Terence Eden’s Blog
2024-09-24
Social Media Blocking Has Always Been A Lie
https://shkspr.mobi/blog/2024/09/social-media-blocking-has-always-been-a-lie/
What does it mean to block someone on a social media site?
Way back in the mists of time, we dealt with trolls on Usenet with the almighty PLONK - PLaced On Newsgroup Killfile. It meant your newsreader never downloaded their posts. They could rant at you all day long, and you'd never hear from them. It's what we would nowadays call "Mute".
But, whether you're on Usenet or a modern social network, muting someone doesn't actually stop them replying to you. The miscreant can still see your posts, interact with them, quote them. And everyone on that service can see their abuse. Perhaps they will also join in?
Most modern social networks now have the concept of "Block". When Alice blocks Bob, it means Bob cannot see Alice's posts. The service doesn't deliver her content to him. If he goes looking, he can't find it. She is invisible to him.
Except, of course, that's a lie. If Bob logs out of his account, he can see Alice's public content. If he logs into an alternative account, he isn't blocked.
The block is a social signal backed up with mild technical restrictions.
What do I mean by that? Ordinarily, you will have no idea that you have been blocked by someone. They will simply vanish from your screens. You do not receive an alert that you've been blocked. Technical restrictions mean you won't see their posts, nor replies to them. The only way you might know is if you deliberately look for the person blocking you.
Seeing that you have been blocked is a "social signal". It lets you know that your behaviour was unwanted, or that your contributions weren't valued, or that someone just doesn't like you. For most people, that sort of chastisement probably induces a little shame or grief. For others, it is enraging.
Again, it isn't impossible for a blocked user to see content - but technical restrictions means it takes effort. And, it turns out, for all but the most obsessive abusers - a mild bit of UI friction is all that it takes for them to stop.
On a centralised social media platform, like Twitter and Facebook, your blocks are private. The only people who know you have blocked Taylor Swift are you, the platform, and T-Swizzle herself.
On decentralised social media platforms, it is more complicated.
Mastodon / ActivityPub lets you block a user. In doing so, you have to tell that user's server that you don't want them seeing your messages. That means your server knows about the block, their server know, and the user knows. But, crucially, there's nothing to stop a malicious server ignoring your wishes. While your server can mute all the interactions from them, there are only weak technological restrictions on their behaviour.
BlueSky / AT Protocol takes a different (and more worrying) approach. BlueSky tells everyone about your blocks. If Alice blocks Bob - the system lets everyone know. This means that if Bob starts replying to your posts, other clients will know to ignore his interactions with you. I've written more about the dangers of public blocklists over on BSky.
But, crucially, none of these systems actually block users. This isn't like that Black Mirror episode where people are literally blurred out from your eyeballs.
In all cases, a user can log out and see your public posts. They can sign in with an alternative account. And, in the case of decentralised social media, they can choose to ignore the technological restrictions you impose.
Social networks have a responsibility to keep their users safe. That means having enough friction to prevent casual abuse.
But blocking is only a social signal. That's all it ever has been. It is a boop on the nose with a rolled up newspaper. It is a message to tell someone that they might want to adjust their attitude.
You should block - and block often. You should feel empowered to curate an environment that is safe for you. But you should also understand the limitations of the technical controls which underpin these social signals.
------------------------------
2024-08-24
Replace Twitter Embeds with Semantic HTML
https://shkspr.mobi/blog/2024/08/replace-twitter-embeds-with-semantic-html/
I logged into Twitter using a fresh account last week. No followers, no preferences set. The default experience was an unending slurry of racism and porn. I don't care to use Twitter any more. Whatever good that was there is now drowned in a cess-pit of violent filth.
I still have a lot of Tweets embedded on this blog. Using WordPress, it was easy to paste in a link and have it converted to an embed. But I don't want to direct people to a dangerous site.
So here's a somewhat automated way to replace embedded Tweets with good-looking and semantic HTML. You no longer need to worry about Twitter tracking people if they visit your site. It in-lines all images and avatars so there's no data leakage. Links go direct rather than through the obnoxious t.co service. The HTML is semantic, short, and accessible.
The simple Python code is available on GitHub - feedback welcome!
Demos
Here are some examples. You'll see all the links work - to external sites, hashtags, or mentions. Media is loaded, emoji work, alt text is included where available, and the CSS is roughly right. The number of likes and replies is shown - but the number of retweets isn't always available in the embed API. The number of quotes and bookmarks aren't available.
Polls
.social-embed {all: unset;display: block;}.social-embed * {all: unset;display: revert;}.social-embed::after {all: unset;}.social-embed::before {all: unset;}blockquote:not(*) {all: unset;}.social-embed a {cursor: pointer;}blockquote.social-embed {box-sizing: border-box;border: .5px solid;width: 550px;max-width: 100%;font-family: sans-serif;margin: 0;margin-bottom: .5em;padding: 1em;border-radius: 1em;background-color: white;color: black;display: block;}.social-embed-header {display: flex;justify-content: space-between;}.social-embed-user {display: flex;position: relative;align-items: center;text-decoration: none;color: inherit;}.social-embed-avatar {width: 3em;height: 3em;margin-right: .5em;}.social-embed-avatar-circle {border-radius: 100%;}.social-embed-user-names-name {display: flex;align-items: center;font-weight: bold;margin: 0;}.social-embed-text {margin-top: .5em;}.social-embed-footer {display: flex;align-items: center;justify-content: space-between;}.social-embed-logo {width: 3em;}.social-embed-hr {border: .1px solid;margin: .5em 0 .5em 0;}.social-embed-meta {text-decoration: none !important;color: unset !important;}.social-embed-reply {display: block;}.social-embed-text a, .social-embed-footer time {color: blue;text-decoration: underline;}.social-embed-media, .social-embed-video {border-radius:1em;max-width:100%;}.social-embed-reply{font-size:.75em;display:block;}.social-embed-meter{width: 100%;background: #0005;}
[Image: ]
polls@polls[Image: ]
Which Direction?North: (13,835)13835South: (5,584)5584East: (4,597)4597One: (18,469)18469❤️ 245💬 41♻️ 002:02 - Fri 27 November 2015
Embedded Images
[Image: ]
hackaday@hackaday[Image: ]
Can a hacker do YouTube full time? @XRobotsUK says yes (with an asterisk) and talks gory details #HackadayUncon pic.x.com/7h1ozav0wt[Image: ]
[Image: ]
❤️ 20💬 2♻️ 017:28 - Sat 16 September 2017
Quote Tweets
[Image: ]
Terence Eden is on Mastodon@edent[Image: ]
Whoever buys the gu.com domain will effectively get to rewrite history.They can redirect links like these - and change the nature of the content being commented on.[Image: ]
Joyce Alene@JoyceWhiteVance[Image: ]
The Steele Dossier asserted Russian hacking of the DNC was "conducted with the full knowledge & support of Trump & senior members of his campaign.” Trump's war against the FBI & efforts to obstruct make sense if he thought they could prove it. gu.com/p/axa7k/stw❤️ 3,506💬 0♻️ 1,60115:56 - Tue 27 November 2018❤️ 11💬 4♻️ 013:36 - Fri 19 August 2022
Replies
[Image: ]
Terence Eden is on Mastodon@edent[Image: ]
Working from home is tricky when @virginmedia goes down so hard even its status page falls over.Time for lunch. pic.x.com/mje6nh38cz[Image: Oops! something's broken! ]
❤️ 1💬 0♻️ 112:00 - Wed 13 February 2019[Image: ]
Sky@SkyUK[Image: ]
Replying to @edent@edent I can definitely see how this would get in the way of making your day a productive one. Do you find this happens often? If it does, I'd be happy to chat to you about a reliable alternative with us during your lunch break! ☕ PM me for a chat! ^JH❤️ 0💬 2♻️ 012:22 - Wed 13 February 2019
Videos
The poster of the video is embedded - the actual MP4 is still loaded off Twitter's site.
