Hacker News new | past | comments | ask | show | jobs | submit login

"Free API is being abused badly right now by bot scammers & opinion manipulators. There’s no verification process or cost, so easy to spin up 100k bots to do bad things."

https://twitter.com/elonmusk/status/1621259936524300289




This is mostly untrue. While it’s possible to stay anonymous you need a phone number, and it can’t be from twilio or other services. It’s been this way for years. I strongly suspect the bots that are unverified use headless browsers. The problem won’t go away.


Agreed, while there are tons of spambots, they are likely scraping Web API and using some backdoor-ish thing to get around requirements than using the documented API.

This announcement and today's ban-wave that followed seemed like someone not accustomed to Twitter just knew there are bots, and thought it to be workable idea to sample global timeline and script ban duplicates, which of course is not workable at all and only maximize harm on real users.


It is trivial to buy 1000's of phone numbers with SMS all available through APIs. You don't even need to keep them. The grey web is filled with many of these services.

If I looked hard enough I could probably buy 10000 verified twitter accounts with API access right now, aged 1 year or older.


Yup. PVAs can be had for a couple of $, with the price going up if they're 'warmed' (with a history of innocuous activity, usually liking celebrity tweets, retweeting the occasional breaking news story or heartwarming puppy video etc).


Where can you buy actual mobile phone numbers? (Not VoIP numbers)

I would think mobile carriers keep that in their own house


I think I've encountered some nefarious discussions around obtaining SS7 bulk access endpoint and intercepting SMS?


Furthermore, every time I create an API service, I get immediately banned (before I do anything) over and over until I truly prove that my bot is in good faith. They are super aggressive, and they actively enforce their rules (in the past, I've tried to make bots that reply to folks - that don't follow me - and the bot lasts like four hours).


Twitter hasn't my phone number, just checked. Maybe is it because my account is old?


Yes. But even with an old account, if you sign that up freshly to the developer program they'll force you to provide a phone number, and can require you to go through the approval process for higher API access even if you don't want that.


My Twitter account also has no phone number, but it gives me an error about it if I try to sign up for API access.


Scammers and opinion manipulators aren't using the Twitter API developer program. They're just using the native apps' API keys and posing as real people.


Classic sock-puppet usage is done through the web UI.


Is this kind of thing still possible with Buffer? I don't keep current with twitter manipulation tech. And do Buffer, RoundTeam and Hootsuite use the API directly?

How A Twitter Fight Over Bernie Sanders Revealed A Network Of Fake Accounts

https://www.huffpost.com/entry/democratic-bot-network-sally-...

https://shareblueastroturf.netlify.app/


Buffer, Hootsuite, etc. use the API. The app/integration something was published via used to show up below tweets; Musk removed it. https://www.theverge.com/2022/11/15/23460186/elon-musk-twitt...


Why are people downvoting jmeister who is just quoting Musk. Don’t shoot the messenger.




Consider applying for YC's first-ever Fall batch! Applications are open till Aug 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: