The “Don’t Click” effect

Home > General > The “Don’t Click” effect | Par admin

twitter-dont-click 

I’ll try to do this one in English since a lot of the people concerned about the “Don’t Click” twitter thing are not speaking French.

Here is the full story.

How it Started

Some couple of weeks ago I followed a link on twitter coming from one of my favorite blog editor @korben and discovered an article about Twitt Jacking.

I clicked on the button and a message was sent seamlessly from my twitter account  saying “Allez faire un tour sur www.korben.info !!! Merci @korben !”  which means “Have a look at www.korben.info !!!   Thx @korben !” 

Based on Korben simple example I made my own in order to tease my followers. It was originally in French and rather than putting a link to my Web Site I linked to the given article. The name of the tweet was “Le Truc du Jour” which basically means “The Trick of the day”.

Some of my followers clicked on it and it began to become a bit “viral”, but not too much, since French is not spoken by so many people (compared to English).

 

Why propagation furiously increased

One day I received 2 messages on twitter saying:

ThierryRoget: @umoor peux tu retirer ton article http://www.umoor.eu/blog/yes-we-can.php car il pollue twitter

colinsurprenant: @umoor please remove your lame twittjacking page.

And I realized looking at tweets on this subject that this Twitter thing was fun for a lot of people, but not for everyone, and that some people felt betrayed or deceived.

I decided then to “remove” Le Truc Du Jour. But rather than removing the page I renamed it to “Don’t Click”. I thought it was a pretty good way to avoid having people propagating it.  I was maybe a bit naive or tired at that time, because what happened was just the opposite.

When I connected to Twitter on Thursday 12 Feb evening, I realized that rather than stopping its propagation, The “Don’t Click” naming had increased its velocity.

Why is that?

Obviously because:

  • It was in English
  • People are curious ( Isn’t curiosity a sin ;) )

What did I do

I removed the entire page.

I activated the Super Cache Plugin, because my webserver was not handl’ing too well that large traffic increase :( .

 

What did Twitter do

It looks like Twitter Team found a workaround to that CSRF vulnerabilities pretty fast. That’s one of the good points, but that could have been done earlier since Zataz website had pointed out that vulnerability the 30th of January.

Here is Twitter Announcement.

 

 What did People and Twitter didn’t do

Surprisingly, on Feb 12th, when this “Don’t Click” started becoming incontrollable, I didn’t receive any comments, mails or twitter messages asking me to remove the page. It looks like

  • People asked Tiny URL to disable the Link (Which was a good reaction),
  • @mashable alert was re-tweeted a huge number of times, almost 1000 times.

More info about the trick

There are some articles explaining how this trick worked in French and in English here and here.

For those who thought (or still think) that their password was stolen, don’t worry there was no password stolen nor data collected.

 

What Good came out of this:

  • Vulnerability was corrected.
  • More people are now aware about “Click Jacking” and won’t click on anything that is being forwarded to them. Don’t forget that some other sites might be vulnerable.
  • Proven Power of Twitter delivering “Alerts”. Have a look at the impressive number of Alerts delivered.

What has been said that isn’t true:

  • Word spread saying that people who had clicked on the “Don’t Click” button had to change their password. As said previously that isn’t necessary, but its always a good thing to change your password frequently, so you can if that makes you feel relieved.
  • A lot of people talked about an “Attack”, but it was not. An attack is when the aim of the action is to hurt or destroy… this was not the goal, I didn’t intend to destroy my beloved twitter tool. It started as a Twitter joke and we could consider it today as an inoculation (immunization)  since twitter site security is now stronger.
  • People also stated that I was “Clever”….  Not  so clever indeed.
    • I’m not the “css trick” author
    • I didn’t choose the “Don’t Click” naming to increase the viral effect but to stop it… so I really failed on this one.

Analytics

Some people asked me for some Analytics on the “Don’t Click” phenomenon… I’ll share that on twitter soon.

« Revue de Presse du 2009-02-12 Revue de Presse du 2009-02-13 »


Filed under: General

One Response to “The “Don’t Click” effect”

  1. Kiosque des blogs Numéro 19 | Blog radar , on February 15th, 2009 at 4:40 pm A Dit:

    [...] Hack Twitter “Don’t click” est finalement devenu public, on découvre la génése de cette blague qui a déstabilisé Twitter  chez [...]


Leave a Reply