[Image: ]
Ruben Casas 🦊@Infoxicador[Image: ]
Attending my first in person event since the pandemic. #TapIntoTwitter hosted by @gerardsans and @coderinheelsNothing better than a cool live demo. 🤯 pic.x.com/qw1ifom7fh❤️ 16💬 1♻️ 018:11 - Tue 31 August 2021
Get The Code
The simple Python code is available on GitHub - feedback welcome!
------------------------------
2024-08-19
Replacing Twitter Embeds With Images
https://shkspr.mobi/blog/2024/08/replacing-twitter-embeds-with-images/
I logged into Twitter using a fresh account last week. No followers, no preferences set. The default experience was an unending slurry of racism and porn. I don't care to use Twitter any more. Whatever good that was there is now drowned in a cess-pit of violent filth.
I still have a lot of Tweets embedded on this blog. Using WordPress, it was easy to paste in a link and have it converted to an embed. But I don't want to direct people to a dangerous site.
So here's a somewhat automated way to replace embedded Tweets with screenshots.
Shut up and show me the code!
Demo
[Image: Screenshot from Twitter. 2013-11-14T09:50:42.000Z. Terence Eden is on Mastodon (@edent). iOS only! Why not mobile web? MT @SCAS999: Our new app could help save the life of a person suffering cardiac arrest http://t.co/65OaiQ3W78. Reply 2013-11-14T10:15:08.000Z. South Central Ambulance Service (@SCAS999). @edent We'd love a mobile web version. Are you able to help? The app was done for free! Google link here http://t.co/R3xVkLHi3A]
Use the Embed Platform
Take the ID of the Tweet you want to convert. Add it on to the end of an embed URl like this - https://platform.twitter.com/embed/Tweet.html?dnt=true&embedId=twitter-widget-0&frame=false&hideCard=false&hideThread=true&lang=en&theme=light&width=550px&id=1092852483033055232
Let's make that a bit more readable:
https://platform.twitter.com/embed/Tweet.html?
hideCard=false
&hideThread=true
&lang=en
&theme=light
&width=550px
&id=1092852483033055232
You can change whether to show a card (the attached image or link), show the preceding message in the thread or not, what UI language to show, dark or light mode, and how wide you want the embed to be.
Use Selenium to automate the screenshot
Using Python, we can use Selenium's Chrome Webdriver to open pages, find elements, and take screenshots:
import time
import io
from PIL import Image
from selenium import webdriver
from selenium.webdriver.chrome.options import Options
from selenium.webdriver.common.keys import Keys
from selenium.webdriver.common.by import By
# Chrome's headless options
chrome_options = Options()
chrome_options.add_argument('--headless=new')
chrome_options.add_argument('--window-size=1920,1080')
# Turn off everything
chrome_options.add_argument("--disable-gpu")
chrome_options.add_argument("--no-sandbox")
chrome_options.add_argument("--disable-dev-shm-usage")
chrome_options.add_argument("--disable-extensions")
chrome_options.add_argument("--disable-infobars")
chrome_options.add_argument("--disable-logging")
chrome_options.add_argument("--log-level=3")
# Start Chrome
driver = webdriver.Chrome(options=chrome_options)
# Open the page
driver.get("https://platform.twitter.com/embed/Tweet.html?dnt=true&embedId=twitter-widget-0&frame=false&hideCard=false&hideThread=true&lang=en&theme=light&width=550px&id=1092852483033055232")
# Twitter is slow!
time.sleep(5)
# Get the Tweet
tweet = driver.find_element(By.TAG_NAME, "article")
# Use the parent element for more padding
tweet = driver.execute_script("return arguments[0].parentNode;", tweet)
# Save as an image
print("Save")
image_binary = tweet.screenshot_as_png
img = Image.open(io.BytesIO(image_binary))
img.save("tweet.png")
Get the alt text
Accessibility is important. Getting the text of the Tweet is as simple as:
# Get the alt text
alt = tweet.text
But that retrieves all the text - including things like "Copy link to post" and "Read more on X" - because Twitter doesn't believe in semantic HTML. There's also no way to easily get the number of likes and retweets - which might be useful information.
If there are images in the post, it's useful to get their alt text. This is simpler:
images = tweet.find_elements(By.TAG_NAME, "img")
print("\nAlt text of images:")
for img in images:
alt_text = img.get_attribute("alt")
if alt_text:
print(alt_text)
Use The API
There is a better way to get all the text, alt text, and metadata. Use the hidden syndication API! But that's a blog post for another time…
Get the Code
Grab the code from GitHub - and if it is useful to you, please star the repo or leave a friendly comment.
