> Twitter believes that I should delete the Tweet (which I didn’t make in the first place)
But... It's on your account. If Twitter's condition for re-instating the account is that you delete this tweet, and you have enough access to your account to be able to delete the tweet, why aren't you deleting the tweet?
And:
> Twitter is behaving wholly irresponsible here: there is absolutely no way that if my account was compromised that they could not have noticed this prior to issuing the block, and as far as I can see my account is still there, which means that either someone social engineered Twitter into changing the password, then immediately turned around to compromise then get my account blocked or that Twitter has much larger problems in not being able to detect attempts at account compromise.
What if someone got hold of your password somehow? I'm sure Twitter has suspicious login detection, but those things can never be perfect. Maybe OP has really good reasons to think that there's no possible explanation other than a Twitter vulnerability or social engineering a Twitter employee, but none of that reasoning is in this post?
Because deleting it would remove the one bit of evidence that this happened and may well wipe out the data that would allow establishing how this was done.
> What if someone got hold of your password somehow?
Theoretically possible, practically not very likely for all kinds of reasons which I won't go into here but which you are going to have to take my word for. Let's just say that I'm a bit paranoid when it comes to stuff like this.
> I'm sure Twitter has suspicious login detection, but those things can never be perfect.
Apparently...
> Maybe OP has really good reasons to think that there's no possible explanation other than a Twitter vulnerability or social engineering a Twitter employee, but none of that reasoning is in this post?
Well, let's just say that I've been around for a while and to date have not yet had any of my accounts compromised, ever. That this should happen on Twitter where there has been a long history of such things happening is not all that surprising and when it comes to evaluating Twitter account security versus me being able to keep my passwords to myself I'm going to be arrogant enough to claim that I think that I can do that.
There is plenty of evidence for Twitter accounts being compromised, in fact, one comment here links to a SIM swap attack against Twitter's CEO...
I do trust that you have better opsec than 99%+ of users and that you didn't write this tweet. But it seems incredible that an adversary would burn a Twitter vulnerability to post a near incoherent message from your account (which isn't particularly influential, as far as these things go). Even social engineering Twitter support seems like a really crappy effort/reward ratio.
What you're doing here makes sense, and if I were at Twitter I'd be trying to help you figure out exactly what happened, on the chance that there was a deeper compromise.
Yes, that is the thing that really gets me: if this isn't widespread - and I have no indication so far that it is - then either this was a trial balloon and it backfired because I'm the wrong target to do that to or someone got supremely stupid and tipped their hand. One HN user below had a good idea on how to figure out if the password was unchanged and as far as I can see that is the case, which only makes this more of a puzzle.
> Because deleting it would remove the one bit of evidence that this happened and may well wipe out the data that would allow establishing how this was done.
It’s not clear from the post that you have the option to delete the tweet but are choosing not to. I think perhaps some of the confusion in this thread comes from that omission.
> Because deleting it would remove the one bit of evidence that this happened and may well wipe out the data that would allow establishing how this was done.
You say you've been around awhile but you don't seem to understand that there is not such thing as permanent deletion when it comes to social media. "Deleting" the post in this case would only mark it as deleted and remove it from people's feeds. There is no destruction of evidence that would prevent Twitter from investigating the tweet in the future.
> I would not make any assumptions about implementation details to which I have no access.
you've made the assumption that a deletion actually deletes, when there is near 100% chance that it doesn't, and there is clearly a 100% chance that Twitter has done all the investigation they are going to do.
this isn't a murder investigation, it's a flipping tweet. delete it and move on with your life.
Having been part of 'the industry' for the last 40 years or so I'm fairly well informed about how things are done and that between 'common practice' and 'actual implementation details' there can be a very, very large difference.
Take a screenshot of the Tweet? Download the page with the tweet on it? Seems easy enough if you want a record of it existing. Odd argument for sure. This thread itself is now historical record that it exists.....
Depending on context (GDPR, CCPA, etc) there are legal reasons to actually delete data when your users request to rather than simply mark the data as "deleted".
I understand OP's "I would not make any assumptions about implementation details to which I have no access." approach. That said though, I wouldn't expect any sort of "investigation", so my approach would probably be the same as most: "meh, delete it, change my password, revoke tokens and move on".
> Because deleting it would remove the one bit of evidence that this happened and may well wipe out the data that would allow establishing how this was done.
This has big "When the authorities get here I'll be vindicated!" energy, by which I mean: there's no forensics team heading out to the data warehouse to get to the bottom of what happened. Your tweet isn't that important and it makes sense that Twitter wants you to delete the tweet as a show of good faith.
It is possible that the same temporary (read-only?) access that would allow you to delete the tweet would also allow you to capture much of the relevant evidence:
• fetching the offending tweet via a raw/API method could, in the JSON, reveal more metadata – such as involvement of some compromised 3rd-party app with posting rights to your account
• requesting your entire Twitter archive might similarly still be available (as they offer it largely due to the EU's legal requirement), and include the offending tweet with full metadata
Requesting the latter – your full archive – without supplying any more new info (your phone number) might be a tactic with leverage given the EU-compliance dimension. (Though, it's also possible the regulators have already approved phone-number-verification as a reasonable prerequisite for such a giant personal data dump.)
> Because deleting it would remove the one bit of evidence that this happened and may well wipe out the data that would allow establishing how this was done.
That's not how computers work. You'll mark it as deleted and then the "deleted" column (or field or whatever) will turn from false to true. No forensic evidence will be lost.
Unless you work for Twitter and know how they have implemented this feature I don't think you can make that call. Based on things that have happened to Twitter in the past I think assuming sane implementations is something that I would not immediately do.
>> Because deleting it would remove the one bit of evidence that this happened and may well wipe out the data that would allow establishing how this was done.
> That's not how computers work.
No, not necessarily: computers definitely support hard deletion.
