treats mistakes - and for the world to calm down a little.

Data Protection and Twitter

As Twitter now have a UK office, I thought I would see what data they hold about me. Thanks to the UK's Data Protection act, it's really simple to request the information.

I wasn't expecting a whole CD's worth of information - like Facebook provides users - but what I did get surprised me.

Twitter UK has no control or responsibility over the user information in the Twitter service and cannot respond to these sorts of requests.

So, I was rather surprised to see Privacy International telling people to contact Twitter's UK office.

I'm not sure whether PI are mistaken, or Twitter UK are.