Twifakes is a spam website created by Cairo Noleto @caironoleto and Cleiton Francisco @cleitonfco. I’m sure they’ll be happy to answer any questions you may have about it.
You may have seen the website at http://twifakes.heroku.com/ which promises to tell you how many “fake” Twitter followers you have.
Do not authorise this website. It tweets without your permission and there’s no telling whether it may do other damage to your account.
If you’ve authorised it, here’s what to do:
- Go to your Settings/Connections page on the Twitter website and Revoke Access for the Twifakes app.
- Delete the tweet that Twifakes sent from your account. This will slow the spread of the site.
- Notify Heroku that they are hosting a malicious website.
- Notify @spam and/or @safety about the site. #Twifakes doesn’t have its own Twitter account.
In case you’re wondering, your number of “fake” followers is the number of followers you have divided by twelve. Hardcore algorithm.
Twitter is currently in the process of closing down the old Basic Authentication system which meant you had to give apps your password before they could read or write your account. Obviously this system was open to abuse, but the upside was that people were generally pretty careful about where they disclosed their password. Ironically, the new OAuth authentication system that doesn’t require you to give your password to an app is also open to abuse because people are more likely to trust it.
Twitter needs to be much clearer about what a requesting app is being authorised to do with your account (if legitimate, #Twifakes would only need read access, not write access) and be much quicker about closing malicious apps such as this.
The Twifakes number of fake followers is simply your total number of followers divided by 12.
I’m suspicious of this application. If I were a hacker, and I wanted to gain access to people’s Twitter accounts, this is exactly the kind of application I would create.
It might be fine; I don’t know. But people should be careful about giving a stranger access to their account.
Hi, I’m the creator of the Twifakes.
You can understand Twifakes only read the readme!
See at http://github.com/GuruPI/twifakes/blob/master/README.mkdn
It’s a joke! Just for fun!
Enjoy it. :D
Tweeting a viral link on users’ accounts without their permission isn’t fun, it’s spam.
Stop it.
The user need click at “Tweet this” button. What other type of permission you want? On paper?
Ha! Ha! Ha!
You are very funny!
Good Luck! :D
For now, the Twifakes program is not tweeting without a user’s permission. From what I’ve read (from several users), this is a change from the original program, which DID tweet from people’s accounts without any warning.
As I understand it, OAuth authorization does NOT expire. It will continue to provide access to an account indefinitely, unless it is specifically deauthorized. That, to me, is the real danger of a program like Twifakes. Many Twitter users do not realize that they can, and should, deauthorize an app they no longer need or want to use.
Dan,
OAuth ofers a key for authentication. This key can be stored and used to use other times, otherwise, an application can use only once.
Twifakes doesn’t using database or other storage. You can see source on http://github.com/GuruPi/twifakes
Enjoy Yourself! :D