Of course, if we can use the API to get the pure data, perhaps it is possible to make some lovely semantic HTML rather than an image...? 😉
------------------------------
2023-10-31
Seven Years On Mastodon
https://shkspr.mobi/blog/2023/10/seven-years-on-mastodon/
I remember seeing the original "A new decentralized microblogging platform" on HackerNews back in October 2016. A few weeks later, I joined - becoming the 7,112th user. As the years went on, my use of it waxed and waned. I started cross-posting to both Mastodon and Twitter. Gradually, I started spending more time on the Fediverse.
Once Elon shat the bed on Twitter, I moved over completely. And, you know what, I don't regret it for a second.
I've found a lovely community of people. I get my parasocial fix without being inundated by cryptogrifters shilling shitcoins, nor by thought-leaders posting inflammatory takes for clout. There are no disingenuous politicians and remarkably few celebrities trying to sell me their bathwater. There's no advertising. There's a great API for bots. And - for now - people are generous with their time and expertise.
But, just to be contrary, let's list some of the bad points about it.
There are fewer people about
That does mean there are fewer arseholes0. But it doesn't yet feel as magical as Twitter did - when you could suddenly be in a conversation with a goat farmer from the other side of the planet and a world-famous astrophysicist.
The people who are about tend to be on the techy side of things. Which does mean putting up with some annoying pedantry and plenty of "jUSt InsTaLl LinUx aNd delETE facEbOoK."
There's a bit more ✨drama✨
Small, insular communities are fractious. A perceived insult or slight can rapidly descend into childish taunts of "well I'll defederate you first!"
There was drama on Twitter - and even more since Elon's full on conversion to the dark side - but because the community is smaller here, the drama feels bigger.
Fewer official accounts
This is a mixed bag. Frankly, Twitter should never have been a customer support channel. But businesses wanted to promote their goods and services, and customers took the opportunity to upbraid them in public. That led to all sorts of weird behaviours.
Nevertheless, I'd like to be able to see what's going on in local politics, and transport, and a dozen little services I used Twitter for.
Search (is getting better)
I've posted some thoughts on Mastodon search. It's now pretty good. But the federated nature of Mastodon means it'll never be as comprehensive as Twitter.
Perhaps momentum is slowing down?
I've seen plenty of waves of users over the years. But I think that the majority of people who wanted to leave Twitter have done so.
And... I think that's OK. I still use Facebook, I'm signed into a dozen different forums, I'm not particularly loyal to anything.
The Fediverse is about diversity. It would be nice if Twitter and Threads and BlueSky all federated with each other. But I think that Mastodon now has enough users to be self-sustaining. It doesn't need to become a giant killer. It mustn't become a de-facto monopoly.
I'm looking forward to the next 7 years here.
Not zero, just fewer. ↩︎
------------------------------
2023-07-23
Please don't give away your Twitter API keys to Cloudinary
https://shkspr.mobi/blog/2023/07/please-dont-give-away-your-twitter-api-keys-to-cloudinary/
My CDN just asked me for all my Twitter API keys...
[Image: Hi Terence, We don't have a way for customers to configure this on their own currently. Our team will handle the configurations for you. Here are the details needed for us to do the required changes: API Key and Secret. Access Token and Secret.Best Regards]
WTF? This would give them complete access to my app's Twitter account, the ability to send and receive messages, and anything else that my API key allows.
Giving them - or anyone - the entire set of credentials would be a very bad idea.
What's going on?
Twitter's slow-motion collapse and hostility to developers is causing a whole bunch of second-order effects.
Lots of services let people log in to them using Twitter. It is (was?!) a quick way to do identity management without having to bother the user with a separate username and password. Once someone has logged in, it's nice to be able to show their user avatar.
Annoyingly, Twitter never had a simple solution for that. You couldn't take my username - edent - and then grab twitter.com/edent/avatar.jpg. Instead, you had to perform an API call to get the image.
So a whole bunch of services started up which would retrieve Twitter avatars based on username. And they also did the same for Facebook, GitHub, Google, and lots of other OAuth providers.
I was using Cloudinary's Social Media Profile Pictures feature. But with Twitter's complete inability to serve API users, that functionality is going away.
Last week Cloudinary said that they could keep the functionality going if I was willing to provide my API keys. I (somewhat impolitely) complained to Cloudinary that them asking for all the API keys was a security nightmare. They responded (politely) to my points:
I completely understand your concerns. Twitter's recent limitations to their API have made it so that we are unable to continue to use our own API credentials to allow customers to fetch Twitter assets, and so we must implement customer credentials instead. We were working on a long-term resolution, but they cut off our API access without warning, and so the temporary solution to minimise disruption was to request your credentials so our backend team can add in a rule to run your Twitter API requests with your own credentials. As such, we require both the API key and secret, along with the access token and secret.
...
As mentioned, this is just a temporary measure in order to ensure continued delivery of your assets. If you prefer to wait until we have a customer-facing portal to enter your Twitter account credentials, then you are certainly welcome to do so. Unfortunately I don't have an ETA on when such a solution might be available, however we will do our best to keep you updated.
I understand that they don't want users to have a degraded experience. And I understand that Twitter have screwed them over. And I'm sure that they're a thoroughly trustworthy company who will never get hacked. But asking customers to fatally compromise their own security like that is not acceptable.
Can't you just...?
Twitter doesn't offer a stable avatar service. Users can change their profile picture at any time, and the URl to the old image stops working. So caching the profile picture URl often leads to a broken image. Caching an old image can mean showing something outdated.
The API rate limits are pretty small for any service with heavy traffic.
Not showing a user image - or just the Twitter icon - could work. But it makes for a pretty crappy experience.
Telling everyone to leave Twitter and join Mastodon would be nice.
Creating a bespoke read-only API key could work - but Twitter now limits the number of apps a develop can have unless they pay stupid money.
It is entirely understandable that people would panic and hand over the keys to their (digital) kingdom. Fear makes people do dangerous things.
Anyway, this Mastodon post sums it up the best:
------------------------------
2022-12-03
The ethics of syndicating comments using WebMentions
https://shkspr.mobi/blog/2022/12/the-ethics-of-syndicating-comments-using-webmentions/
This blog uses WebMention technology. If you write an article on your website and mention one of my blog posts, I get a notification. That notification can then be published as a comment. It usually looks something like this:
[Image: Screenshot of a comment showing that someone mentioned my post on their blog.]