> You'll mark it as deleted and then the "deleted" column (or field or whatever) will turn from false to true. No forensic evidence will be lost.
Twitter likely implemented it as a soft delete, but that's by no means certain. And even if they did, a soft delete would mean only Twitter's internal teams would have access to the evidence, and there may be a desire for the evidence to be publicly accessible.
We all know that's likely, but we also all know that none of us can actually know that. I sure don't know what the db schema is or what the data retention schedule is or what edit means are available to insiders (employee or "visitor").
Thing is, Google, Twitter and many other platforms reinstate accounts after some public crying like this one.
> Now, I have been pretty vocal in my support for Ukraine
This pretty much answers it all, OP wrote the tweet, remember that there are no evidences of account being hacked? Account got blocked. OP makes a fuss about it hoping that visibility from other platforms will help him.
I'm confused - was OP's account compromised, or not? It sounds like it was, but he doesn't seem very fussed about how it happened or keeping it from happening again, just annoyed that Twitter's response to it isn't faster. Is it this commonplace for twitter accounts to be taken over?
Also, is saying things like "Go die" an insta-ban on twitter? I don't use it but I thought it took more than that.
I'm also confused. How is Twitter supposed to know that the Tweet was made by the OP or was a compromised Tweet? When something is egregious what should Twitter do if it doesn't have resources to investigate whether the tweet was "intentional" or not, if action must happen quickly to avoid problems? And isn't a claim of "wasn't me" an easy claim whether or not it's true? I'm likewise confused. He says "What really pisses me off is that this is fairly obviously not my fault " But I can't find out where it is so obvious. Am I missing something? To an outsider it looks like a threat, without any indication that it wasn't made intentionally.
> How is Twitter supposed to know that the Tweet was made by the OP or was a compromised Tweet?
For starters: it would be interesting to see what IP address the tweet was made from, whether or not it was preceded by a password change or contact with Twitter support to turn the account over to someone else.
> When something is egregious what should Twitter do if it doesn't have resources to investigate whether the tweet was "intentional" or not, if action must happen quickly to avoid problems?
Good question. That makes me wonder if they are able to operate safely at scale at all.
> And isn't a claim of "wasn't me" an easy claim whether or not it's true?
Yes. And yet: it wasn't me.
> He says "What really pisses me off is that this is fairly obviously not my fault " But I can't find out where it is so obvious. Obvious to whom?
To me, and presumably, to those who know me and presumably to Twitter employees who have access to a whole lot more data than I do.
>> How is Twitter supposed to know that the Tweet was made by the OP or was a compromised Tweet?
> For starters: it would be interesting to see what IP address the tweet was made from, whether or not it was preceded by a password change or contact with Twitter support to turn the account over to someone else.
>> When something is egregious what should Twitter do if it doesn't have resources to investigate whether the tweet was "intentional" or not, if action must happen quickly to avoid problems?
> Good question. That makes me wonder if they are able to operate safely at scale at all.
i'll hazard a guess that this isn't a factor at all, since the vast majority of cases where such differences exist could be explained by the user traveling and logging in from a different location. your abuse team would declare open riot if they needed to investigate whether every "posted abusive tweet, but from a coffee shop wifi instead of their home" needed to be evaluated as a possible hijack.
like most large services, Twitter has self-service hijack protections: you should receive email notifications when Twitter sees a login from an unknown location (i sure do) with the usual CTA about changing your password and such if you do not recognize it. that does appear to be what you should do here, insofar as they state you can cancel the appeal, delete the tweet, and regain access. asking users to delete tweets made by a compromised account sounds normal enough, given that it's both what will happen anyway
i'll grant that Twitter's account blocks and support system can be _bad_, in that they often have conflicting or outdated instructions, but that's only a problem when the recovery process fails, not when you don't attempt it. this seems more a complaint that they don't offer concierge service but, eh, not much surprise there.
Yeah, the Twitter policy here is 1) ask the user to delete the bad tweet 2) tell the user to change their password if they think they've been hijacked 3) internally investigate any credible claims of a security issue on their side. They have zero interest in allowing users to participate in any such investigation.
A side question for folks who work on these sorts of social media / UGC sites. Wouldn't a shadowban / deletion of messages be a lot less antagonistic as a way of dealing with problematic posts instead of instant and total account ban? I mean, if Reddit can shadowban so that your account still works, even if the posts go into the "ether", why can't Twitter do this? Instaban seems a bit... harsh, even if merited? Couldn't you combine shadowban with account ban if there's a persistent set of violation posts? Is there a practical reason why shadowbanning on twitter doesn't work?
I mean if we're going to use fairly simple approaches (keywords on ban lists or user-based flagging / reporting), then shouldn't step one simply be not allowing the post at all, instead of a retroactive instaban on the account after the post has been shared? To me, the simple way is delete the post, or put in a hold queue (warning the user), or at very least not actually share the post on a timeline. Warn the user, don't share the post, and/or delete the post. Then you can still have the desired effect of keeping the platform "safe". Am I missing something? I'm confused all around about social media practices, honestly.
A shadowban is IMO worse than an instaban, you still aren't able to post anything, but it will look like you can. It also feels morally wrong to shadowban people and there's no process to appeal, it's not even straightforward to discover you've been shadowbanned, you need a bot or searching for your posts in a private window[0].
Agree on the "simple way" of warning the user and putting the post on a queue though.
> A shadowban is IMO worse than an instaban, you still aren't able to post anything, but it will look like you can. It also feels morally wrong to shadowban people and there's no process to appeal, it's not even straightforward to discover you've been shadowbanned, you need a bot or searching for your posts in a private window[0].
I think that's true on a first offense. But if the user has demonstrated they have no intent to behave or their offense is egregious or demonstrates they know what they're doing, then I don't think there's any problem with a shadowban.
