I was thinking about Twitter and Iran and identity yesterday while watching activity on Twitter. First, for the benefit of those living in a cave, Iran had an election, and it appears the results are at odds with public perception. Being effectively a Muslim orthodox theocracy, the population is not given a lot of opportunity to voice displeasure with the government. That being the case, Iranians have been flooding Twitter, Facebook, and YouTube with news, videos, protest information, police activity, etc. The Iranian government is doing their best to lock down access to these web services, but it is difficult. Twitter, especially, has a very open API and a number of ways to receive posts.
Question number 1: How do you sort out the good posts from the bad? Apparently Iranian security forces have created Twitter accounts and are posting false information. I have noticed an increase in the number of spammers using the #IranElection hash as well. In addition to that, requests have been made to all Twitter users to change their profile information to show they are in Tehran and their timezone is +3:30GMT. This is supposed to create additional noise so it is more difficult to determine who is actually in Iran.
Question number 2: Where is the SSL in the 3rd party apps? Twitter and Facebook offer the option for SSL login. I haven’t looked into the API, but I’m not sure if Twitter allows 3rd parties to connect via SSL. Even if they do, how often is the feature used? One of the ways people are filtering noise vs data in the Twitter feed is by looking at when the account was created. If Iran owns the backbone leaving the country, what’s to stop them from sniffing the traffic and hijacking known, trusted accounts? I have some concerns posting this, but, honestly, we don’t get a lot of traffic here. Also, if the Iranian security folks haven’t figured this out yet, then they have way bigger problems on their hands.
Question number 3: Why are major news sources publishing account names when quoting Twitter? I can understand wanting to document where the information came from, and perhaps even keeping records of all the details, but do you need to publish names?