This means readers of my post can see where it has been mentioned around the web. They can read your article after reading mine. Nice!
I've also set up a "bridge" service which looks for people posting comments about my work on social media. For example, if you post a link to my blog on Twitter - or reply to someone who has shared a link - I get a notification. That means if I think it is an interesting comment, I can publish it in the comment section. It usually looks something like this:
[Image: Screenshot showing some comments. One has the Mastodon Logo, the other has the Twitter Logo.]
This means readers of my post can see your Twitter or Mastodon comments. They're identified by the logo. Users can go to Twitter or Mastodon to reply to you. Nice!
Everyone is one big happy family, no matter where on the web you are.
Or so I thought. There are a few drawbacks with this system.
I didn't write that!
I had one reader complain that someone else was impersonating them in the comments of my posts. It wasn't immediately clear to them that I'd syndicated their comment and reposted it. After that, I added the Twitter logo to make it a bit more obvious. But many people still find it unintuitive that content can be replicated outside of its original publication.
I deleted that!
I had another reader who automatically deletes their Tweets every month. My blog retains a copy of their Tweets because it doesn't check for deletions. This might be against the user's wishes - especially if they had posted something inappropriate. Twitter doesn't send a "deleted" notification to services which have stored Tweets - and it would be impractical to periodically check every single Tweet I have stored. The reader was ambivalent about whether they should be kept on my blog.
I'm not that person any more!
One of the comments was a person who had changed their name & Twitter avatar. Understandably, they weren't happy about still being referred to by their deadname on my site. Again, neither Twitter nor the bridging service notifies me when a user changes their name or avatar. Naturally I deleted the comments when they contacted me.
I have the copyright to that!
An overly aggressive person was furious that I'd copied their © content onto my blog without permission. Personally, I thought that adding their 7 word reply was covered by fair-dealing, but I didn't fancy pissing them off. So I deleted it. If I'd embedded directly from Twitter it would have been fair game - but some people feel there's a material difference between embedding and copying.
Now what?
This is a complicated problem. I want to see what people are writing in public about my posts. I also want to direct people to the conversations which are happening elsewhere on the web. But people - quite rightly - might not want their content permanently stored by my site.
So I think I have a few options.
Do nothing. My site; my rules. If you don't want me to grab your hot takes, don't post them in public. (Feels a bit rude, TBQH.)
Be reactive. If someone asks me to remove their content, do so. (But, of course, how will they know I've made a copy?)
Stop syndicating comments. (I don't wanna!)
Replace the verbatim comments with a link saying "Fred mentioned this article on Twitter" . (A bit of a disruptive experience for readers.)
Use oEmbed to capture the user's comment and dynamically load it from the 3rd party site. That would update automatically if the user changes their name or deleted the comment. (A massive faff to set up.)
What do you think I should do?
------------------------------
2022-11-15
Twitter's archive doesn't have alt text - but Mastodon's does!
https://shkspr.mobi/blog/2022/11/twitters-archive-doesnt-have-alt-text-but-mastodons-does/
Because I don't trust Alan, the Hyperprat who now runs Twitter, I decided to download my Twitter archive before setting my account to dormant.
About a decade ago, I wrote about how the Twitter archive works and where it is deficient. Things have got better, but there are still annoying limitations.
For example, Hannah Kolbeck - founder of the Alt Text Reminder Bot recently pointed out that there's no alt text in the archives.
Here's a snippet of Twitter's JSON for an image I posted:
"media" : [
{
"expanded_url" : "https://twitter.com/edent/status/1579574033720705025/photo/1",
"indices" : [
"66",
"89"
],
"url" : "https://t.co/J1hr0ZfbTl",
"media_url" : "http://pbs.twimg.com/media/FevGM32XEAA0FX2.jpg",
"id_str" : "1579574018776174592",
"id" : "1579574018776174592",
"media_url_https" : "https://pbs.twimg.com/media/FevGM32XEAA0FX2.jpg",
"sizes" : {
"small" : {
"w" : "680",
"h" : "510",
"resize" : "fit"
},
"medium" : {
"w" : "1200",
"h" : "900",
"resize" : "fit"
},
"thumb" : {
"w" : "150",
"h" : "150",
"resize" : "crop"
},
"large" : {
"w" : "1236",
"h" : "927",
"resize" : "fit"
}
},
"type" : "photo",
"display_url" : "pic.twitter.com/J1hr0ZfbTl"
}
],
Lots of different media sizing options, but no room for accessibility.
By comparison, the Mastodon social network gives you the alt text. Here's a snippet of Mastodon's JSON for the same image which was cross-posted:
"attachment": [
{
"type": "Document",
"mediaType": "image/jpeg",
"url": "/media_attachments/files/109/145/933/102/890/212/original/84ae501e39f45091.jpg",
"name": "A sign for priority seating. The pregnant person's face has been replaced by 😍. The person holding a baby has a face of 😫. The elderly person with a cane has 🥴.",
"blurhash": "UhKdk{0LRit6-:t6WCWC-oxaRmWBozt7xaa|",
"width": 1236,
"height": 927
}
],
Mastodon is a friendlier alternative to Twitter and - mostly - gets accessibility right. There's still some work to do
You can fix Twitter's missing alt text using Hannah's Alt Text Archive Tool. That'll get you a JSON file full of your alt text, which you can use to recreate your archive.
Look, it's obvious that Alan doesn't give a flying fuck about accessibility, so I don't expect this to change any time soon.
Instead, people should do what they did when MySpace went to shit; move to a different platform.
Join Mastodon today!
------------------------------
2022-11-06
Is Open Graph Protocol dead?
https://shkspr.mobi/blog/2022/11/is-open-graph-protocol-dead/
Facebook Meta - like many other tech titans - has institutional Shiny Object Syndrome. It goes something like this:
Launch a product to great fanfare
Spend a few years hyping it as ✨the future✨
Stop answering emails and pull requests
If you're lucky, announce that the product is abandoned but, more likely, just forget about it.
Open Graph Protocol (OGP) is one of those products. The value-proposition is simple.
It's hard for computers to pick out the main headline, image, and other data from a complex web page.
