How I'd redesign Twitter (and why it won't work)

by @edent | # # # | 4 comments | Read ~122 times.
The Twitter logo drawn in circles.

Way back when Blackberry was the smartphone, my team at Vodafone obsessed over the idea of the "Unified Inbox". "What if," the marketing chaps said, "you could see all your notifications in one place!" Imagine a single inbox where your MySpace friend requests mingled with your Email. And your Facebook and Google Buzz notifications were…

Continue reading →

"file:///C:/users"

by @edent | # # | Read ~246 times.
List of Tweets where people have pasted a link to their local machine.

Once in a while, I'll see someone Tweet a "link" to file:///C:/users/... - that's the Microsoft Windows way of representing a location on a filesystem. Usually this means that the user has tried to either drag 'n' drop something, or copied a link from their file explorer. There are some (mild) infosec risks you should…

Continue reading →

Everything you know about Twitter character counting is wrong

by @edent | # # #
Japanese text pasted into the Twitter compose window. It is showing that there are too many characters.

How many characters can a Tweet contain? It used to be 140, back in the good old days. Now it's 280. Unless you're Japanese. Let me explain… I run OpenBenches - a site which collects memorial benches. When a user adds a bench, the inscription is automatically Tweeted. If the inscription is longer than 280…

Continue reading →

Posting Audio to Twitter

by @edent | # # #
The Twitter logo.

You can't post raw audio to Twitter directly. It sucks. Sure, you can post links to audio, but it's not quite the same. Here's a couple of Linux one-liners which will turn audio into simple video suitable for uploading to social media. Waves This converts audio to a waveform: ffmpeg -i input.mp3 -filter_complex "[0:a]showwaves=s=640x480:mode=line,format=yuv420p[v]" -map…

Continue reading →

Hashtag Steganography

by @edent | # # # | Read ~372 times.

Steganography (/ˌstɛɡəˈnɒɡrəfi/ is the practice of concealing a file, message, image, or video within another file, message, image, or video. I recently saw someone tweeting the hashtag #ManchesُterDerby Do you see an odd character in the middle? It's an Arabic Damma (U+064F) - a vowel character. Although it comes after the "s" in Manchester, it…

Continue reading →

Why doesn't Twitter block Tweets properly?

by @edent | # # | Read ~155 times.
A quote tweet. The quoted content is unavailable.

For the sake of my mental health, I've blocked a few people and organisations on Twitter. They can't see what I do, and I can't see them. I'm sure you've done the same to a celebrity or pundit you just can't stand the sight of. Perhaps you have an abuser you'd rather not have thrust…

Continue reading →

Sending 1.2 Million Tweets

by @edent | # # | 1 comment | Read ~7,040 times.
A beautiful blue sky with scattered clouds. Text reads 2586 Watts - 68% battery.

Back in 2014, I set up a rather silly Twitter account - @OxfordSolarLive. The premise was simple. A camera took a photo of the sky above my house. It took a reading from my solar panels to see how much electricity they were generating. It superimposed the reading on the photo. Then posted it on…

Continue reading →

Warning - do not click on Twitter ads

by @edent | # # # | Read ~2,919 times.
Picture of Richard Branson, encouraging people to deposit £250.

It seems that Twitter has lost control of its advertising system. This blog post will show you why it is dangerous to click on any Twitter advertising. Twitter ads have always been a bit crap, but I've seen a recent influx in outright scams. Let me step you through a couple of examples. A typical…

Continue reading →

Crypto Scammers Abusing Twitter Cards via Redirects

by @edent | # # # | 1 comment | Read ~534 times.
A spam advert on Twitter. The CNBC website is highlighted at the bottom.

Twitter has a problem with scam advertising. Rather than having humans manually check adverts for acceptability and authenticity, they let almost anyone promote anything. Whatever meagre protections they build in are rapidly evaded by the scammers. Let's take a look at an example of a promoted crypto-scam about Singapore. I'd say it was obviously a…

Continue reading →

$3k Bug Bounty - Twitter's OAuth Mistakes

by @edent | # # # # # | 4 comments | Read ~15,057 times.
A Twitter login screen. Highlighted is the information that it cannot access your DMs.

Imagine the scenario. You're trying out some cool new Twitter app. It asks you to sign in via OAuth as per usual. You look through the permissions - phew - it doesn't want to access your Direct Messages. You authorise it - whereupon it promptly leaks to the world all your sexts, inappropriate jokes, and…

Continue reading →