On Being Fodder for Questionable Twitter Posts

Okay, I know this is starting to seem like an obsession, but I can’t figure out why someone(s) would be constructing tweets that consist of my blog post headlines and links back to my postings. I’m wondering how wide spread this problem is, so I constructed a list of URLs to blog posts based on the Planet Code4Lib Atom feed and pointed them to the Ubervu service. Ubervu has a view into the Twitter firehose, and constructs reports of Twitter mentions of URLs. For instance, I can see all of the odd headline tweets for my previous postings through this service. I can then easily scan through the list for other people that seem to be affected by this strange phenomenon.

Note!Eric Schnell has a great summary of these posts and related comments called Is a Twitterfarm Pranking the Jester? in his blog The Medium is the Message. Thank you, Eric.

Here are the results. In all cases except for one, the ‘twitterfeed’ service was used as the bridge between some feed of blog postings into individual tweets.

  • Ubervu service view of scienceblogs.com/bookoftrogool/2009/12/making_author_authority_easier.php
  • Ubervu service view of elibtronic.ca/content/20091229/anatomy-pown-pownd-part-2
  • Ubervu service view of dltj.org/article/twitter-spam/ [Me -- 7 questionable tweets, described in previous post]
  • Ubervu service view of people.oregonstate.edu/~reeset/blog/archives/805
  • Ubervu service view of peterbrantley.com/reality-dreams-for-libraries-213
  • Ubervu service view of commonplace.net/2009/12/old-library-new-library/
  • Ubervu service view of orweblog.oclc.org/archives/002040.html
  • Ubervu service view of catalogablog.blogspot.com/2009/12/marbi-meeting-minutes.html
  • Ubervu service view of people.oregonstate.edu/~reeset/blog/archives/804
  • Ubervu service view of www.lisnews.org/librarian_h_o_p_e_hackers_planet_earth_conference
  • Ubervu service view of orweblog.oclc.org/archives/001392.html
  • Ubervu service view of scienceblogs.com/bookoftrogool/2009/12/top-down_or_bottom-up.php
  • Ubervu service view of dltj.org/article/alamw10-schedule/ [Me again -- 5 questionable tweets, described in previous post]
  • Ubervu service view of infomotions.com/blog/2009/12/good-and-best-open-source-software/ [2 questionable tweets: Twitter ID 'audio_college' (3,240 followers) and ID 'DTcomputers' (10,204 followers)]
  • Ubervu service view of catalogablog.blogspot.com/2009/12/isbd-area-0-in-rusian.html [1 questionable tweet: Twitter ID ‘rem_simanovski’ (658 followers)
  • Ubervu service view of go-to-hellman.blogspot.com/2009/12/case-against-using-spoofed-e-books-to.html [1 questionable tweet: Twitter ID ‘ispicey’ (8,177 followers)
  • Ubervu service view of orweblog.oclc.org/archives/002039.html
  • Ubervu service view of orweblog.oclc.org/archives/002038.html
  • Ubervu service view of orweblog.oclc.org/archives/002037.html [4 questionable tweets: Twitter ID 'peterpains' (1,017 followers); 'LostInDaSources' (1,057 followers, other posted links in twitter stream to spamy web pages); 'JackOOler' (914 followers); 'FreePsyche' (123 followers, is adding text to blog post titles in tweet)]
  • Ubervu service view of john.mignault.net/blog/2009/12/26/coffee-exchange/
  • Ubervu service view of bibwild.wordpress.com/2009/12/24/issn-search-field-in-solr/
  • Ubervu service view of people.oregonstate.edu/~reeset/blog/archives/801
  • Ubervu service view of www.libraryjournal.com/blog/1090000309/post/1950051395.html?nid=3565
  • Ubervu service view of hublog.hubmed.org/archives/001891.html
  • Ubervu service view of catalogablog.blogspot.com/2009/12/cookery.html
  • Ubervu service view of catalogablog.blogspot.com/2009/12/character-sets.html
  • Ubervu service view of go-to-hellman.blogspot.com/2009/12/holiday-product-management-and.html [1 questionable tweet: Twitter ID 'holiday_gifts' (3,237 followers)]
  • Ubervu service view of community.oclc.org/hecticpace/archive/2009/12/jingle-books.html
  • Ubervu service view of ptsefton.com/2009/12/23/bye-bye-word-2007-custom-xml.htm
  • Ubervu service view of scienceblogs.com/bookoftrogool/2009/12/tidbits_22_december_2009.php
  • Ubervu service view of inkdroid.org/journal/2009/12/22/hacking-oreilly-rdfa/ 1[ questionable tweet: Twitter ID 'soslab' (122 followers, also reposted a DLTJ post)]
