We all know how fun Twitter can be. Many people have fallen in love with this micro blogging site, and don’t really see anything that could go wrong. After all, who needs Twitter safety tips against a cute, bird logo?

Well, don’t be too caught up in your Twitter postings that you forget your safety. Remember that the Internet is still a prime target market for sexual predators, stalkers, fraudsters, scammers, hackers and people who want to do others harm. You might need these Twitter safety tips more than you realise, especially if you have just started to use twitter.

Just the other day, I chanced upon this TV interview of a young, popular actress who pointed out that someone has set up an account on Twitter, pretending to be her which leads me to…

Twitter Safety Tip # 1:  Don’t believe everything you read

Have we not learned from the past? The Internet, while not harmful by itself, is still a haven for individuals and groups that are up to no good.

After all, who can say that a 50-year-old pervert isn’t a cute, 15-year-old student from London when he sounds just like a 15-year old student from London? And that picture of him in that blue shirt just backs it up, right?

If you are inclined to believe this, then you need this Twitter safety tip more than anyone else. People who want to befriend you can easily make up lies on Twitter. Don’t think for a second that they wouldn’t take the time and effort to prattle away about their non-existent boring Algebra classes and upcoming winter dance if it meant making themselves more convincing.

Be aware that there are many fake profiles on twitter. Learn how to spot them. Firstly, you’ll notice that they have not posted much, and with links being shortened, its hard to see if your being sent to a real site or a dodgy site where you will be prone to a clickjacking attack/scam. Other things too look out for are the following and followers. Usually you can tell by looking if this is a real person or a fake. Also keep away from people sending tweets from API. Scammers/Spammers also follow each other, and may converse between themselves to make it look like they have actual friends. Be wary. A quick example of clickjacking. Click this link (its safe), but its shows you how an easy link can be spoofed.

The most common looking fake profile with low followers

Automated tweets from the Twitter API - Block these people

If you want to follow a celebrity, I suggest you look for the new Twitter Verified Account tag that’s added at the top right of a profile, and check out Valebrity for a huge list of validated celebs.

An official Verified Account

Last bits on this subject, there are lots of automated scripts out there that create fake profiles, bots that create fake posts and user accounts. So if you are unsure that this is a real person, do some investigating and look at their followers and see if any of them has ever had a proper conversation with this possible ‘fake’. If in doubt, don’t follow them back and block them.

A typical fake Profile. Notice there's no conversation, and low followers

Also beware of tweets and websites that claim Get 160,000 followers in a month, or words like that. Firstly, they don’t work, and secondly they are probably a scam.

Why? Well, once you click a link, you are directed to a website where you enter your Twitter login details. Now the scammers/spamers can send tweets from your account. Also, they may flood Twitter with thousands of messages. Twitter hates this and it will get your account locked and possibly deleted. If this happens and you still have access to your account, change your password immediately.

When visiting any website that is not directly affiliated or endorsed by twitter, be very careful when submitting your account details. You never know who owns the website or what they are using it for, so do some research first. Check the whois information for the site (this can also be faked), search twitter to see if other people are using the site (or even an app) and see if they seem to be sending spam tweets. If all is clear, then they are probably OK.

Never pay for a service that links to Twitter.

Twitter Safety Tip # 2: Don’t give out your location

I know that micro blogging is fun. There’s just something addicting about being able to post what you’re doing or what you’re feeling at this exact moment… and having hundreds, possibly thousands of followers seeing it.

If you have added people in Twitter who are not really your friends, then all the more reason to be careful. If you, for example, tweets that you’re stuck in the Starbucks near your home late at night, anyone could just take advantage of that information. Its only a matter of time until you turn on the TV and hear that someone is being stalked or has been attacked or murdered because they twitted their exact location, so be warned.

Lastly on this location tip. Be careful if you are using an iPhone and turn on the Location Option. It looks like this in a persons profile: 37.739705,-122.430799 and gives you the longitude and latitude of a persons iPhone. This can be used to track you. So turn this feature off.  In a test, I activated this feature on an iPhone with Twitterrific. With a laptop and mobile phone enabled with GPS Software I travelled miles away from home, where I left the iPhone switched on. I activated the Laptop and GPS, loaded my Twitter page and got the coordinates. I entered them into the GPS system and navigated the route to 20 meters from my doorstep. Anyone could do this with just a laptop and GPS Enabled phone. You can also go to Google Maps and copy and paste the longitude and latitude, this will also give the location. And with Street View, you can probably see where that person lives.

Twitter Safety Tip # 3: Don’t attract too much attention to yourself

Twittering that you have just received a gold bracelet from your boyfriend can also attract the wrong sort of followers to your account. Trust should not be so freely given on the Internet.

You might want to show it off on Twitter via TwitPic or some other image provider or host, but think about the possible risks. It might tempt others into doing something both you, and they, will regret.

As much fun as Twitter is, set a limit on how much private information you’re really broadcasting to the world. Many of you may be thinking, ‘yeah, whateverrrr’, or ‘yeah OK, this will never happen to me’. But never forego you’re safety,  and never let your guard down on the Internet. If you do, you’re a fool!