>Good question. That makes me wonder if they are able to operate safely at scale at all.
With those standards, I don't think many of the tech giants can operate at scale at all. Not that I think they shouldn't be held to those standards, but that incompetence just doesn't surprise me at all.
There are several things they could check and factor into the score before banning someone. Client source (if the use the website 100% of the time and suddenly this was from the Android client for example), IP address (do they tweet from the U.S. exclusively and then suddenly they're tweeting from Moscow?), VPN affiliation (did this tweet originate from a known VPN egress?), and so on. These things _should_ be factored into the "omg ban this account" score IMO, but I have no idea if they are.
> I'm confused - was OP's account compromised, or not?
I do not know. The tweet certainly looks like it was made by my account, but definitely not from this computer and definitely not using my password. I'm pretty precise about stuff like that and Twitter would be the least of my problems if my passwords were hacked. For now I am assuming either someone social engineered Twitter to change my password or a compromise of Twitter of some sort.
> but he doesn't seem very fussed about how it happened or keeping it from happening again
Lack of information... of course I'm 'fussed' but I just don't know. All I know is that as far as I can see my setup here is still secure and was not a factor in this.
> just annoyed that Twitter's response to it isn't faster.
No, mostly annoyed that Twitter would not detect a fairly obvious Joe-Job.
> Is it this commonplace for twitter accounts to be taken over?
Good question, I don't know.
> Also, is saying things like "Go die" an insta-ban on twitter?
For now I am assuming either someone social engineered Twitter to change my password or a compromise of Twitter of some sort.
Try to log in with a clear cache or in a private window. If you get redirected back to the page saying to delete the tweet, then you know your password wasn't changed.
Edit: Yes, that worked, so clearly the password is unchanged. Thank you, that at least is a concrete step forward. But that in a way only deepens the mystery.
Tree style tabs, adblock plus, umatrix, all as far as I know reputable and clean.
Don't use other computers besides this one for Twitter. The password is very long, generated, so impossible to guess and I have never moved it to another machine.
> For now I am assuming either someone social engineered Twitter to change my password or a compromise of Twitter of some sort.
How could you not notice your password being changed? I would think twitter would invalidate existing logins after a password change forcing you to log back in using the "new" password an your devices. Then again, I never used twitter.
Because that's the only thing that I can think of that makes sense.
Whether or not I can still log in I do not know because, as I wrote, I'm blocked from using Twitter, the only thing I keep getting now is a page where they want my phone number.
You could use twitter without a phone number before this point?
They asked me for it a long time ago, I never gave it to them luckily as they proceeded to leak that information to everyone. I've wrote off the platform ever since.
> How could you not notice your password being changed?
I noticed that a horrifying number of services don't inform the old email address that an account's email was changed. I trust very few services to keep me fully informed about my accounts these days.
Web Intent is a very open API and doesn't require a specific API relationship (you don't need to approve an "app" to do it). It is built to present a confirmation page specific to the given "Web Intent" interaction, but there have been reports over the years of adware/malware bypassing the confirmation page (or phishing the confirmation page) as a spam vector.
Web Intent is on the list of paranoia reasons to not browse the web with an active Twitter session.
Oh that is a very good one, I never ever even thought that something like that was possible, I thought that by just using a browser and a strong password that I was protected against that kind of trick.
Thank you. Between the various comments in this thread bit by bit I'm beginning to wonder how safe this setup really is. Qubes OS starts to look better by the minute...
Yeah, I've gone down some paranoia rabbit holes into isolating my Facebook, Google, and Twitter logins into their own Containers with Firefox's Container tabs. It makes for a very interesting web browsing experience that is increasingly distant from the "mainstream" view of the web. (Even beyond the fact that Firefox usage in general is so rare according to current metrics of the Chromium hegemony.) It's amazing the dark patterns that websites get into when a Facebook, Google, or Twitter tracker doesn't work or doesn't return user details. Google specifically seems to punish me with a vast increase in the number of ReCAPTCHA attempts I'm forced to make (and you start to find out how many sites still use ReCAPTCHA as their primary prevention tool).
I too am interested in what you find in your third-party apps list. That’s really the only way I can imagine an account doing a rogue tweet without your password being compromised. Especially when the rogue tweet is something related to foreign politics
I once made an intemperate comment to someone arguing in favor of eugenics via involuntary sterilization that they should consider starting with themselves, if you get my meaning, and Twitter locked my account within 30 seconds. They have automated systems for threats of violence or encouragement of self-harm. (I was happy to delete the comment after using the opportunity to cool off and reflect for a couple days.)
An automatic block would at least explain the ridiculously short time between the recorded timestamp and the block (about 7 minutes before I became aware of it).
Third possibility is Twitter's anti-abuse flagged a suspicious login and locked the account for your own protection. An instant, algorithmic ban limits the damage the impostor can do.
No, I did not. I have received three emails from Twitter today,
One to indicate that my account was locked (2 minutes after that particular tweet was made), one that my appeal has been logged and one that I tried to log in from a machine that had not been seen by Twitter before (true, a VM temporarily booted to check whether or not the password had been changed).
This is so confusing that at this point it feels like you're intentionally withholding information. Answer the simple question, has your password changed? Because if not then we can concretely rule out social engineering attacks - if they didn't know your password to begin with then they couldn't change it back, and if they did there would be no need for a social engineering attack.
Are you certain that the email from Twitter is even genuine? Your account looks completely normal to me. I don't know what a blocked account should look like but to me it doesn't look like your account is banned or anything. And the tweet in question (which your bafflingly refuse to delete) isn't present.
Also confused. Seems like the actual story here is that OP or Twitter was compromised, not that a Tweet was blocked. At least that's what I'm more curious about.
For many years most accounts have been locked shortly after they're created. I had deep OTM puts on Twitter before Musk bought it since it's pretty obviously a dying platform without some substantial change.