  • Ubervu service view of www.eff.org/deeplinks/2009/12/e-book-privacy
  • Ubervu service view of litablog.org/2009/12/last-standards-announcements-of-2009/
  • Ubervu service view of catalogablog.blogspot.com/2009/12/anatomy-of-catalog-record.html
  • Ubervu service view of efoundations.typepad.com/efoundations/2009/12/online-learning-in-virtual-environments-final-report.html
  • Ubervu service view of blog.iandavis.com/2009/12/new-blog-url-blog-iandavis-com
  • Ubervu service view of catalogablog.blogspot.com/2009/12/cuttering-at-national-library-of.html [1 questionable tweet: Twitter ID 'jadep2008' (account now suspended by Twitter)]
  • Ubervu service view of community.oclc.org/hecticpace/archive/2009/12/hectic-shame.html
  • Ubervu service view of miskatonic.org/2009/12/21/my-code4lib-2010-t-shirt
  • Ubervu service view of miskatonic.org/2009/12/21/dchud-and-nunanishi
  • Ubervu service view of mblog.lib.umich.edu/blt/archives/2009/12/further_tweaks.html [1 questionable tweet: Twitter ID 'FastestFood' (124 followers, profile URL leads to "get rich quick" site)]
  • Ubervu service view of blog.threepress.org/2009/12/21/nook-1-1-0-firmware-update-report/
  • Ubervu service view of maisonbisson.com/blog/post/14198/apple-netbook-newton-emate-300/
  • Ubervu service view of go-to-hellman.blogspot.com/2009/12/copyright-enforcement-for-ebooks.html [1 questionable tweet: Twitter ID 'OnlineTVNews' (160 followers, using "RSS2Twitter" rather than twitterfeed, profile URL points to a commercial TV-over-IP service)]
  • Ubervu service view of efoundations.typepad.com/efoundations/2009/12/scanning-horizons-for-the-semantic-web-in-higher-education.html
  • Ubervu service view of code4lib.org/node/346
  • Ubervu service view of orweblog.oclc.org/archives/002036.html
  • Ubervu service view of orweblog.oclc.org/archives/002035.html [1 questionable tweet: Twitter ID 'workfanatic' (878 followers, tweets include part of post, may be a legitimate consulting service)]
  • Ubervu service view of john.mignault.net/blog/2009/12/20/calibre-quickstart-for-kindle/
  • Ubervu service view of www.frbr.org/2009/12/20/last-week-in-frbr-11 [2 questionable tweets: Twitter ID 'soslab' (122 followers, also seen with other Code4Lib planet posts); 'CTSeven' (3,968 followers, profile URL seems to point to a legitimate business)]
  • Ubervu service view of www.libraryjournal.com/blog/1090000309/post/300051430.html?nid=3565
  • Ubervu service view of www.parser.ca/z678/2009/12/18/this-is-what-im-talking-about-evergreen-ils/ [3 questionable tweets, all with the same profile URL that seems to point to a legitimate business: Twitter ID 'GlowPaint' (1,559 followers, prepends fixed text string to tweets); 'BlackLightInfo' (943 followers); 'FutureOfGlow' (5,090, prepends fixed text string to tweets)]
  • Ubervu service view of scienceblogs.com/bookoftrogool/2009/12/authority_control_then_and_now.php
  • Ubervu service view of mblog.lib.umich.edu/blt/archives/2009/12/hathitrust_reac.html
  • Ubervu service view of futurearchives.blogspot.com/2009/12/virtually-jodconverter-ii.html [1 questionable tweet: Twitter ID 'archivesopen' (701 followers, profile URI points to a Blogspot blog, seems to be legitimate)]
  • Ubervu service view of litablog.org/2009/12/lita-happy-hour-mw2010/ [1 questionable tweet: Twitter ID 'library_breath' (253 followers, profile URL points to Japanese site)]
  • Ubervu service view of catalogablog.blogspot.com/2009/12/xforms4lib.html
  • Ubervu service view of www.libraryjournal.com/blog/1090000309/post/1840051384.html?nid=3565
  • Ubervu service view of vphill.com/journal/?p=2740
  • Ubervu service view of digitalcuration.blogspot.com/2009/12/more-activity-on-semantic-publishing.html
  • Ubervu service view of www.librarywebchic.net/wordpress/2009/12/17/learning-and-loving-jquery-for-the-most-part/ [1 questionable tweet: Twitter ID 'clearvisage' (1,405 followers, profile URL points to a "skin rejuvenation" site)]
  • Ubervu service view of futurearchives.blogspot.com/2009/12/virtually-jodconverter.html [1 questionable tweet: Twitter ID 'careersoft' (2,648 followers, profile URL points to a site without a DNS entry)]
  • Ubervu service view of futurearchives.blogspot.com/2009/12/t.html [2 questionable tweets from the same account: Twitter ID 'archivesopen' (701 followers, profile URI points to a Blogspot blog, seems to be legitimate)]