More protection…

When using twitter, I’d suggest using a 3rd party application like TweetDeck (which is my favorite twitter app) or CoTweet (which is my second fave). The reason for using a 3rd party application is that it uses Twitters API (Application programming interface) and you are less likely to get a trojan or virus from clicking on a users infected profile. Yes! You can also get a Trojan or Virus from using Twitter. A while back, Twitter was plagued by the ‘Mikeyy Worm‘ that infected you if you clicked on a profile that had been compromised by the Mikeyy worm. Incidentaly, the Mikeyy worm was actually written by Michael Mooney, a 17 year old kid and it crippled millions of Twitter accounts.

You can keep track of attacks on twitter here. And if you would like to report suspicious activity, a spammer or something that doesn’t look right, follow twitters Spam Team and then send them a tweet with your problem: http://twitter.com/spam and they should help. Also, if you have any real issues and you need support from Twitter, visit their ticketing system.

Twitter is not perfect and is riddled with security holes, and more are being discovered or exploited daily. For a platform that’s almost over 3 years old, the boffins at Twitter really should plug these holes, tighten up security and keep people safer. Don’t let this spoil your twitting experience though. As long as you keep safe whilst on twitter, and learn how to spot the fake profiles, you’ll have a great time.

If you have any Twitter tips you would like to share with us, please comment below and at some point I will include these in a list, and credit you.

Lastly, check out Sharon Hays’ Blog for tons of Twitter information. She’s a pure Twitter professional, lovely person and her blog will help you get used to Twitter if you are new. Also, checkout Twitter 101 for some excellent information.

Recent Twitter Bots/Scammers

I will update this section of this post as new scams, bots and strategies change, so keep popping back for updats…

You will notice that they are now having conversations. But with other bots and they use rubbish English like ‘Howz U doin‘,  ‘I did dat last wk‘ and so on. If you click on the people they are following, you will notice the same bad grammar and spellings. Some of these new spammers are also now mimicking or pretending to be up and coming actors/actresses and celebs.

3rd Party Application Spam

I’ve noticed that spammers are now creating profiles and posting tweets via TweetDeck and CoTweet as well as TwitterFeed. Again, there is no real conversation and the posts are riddled with useless links and random tweets. You may also notice that the spammers and bots are now using lists to make them look like normal people. Be wary.

New fake profile using TweetDeck and using Lists

True Twit

This is not a danger, but I wanted to update you with this cool utility. If you are plagued by Twitter spam (or Twam) and you have had enough, you can try True Twit. True Twit has been around a while now and what it does is to verify anyone following you. So, if for example, I follow you, I’m sent a DM to click a link to verify that I am in fact a cool human being and wants to follow you because I think your cool. I don’t have to enter any of my Twitter details either.

True Twit - Helping stop Twitter Spam

True Twit also has a few neat options behind the scenes, where you can send a verification note to anyone on your list to whom you think may is a spammer or may have a fake profile, they are then sent a DM to verify themselves. The message that is sent is customisable, or you can use the default message. You can also unfollow people too. Signup today and help stop the spam.

http://www.truetwit.com.

Stay tuned for more info…

The Internet has shown that reputations are important but don’t have to be tied to specific real individuals. The entire banking system is built on top of the idea of reputation, but tries hard to tie them to real identities. The problem of identity theft is likely to break this connection. We will see a greater disconnect between individuals and their reputations.

Identity theft has been a big hit with the purveyors of fear in recent years. We all now live in terror of waking up one morning and finding that someone has stolen our identity, and we can’t even remember who we are.

Well, maybe not. But identity theft is a real problem. If someone manages to construct a copy of your identity, you don’t stop being you, you just stop being the owner of all of your money (unless you can persuade your bank it’s their fault). You might get back from vacation to find that your house has been stolen…

Identity is closely tied to the concept of reputation. We are now trying to apply ideas from villages of a few hundred people to a global scale and (not surprisingly) finding that they don’t quite work.

In a small community, everyone knows—or knows of—everyone else. Reputations are very important. If you want to borrow something from a neighbour, or ask them for a favour, then you will have some idea of how much you trust them.

When banks started, they would use this sort of model. They would be willing to lend you money based on letters of recommendation from people they trusted, or based on their prior dealings.

Now banks have grown so big that they use a much less personal system, but still deal in the idea of reputations.

The Social Security Scam

Some time ago, the UK and the U.S. governments introduced the concept of a Social Security number (SSN). This was a unique identifier assigned to every taxpaying citizen, allowing their tax records to be connected together.

Having a unique identifier for people was useful to a lot of institutions. It’s pretty hard to know whether you can trust John Smith, but it’s much easier to find out information about a specific John Smith.

The problem began when people started regarding knowing someone’s Social Security number as proof (or, at least, strong evidence) that you were that person.

This attitude isn’t limited to SSNs, by the way. One of my banks has an ultra-secure login where, in addition to my password, they also require that I tell them the following information:

• My mother’s maiden name
• My house number
• My date of birth

All these responses are public knowledge and can be looked up by anyone who wanted to find them out.

The most surreal experience I’ve had with a bank was one based in the United States. I phoned them to try to set up Internet banking. The conversation went something like this:

Me: Hi, I’d like to know my password for Internet banking, please.

Them: Certainly. We just need to confirm your identity. Can you tell me the size of the last transaction in your account, please?

Me: No, I want to log into Internet banking to look that up.

Them: Oh, we can tell you that over the phone.

Me: Okay…

Them: £n

Me: Thanks. The answer to your question is £n.

Them: Oh, I can’t ask you things I’ve just told you as a security question.

Me: Well, that’s sensible.

Them: Let me transfer you to someone who can.

Me: !

The next person I talked to asked me for the number that the first representative had given me, and was then happy to pass on my Internet banking password.

The illusion of security seems very popular with banks at the moment.

Reputation versus Identity

Part of the problem with this system is that it associates your reputation with your identity. If you are going to buy a house and are looking for a mortgage, then it is not unreasonable for a potential lender to want to know about the house you are thinking of buying, your current income, earning potential, outstanding debts, and so on.

If, on the other hand, you are looking to take out a credit card with a £1,000 credit limit, the only thing they need to know is whether you can service a debt of £1,000.

Either do you have £1,000 in liquid assets, or do you have enough disposable income to service interest payments at the horrendous rates that credit card companies charge?

Unfortunately, the way the system is set up at the moment, there is no fine-grained control. Someone who uses a £1,000 credit card application to steal your identity gets enough to take out a £500,000 mortgage backed by your reputation.

A bigger problem is what to do after your identity has been stolen. Fingerprint locks are pretty cheap now, but most people still prefer to use pass codes. The reason is, if someone steals a pass code, you can change it.

If someone steals a copy of your fingerprint, it’s very difficult to grow a new finger. The current situation with identities is similar to the fingerprint lock. So much of the information associated with your virtual identity is tied to the real you that building a new one that the thief does not have access to is very hard.

Multiple Personalities

One solution to this problem would be to have multiple virtual identities. This is already quite common outside of financial circles.

I have an account on Slashdot, for example, where I post under a pseudonym. Someone who cared enough could probably link that virtual identity to me fairly easily, but most of the time it can be treated as a separate persona. It has an independent reputation, based on Slashdot’s karma system.

Since I post more informative comments than troll posts (or, at least, most of my attempts at trolling go unnoticed), that persona has a good reputation. That reputation, however, is in no way related to the reputation I have as a result of writings published in other places.

The idea of multiple personalities would make sense for financial markets, too. Going back to the earlier example, if I wanted to apply for a credit card, then I would not have to use my real identity to do so. I could create a new identity and have my real identity guarantee it up to a certain limit that would be sensible for the credit application.

From the credit card company’s perspective, the identity would have a fixed income of some proportion of my income and a fixed capital of some proportion of my capital. They would be isolated from my real identity and only see the subset of my assets that were required to construct an identity that was a safe risk for lending money to.

This kind of game isn’t particularly new. Corporations do it all the time. They set up shell companies, spin-offs, or joint ventures for a variety of purposes. Some have to do with combining resources from different companies; some have to do with shielding the parent organization from liability.

Both of these would be useful for individuals. Couples sharing a house, for example, might want to create a phantom shared identity rather than having individual responsibility for various payments. Limiting liability is the more important one, however.

The concept of limited liability has to do with limiting the amount of money you can lose. In simple terms, if a limited liability company goes bust, the investors don’t lose any money beyond that which they had invested already. Banks know this, and will not take the investors’ assets into account when assessing the risk involved with lending the limited company money.

Putting this in terms of identity theft, someone who could pose as the limited company would be able to do only a small amount of damage to the investors.

This kind of structure would be ideal for limiting the effects of identity theft. When applying for small loans, you could create a limited liability identity, and an identity thief who took it would not gain any more than a thief who took a credit card.

Fluidity of Identity

The Internet has shown time and time again that reputations are important, but don’t have to be tied to specific real individuals. The entire banking system is built on top of the idea of reputation, but tries hard to tie them to real identities.

The problem of identity theft is likely to break this connection. We will see a greater disconnect between individuals and their reputations.

Corporations already do this with different branding for different market segments, and it’s only a matter of time before the facilities become more widely available.

The designers of the Secure Internet Live Chat (SILC) protocol realized this some years ago. SILC does not provide a mechanism for tying an online personality to a real person (although you can do this out of band).

Instead, it provides something more valuable; a way of telling whether a particular online identity corresponds to the same person today as it did yesterday. This is valuable in an online chat setting, because the only contact you are likely to have with a particular person in an Internet chat room is via that chat room. The reputation is based entirely on their behaviour in that context.

The same is true in many other contexts; the behaviour of individuals in a specific context is important and their actions in others are misleading. My advise; Protect yourself at all costs and be careful who you pass over your information to. Remember that Governments and legal bodies keep losing your data, either because they are careless, don’t have proper facilities in place to safeguard your data, or they just don’t care.

What do you think is the Future of Identity?