Therefore, let's encourage websites to include metadata which tells our services what they should look at!
OGP works pretty well! When you share a link on Facebook, or Twitter, or Telegram - those services load the website in the background, look for OGP metadata, and display a friendly snippet.
Facebook Meta were the driving force behind OGP - and have now left it to fester.
The website - https://ogp.me/ - still works.
But the Facebook OGP Discussion Group is now full of spam.
The Developer Mailing List is broken.
The Google Documentation links to a dead Google+ page.
And the GitHub Page has been archived.
Is OGP finished?
And, that might be fine. Facebook Meta are a small company with limited resources. They can't afford to fund standards work indefinitely. And, anyway, OGP is complete, right? It has all the tags that anyone could ever possibly want. Why does it need any improving?
Well, that's not the case. We know, for example, that Twitter have created their own proprietary OGP-like meta tags. Similarly, Pinterest have their own as well. And even Google are going their own way with Rich Snippets.
This is annoying for developers. Now we have to write multiple different bits of metadata if we want our links to be supported on all platforms.
Standards work is never "finished". Developers want to add new features. Users want to interact with new forms of content.
Tomorrow someone is going to invent a way to share smells over the Internet. How does that get represented in an Open Graph Protocol compliant manner?
or
or
or...
We know from bitter experience that having several mutually incompatible ways to implement something is a nightmare for developers and provides a poor user-experience.
So we create standards bodies. They're not perfect, but a group of interested folks can do the hard work to try and satisfy oppositional stakeholders.
This is my plea to Facebook Meta. If you're no longer interested in improving OGP, OK. You do you. But hand it over to people who want to keep this going. Maybe it's the W3C, or IndieWeb, or Schema.org or someone. Hell, I'm not busy, I'll take it on.
Remember, if you love something, let it go.
------------------------------
2022-10-22
Why can't Twitter stop the "Twoo Fun / Ask For Me" spam?
https://shkspr.mobi/blog/2022/10/why-cant-twitter-stop-the-twoo-fun-ask-for-me-spam/
Back in June, I noticed a pretty insidious piece of Twitter spam. The "twoo.fun" website was claiming that it could tell you who visited your Twitter profile.
That's pretty enticing! It's what LinkedIn uses to drive its premium product. Perhaps it would tell me if a potential employer was looking at my profile? Or if my crush kept visiting it!??!?!?
So people visited the website and signed in with their Twitter account. Whereupon the app started posting spam. Something which looked like this:
[Image: Colourful image saying "Who visits your Twitter profile. Real data. Totally free."]
The Twitter API does not have the functionality to record visitors to a profile. This app is lying to users. But it tells an interesting lie. And that encourages people to click on the spam and log in with their own account.
As soon as I spotted it, I reported it via the Twitter Insiders' programme. And, to their credit, they managed to shut it down pretty quickly.
And then it popped up again.
[Image: ]
InfernoTheFox🏳️🌈🏳️⚧️@Infernothefox[Image: Twitter]
Don't know how this garbage got onto my account, but I've since changed my password and revoked any apps I don't recognize or haven't used in ages.Do yourselves a favour, AVOID THIS LIKE THE PLAGUE!![Image: ]
Terence Eden is on Mastodon@edent[Image: Twitter]
Warning - new spam app is spreading through Twitter.Twoo .fun cannot tell you who visits your Twitter profile. It is a scam.If you sign up, you give it *full* access to your account.You need to immediately remove it at x.com/settings/conne… pic.x.com/9OploQ13Oi[Image: Screenshot of a message saying an app will tell you who visited your profile page.]
❤️ 293💬 0🔁 30205:10 - Thu 02 June 2022❤️ 1💬 0🔁 011:33 - Thu 14 July 2022
And Again
[Image: ]
weEd_biker@Edpalo[Image: ]
Praga....total..clicou fudeu.[Image: ]
Terence Eden is on Mastodon@edent[Image: ]
Warning - new spam app is spreading through Twitter.Twoo .fun cannot tell you who visits your Twitter profile. It is a scam.If you sign up, you give it *full* access to your account.You need to immediately remove it at x.com/settings/conne… pic.x.com/9oploq13oi[Image: Screenshot of a message saying an app will tell you who visited your profile page.]
❤️ 293💬 0♻️ 30305:10 - Thu 02 June 2022❤️ 1💬 0♻️ 002:00 - Fri 05 August 2022
And again.
[Image: ]
naclara★@naclaraincrivel[Image: Twitter]
olá pessoas que foram burras igual a mim e caíram no vírus, cliquem no link que esse cara disse e revogue a permissão[Image: ]
Terence Eden is on Mastodon@edent[Image: Twitter]
Warning - new spam app is spreading through Twitter.Twoo .fun cannot tell you who visits your Twitter profile. It is a scam.If you sign up, you give it *full* access to your account.You need to immediately remove it at x.com/settings/conne… pic.x.com/9OploQ13Oi[Image: Screenshot of a message saying an app will tell you who visited your profile page.]
❤️ 293💬 0🔁 30205:10 - Thu 02 June 2022❤️ 3💬 7🔁 003:35 - Sat 10 September 2022
And again.
[Image: ]
Hellscythe 🦁 VTuber | Enjoying Spooktober@Sir_Hellscythe[Image: Twitter]
Apologies to anyone that has seen this Spam app tweeting without me knowing in the last couple of hours, I was unaware that this was a spam app, I have deleted all the tweets it posted and have revoked/removed access of it from my account, please don't make the same mistake as me[Image: ]
Terence Eden is on Mastodon@edent[Image: Twitter]
Warning - new spam app is spreading through Twitter.Twoo .fun cannot tell you who visits your Twitter profile. It is a scam.If you sign up, you give it *full* access to your account.You need to immediately remove it at x.com/settings/conne… pic.x.com/9OploQ13Oi[Image: Screenshot of a message saying an app will tell you who visited your profile page.]
❤️ 293💬 0🔁 30205:10 - Thu 02 June 2022❤️ 2💬 5🔁 016:17 - Thu 20 October 2022
It has been grimly fascinating to see how it spreads through different communities and different language groups.
You can watch it spread in realtime using https://twitter.com/search?q=Twoo.fun&src=typed_query&f=live
[Image: Screenshot of Twitter user. They are automatically posting the spam.]