Interestingly, in one case — inkdroid.org/journal/2009/12/22/hacking-oreilly-rdfa/ — ‘twitterfeed’ seem to be legitimately used by Eqentia for a Twitter account called ‘semanticnews’. The bio on the twitter account says: “Tracking what’s new in the Semantic Web space. 2,500+ articles indexed via Eqentia’s semantic platform. Sign-up and experience Semantic-powered News”. Ubervu also shows that the ‘semanticnews’ tweet was the start of a Twitter thread of three other tweets on the same topic.

Analysis


Although others in the code4lib community seem to be affected by this, in this limited set none have come close to the reposting of my blog entries. I still can’t fathom a purpose behind this other than trying to mask other activities with what seems like legitimate activity. It doesn’t feel right, so I’d like to take steps to counteract it.

I went poking in my server’s access logs searching for occurrences of ‘twitterfeed’ and came back with a surprise: where I expected to see ‘twitterfeed’ in the User-Agent string, I actually found it more as a Google Analytics parameter on URL requests in these two forms:

  • ?utm_source=twitterfeed&utm_medium=twitter
  • ?utm_source=GAlert&utm_medium=twitterfeed&utm_campaign=CDT_RSS&utm_term=TechNews

At this point, I’m not sure what is introducing those parameters. I can’t find documentation for it in the Google Analytics help system, but I suspect it might be coming as a part of Feedburner. I’m pretty much a newbie when it comes to Google Analytics, so if anyone has any insights, I’d appreciate it.

There are two cases where ‘twitterfeed’ is being used as part of a user agent string (or "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3 twitterfeed" more specifically). I’m going to set up a honeypot for twitterfeed using mod_rewrite conditions on my server:

## Attempt to block twitterfeed
RewriteCond %{USER_AGENT} "twitterfeed"
RewriteRule feed.* /atom-feed-for-twitterfeed.xml [R=302,L]

The “atom-feed-for-twitterfeed.xml” file consists of:

< ?xml version="1.0" encoding="utf-8" standalone="yes" ?>
<feed xmlns="http://www.w3.org/2005/Atom">
 
	<title>DLTJ Twitter Honeypot</title>
	<link rel="alternate" type="text/html" href="http://dltj.org"/>
	<id>http://dltj.org</id>
	<updated>2009-12-30T17:47:10+00:00</updated>
	<generator uri="http://dltj.org/about/">An annoyed jester</generator>
 
	<entry>
		<title>Twitter and Twitterfeed honeypot</title>
		<link rel="alternate" type="text/html"
			href="http://dltj.org/article/questionable-twitter-posts/"/>
		<id>http://dltj.org/article/questionable-twitter-posts/</id>
		<updated>2009-12-30T17:28:07+00:00</updated>
		<content type="html">&lt;p&gt;This is a honeypot to try to catch Twitterfeed when it injects postings into Twitter.  For more information on why I'm trying this, see &lt;a href="http://dltj.org/article/questionable-twitter-posts/"&gt;this blog post on &lt;acronym title="Disruptive Library Technology Jester"&gt;&lt;i&gt;DLTJ&lt;/i&gt;&lt;/acronym&gt;&lt;/a&gt;.&lt;/p&gt;</content>
		<author>
			<name>Murray, Peter</name>
			<uri>http://dltj.org/about</uri>
		</author>
	</entry>
</feed>

Yeah — I know I’m breaking the rules by giving different content for the same URI. But remember, this is just a honeypot.

With this, I’m going to see if my honeypot entry shows up in one of these Twitterfeed-injected posts. Am I showing signs of being obsessed with this? Yep, no doubt. But I really want to know how and where my content is being used. This itch definitely needs to be scratched.

(This post was updated on 16-Nov-2012.)