Want amazing, share-able, conservative quotes? Check out QuotableRight on Twitter, Facebook, or the web.

Witness the Power of My Sock Puppet Army

Before you start reading, please note: this post is not going to argue about who is or isn’t a sock puppet. It is purely the result of curiosity about the technical limitations on creating and maintaining an army of “sock puppet” Twitter accounts and ease of maintaining this network once it was created.

Yesterday, former liberal Lee Stranahan wrote a post titled “The Problem with Twitter.” It’s insightful, and it’s worth a read, but the problem basically boils down to anonymity and the ease of creating “fake” accounts. I recommend you read the whole thing, but here’s what I think is his key point (emphasis his):

Is there a reason that all this idiocy happens on Twitter? Why, yes! There is!

Twitter makes it very simple to create multiple anonymous accounts.

That’s it in a nutshell. Any Tom, Dick or Randy with an email account can open a Twitter and nobody has any way of telling who created the account or where they are. …

This leads to Twitter being chock full of accounts that are fake or anonymous, a situation which just isn’t good.

I agree; although, the problem of anonymity is extremely complex. Anonymity encourages bad behavior, but it also enables speech. In other words, it protects the bad actors and the good.

The Sort of Good News

Twitter actually does have some features in place to limit the rate at which accounts are created and prevent automation. If you try to create two accounts back to back, you’ll have to start solving an CAPTCHA. Even better, Twitter uses reCAPTCHA which started as a project at Carnegie Mellon University before being acquired by Google. (If you don’t know why this is better, the short version is the CAPTCHA images are created when a computer for digitizing books can’t recognize the word).

If you keep creating accounts in quick succession, you’ll get locked out anyway. Unfortunately, that’s about the only good news.

The Bad News

Twitter’s rate limiting and CAPTCHA are basically the only hurdles, and the process is simple enough that automation isn’t really necessary. Furthermore, the effectiveness of these can be counteracted by jumping around with proxies and making sure to clear your cookies periodically. If you fill in bogus profile information and follow all your other sock puppets, that helps keep you under the limit too while making your fake personalities more convincing. And once you’ve created your army, it’s kind of a moot point anyway.

Just How Easy is It?

Have you got a keyboard and half an hour? You can have a half-dozen convincing-enough sock puppets in that time. Depending on how effective you are at keeping under Twitters RADAR, you could probably create a few dozen per day. I created 7 accounts as part of this experiment. They are @SockPuppetHQ and @SPA_001 – SPA_006. (Note: If I were actually employing this as a tactic, I wouldn’t be nearly so obvious.)

Here are the basic tools I used: a profile avatar generator with a randomizer, a name generator, a Twitter bio generator, and one gmail account. (If you were doing this for real you would also want to use different sources for profile images. The generator does make unique avatars, but they all have a similar style).

I chose gmail because it allows you to put a plus sign (+) after your username, and then you can add whatever you want after this plus sign and Google treats it as the same address. Why is that useful? It greatly reduces the management burden. If you create a separate address for each account, then you have to manage that many more accounts and you have to remember the right email address if you ever lose your Twitter password, get locked out, etc. Let’s say the gmail account I used was army@gmail.com (it wasn’t). The first account I created, @SockPuppetHQ, used that address. SPA_001 – SPA_006 used army+1@gmail.com through army+6@gmail.com.

Practically speaking, there’s nothing Twitter can do to stop people from using this technique.

Once you’ve created an account, you follow your main account, and all of it’s followers and get started on the profile info. Filling in the bio and putting up a picture is an important step because it makes the account look legitimate. “Real” accounts don’t use the default image. When a Twitter user sees the default image, they’re going to assume it’s spam. Fortunately, the tools I mentioned let you complete this process is roughly a minute, two if your working slowly.

Using your name generator, you generate a list of random names, pick the best one, and copy and past. Using the profile generator, you generate a random profile, and copy and past. And finally, using your avatar generator, you generate a unique image to upload. Done.

There is no need to change the background, because many users, especially those using clients, will never see it, and even if they do, the default background is hardly suspicious.

Why Does this Matter?

It matters because of what you can do after you’ve created your army and connected your accounts to Tweetdeck. Tweetdeck is the best client I found for actually utilizing your sock puppets. It’s free, and the online application means you can direct your puppets from any computer with a browser and an internet connection, but I digress.

What would you rather do, argue with one person, or an army of 20 or 30 or 50 who aren’t actually interested in what you’re saying. Tweetdeck lets you create the appearance of a huge hoard of opposition that doesn’t really exist. From the view of the person being attacked, a couple dozen people have just started mentioning them. They can’t keep up because they’re trying to track and respond to each conversation separately. We’re not built to multitask, which is convenient for the person on the other side of the connection controlling the sock puppets. They only need to track one attack, and they can make liberal use of copy and past and retweeting.

Is There Anything I Can Do?

I don’t know. I started this to see just how easy it was to create and maintain a “sock puppet army,” and found that besides rate-limits and the CAPTCHA, there isn’t much stopping you. Unfortunately, any solution also has the potential for collateral damage. For example, I don’t think anyone wants to take anonymity away from dissidents living under oppressive regimes.

My best advice: be aware of what can be done, and don’t feel like you have to respond to every detractor, especially if you have numerous people mentioning you at the same time.

Comments on this entry are closed.

  • Outstanding work, sir…

  • You can use perl or python tools to automate a lot of functions. Also, and this is particularly true with IPv6 where you have for all practical purposes unlimited IP addressing, can get around rate limiting by having your programs bind to different IP addresses configured on the interfaces of the machine. This does require expertise beyond what the average computer user might have but we are only talking about mid-level programming and system administration skills here. A first year computer science college kid could do this.

    Creating the accounts initially manually might be required if you hit CAPTCHA but you can pay someone in India $20 to make several hundred for you in their spare time. All of the rest can be fully automated using the same API that is used by other twitter client programs. For example: http://code.google.com/p/python-twitter/

    Once that is done you can do all SORTS of things and using much the same technology as that used to generate IRC chatbots, you can create twitter bots that from all appearances would seem to be “normal” people.

    If someone has time on their hands and some programming fundamentals, it isn’t rocket surgery.

  • Socialist movements used this technique long before the internet was invented. Ten people invent ten organizations each. Each then becomes members of each others organizations. Over night you have “almost one hundred organiztions” representing “thousands of members” and the “popular” movement can start. Old trick, new tech.