Why “RT Iran” or “RT from Iran” doesn’t do what you think it does
Disclaimer: My current and previous day jobs have provided me with good knowledge of DNS, web servers, ‘web apps’, search etc. I’ve run production web and mail servers and know how to keep them relatively secure n’ stuff. However, I am not in any way a security expert-guru-consultant-l33tH4×0r-hobbyist or any other type of security smarty-pants. So when reading the below; run it through your bullshit filter, do research to confirm what I say, ask someone knowledgeable whom you trust etc. before you retweet it or link to it.
Important Note: The information below does not apply to twitter accounts who have their updates protected. If you’re following someone with protected updates who seems to be in Iran DO NOT retweet their posts unless they ask for those posts to be retweeted and don’t include their @username if you do. If you are unsure whether someone has their updates protected, check their profile in your twitter client (or on twittercom logout of your twitter account and view their page while you’re not logged in. It’ll then be obvious if their updates are protected.)
Why using “RT Iran” or “RT from Iran”
does not do what you think it does
Monday night, June 15th, I was scrolling through twitter search results for the #IranElection hashtag. I was tired and amazed. My mind was racing and my usual skepticism was not with me. I saw this tweet and immediately retweeted it:
kristinkaz When RTing Iranian users, omit usernames-just say “RT from Iran”. Iran gov. is watching. Spread the word. #IranElection #iranSeconds later, as I was looking at what I’d just retweeted I thought: “Wait, what?”
The more I pondered it, the more I regretted retweeting it. (Yes, I know I can delete it, but I didn’t because I don’t like revising history.)
Eventually my inner-paranoid kicked in with suspicions that the suggestions to replace @usernames with “RT from Iran” when retweeting might be a successful disinformation meme.
Why replacing @username with “RT from Iran” does not protect the original tweeter
- The proverbial cat is already out of the damned bag: It is commonly assumed (rather safely) that the Iranian Government’s security apparatus is following the #IranElection and #gr88 hashtags. So, they’ve already seen the tweet you’re retweeting if one of those hashtags (or one of the many spinoffs) are on the original tweet.
- The original tweet is easy to find: You can wait a few hours and google any ReTweet (by putting quotes around it when Googling) and find out pretty quickly who the original tweeter was. Here’s one example Googling of a popular “RT from Iran.” At the time I was writing this post, the original tweet was the first search result (that will have changed by the time you read this as it gets retweeted, but you can still find the original in the results by scrolling down.)
- Googling #hashtag + @username: Google #IranElection with any @username will show you everything that person has posted using that hashtag. Here’s an example Googling of that.
- Many of these usernames have been broadcast on the TeeVee machine: Below are images of two Iranian tweeters as they were displayed on The Rachel @Maddow Show. Rachel and her staff are very tech savvy and conscientious people. They wouldn’t needlessly put people at risk. (these are just two examples of many iranian usernames displayed on many news-centric shows)
Click image for original video.
Why Twitter @usernames are not, in and of themselves, dangerous
- Anonymity on the internet is not new: Anonymity on the internet has been part of the internet since it first became accessible to the public. It works. The only time anonymity on the internet doesn’t work is when an ISP or hosting provider of some kind is presented with some sort of a warrant for their logs. Even if someone were to somehow access the IP address you retweeted from (say, by hacking Twitter’s servers and accessing logs) that would not give them the IP address of the user whose post you were retweeting. Analogy: Someone sends you a signed letter with their name on the letter and on the envelope, but no return address. You open that letter, shred the envelope (which had no return address on it anyway) put that letter in a new envelope and send it to someone else. How would your recipient find the location of the original sender? They couldn’t.
- A username is not tied to a geographic location. A username is not an IP Address. There’s no way to find a person’s location if all you have is their username. They could be in space. (Technically that latter is true of an IP address too, but let’s not get too sidetracked here, you see my point.)
- Twitter usernames are editable. If you change your username on twitter, only those who are already following you can find you without that new username.
