In 1651, Thomas Hobbes published his definition of the the Social Contract Theory in Leviathan. In short, Hobbes wrote that men in the State of Nature possess all freedoms, but that will lead to men fighting with each other and killing each other over land and food. Men give up a degree of their freedom to enter into a Social Contract with a government and in return get protection. Jean Jacques Rousseau and John Locke went a bit further and said that a government exists to support the popular sovereignty of the people, there was a couple Revolutions in late 1700s, and not longer the Declaration of Independence was signed. But that’s history, so let’s focus on the present…
If you apply this theory to Social Media, you get the Social Media Contract Theory, which is pretty much the same concept. If people were out on a free-for-all internet they would end up destroying their personal images on websites like MySpace. Therefore, they give up a degree of their freedom to join private social networking sites such as Facebook and Twitter and in return their account and personal information gets protected.
In Twitter’s case, I disagree. Twitter is downright failing to protect their users. In the past two evenings, I have received a Direct-Message from two separate people that I am following that contains a curiosity-inducing message followed by a shortened link through bit.ly:
This link takes you to a Phising site:
How the 2012 Twitter Direct Message Virus (phishing scam) Works
From what I have been able to gather about the 2012 Twitter Direct Message Virus, it is a Phishing scam that collects your username and password when you login to the fake-login page. From there, it stores your username and password. Within a short period of time, another script, either on a server run by the Virus owner, or more likely by a server hijacked by a different Virus, the Direct Message Virus automatically logs into your Twitter account. It sends all of your followers a Direct Message (see above) with a curiosity-inducing message body and then a link to the fake Twitter Page (also see above). If one of your followers falls for the phishing scam and enters their Twitter username and password on the fake site, the virus will start the whole process over with their account. What’s even more concerning is that many people use the same Username and Password combination on other websites, meaning those are now vulnerable to attacks as well.
In my opinion, Twitter has created an environment which has increased their users base’s likeliness for falling for Phishing attacks. Additionally, their Direct Message security is apparently non-existant. Here’s my opinion on the matter: