Josh Mehlman

Just about everyone I know thinks the government’s plan to legislate mandatory internet filtering is a really bad idea.

This could lead me to believe the majority of Australians are as passionate about internet censorship as me and my friends. But then I remember that most of my friends are university educated, left-leaning types who work in journalism or the IT industry.

This same selection bias is at work in the online community, particularly on Twitter. The sort of people who use Twitter, who blog, who read the IT media are precisely the sort of people who would oppose internet censorship.

This has led many people to believe if they make enough noise about it online, the Government will drop the filter. Unfortunately, this greatly overestimates the importance and influence of Twitter and social media generally when it comes to real-world politics.

Even an infinite number of angry posts on Twitter, sarcastic blog posts and articles in the IT press would still have no effect on Government policy. Politicians only care about who can deliver them blocs of votes in important electorates.

Onine fame is fleeting, but mine was the top article on ABC's The Drum for a little while

As I argue on ABC’s The Drum blog, so far the Christian lobby – which is for the filter – is doing this a lot better than the disparate anti-filter coalition.

This is not to say the anti-censorship campaign is doomed. However, it needs to focus less on preaching to the choir and more on real-life, professional political lobbying.

It’s a big ask, particularly because many of the anti-censorship groups have little experience in direct political action. But it must be done if we are to convince the Government of the immense folly and dire (supposedly) unintended consequences of its current plans.

In covering the ongoing AFACT v iiNet case in the Federal Court, local journalists such as The Australian’s Andrew Colley and ZDNet’s Liam Tung have caused some controversy by live tweeting from within the courtroom. While broadcast journalists in Australia are not allowed to report from inside courtrooms, the Federal Court has decided it’s up to individual judges if they want to allow live coverage on Twitter.

In the same spirit, yesterday I called Toshiba tech support for help on a very minor issue with my laptop. Ideally I would have preferred to email a question and then get annoyed when no one responded (59% of companies don’t respond to email queries, you know). But Toshiba doesn’t give you the option; just a phone number and a postal address. So I called, and it quickly became apparent I wasn’t going to get anywhere fast. Because I had nothing better to do while waiting on hold, I started Tweeting: Read the rest of this entry →

There’s a range of Twitter phishing scams doing the rounds currently. You don’t have to tell me – I get at least one scam-tastic direct message every day! Lord knows how many you’d get if you had thousands of followers.

How it works

The mechanism is pretty simple. You get a direct message from someone you follow, encouraging you in some way to click a link. The techniques used to get you to click are the clever bit.

So you click on the link and it looks legit. Except it asks you to provide your Twitter ID and password. Obviously this is a bad idea. Well, I say ‘obviously’, but it’s not so obvious because heaps of people get caught. Even people who make a living on their social media expertise. Whoopsie!

Once you provide your password, the nasty scammers can log into your Twitter account and send direct messages to all your friends, supposedly from you, asking them to click on the link. Or possibly several different links, with several different enticements. A few of your friends fall for it and the cycle continues.

Presumably the hijackers could also use your details to send Tweets, supposedly from you, for various nefarious spammy purposes.

Clever enticements

As I mentioned, the clever part is the way the scammers convince you to click the link, what security geeks call ’social engineering’. It needs to sound like a plausible message you’d receive from a friend or someone you know, the enticement needs to be appealing to you and the link needs to look legitimate.

These started out fairly basic: things like ‘Hey, take this free quiz’ or ‘Hey. Can u do this for me?’ The ‘hey’ part makes it sound like a genuine message from a friend. In fact, the only thing that tipped me off was the fact that the message came from someone I didn’t know particularly well and it seemed overly familiar. If it had been from a real-life friend, I might easily have been fooled.

The next phase was an IQ test, with messages like ‘Want to check to see whos iq is higher?’ and ‘u seem smart. take this iq quiz.’ Appealing to people’s competitiveness and vanity always gets you places.

Today I received a direct message telling me someone had found me on a site called ‘xsgay’. You can imagine this would be of great concern to quite a lot of people, regardless of their personal preferences. And once you’re worried and not thinking clearly, you’re much less likely to fret about why this site is asking for your Twitter details, and just fill them in. Uh oh!

What (not) to do

As far as I understand, these scams have a fairly low success rate because they rely on you entering your ID and password, or at least clicking a link to provide those details to the scam site. But like spam and online banking phishing scams, a low success rate multiplied by millions of messages adds up to a sufficient number of people who get fooled.

So not getting caught out is fairly simple:

1. Be suspicious of people contacting you at random – if it’s outside the normal pattern of behaviour, question it
2. Don’t click suspicious links
3. Don’t provide your ID or password to a site unless you know it’s trustworthy
4. If your account gets hijacked, change your password as soon as you find out. And probably start apologising to a lot of people.