Seems most likely you replied to this tweet and forgot. Your tweet makes sense in this context.
"They arent bothering to train current conscripts. Some Russian soldiers say they are given a weapon and sent straight in. Learn on the job."
11:29 AM · May 2, 2022
In that context it doesn't really look like a reply a hacker would make to get an account banned (unless they know exactly what triggers the auto-ban algorithm and are covering their tracks).
When taken in context it looks like an innocuous tweet but to a twitter censorship algorithm that isn't aware of the context it looks like a command for someone to die.
Seconded. It happened to me a while ago; I said in French (in a reply to something): "que les antivax meurent n'est pas étonnant", which means "that the antivaxxers would die isn't surprising" but which was apparently interpreted by Twitter as a death wish on the antivaxxers (it could indeed sound like one if you ignored the last part of the sentence).
The tweet was immediately flagged, I believe by an automatic Twitter system; I learned that it's best to not use the word "die" in any language and any context, because the "AI" systems are incredibly limited and stupid, and they flag anything that may be construed in a negative way.
Twitter then asked me to delete the tweet, but what it didn't tell me is that this would be an admission of guilt. I got suspended for a number of days, but I took this opportunity to quit Twitter. I didn't delete my account but didn't log back in. One of the best decisions I ever made.
If the question here is just about why it would be flagged, that's pretty straightforwardly explicable by Twitter's detection (and/or manually-flagging passers-by, perhaps) simply not taking context into account.
You might be able to check your browser history for clues if you maybe replied, and forgot. Though I don't know enough about how twitter works to know if that would reveal anything. I suspect some stuff is SPA-like and other stuff is traditional web. Do you have a proxy, or anything else that could be logging?
I had a tweet flagged and my account locked for explaining an aspect of the QAnon conspiracy theory to another user. This was in a critical, skeptical context, but the individual tweet could be read as advocating the position I was describing. I wasn't successful in appealing it and ended up deleting. Twitter's policies tend to err heavily on the side of false positives.
It seems someone is replying to your tweet by triggering the appeal process and telling you it's not "learn on the job", you said it wrong, it's "die on the job...".
I got my account suspended, in real time, this weekend for following people who liked my tweet. I can log into my account but am presented with a splash page about how my account might be compromised and how I need to reset my password to unsuspend it.
It seems like I am shadow banned and the "contact our appeals team" is a CYA measure since they will not do a single thing to help or even verify my identity. They might not even be handled by an actual support team.
I cannot reset my password to unlock my account due to it claiming my email does not match the account after inputting my phone number. I removed my email previously, so I only have my phone number associated with my account, no previous email addresses are accepted. The workflow redirects me to an appeals form if I say I don't have it associated with my twitter account.
There is a secondary password reset workflow but it requires your account to be unsuspended to use. Great.
Now, I am stuck in a catch-22. Their appeals team sends boilerplate about how they can not do anything to help me. I can log in, I literally have past emails from Twitter and previous Twitter codes sent by SMS, yet that is seemingly meaningless due to some oversight or dark pattern in this workflow.
maybe it would be a good idea to check your environment for carbon monoxide, or ask someone you trust in real life if you've been displaying erratic behavior. People arguing on a forum about Twitter might be overlooking a health issue you might be experiencing.
You very well might not be. Carbon monoxide, stress, medication, sleepwalking, etc. If it's CO, at least try going outside and getting fresh air and see if things clear up. And at least ask someone for their opinion and get a CO detector. It's well worth a try for your own well-being.
Regardless of whatever is up here that's good advice, I'll pack it in for the day and check back tomorrow to see what if anything happened. Thank you for the concern!
So, could you clarify what you were doing at the supposed time of the tweet? Is there any evidence for that in e.g. your browsing history (not to prove it to us, but to yourself)? If it's "I was on Twitter, viewing Ukraine-related tweets" then "you tweeted this yourself (most likely in some altered state of mind)" is an almost unavoidable conclusion. With zero malicious intent, I would recommend one or all of carbon monoxide detector, discussing this situation with a close friend, and/or medical checkup. The similarities to this famous thread are uncanny: https://old.reddit.com/r/legaladvice/comments/34l7vo/ma_post...
One more far-fetched theory would be that Twitter has a race condition or caching problem, which caused someone else's tweet to be posted under your account. But the odds of this happening to only you in particular (and in an on-topic manner!) are essentially zero at Twitter's scale.
I am sort of baffled by all the ink being spilt about Twitter. I still find it jarring that anyone reports on “tweets,” and that there is even a process to ‘appeal’ a decision made ‘about a tweet.’
Anyway, meta-commentary aside, this blog post is something of a mystery. I don’t know whether the author of the post actually wrote the tweet in question and is somehow trying to get back onto Twitter, or if his account was compromised despite him saying it wasn’t… I just don’t know what to make of all of this. Can anyone clarify? Any insights?
FWIW, the author is very prolific and sane on hackernews(at least as far as I've noticed), so the post could be considered more trustworthy than a random post by somebody who has never participated here before.
As someone with a 15-year-old account here, I can verify that Jacques is in a special, small group of members of this community with recognized user names -- based on a long and impeccable record of substantial knowledge and respected expertise.
It fights the development of cliques and forces people to focus on the message, not the messenger. And it sharpens your own need to make a good point, rather than posting as $KNOWN_USER and waiting for the clicks.
I've done this roughly every ~1-2 years or so since I joined about a decade ago, so my ~8-9k of aggregated karma is spread across multiple accounts.
On that topic, it's about time to rotate to a new one. Catch you all on the other side ;)
>I still find it jarring that anyone reports on “tweets,”
Reporters love Twitter, so they spend a lot of time on it. If reporters spent a lot of time in D&D sessions, they would report about every typo in "Dragon" magazine.
