Twitter is a relatively new Web 2.0 service whose catchcry is to answer the question "What are you doing now?" Let's start with some basics. Twitter is essentially a centralised broadcast system - uers simply sign-up by creating a password-protected account with a username. The username can be anything, and people may use an alias or their real name if personal branding is important.
After you have your account, you can start sending tweets, which are text messages limited to 140 characters. Twitter gathers your tweets on a page in chronological order, so over time your tweets create a diary or log of your activity - what you are doing, where you have been or going, what you are reading, what you are working on, and so on.
At this point your tweets aren't doing very much. There is a central search function so other people with Twitter accounts can run searches across all tweets, including your own. The next step is to get followers. Followers are other Tweeters who subscribe to your tweets. Each tweet you send is then distributed to all of your followers by Twitter. Tweeters typically use a dedicated Twitter client to aggregate the tweets of all the people they are following, which are presented as a stream of tweets. Many tweets consist of a short observation followed by a link (suitably shortened by a service such as) , so tweets become a links into Web 2.0.
Twitter also allows you to send a direct reply to a tweet, or also do a retweet, which is where you received a tweet from someone you are following and then you send it on to all the people who are following you. Tweet first and ask questions later.
Marketing firm Hubspot recently published a report on the state of the TwitterSphere for Q4 2008. They estimate that there are currently 4 to 5 million Twitter users, about 30% of whom are new or intermittent users. From the graph below, Twitter user growth has increased dramatically since March 2007 with 70% of current users joining in 2008.
Between 5 and 10 thousand new users are being added each day, which sounds impressive, but keep in mind that Facebook is adding 700,000 new users per day. It was recently estimated that Twitter would take 36 years to achieve the same user base that Facebook has at present.
Nonetheless Twitter boasts a broad user base from Arnold Schwarzenegger, the governor of California, to Stephen Fry, the reader of the Harry Potter series amongst many other things.
Most users follow less than 25 other people, but there are a group of power users who have between 20,000 and 100,000 followers. All but 1% of users have less than 1000 followers.
Twitter is an unauthenticated service in that you can register for an account merely by creating an unallocated username and supplying a password. If you create a user called Muhammad Ali and start talking about boxing, Twitter won't be checking if you were really rumbling in the jungle with George Foreman in 1974.
An account was recently set up in the name of Internet legend Vinton Cerf, which was eventually suspended by Twitter staff once it became clear that the account a front promoting auction search sites. Security guru Bruce Schneier recently had to post on his blog that
This impersonation problem is not unique to Twitter but people are starting to treat the information received as authoritative. The real point is that enough people are creating data capital in web 2.0 that can be wiped out with a few bad posts - pre-Web 2.o famous people can just shrug it off. Highlights the problem of lack of a general Internet authentication mechanism, and perhaps also reminiscent of cybersquatting with respect to domain names looking for a big sale if the service went well. However in this case there is a better vetting process then with Twitter that is using the honour system.
Recently the first phishing scam emerged on Twitter which directed users to a Twitter look-a-like page registered in China and tried to phish out passwords. The author comments that
This may go without saying, but consider how many third-party Twitter services you use? Seems it’s about time for some kind of verification / validation for applications using the Twitter API - so you can be sure you’re passing your credentials to the right people. I’m guessing this particular phishing scam is not using the API (but there’s no way for a user to properly verify).
Indeed there is a Twitter ecosystem developing which to participate usually requires that you give in your Twitter username and password. The problem of authentication is not just restricted to twitter users but Twitter applications as well.
I have gathered quite a few references to risks facing Twitter and I will post more on this topic later this month.