Twitter Was Clueless About Spammers at First, Safety Chief Says

Ever get the feeling that social media services didn’t really think through the privacy and legal problems they might run into? Turns out, you’re probably right.

Del Harvey saw it firsthand. When she joined the fledgling company in late 2008, Harvey quizzed co-founders Biz Stone and Evan Williams about how they might handle spam. “And Biz was like, ‘You know, I don’t think it will ever really be a problem. I mean, you can choose who you follow,’” Harvey says. “And I was like, oh dear.”

OK, she thought—how are you guys planning on dealing with trademarks? “Biz was like, `We applied for one for Twitter,’” Harvey says. “And I was like, yes—and other people’s trademarks on Twitter? `Well, we’re not going to use them.’”

These days, things are a lot different. Harvey is Twitter’s director of trust and safety, where she oversees a team of nearly 40 people dealing with legal issues, user privacy, account abuse, and all kinds of other thorny problems.

Del Harvey

But that doesn’t meant engineers have always thought through the ways the tools they build might be misused, misunderstood, or twisted one they get out into the big, bad world.

When an engineer builds a new product, “They’re like, `Oh my God, I made this thing and it’s going to make kittens for everybody,’” Harvey said at the Privacy Identity Innovation summit in Seattle. “And you’re like, `Right, I see that it makes kittens. But did you see that it also shoots bullets?’”

In an era when new apps and services spread with viral speed, the tech industry’s builder-centric culture can collide with a huge base of “normal” users very quickly, generating reactions the product designers hadn’t considered.

As the privacy heads of Google+ and Facebook discussed yesterday, it becomes important for social media companies to have internal watchdogs over privacy issues. But many of these companies have been growing so quickly that the watchdogs can’t always keep up.

Earlier this year, Twitter was among the popular services criticized for accessing and storing smartphone-app users’ phone contact information without explicitly saying so. The company later changed its guidelines to make its procedures clearer, and the safety team realized it had to keep an eye on practices in this area. “What I learned from it was I needed to assign a person to that team, too,” Harvey told moderator Todd Bishop, co-founder of the Seattle tech news site GeekWire.

“We’re not necessarily the ideas people. We’re more of the dream-crushers, I think,” Harvey says of her group. Their work revolves around a fundamental question for Twitter’s developers: “How can we let you do this thing that is really awesome and amazing, and does in fact make kittens, while also removing this component of it that will be misunderstood?”

With more than 140 million active users, that’s a pretty big job. Consider the complexities of dealing with spammers, the source of many Twitter users’ aggravations when a hijacked account starts sending provocatively worded direct messages to other users.

The problem can be hard to get a handle on, Harvey says, because spammers are often several steps ahead. If they get a large chunk of usernames and passwords from an illicit source, a spammer might only target half of them for an initial attack. Twitter can stamp out problems on the profiles that it finds being abused, but there’s another universe of accounts ready to be exploited that the company doesn’t necessarily even know about, she says.

Users have to have some responsibility to be aware of their surroundings as well, Harvey says.

“A lot of what we’re working on is education,” she says. For example, she says, secure browsing—signified by ‘https’ in the Web address—is the default setting for Twitter’s webpage. “So when you’re going to sign in, double-check the address bar. If you’ve clicked on a [direct message] link and it takes you to a page where you have to sign in—why?”

To me, that sounds like a pretty high degree of sophistication to expect an everyday user to grasp, particularly since online scammers will always find another chink in the armor once their current routes get shut off. If services like Twitter can make it easier to see when you’re in shady territory, increasingly savvy users might be able to meet them halfway. But there will be plenty of work for people like Harvey—and maybe some more dream-crushers added to the arsenal.

Trending on Xconomy