Reporters love spending a lot of time on Twitter. It looks like work; it smells like work; but it is definitely not work.
Perhaps because there are sources posting on Twitter?
Reporters often rely on tips. It's like going fishing. If the oceans were full of fish and you wanted fish - surely spending time fishing would make sense?
Reporting on tweets is the modern version "man on the street" interviews from television news. That is to say, essentially worthless. They never tell you how many interviews they did or how many tweets they read before they found the one or two they chose to support their predetermined narrative.
> It's no different than reporting on anything else that someone says in a public forum.
Public forums, like in-person public forums, have much more context and many more barriers to being heard. In a supply-and-demand, signal-v.-noise sense, I find Twitter to be extremely low value, on the order of whatever the homeless fellow on my street shouts about (it’s usually extremely racist, homophobic, and disconnected from reality —- three traits his content shares with Twitter).
> Since there are real consequences for what you say in a public forum, it is understandable that there is an appeals process.
I don’t share the view that getting banned from Twitter is a ‘real consequence’ because I have never been on Twitter and yet, here I am, no worse for wear.
> I find Twitter to be extremely low value, on the order of whatever the homeless fellow on my street shouts about
A lot like the real world. If a homeless person is standing across the street from the Whitehouse shouting nonsense no one cares. If POTUS comes out and says we're going to war, it matters. That's why what people say on Twitter is reported on in the news.
The previous US president used Twitter as his primary form of public address. These are now part of the presidential archive. Like it or not, in 2022, Twitter is a first class medium for communication.
If somebody had that kind of an exploit of Twitter, is it really plausible they'd use it for such an inconsequential tweet and on your account? Seems like there would be far juicier targets.
That I agree with. Still, no indication at all that anything besides Twitter has been abused and believe me there are far juicier targets on this machine as well. So why just Twitter if someone has compromised my main work machine? That would really make no sense.
It is not unheard of as a distraction technique. Similar to flooding an inbox with spam mail so the "changed password" email gets missed in the flurry.
You could be spending all of your time trying to solve your Twitter issue while time is being taken to delicately extract some of those "far juicier" targets.
Not saying this is for sure, but just one reason why a malicious actor might act in this way. If you haven't done a full forensics on your main machine, you should be doing that before jumping to the conclusion that your machine is completely clean.
I don't write tweets like that, don't drink, don't get high (as another commenter suggested) and stand by my words. This is not something trivial to me, someone is apparently able to impersonate me on a platform with massive reach and that means that if this doesn't get resolved in a serious manner that Twitter is utterly dead to me. And that probably was the goal of whoever did this so I guess they can congratulate themselves on a job well done but I have to take this serious. Reputation is a pretty fragile thing, I'm very outspoken but I am very careful about what I write and if Twitter is not going to be serious about this then they have lost my interest instantly because it means that I can no longer trust what I read there and others won't be able to trust what I - apparently - write there.
Not necessarily, because the 'delete tweet' option is not visible on any page that I currently have access to, the only page that I get is the one where I have to enter my phone number.
I’m not sure by what evidence you came to this conclusion. The tweet exists. It exists with this person’s handle on it. This person claims that their account is not compromised.
From an Occam’s Razor standpoint, it doesn’t add up. I was looking for more evidence here, like “At that time I couldn’t possibly have tweeted, because it was the middle of the night and I have never tweeted at night,” or “The people who were the subject of the “@“ are not people I have ever interacted with, and the tweet itself doesn’t make sense in the context of the conversation.”
The general lack of detail and a lack of putting forth a theory of what did happen, besides “I support Ukraine so I might be getting silenced” (which seems unlikely — who doesn’t support Ukraine the West? It’s not an unpopular opinion. Is this guy Russian? And silenced by whom?) — it just plays like the song “It Wasn’t Me” by Rik Rok and Shaggy.
If you don't use Two-Factor Authentication, and you have a public profile, the question isn't if your account will be compromised, but when.
Apparently, for Mr. Mattheij, when was today.
The next question is "how do you safely recover your account". Hopefully this is a straightforward process, considering you have access to the email account associated with your Twitter account. Of course, Twitter needs to make sure that the attackers didn't also compromise your email account ...
There is no way that my account password was compromised without a much more elaborate hack of Twitter, either that or someone social engineered them to change my password.
Yes, but that would actually be less secure because my phone number is quite public and I'd be a SIM swap attack away from someone being able to compromise this account in a way that I would not be able to easily recover from (and to lose my long time phone number in the process).
AFAICT you can configure TOTP / Security Key based MFA for Twitter and disable text messages, but I don't recall if they force you to give them your phone number first: https://twitter.com/settings/account/login_verification
Regardless that still wouldn't protect you against somebody social engineering their support team. The account security page at https://twitter.com/settings/security has an "Additional password protection" but that seems to inhibit automated password reset requests, not support-related ones.
Oddly enough I was able to select between [ Text message, Authentication app, Security key ]. I chose Authentication app, and I was not asked for my phone number. Though your account may now be in a "special state" due to these circumstances.
EDIT: Ah I see elsewhere you said you don't use a smart phone (thus, no authentication app.)
Your account being compromised doesn't necessarily mean your password was compromised. Attackers are constantly developing new ways of accessing people's accounts. There's no valid reason to assume that there was an "elaborate hack of Twitter." Even people who are very careful, as it sounds like you are, can be successfully targeted. I don't know if turning on 2FA would have prevented this, but it sure wouldn't have hurt.
Then I'm super interested in the mechanism used because I was under the impression that as long as my password is secure my account is secure barring a hack of Twitter at an entirely different level.
2FA the way Twitter uses it (using SMS to phone number) would in my opinion be less secure rather than more secure because it opens up a whole slew of possible attacks that would then also involve my phone.
I'm not saying this is what happened, but compromising your e-mail is also a possibility.
