Elon Musk and the Twitter Bots: We Tested Account Creation with A Disposable Email
Is Elon Musk right when he says spam bots are a problem on Twitter? If you consider how easy it is to create a fake Twitter account, you’d be inclined to say “yes.” Below we look at the loose security filters one can bypass to start a Twitter account with a disposable email address.
That’s the amount of time it takes to set up a new account on Twitter using a disposable email address. I wanted to see if it was even possible with an illegitimate email. It wasn’t just possible; it was easy.
But first, what prompted my experiment?
It was all of the news headlines about Elon Musk’s Twitter acquisition and the talk about spam bots.
Spam bots, an obstacle to Elon Musk’s Twitter acquisition
ZeroBounce was featured in a recent article in the LBN Examiner entitled “How Elon Musk Could Win the War on Spam Bots.” The article addresses Elon Musk’s concerns about the prevalence of bots on the social networking site and what could be done to keep them at bay.
The letter Musk’s lawyers filed with the Securities and Exchange Commission asserts Mr. Musk’s desire to evaluate “the spam and fake accounts on the company’s platform.”
But how reasonable are his concerns?
Now, I’m not in the business of creating bots, but I wanted to see if Twitter would allow me to register with a disposable email address.
What is a disposable email address?
Disposable email addresses are designed to last a short time, sometimes minutes. They’re also called “burner,” “throw-away” or “temporary” email addresses because they self-destruct so quickly.
Did you know that ZeroBounce detects disposable email addresses? Find out if you have any on your list – signing up takes less than a minute and gives you 100 free email verifications, every month.
To use one, you don’t even have to register. Temporary email providers don’t ask for any personal information. Anonymity is the cornerstone of disposable emails. Doesn’t it seem like a burner email address would be the first thing Twitter would block?
How I used a disposable email to start a Twitter account
I started out by creating a disposable address using Temp Mail.
After going to Temp Mail, it generated the following email address: firstname.lastname@example.org, which I was able to copy and paste into the Twitter sign-up form. Many websites or email newsletter subscriptions will stop you right then and there, particularly if they have an email validation API connected.
Real-time email validators will ask you to enter something else if you put in a low-quality email address, like an invalid, role-based or disposable email. They also let you know if you made a typo when keying in your email.
Twitter accepted the Temp Mail email address with no problem at all. I ended up trying a few different temporary email address providers and Twitter accepted all of them.
The question I have: do the owners of Twitter know that this creates a security issue or are they aware and for some reason don’t do anything about it?
Elon Musk himself has recently expressed skepticism about this. “I’m worried that Twitter has a disincentive to reduce spam, as it reduces perceived daily users,” the entrepreneur said.
On the other hand, there may be a valid reason that Twitter doesn’t block disposable emails.
How Twitter verifies new account sign-ups
It does appear Twitter has one security practice in place.
Once you enter an email address, name and birthdate, Twitter sends you a code. There was no issue with receiving this code at my temporary email address – I got it in seconds. After copying and pasting this code, Twitter let me create a password.
This type of verification should prevent some spam bots from creating accounts. However, bots have become more and more sophisticated.
So, I was able to set up the new Twitter account @MuskyElon6 in a hurry, but keep in mind I’m just one person. After showing him the video of this shaky Twitter account, I asked ZeroBounce COO Brian Minick about how individuals and groups could do this on a massive scale.
“A script can do thousands of those in less time,” Brian said. He was referring to the scripting language used to automate tasks.
In fact, a simple web search shows plenty of “how-to” guides on creating spam bots for Twitter. These spam bots do all of the things real human beings can do: tweet, follow accounts, like and retweet.
There is a way Twitter could reduce spam
If you use Twitter every day, you’re sure to see dubious accounts. They may have just a handful of followers and some don’t even bother choosing a profile picture. Sometimes what they tweet is nonsense or seems out of context.
If Elon Musk is correct with his allegations, Twitter would be forced to be more serious about ridding the site of these fake accounts.
It makes sense that, if Twitter ensured the quality of the email addresses used on sign-ups, there would be a significant reduction in spam bots or people creating multiple fake accounts. ZeroBounce CEO Liviu Tanase acknowledged this, saying that “right now there are vulnerabilities in the process.”
Will Elon Musk acquire Twitter after all?
That remains to be seen, but if he does, it’s likely that there will be some changes to the signup protocol.
A site is only as good as the data that goes into it. And it does seem like Twitter could be doing more to clean up the platform and prevent spam infestation. Otherwise, the site will lose its very purpose of connecting people with other people – not with spam bots.