It has since metastasised into a similar scam called AskForMe.me - again, you can see it worm its way through communities at https://twitter.com/search?q=askforme.me&src=typed_query
[Image: Screenshot of Twitter user. They are automatically posting the spam and mentioning users.]
In this case, the spam specifically mentions other users and posts fake statistics about how long they've been viewing the profile.
I keep reporting this to Twitter. And they keep shutting it down. And it keeps popping back up!
I don't have access to Twitter's systems - but it seems to me like there are some easy ways to curtail this scam. At the very least blocking those two domains would force the spammers to keep moving to new hosts. Perhaps Twitter could look for new apps which suddenly start posting messages which are quickly marked as spam. Or they could do some fancy machine-learning to identify similarly scammy images.
At the moment, we don't know what the end-game is for this spam. Maybe is it "just" a worm and someone is having a giggle seeing how many people they can infect. Perhaps it is harvesting accounts hoping to sell them to other spammers. Or it could be slurping down the social graph for other nefarious purposes.
Either way, this has been going on for at least five months! I think I've done what I can to inform Twitter. In the meantime, I urge you to warn your followers about this spam.
If you've been infected with this Twitter scam, please visit https://twitter.com/settings/connected_apps to remove it from your account.
Update!
Looks like this spam has been doing the rounds since 2018!
[Image: ]
Malwarebytes@Malwarebytes[Image: Twitter]
“Who visits your #Twitter profile” #spam app brings week of chaos | #Malwarebytes Lab blog.malwarebytes.com/cybercrime/201… by @paperghost #cybersecurity #infosec #socialmedia pic.x.com/4XPycLG2VG[Image: ]
❤️ 8💬 1🔁 013:00 - Wed 24 January 2018
------------------------------
2022-03-23
Towards a Taxonomy of Twitter Tropes
https://shkspr.mobi/blog/2022/03/towards-a-taxonomy-of-twitter-types/
If you hang around on a social network long enough, you'll find the same tropes being repeated again and again. So, I thought I'd document some of the ones that I personally find annoying. This blog post is an extension of my moderately popular Twitter thread - with a bit more detail about why they are irritating.
The Thief of Words
.social-embed{all:unset;display:block;}.social-embed * {all:unset;display:revert;}.social-embed::after{all:unset;}.social-embed::before{all:unset;}blockquote:not(*){all:unset;}.social-embed a{cursor:pointer;}blockquote.social-embed{box-sizing:border-box;border:.5px solid;width:550px;max-width:100%;font-family:sans-serif;margin:auto;margin-bottom:.5em;padding:1em;border-radius:1em;background-color:#FFF;color:#000;display:block;}.social-embed-header{display:flex;justify-content:space-between;}.social-embed-user{display:flex;position:relative;align-items:center;text-decoration:none;color:inherit;}.social-embed-avatar{width:3em;height:3em;margin-right:.5em;}.social-embed-avatar-circle{border-radius:50%;}.social-embed-avatar-square{border-radius:5%;}.social-embed-user-names-name{display:flex;align-items:center;font-weight:bold;margin:0;}.social-embed-text{margin-top:.5em;}.social-embed-footer{display:flex;align-items:center;justify-content:space-between;}.social-embed-logo{width:3em;}.social-embed-hr{border:.1px solid;margin:.5em 0 .5em 0;}.social-embed-meta{text-decoration:none !important;color:unset !important;}.social-embed-reply{display:block;}.social-embed-text a, .social-embed-footer time{color:blue;text-decoration:underline;}.social-embed-media, .social-embed-video{border-radius:1em;max-width:100%;margin:auto;display:block;}.social-embed-reply{font-size:.75em;display:block;}.social-embed-meter{width:100%;background:#0005;}.social-embed-card{text-decoration:none !important;color:unset !important;border:.5px solid;display:block;font-size:.85em;padding:.5em;border-radius:1em;}
[Image: ]
Terence Eden is on Mastodon@edent[Image: ]
Hi! I've reworded a popular tweet. Please share my version so that I get all the retweets, likes, and other fake internet points.❤️ 833💬 13♻️ 014:29 - Wed 16 March 2022
Twitter is an Alternate Reality Game where players get points based on how many likes, retweets, and comments they get. Thankfully, there's no monetary reward (yet) for "doing numbers". Remember when you were a teenager and you heard a stand-up comedian telling jokes, and then you passed off their words as your own in the playground? Yeah, that's all that's happening here.
The Quote Grabber
[Image: ]
Terence Eden is on Mastodon@edent[Image: ]
Replying to @edentHi! I've taken a screenshot of a popular tweet. I'm not adding any value by sharing it, but please promote my Tweet rather than the original.❤️ 278💬 2♻️ 014:29 - Wed 16 March 2022
Similar to the above. Twitter gives users the ability to "quote tweet" - which embeds the original text in your comment. The above person wants to give credit to the author - which is nice - but doesn't actually want the author to see or receive any of that interaction. Sometimes that's sensible - if you don't want to encourage abuse. But all it does is add a little friction to people who do want to engage.
The Obscurer
[Image: ]
Terence Eden is on Mastodon@edent[Image: ]
Replying to @edentHi! I've found a viral photo, cropped off the author's credit and am sharing it saying "Who did this?" or "Literally screaming".Please reward me with engagement.❤️ 402💬 3♻️ 014:29 - Wed 16 March 2022
There are loads of "big" accounts which gained their following by ripping off others. It's usually easy to find the originator of a funny photo, video, or meme. All this person is doing is (obliquely) claiming the prize for someone else's hard work.
The Troll
[Image: ]
Terence Eden is on Mastodon@edent[Image: ]
Replying to @edentHi! I'm writing an argument in deliberately bad faith so that lots of people will quote tweet me saying how stupid I am. Please do share this far and wide so my toxic message can trend. There's no such thing as bad publicity!❤️ 341💬 4♻️ 014:29 - Wed 16 March 2022
Back in the day, the saying was "don't feed the trolls". Sadly, Twitter rewards any engagement - be it positive or negative. So people write deliberately incendiary messages in the hope that you'll spread their poison. And people fall for it every time.