Why replacing @usernames with “RT from Iran” is actually detrimental rather than helpful
- It denies them the pleasure of knowing they’re being heard: If someone is going to the trouble of finding a way to get public tweets out of Iran and onto the public internet, they want to be heard. If you remove their usernames when you retweet their posts, you deny them the pleasure of letting them know they’re being heard. They probably won’t know you retweeted them (just as you wouldn’t know you’d been retweeted if your username was removed from the retweet.)
- It prevents them from getting followers: If someone is going to the trouble of finding a way to get public tweets out of Iran and onto the public internet, they want to be heard, they want followers. You might be getting followers from retweeting their tweets without their username, but they aren’t.
- It prevents tweets from being verified, assists disinformation and propaganda: There are now many people putting out disinformation via twitter with the #IranElection and #gr88 hashtags. One of the ways they do this is by writing a new tweet and prepending it with “RT from Iran” or “RT Iran” instead of an @username which could be used to verify whether or not it is really an RT of a tweet by someone in Iran on the side of the Green.
- The suggestion to remove usernames when retweeting could be part of a disinformation campaign to stem the flow of information for the resasons outlined above. Or it may have started with good intentions. The results are the same.
- Many Iranians are starting to counter this meme by stating specifically that it is OK to include their @username when retweeting. Just two examples here by @Change_for_Iran and @oxfordgirl. (If someone in Iran asks you not to include their username in RTs, please send them to this post so they can learn that it doesn’t protect them in any way.)
[edit at 2009-06-21 11:19PM PST: Here is another just posted by @IranStreetNews]
[edit at 2009-06-28 08:20PM PST: and another today by @StopAhmadi]
[edit at 2009-06-29 11:31PM PST: Earliery today @StopAhmadi tweeted a link to this post you're reading now.]
Things that you should *never* do because these things *can* put Iranians at risk or impede the flow of information to and from them:
- Never tweet or otherwise post publicly an Iranian tweeter’s IP Address (even if you think they posted via an anonymizer.)
- Never tweet or otherwise post publicly an Iranian tweeter’s cell phone number or landline number
- Never tweet or otherwise post publicly an Iranian tweeter’s email address
- Never tweet or otherwise post an Iranian tweeter’s GPS coordinates
- Never tweet or otherwise post publicly an Iranian tweeter’s postal address
- Never tweet or otherwise post an Iranian tweeter’s real name
- Don’t tweet or retweet IP Addresses of proxy servers created for Iranians. Once they’re posted publicly they’re found and blocked.
- Don’t tweet or retweet URLs of sites that help Iranians connect to blocked sites. Once those sites are posted publicly, they too are blocked.
- Don’t participate in DDOS attacks on servers in Iran. The deluge of traffic slows and blocks internet access for the good guys too.
Why I wrote this post:
Disinformation is a bad thing. Disinformation which seems well-intentioned but comes from fear and goes viral is a very bad thing. I’m just trying to do my part to counter some of the badness.
I found quickly that trying to explain this issue to people in 140 character bursts is impossible and frustrating. One tweeter (whose username and ‘name’ are based on a phrase coined by the Bush Administration) even accused me of being an Iranian Government Agent. Which, of course, made me briefly wonder if s/he might be an Iranian Government Agent. Yes, disinformation is a very bad thing.
Thanks for reading. There’s a twitter icon below for retweeting this if you feel so inclined.
Edit: Also see a very good post on the same topic by @TravellerWithin posted at almost the same time as this post.
Share:
To leave a comment:
13 Comments
16 Responses
Hafeez Thaikulathil June 21, 2009 2:11 am
Katherine Poythress June 21, 2009 3:07 am
SO glad you wrote this. Sometimes people get too frantic and protective and don’t think straight about what they are doing.
kalopeia June 22, 2009 3:15 am
Voters Union June 27, 2009 2:26 am
Thank you for good post!