Also, I'm not sure how you can say "there is _no way_" your account password was compromised. Can you know for certain that you haven't ever executed code which couldn't potentially be malicious or have security issues? Hell, if you use a web browser there's a non-zero chance that some website you visited was compromised to serve you some javascript which exploits a zero-day in whatever browser you use. You can say that's unlikely, but there's a lot of possible scenarios like that, and you're worryingly willing to just dismiss them all and say there's _no way_ this could be anything other than a vulnerability on Twitter's side.
But: my browser - which I use to access my email - is locked down to the point that a normal user probably wouldn't find it much fun, between umatrix and adblock plus there isn't a whole lot of javascript that runs before I authorize it.
No, this is not possible. This password was generated by Firefox and apart from the test earlier to see whether or not it was changed I have never used it elsewhere much less copied it. It would have to be a session hijack or something like that.
I don't have a smartphone specifically because I believe they are insecure by design, at least one company and a whole raft of employees there have access to it and that's before we get into automatic updates of the software on those devices and so on.
When I say I'm pretty sure that this machine wasn't compromised that is because I'm utterly paranoid when it comes to stuff like this. Possibly not paranoid enough - given the evidence just obtained...
That's a good one: on a server with an asymmetric encryption system (different decryption key than encryption key) the decryption key is not stored in any automated system, the back up is 'pull' from that one server inbound to this machine.
I guess it is theoretically possible that someone broke into the backup server but it too is locked down pretty good, to the point that if I want access I'll have to get into the car and go there in person. Call me paranoid :)
I'm assuming when the account is restored, the offending tweet will be gone, but I'd be interested to know if it was tweeted by an app that was authorized via OAuth (which one could see from the "source" attribute of the tweet).
That seems like the most likely scenario to my brain given that the author asserts there is no way their password was compromised (which I can believe).
Twitter suspended my twelve year old account for most of a year without explanation.
Eight months later, my appeal worked and I got it back and was told it was an error in automated spam detection. Eight months! It was a 12 year old account. For those eight months I couldn't even get support to reply.
Twitter has been garbage for years. The app is a great idea, I hope it gets fixed.
Same here - I was suddenly suspended for the following:
"We’re writing to let you know that your account has been suspended—and will remain suspended—due to multiple or severe violations of our platform manipulation rules"
I am a very boring person and there was zero chance I had done anything like this.
I was able to appeal ~5 times over 6 months and finally got my account reviewed by a person. They restored it and apologized that I was swept up in a spam cleanup. I don't tweet much but I am a daily user.
I was suspended from Twitter for "violating Twitter's policies" without further explanation or any indication of how those policies were violated. I didn't bother to appeal since I'm mostly just a lurker but I could see where this would definitely be irksome to someone who spent a lot of time on there.
In the past there have been black market services that would give you the complete info and even access to twitter accounts for like $50 a pop or so.
Presumably via an insider or forged law enforcement requests.
You'll never get twitter to look into it or give you an ounce of data which you could use to pursue the matter yourself. ... I've never heard of that happening even when shamed in public.
Check out some of twitters court filings to see their corporate attitude, they even gaslight the courts-- they're not going to help you or care that they've screwed you over. They don't even care when people are complaining that they're hosting extortion generated child pornography... they simply respond that it doesn't violate their content policy.
Twitter's customer's are advertisers. You're a cow at a meat farm mooing that the ground isn't comfortable to walk on... no one cares how the product feels so long as production stays up.
Note: OP is a very active, sophisticated, regular HN poster, recognized by many. On this basis, I give this complaint a lot more credibility than that of some random internet-troll.
> Unfortunately, since my account is now blocked I can’t make noise about this on Twitter, which is probably the only place where making such noise would be effective.
This is dangerously true, unfortunately. Were there ever adequate channels of recourse for upstanding citizens which we've let atrophy in the last two decades? Or has Twitter been an unprecedented innovation in elevating plebeian voices? Or are have both tweeted and prior petitions also been impotent?
In the days before the internet, you would write to local news and your legislative representatives instead of making noise on Twitter.
These days, local news doesn't really exist, and representatives will only listen to big campaign contributors. Social media has stepped in to fill that gap for the modern lower/middle class.
If you'd ever supplied a phone number as a backup-auth, then a SIM/phone-number-hijack would be a likely cause. (I think you'd see an email about a password reset in that case.)
But also any 3rd-party app that was ever granted posting access ª then itself compromised or misused – could also be to blame.
And of course the fact that any "suspicious" activity (even just a bouncy internet connection, in my experience) triggers a phone-number demand may solve some of Twitter's problems, while making things worse for the user, revealing to Twitter extra personal-info that:
• leaves you at risk of future phone-number-based account hijacks
Interesting! But: I never gave Twitter my phone number exactly because I figured that that would open me up to SIM swap attacks and the password on the account is quite secure. As secure as this machine, I guess.
I consider twitter accounts disposable. "Give us, an advertising company, your phone number, then delete the offending tweet, which we're not showing you yet, then we'll let you back in". There is no way I'm giving you my phone number. Therefore I don't know which tweet was offensive, and how so; so I will continue to make that same mistake. If Musk didn't take into account locked accounts, he will have paid tens of billions too much, because I know I'm not alone in having lost count of locked accounts.
I'm confused, are you able to log in but not do anything? How are you able to see the tweet you screen shotted? Did you actually see it posted to your account?
No, I can't log in. All I get is that screen over and over again.
So it must have already authenticated you, because it knows to show you that screen.
It seems extremely odd that they would give you the option to delete the tweet, without actually giving you the ability. And if deleting the tweet was really enough, they could have simply deleted it for you and sent you a message that they did.
It's probably an exploit of some sort, hopefully someone at twitter will chime in here eventually.
edit: Wait, why not cancel your appeal, and try deleting the tweet on your own? Is it because you want twitter support to read that you never posted it to begin with?
