If you swung by my Twitter profile in the last week, you probably saw this:
I'm not sure of the precise causes of me being locked out, but I have several abnormal usage factors that probably put me on the high end of Twitter's bot risk system:
- I currently live in Singapore but am primarily active during US hours and have a US Phone Number
- I post about 30 tweets a day, probably on the high end of most Twitter users. (30 sounds like a lot, but it's mostly replies, and I maybe post 2-3 actual top tweets a day)
- I switch between and manage three different accounts (Coding Career and Svelte Society) multiple times a day
- As far as I know I have not been reported on, but I do have people that strongly dislike me and they may have used the report button against me. Can't rule that out as a factor.
- Anecdotally some IPs seem more risky than others - I also use a VPN for work which probably shows me jumping across multiple countries in a single day, which is certainly suspicious on the face of it
- I have also noticed I get verification checks more often when I use scheduled tweets.
If you clicked through my scary profile you also saw this:
I swear that I haven't mass unfollowed everybody! Most people see this and assume that I used some script to mass unfollow everyone and therefore got flagged as a bot. The reality is the exact opposite - I got flagged as a bot, and by default Twitter temporarily removes all follows.
It will be restored once I regain my Twitter account (I've filed a support ticket and am trying to reach out to friends at Twitter for help), but this is the exact user experience I wanted to talk about for this post.
First, a quick detour for a personal anecdote.
Aside: My Time As A Cuban Detainee
A long time ago I visited Havana with some college friends. Right after landing we headed into a restaurant, all our luggage in tow. After we were done eating, I stood up and turned around - only to find all my luggage gone! Someone had stolen it while we were eating. The restaurant staff of course swore up and down that they had not seen who had taken it.
Losing all your luggage on day 1 of a weeklong trip sucks, but what is worse is that my passport was in my luggage. I needed it to head back to the US at the end of my trip.
If you've never lost a passport while traveling before, it's a quick trip to bureaucratic hell. If your country has an embassy where you are traveling, you can usually get it reissued in the embassy. But we were in Cuba - and my country had no embassy here. We reported my case to the authorities, but they had no idea what to do. I was an edge case. Worse still, because I said I had come from the US and couldn't produce any papers to prove my identity, I was detained at the police headquarters for questioning on suspicion of being a spy. (I was never really at any risk - being Asian and speaking poor Spanish, I would have made for a pretty lousy spy).
There was a lot to figure out over the ensuing month of my ordeal - money, lodging, language barriers, administrative hurdles. My family and friends hit the panic button for me and my case reached the ears of both Arlen Specter on the US Senate Foreign Relations Committee and George Yeo, the Singapore Foreign Affairs Minister. We eventually worked it out, but every night for 4 weeks I would wander up and down the MalecΓ³n, listening to the crashing waves, not knowing when I could ever leave the country. If I could swim the 90 miles to Key West and dry my feet, I might theoretically make it back to the US on my own.
But most of all, I thought a lot about the humanity of having a piece of paper be more important than the human it represents. I could be physically standing in front of the immigration officer with a lie detector test on and steadfastly stating all manner of provable personal detail, and they would not let me through unless I had a small piece of paper the size of my hand.
We do this a lot - passports, voter registration cards, national ID systems, licenses, and insurance proofs - mostly because some humans are untrustworthy and try to exploit the system.
But we often fail to design for people who are innocent and simply don't fit the system in some way.
The Consequences of Not Being Provably Human
Twitter has a way in which they expect you to verify you are human - you should get a call or text message with a code, that you then enter to prove humanity. This is what I normally get (about once every 1-2 months), and I can receive text messages from Twitter, so I can usually prove humanity with no issue.
This time, for some reason, I am on a code path that doesn't offer a text message option, and Twitter somehow doesn't make international US number calls, leading to this infinite loop that I think is a bug:
As a result of this unfortunate design:
- My friends think I mass unfollowed them, because Twitter temporarily reduced my follow count to 0
- People who DM me think I am ignoring them, because Twitter doesn't inform them that I am currently locked out
- None of my past tweets show up at all in Twitter search, which is problematic because I use Twitter as a Second Brain. If you read any of my blogposts, you will see that the rich link density of my references mainly come from taking notes in public over an extended period of time.
- I was unable to engage in the normal personal and professional activity I would do during Black Friday and AWS Re:invent
I've filed a support ticket with Twitter, but you can imagine that support for a 330 million user service isn't very responsive. People who have been through this tell me the only way to resolve it is to hit up a Twitter employee to get past the masses of unrelated and less urgent support issues.
Humans Proving Humanity To Machines
In the grand scheme of things, I know this is minor. I've actually taken it as a welcome social media detox, which I usually take voluntarily in December anyways. But when it's not on my terms, I lose the ability to manage the personal and professional relationships I've painstakingly built up over the past 3-4 years.
Above all, I think there's an indignity in humans having to prove to machines that they are human, and the error resolution mechanism is to send a ticket to a faceless and unresponsive support email, and the only real way to get around it is again to re-establish human connections.
I think more about all the other ways that we as software developers and designers fail to honor the dignity of humans trying to interact with the systems we create.
In 2014, Google pitted one of its machine learning algorithms against humans in solving the most distorted text CAPTCHAs: the computer got the test right 99.8 percent of the time, while the humans got a mere 33 percent. It doesn't impact everyone equally - if you as a sighted, able bodied user struggle with CAPTCHAs, imagine the elderly or differently abled. Most services do not offer any alternative resolution when you cannot prove you are human. This is a problem when your service has essentially killed off the offline alternative and is essential for their basic needs.
In Eric Meyer's Designing for Crisis, he describes how an inaccessible hospital website nearly risked the life of his daughter. I shudder to think how it might be made worse by perfectly well meaning software engineers who don't think about the humanity of the failure path. Imagine if you had to log in to something to save your child's life, and it presented you with a CAPTCHA you couldn't pass.
Update: I've been helped, thank you for reaching out. In case you were wondering what it looks like from Twitter's side, this is what they emailed:
Top comments (7)
My big question here is: How do we prove we're human _without so much surveillance?
I feel like a lot of solutions about this kind of stuff revolved around being tracked in some way that I'd really prefer to do without.
i dont know either but i feel like it's more about offering a "human escape hatch" rather than "surveillance". Where you can just get on the phone with someone empowered to help you cross obvious software failures would be good. attach some conditions to it, eg "must be resolvable in 3 minutes". It would kind of be like the "Getting Things Done" method applied to customer service. I see this in my local bank branches where the greeter employee can do a quick chat with you and route you to the right place, instead of you having to wrestle with some self serve signup and potentially getting things wrong.
Ben, good question! I would make it broader - what kind of information actually distinguishes us from machines? Social information like social security number or passport number can be stolen, our faces are in thousands of databases all around the world, there are few ways in which machines can't fake they're humans yet, and unfortunately behaviour patterns are one of them, which step by step leads us to a constant surveillance
this isn't gonna address Ben's concerns around surveillance haha but i heard about this gait recognition startup recently softwareengineeringdaily.com/2020/... that may be one form of "i'm a human"
I feel sorry for your situation (but on the other hand I'm feeling lucky that you saw my DM before this thing happening).
I hope to see it solved soon! π
thanks meleu and happy to have you join our community too :)
Thank you for this swyx :)