I agree with what you write but I think there is one occasion where “RT from Iran” could be a bit useful (in addition to, of course, when the original tweeter actually asks you to do so also after reading this page): if the original tweeter has locked updates they can be retweeted without showing up in the public search results, and this would provide a small amount of extra security for the original tweeter. “Small” because without making the chain longer (by using DMs for example) it’s still possible to find him/her by looking at who the first RTr is following.
I think some tweeters from Iran didn’t realize when they opened their accounts that they would have to hide from government agents, so they might have compromised their anonymity in earlier tweets or by using their own name.
گربه ولگرد June 29, 2009 10:21 pm
Voters Union touches on what I thought was the point of this. If the original Tweeters are posting with protected updates, and multiple people are retweeting them - some of those retweets protected and some of them not protected - then by the time they emerge into google-able results they should be very hard to trace. There’s a lot of data mining that can be done on a username to determine who they are. It doesn’t take long to get from my long time handle to my address, for instance (3 hops - google to livejournal to domain to whois). And there are a lot of location clues even if I didn’t own a domain that would lead someone to my real name.
Granted, the verifiability is a big issue - difficult to trace means more effort to verify than most will bother with.
I mean, what was the point of changing our location to Tehran, and having actual Iranians change their location to not-Iran? Wasn’t it to put up a smokescreen to make verifiability just that much more difficult?
گربه ولگرد June 29, 2009 10:44 pm
I think I did a better job of explaining this another time:
I disagree - it assumes that a pattern will emerge of people who retweet. I agree that anon communication requires more critical thinking than a lot of us seem capable of, but the original call for anon RT encouraged rewording of the tweet. Also, translation of the tweet into various languages automatically rewords it.
I anon RT someone who’s anon RTing after it’s been translated from farsi to spanish. There’s no way that google will show the original tweeter.
And even if I’m wrong - what if he’s actually in Iran or is receiving the info from phone calls (which I doubt) and he’s just saying that he’s retweeting information? He still gets some level of protection because he’s not the obvious start of information - even if he’s traceable as the public emergence of it. But that’s why the instructions originally including rewording - google shows *me* as the original source. It’s possible, even probable, that the government would be able to trace him as the actual source of the information, *given*enough*time*, but if there are only a few hundred valid sorces and a few thousand people who could be either sources or emergent points, the smokescreen has worked. It will take several orders of magnitude longer to find the sources. We’re not providing true security in a mathematical sense, we’re buying time. But that’s all public key encryption is too - buying time till the heat death of the sun.
several June 30, 2009 12:15 am
Thanks for the replies.
As for tweeters posting with protected updates, allow me to quote this note from the top of this page (under the disclaimer):
“Important Note: The information below does not apply to twitter accounts who have their updates protected. If you’re following someone with protected updates who seems to be in Iran DO NOT retweet their posts unless they ask for those posts to be retweeted and don’t include their @username if you do. If you are unsure whether someone has their updates protected, check their profile in your twitter client (or on twittercom logout of your twitter account and view their page while you’re not logged in. It’ll then be obvious if their updates are protected.)”
As for how your comments related to people who are tweeting publicly, I sense a bit of overthink. To save time in illustrating the point, I’m going to quote myself from above again since it sounds like you missed it too on the first pass:
“The proverbial cat is already out of the damned bag: It is commonly assumed (rather safely) that the Iranian Government’s security apparatus is following the #IranElection and #gr88 hashtags. So, they’ve already seen the tweet you’re retweeting if one of those hashtags (or one of the many spinoffs) are on the original tweet.”
Afterthought: they’re also watching keywords like protest, demonstrators, evin, basij, etc etc etc.
You cannot hide what has already been seen.
Tamara Wyndham June 30, 2009 9:02 am
I was passing this on:
“If any of you are on Twitter, set your location to Tehran and your time zone to GMT +3.30. Security forces are hunting for bloggers using location/timezone searches. The more people at this location, the more of a logjam it creates for forces trying to shut Iranians’ access to the internet down. Do it under “settings” on upper right. It’s easy. Cut & paste & pass it on, please.”