The Ghost Writer
[Image: ]
Terence Eden is on Mastodon@edent[Image: ]
Replying to @edentHi! I'm a billionaire. I literally hired someone to write Good Content™ for me. Please assume all the viral crap "I" tweet actually comes from me. Obviously it doesn't, but you resharing it helps make me look like a cool dude.❤️ 210💬 1♻️ 014:29 - Wed 16 March 2022
It is public knowledge that some accounts hire funny people to post on their behalf. Perhaps that's acceptable when it is obviously a marketing account. But there's an unwritten expectation that people post for themselves on their personal account. That dude you think is funny is just using a bunch of writers who are tasked with increasing engagement. There's no authenticity. It's just turning Twitter in to pay-to-win ARG.
The Branter
[Image: ]
Terence Eden is on Mastodon@edent[Image: ]
Replying to @edentHello! We're a couple of brands having painfully scripted "banter" between us.This took 6 months of planning and was signed off by both sets of legal teams at frighteningly high cost.If you don't engage, our social media managers are going to get fired.❤️ 379💬 1♻️ 014:29 - Wed 16 March 2022
Ugh! Quirky brands can piss right off. Perhaps it was funny, once, when a couple of brands spontaneously started shit-talking each other. But now it is about as innovative and entertaining as any "word from our sponsors".
The Lack of Due Diligence
[Image: ]
Terence Eden is on Mastodon@edent[Image: ]
Replying to @edentHi! I'm a journalist. I'm going to quote-tweet an obviously fake account spouting utter gibberish. But I'll caveat it by saying "Huge if true…"❤️ 196💬 1♻️ 014:29 - Wed 16 March 2022
This is becoming more unbearable during the war in Ukraine. A seemingly sensible and sober journalist will find an outrageous Tweet claiming to be a "deep source" and treat it as though it were gospel. All notion of critically investigating sources goes out of the window in the race to be "first" with breaking news.
The "Journalist"
[Image: ]
Terence Eden is on Mastodon@edent[Image: ]
Replying to @edentHi! I'm an insufferable bore. All my tweets take this form:+++BREAKING+++Something I literally copied of a newspaper website from yesterday❤️ 218💬 1♻️ 014:29 - Wed 16 March 2022
News aggregator accounts are nothing new. But there's a pernicious type of Tweeter who screams "THE MAINSTREAM MEDIA AREN'T COVERING THIS!" while linking to a two-day old story. These sort of accounts add no real value to your experience - but they give you a fake sense of urgency and they tickle that part of your brain which craves new and/or secret information. Just follow a news outlet directly.
The Bias Confirmation Engine
[Image: ]
Terence Eden is on Mastodon@edent[Image: ]
Replying to @edentHi! I post multi-tweet anecdotes which are specifically designed to make you think that people who believe the other side of an argument are comical lunatics.None of it is real - but the more you point and laugh, the more polarised the debate becomes.❤️ 161💬 1♻️ 014:29 - Wed 16 March 2022
This is one of the few Tweets where I had a specific person in mind! There's a type of account which posts fan fiction about current events. Utterly made-up stories about people from "the other side" of a debate. All it does is make you feel smug and secure that the people with a different viewpoint are bad. No proof is ever offered, just a long stream of unverifiable annecdata.
The "helper"
[Image: ]
Terence Eden is on Mastodon@edent[Image: ]
Replying to @edentHi. I have 6 followers and I share every "missing person" or "missing dog" Tweet, even if it involves someone from the other side of the world.I don't even bother to check whether they've been found before tweeting.I'm *helping*!❤️ 187💬 2♻️ 014:29 - Wed 16 March 2022
Lots of people disagree with me on this one! Personally, I see it as a form of pollution, at worst, and virtue hunting at best. Every time you share something false, outdated, or irrelevant you are decreasing the signal-to-noise ratio of useful information.
The Holier-Than-Thou User
[Image: ]
Terence Eden is on Mastodon@edent[Image: ]
Replying to @edentHi! I'm a sanctimonious Twitter user who has been on this site since the days you could engage with it via SMS. I write tedious threads about how people don't understand how to engage in a complex media environment.❤️ 175💬 3♻️ 014:29 - Wed 16 March 2022
It me! Using a social network effectively is a skill. Understanding complex media is a skill. These skills take time to learn, and there are very few teachers. Media literacy is a critical part of interacting with the world and there are very few resources to help people.
That was the end of the original thread - but I couldn't resist adding a few more.
The Desperate For Attention
[Image: ]
Terence Eden is on Mastodon@edent[Image: ]
Replying to @edentHi! I'm desperate for interaction.Please retweet if you agree with this incredible trite statement! I'm trying to show people something!❤️ 181💬 5♻️ 009:34 - Sun 20 March 2022
As I've said, Twitter is an ARG where the score is based on interactions. Posting "Cats are better than dogs. RT if you agree!!!" or "Who thinks sports stars should set a good example to kids?" is a cheap and lazy way to gain interaction. Shortly after your 30th birthday, you'll find yourself in a pub saying "who remembers ?" as a quick way to get a conversation started. Happens to us all!
The Mansplainer
[Image: ]
Terence Eden is on Mastodon@edent[Image: ]
Replying to @edentHi! I'm a man on Twitter. I see you've asked a question.I don't know the answer to it, nor do I have any experience or expertise.Let me reply to you with the first result I found on Google.❤️ 485💬 11♻️ 009:36 - Sun 20 March 2022
I've moaned about this guy before! Men - and it is usually men - seem to think any question is directed to them. They are physically incapable of seeing a question-mark without taking it personally. It is downright disrespectful to assume the person asking the question hasn't done a cursory Google. And it's even more infuriating when you blunder in with your unfounded speculation. If you don't know the answer - don't engage.
And on and on…
In truth, I could have added a dozen more of these. And, also in the spirit of truth, I'm sure I'm guilty of most of them.
I'll reiterate - social media is a game and that means there will be people who will use all sorts of tricks to get the highest score. Part of your role in this game is to ensure that you don't reward the grifters, scammers, cheaters, and grinders.
Spend your attention wisely and - as ever - play nicely.
------------------------------
2021-09-11
Augmented Reality Twitter Conversations!
https://shkspr.mobi/blog/2021/09/augmented-reality-twitter-conversations/
I've recently launched TweeView - a new way to visualise Twitter conversation threads in 2D and 3D.