I really wonder how this was done. And if it can be done this easily how often it happens, it's not like I'm super visible, there are probably millions of accounts on Twitter with more visibility.
The thing I find fascinating is just how many people immediately jumped to OP being in the wrong. As if Twitter is imbued with some sort of "unhackable" attribute.
This reminds me of the guy who figured out how to post on FB using Zuckerberg's account (or really anyone's account).
History shows us that all software with any complexity has exploits, and it is extremely unlikely that Twitter is the exception the the rule.
But the priors are stacked against OP. Someone gained tweet access to OP's twitter account and... replied in a mildly profane manner to some random tweet? With zero indication of foul play other than "I didn't do it"?
My very best guess that does not involve "OP has their facts wrong" is "someone at Twitter impersonated them, either intentionally or by accident". Still, what's the point?
From the outside, despite (or rather because of) the status/reputation they have, I'd put my money on "trick of the mind" or some medical problem. The CO poisoning suggestion is honestly higher on my list than "rogue Twitter employee trying to scare OP".
Test if your password has been chnaged by going to incognito mode, logging in again. If you cannot then someone has managed to take over your account.
if you can login then a) you were careless with your password or b) twitter has a serious problem (which it is depends on how paranoid we think you are with passwords)
but it would at least tell us something
Anyway I hope this gets resolved satisfactorily soon :-)
Yes, someone else suggested the same thing: password not changed.
So now I'm really worried, because that means either this machine is compromised which has far larger implications than my Twitter account or there is something really bad going on at Twitter. Ericabiz suggested setting up Google authenticator, I think I can do that using my Yubikey and that will be the next step once the account is working normally again.
I care because I have about 11K followers there and apparently someone is able to write stuff that looks like I wrote it and that opens me up to all kinds of damage. So this may not be a 'big deal' to you but it is to me.
You are 100% right. Still, I expected better. Obviously I was wrong about that.
Because (1) whatever is in that tweet isn't reason for a ban by itself (2) given that it says what it does and is so far out of character for me (to wish KyivIndependent and bunch of others to die? rather the opposite...) that it makes me wonder what the real goal here is and (3) if this is some kind of trial balloon they picked the entirely wrong guy to do it with, which just 10 minutes of research would have made perfectly clear.
Is it possible for the "appeal" process to be compromised with any arbitrary content so that was what triggered the email? Are you sure the email is really from Twitter and not some kind of phishing?
It certainly doesn't look like a phishing email. That said, I've received plenty of email from Google where I was quite sure that it was phishing when eventually it turned out that it wasn't so I guess anything is possible.
The appeal process could have a security hole, it wouldn't be surprising if some request can be manipulated to seem as if you're appealing a Tweet of any content and have it trigger that automatic email. That's what it looks like to me given all else being true and the account wasn't really hacked.
Tweet is addressed to several accounts, one of them is KyivIndependent which reports Ukraine related news. The tweet looks like a death wish from RU supporter.
You get your account blocked for schoolyard level behavior like that? It's not even a serious threat, it's childish emoting. I'd expect people can say "I wish all [opposing football team] players would die in a fire!" without official consequence. Maybe receive some angry tweets in response, maybe have some individuals unfollow me, but not an existential threat from the administrators. I wonder if the same group or individual who made the post also had the authority to have it flagged. But why?
I'd hate to have invested years participating and contributing, and then have something as absurd as this happen. Especially since there's no clear indication from the administrators as to what exactly is going on.
So it wasn't as a reply to anything? Pretty weird. I'm about as far from a RU supporter as it gets, as my very extensive tweet history amply documents.
But it would be a pretty good way to discredit me.
Except it doesn’t. Twitter doesn’t usually ban accounts for tweets like these. And when they do, they’ll automatically unban you if you delete the tweet.
It’s not like someone randomly tweeted child pornography or bomb threats from his account.
The fact that jacquesm could immediately recover his account by deleting this tweet completely discredits this theory.
Currently, the title is "Twitter blocked my account for a tweet I did not make", and the first part of the post shows an appeal of the block.
It'd seem like a more direct title might be something like, "An unauthorized party posted using my Twitter account.". Or just, "My Twitter got hacked.".
I signed up for Twitter last week, and within minutes my status changed to "Your account is locked", because my account broke the Twitter Rules. I am still trying to figure it out.
They lock your account until you give them a valid phone number, it's probably nothing you did just they use 'dark patterns' to get your data. Everyone's probably better using Mastodon or something.
They are likely using some fuzzy logic to detect people evading bans by creating multiple accounts. Could be some combination of IP address, OS, browser fingerprinting, etc.
This approach inevitably results in some amount of false positives, but nobody cares since the users aren't the paying customers.
Facebook does the same thing. I had a secondary IG account created in 2013, which worked fine until late 2021, when it refused me access without submitting a phone #. It was a burner account so it didn't matter, but still, very irritating.
This story is truly bizarre. The author seems to think their Twitter account is really, really important, so important that it must be preserved for the authorities to investigate. Meanwhile, the obvious answer -- that the author's Twitter account got hacked and co-opted by some Russian disinformation operative -- is rejected out of hand, as we are assured that the author is just too secure to be hacked, because for instance he rejects Twitter's 2FA account protections. We're supposed to believe that sim-swap attacks targeting his specific profile (remember, we're assuming this Twitter account is really influential) is something to be expected with a greater frequency than a browser vulnerability leaking his Twitter credentials.
This whole thing seems like it boils down to "twitter user hacked, delusions of grandeur slow recovery."
That is possible, but I have absolutely zero evidence for that at this point. I would either think someone successfully managed to social engineer Twitter into making an unauthorized change or that there is some other avenue besides the regular interface that allowed access to my account (so not protected by my password or session).