What is your opinion of this strategy?
several June 30, 2009 3:29 pm
I think setting city and time zone to Tehran is a nice gesture of solidarity, but I’m pretty sure it doesn’t do anything to foil Iranian security sources.
Just the fact that city and time zone can be edited by the user makes it useless for intel purposes, so they probably never even bothered looking at it.
Iranian IT/psyops techies have kept their websites up and running with only a few outages (one yesterday of a few hours being the longest) while under constant heavy attack by white hat hackers/crackers, hacktivsts and script kiddies for nearing three weeks now.
They’re obviously very knowledgeable and skilled, so I really doubt they’d waste a thought on a user editable location field. They’re focused on things like deep packet inspection, GSM localization, IP address tracing etc. The location field on a twitter profile is just useless noise to them. No reason for them to even look at it.
IMO.
Michelle Matthews July 1, 2009 11:22 pm
That’s so brave of Oxfordgirl to allow people to Rt with her name since she is in the UK! It bothers me that she hasn’t bothered to correct anyone’s mistaken belief that she is in Iran risking life and limb to tweet to the world
Michelle Matthews July 1, 2009 11:26 pm
By the way, I can’t seem to find the author’s name anywhere on this blog. I am writing a blog and referring to this article - I would like to credit more than just the link, I would like to credit the author first and foremost.
several July 2, 2009 3:52 pm
Thanks for the reply. Interesting comment on @oxfordgirl. I haven’t reread her entire timeline, but from what I’ve seen her posts seem to have been very purposefully ambiguous about her location.
Can you point to a tweet which shows she’s in the UK or are you assuming that because she went to Oxford she didn’t return to Iran afterward?
If she’s not in Iran then I assumed incorrectly in my post above. That would be my error, not hers.
If she’s in Iran then being ambiguous about her location is not a bad idea.
If she’s in the UK but seems to be in Iran well, if that leads Iranian gov’t to waste time trying to find her in Iran then I’m just fine with that.
several July 2, 2009 4:09 pm
Thanks for your interest in crediting me when posting a linkback.
No, you can’t find my real name here. That’s quite purposeful. In the past on other sites when revealing my real name, i have experienced being hassled offline by crazy rightwing nutjobs who disagreed with my left-of-center opinions. They tracked down my contact info and harassed me. That’s not something anyone particularly enjoys and some such whackjobs just happen to be not only mean but dangerous.
You can credit me as “Amplify user ’several’” and/or “Twitter user @slseveral”
Rowan Price July 9, 2009 7:08 pm
Michelle Matthews July 31, 2009 11:22 am
Sorry it’s taken me so long to respond to your request re Oxford Girl. I checked her out using some of the Twitter apps like Twitterholic. It has since changed but she was in the UK. You may also notice that she has now removed her location from her Twitter bio. Her location used to say something like “In the heart of free Iran” - I challenged her on it and she would never answer the question. I did further research and am 100% confident of my findings that she is in UK. You are not at fault, she has deliberately allowed people to believe she is in Iran, for what purpose I am not sure. My sarcasm was directed at her not you. She’s a phony.
Michelle Matthews July 31, 2009 11:43 am
By the way, here’s the blog where I referred to your blog. #Iranelection-Profound Change or Beauty Contest? « Random Thoughts http://bit.ly/rMAUg
4 Trackbacks
[...] Amplify | several’s clip log » Why “RT Iran” or “RT from Iran” doesn’t do what you think it does Amplify | several’s clip log » Why “RT Iran” or “RT from Iran” doesn’t do what you thin…. [...]
[...] takes a stand against the practice of removing Iranian Twitter names when retweeting (with the notable exception of those [...]
[...] Amplify | several’s clip log » Why “RT Iran” or “RT from Iran” doesn’t do what you thin… – Annotated [...]
[...] Why “RT Iran” or “RT from Iran” doesn’t do what you think it does Great article about RTing for you to read since there is such a panic about how to do it safely. [...]