Sadly, I don't have a Virtual Reality system - feel free to buy me one! - but I have the next best thing. A web browser!
Demo!
Using the awesome power of A-Frame, here's a demo of how to view a conversation object as AR.
Play!
You can play with it yourself at TweeView.ml/ar. You will need to download this AR target image.
It works best printed onto matt white paper, then mounted on card. I had to print it twice on the same piece of paper to get the required blackness.
Build!
This is built on several bits of open source tech.
The first part is A-Frame and AR.js
Next is ForceGraph AR
I recommend copying them to your local server rather than relying on a CDN.
The of your HTML page needs a target the AR window can attach to:
Construct the graph which will be displayed in the browser:
const Graph = ForceGraphAR({ markerAttrs: { type:'pattern', url:'/path/to/pattern.patt' }})
(document.getElementById('3d-graph'))
.jsonUrl('/path/to/graph.json')
.glScale(160)
.yOffset(1)
.nodeRelSize(10)
.nodeOpacity(0.9)
.linkOpacity(0.9)
.nodeColor(0x0000ff)
.linkOpacity(1)
.linkCurvature(0)
.linkWidth(2)
.linkDirectionalArrowLength(6)
.linkDirectionalArrowColor(0x00ff00)
.linkColor(() => 'red');
In order to generate a "target" (that's the physical object that is being tracked) use the AR.js Marker Generator. That will deliver you two things.
A .patt file. This is a digital representation of the pattern.
A .png or .pdf file. This is the thing you print off and show in front of your camera.
Finally, you'll need a graph object in JSON format to pass to ForceGraphAR.
You'll then end up with something like this:
[Image: ]
Ruben Casas 🦊@Infoxicador[Image: Twitter]
Attending my first in person event since the pandemic. #TapIntoTwitter hosted by @gerardsans and @coderinheelsNothing better than a cool live demo. 🤯 pic.x.com/qw1ifom7fh❤️ 16💬 1🔁 018:11 - Tue 31 August 2021
Grab the code
All of this is available as open source on my GitHub repo.
Enjoy!
------------------------------
2021-09-10
Twitter trialling "bot" account identification
https://shkspr.mobi/blog/2021/09/twitter-trialling-bot-account-identification/
I run lots of automated Twitter accounts - "bots" in common parlance. But there's no way for people to know that these are automated accounts.
This leads to slightly odd situations where people try to have conversations with them.
[Image: ]
Colours by @edent@RGB_Colours[Image: ]
Automated[Image: Twitter]
"Dark Slate Blue"#483d8b pic.x.com/vi2novdlgr[Image: ]
❤️ 54💬 0🔁 1505:30 - Tue 24 August 2021[Image: ]
waaaaahat @ Spoutible@waaaaahat[Image: Twitter]
Replying to @RGB_Colours@RGB_Colours It sure looks like a shade of purple to me. 🤔❤️ 0💬 0🔁 005:40 - Tue 24 August 2021
In a recent blog post - Rethinking Twitter Verification - I mused that it would be great if Twitter let you mark specific accounts as robots.
[Image: ]
Terence Eden is on Mastodon@edent[Image: Twitter]
@Nevali @SophieWarnes @katebevan if I were in charge (which I'm not) there would be various types of ticks.🤖 is a bot🆔 proved their legal identity🏭 is run by a brand⚖ is run by a government department👮 Official law enforcement😎 Celebrity And so on.❤️ 20💬 1🔁 010:36 - Sat 13 June 2020
Well! That day is finally here! Some of my bots are now officially marked as such!
[Image: Screenshot showing the @openbenches account is Automated by @edent.]
This is, as I understand it, a beta test. We'll see how users and developers react to this.
What Is It Like to Be a Bat Bot?
Automated accounts - where a human user isn't manually generating all the replies - are incredibly popular. People follow their local train line to find out about delays, or follow bots which Tweet the weather, or who won the sportball. Do those bots only give automated information? Do people expect to be able to have a conversation with them? Do they dream of electronic sheep?
Follow my bots
Here are my bots which have been given the Twitter bot logo:
Flood Forecast
A bot which lets you know the flood risk for the coming days (England and Wales only)
[Image: ]
UK Flood Forecast@FloodForecast[Image: ]
Automated[Image: Twitter]
Significant inland flooding impacts are possible but not expected on Wednesday and Thursday. The overall flood risk for the next five days is LOW.…od-warning-information.service.gov.uk/5-day-flood-ri… pic.x.com/zmdgg4q71m[Image: ]
❤️ 0💬 0🔁 012:03 - Wed 08 September 2021
My Solar Panels
At sunset every day, you'll get a graph of how much electricity our roof has generated
[Image: ]
Edent's Solar Panels@Edent_Solar[Image: ]
Automated[Image: Twitter]
Today I generated 15.07kWh of solar electricity. pic.x.com/usamopxqb1[Image: ]
❤️ 0💬 0🔁 018:35 - Mon 06 September 2021
UK Earthquakes
Very occasionally, we get small earthquakes in the UK. This lets you know when they happen
The @UK_Quakes bot was deleted.
RGB Colours
A very silly bot which gives you a random colour to brighten your day
[Image: ]
Colours by @edent@RGB_Colours[Image: ]
Automated[Image: Twitter]
"Red (Munsell)"#f2003c pic.x.com/kklhrbeppi[Image: ]
❤️ 32💬 0🔁 005:30 - Thu 09 September 2021
Open Benches
Our crowd-sourced psychogeography project Tweets every time a photo of a memorial bench is uploaded.
[Image: ]
OpenBenches.org@openbenches[Image: ]
Automated[Image: Twitter]
IN MEMORY OF THE LATECOUNCILIOR H. J. B. (BEN) WATKINS OBEPRESENTED BY THE LABOUR MOVEMENT THROUGHOUT WALES IN RECOGNITION OFHIS OUTSTANDING PUBLIC SERVICEopenbenches.org/bench/21380CC BY-SA 4.0℅ @StroudieDr pic.x.com/plrbiuuswt[Image: ]
[Image: ]
[Image: ]
❤️ 0💬 0🔁 013:47 - Thu 09 September 2021
Thanks
Huge thanks to the @TwitterDev team for giving me early access to this scheme. You can read more about the trial.
------------------------------
␃␄