So I guess your suspicions that there's more than meets the eye have more merit than if it would be a random poster. However, my initial reaction was still "what makes this different than any other hack?".
Nothing, that much is clear. But - and this worries me at a different level - if getting blocked from Twitter is this easy maybe I should not be putting time into it at all.
But it's very convenient to keep contact with a large number of people with very diverse interests.
OP is @jacquesm here; this is the internet so long cons are always possible, but he's one of the more credible people around here. Additionally, the tweet in question is pretty far out of character.
the offending tweet was likely made as a reply (the @ match). The original tweet said "Some Russian soldiers say they are given a weapon and sent straight in. Learn on the job."
The pun was that Russian soldiers are not learning on the job, they are dying on the job. It's a completely normal observation to make.
The ellipsis at the end also indicate a pun/correction. An actual death wish would more likely end with exclamation points.
But the Twitter algorithms misinterpreted the pun as a death wish, and the OP somehow didn't remember making it. This sounds like the most likely explanation.
Exactly! It makes way more sense for a person who tweeted something deeply out of character to try and disavow it in this way, than for a person that regularly tweets this kind of things.
Not really. If you weren’t a prolific HN commenter this would be the top comment here.
Right now you’re making an extraordinary claim with zero evidence. Pointing this out isn’t “out of line”.
E: As it turns out, not only was I not out of line, I was also entirely correct. You wrote this tweet Jacques, you just forgot. It’s not unusual at your age.
Asserting that an elaborate full-scale Twitter hack is more probable than a single Twitter account (not protected by 2FA, from other comments), or a single machine hack, etc. is silly no matter how prolific of a HN user you are.
Statements like "There is no way that my account password was compromised without a much more elaborate hack of Twitter," are... questionable.
I'm not here to bash OP -- they may have been hacked or maybe Twitter was hacked, or something. But if this was me, or any non-prolific HN user, I'd have already been told to pound sand multiple times at this type of outrageous story with no evidence other than "my machines are secure".
Given that OP was making very pro-Ukraine statements and expressing their support for Ukraine on twitter up until that point, I believe it is extremely unlikely they just got drunk and tweeted "Die on the job..." to a pro-Ukrainian publisher called The Kyiv Independent. Even their HN reputation aside, it just doesn't make sense.
I am one of the first people to always take OP statements with a gran of salt in cases like this, but imo there is nothing indicating their own fault here at all. I am simply struggling to imagine any set of circumstances here under which that could have happened other than a hack/account takeover.
He posted in response to a tweet saying that Russian conscripts are expected to train on the job. In that context he's calling for Russians to die on the job, not Ukranians.
>I believe it is extremely unlikely they just got drunk and tweeted "Die on the job..."
Is it not even more unlikely that Twitter itself was hacked, just so someone could post this tweet as OP?
I agree it is an uncharacteristic tweet on the OPs behalf, but... If we are to believe OPs claim that there is "no possible way" their machine and/or account have been hacked... My next step isn't thinking "Well, all of Twitter must have been hacked".
> Is it not even more unlikely that Twitter itself was hacked, just so someone could post this tweet as OP?
Oh, if that's the point of the argument, then I totally agree with you.
I strongly doubt that Twitter itself was hacked. It makes way more sense that someone else simply got access to OP's account one way or another.
Maybe a compromised device, maybe a compromised network, maybe even just a regular account takeover. Who knows, not the first time I've seen someone being in denial about their own account not being as secure as they believed it was (which is extra ironic, given that OP admitted not having 2FA set up for that account).
Oh god, the more I read, the more I actually think your guess might be correct.
Even OP himself, once questioned, didn't really deny, and was just going around the fact by saying he doesn't know why he got banned, and that he wants to figure out whether he did it as well.
On top of being "totally certain" that no one got unauthorized access to their account, all while having no 2FA set up, I just give up my attempt to bother understanding some people. I have zero idea how it is possible to tweet something and then not being able to tell whether you actually tweeted it yourself when presented with a screenshot. But, from what I am seeing OP say in the thread, it seems like a very strong possibility.
Yes, it is more unlikely. But I have an unbroken record of many years of being able to maintain my accounts without any compromises and to date have not seen anything even remotely like this happen. Twitter on the other hand...
>* But I have an unbroken record of many years of being able to maintain my accounts without any compromises*
If I was paid a quarter every time I heard a similar line during an emergency incidence response, I wouldn't need to be working incidence response anymore.
No one gets hacked, until they do. Everyone claims they have the best password, the most secure machine, the most cautious of habits. Then they get hacked. Everyone gets hacked.
I'm not so sure. If he really made that tweet (while drunk as you suggest) it would be better to just delete it and avoid the potential Streisand effect when the truth gets discovered, and I'm sure he's aware of that.
Social media accounts have been hacked before, it's nothing new.
> Seems pretty obvious you made a mistake and are trying to wiggle out of it. Which is human, so I don't blame you. I have said plenty of dumb things online.
Except that that isn't the case. So sorry. My reputation is worth a lot more to me than a tweet or even my entire Twitter account.
But... It's on your account. If Twitter's condition for re-instating the account is that you delete this tweet, and you have enough access to your account to be able to delete the tweet, why aren't you deleting the tweet?
And:
> Twitter is behaving wholly irresponsible here: there is absolutely no way that if my account was compromised that they could not have noticed this prior to issuing the block, and as far as I can see my account is still there, which means that either someone social engineered Twitter into changing the password, then immediately turned around to compromise then get my account blocked or that Twitter has much larger problems in not being able to detect attempts at account compromise.
What if someone got hold of your password somehow? I'm sure Twitter has suspicious login detection, but those things can never be perfect. Maybe OP has really good reasons to think that there's no possible explanation other than a Twitter vulnerability or social engineering a Twitter employee, but none of that reasoning is in this post?
What a weird blog post.