‘Let Me Tweet That For You’ site raises concerns for journalists

This tweet looks pretty real, doesn’t it?

It’s not, though. I faked that tweet using a Web service named “Let Me Tweet That For You.” It’s pretty simple — you type in a Twitter username and a message, and it generates a realistic-looking image of a tweet from that person. It even adds fake retweet and favorite counts to lend some more credibility.

The site is a project of OKFocus, a New York-based marketing agency. It’s actually about a year old, but has been somehow rediscovered this week and is really taking off on Twitter.

Compare that image above to a screenshot of a real tweet:

That should be a bit scary for journalists and anyone else concerned about potential hoaxes. Of course, it would be pretty easy to debunk one of these fake tweets if you just visit the person’s actual Twitter profile to see if the tweet really exists.

But what if it’s passed off as screenshot evidence of an allegedly deleted tweet? Much tougher to disprove. Proceed with caution.

Related: Fake @CokieRoberts Twitter account fools journalists | Fake NYT ombudsman Twitter account tricks some journalists | HuffPost, CNN, Mediaite fall for fake Twitter account of NC governor 

We have made it easy to comment on posts, however we require civility and encourage full names to that end (first initial, last name is OK). Please read our guidelines here before commenting.

  • Endthereign

    Another example of technology gone awry!

  • freshhawk

    “Any system that relies on individuals managing their own encryption keys? Is already a failure.”

    I see your point … but any system that manages your encryption keys for you is no longer secure or useful for encryption so why bother managing keys?

    If the only thing you want to prove is “came from twitter” … that’s what the url is for. You think a system where I have to *type in an entire encryption key that I read out of an image* in order to verify it isn’t already a failure?

    If you are proposing to put a message digest somewhere that would be hard to crop out of the image why not just put the url there?

  • Jeff Sonderman

    Agreed, Daniel. Threats abound.

  • http://twitter.com/mrdancohen Daniel J. Cohen

    This is literally a bump on the behind of potential beta-journalism issues. It’s a good thing to point out as one minor issue, and I think there’s a real story here in terms of a warning. But what about the fact that it’s very easy to create a fake Twitter account and say anything you want, and that CNN simply reports tweets directly as a digital “man on the street” measurement?

    Seems just as horrifying if not worse.

  • http://myindigolives.wordpress.com/ Ellie K

    Please glance at this http://dataanxiety.tumblr.com/post/46062262442/ersatz-or-not View source, tell me what you think. Please? I embedded Jeff Sonderman’s genuine Tweet using the URL and JavaScript. It is “live”, linked directly to Twitter, though not with encryption. The next two are images only, hot-linked directly to MIME images hosted on poynter.org.

    If important, I don’t trust Twitter content that is posted as a screen shot, whether jpg, png or (non-animated ;o) GIF. When embedded using the code provided in every Twitter message, by Twitter, I still don’t have prima facie evidence of it being genuine, as it can still be altered. I’ve tried it, I know. But a screen shot is not genuine, by definition. Even Storify isn’t. For most purposes, though, Storify and Twitter embed (not screen shot) are sufficient.
    *Agreed, that any service relying on users to manage their own encryption keys is a failure!

  • Sigivald

    Neither of those will be in a screenshot cropped to the image, though.

    A pgp (or equivalent) signature in the message body would be.

    If it was absent, that would be prima facie evidence of a fake, as would its not working if you entered it into Twitter’s (notional, in this example) verify interface (or the code putting up a different tweet).

    It would work – but I doubt anyone really cares enough for Twitter to take the time and effort and backend work to implement it.

    (That said, there’s no reason for it to need the tweeter’s public key; Twitter could generate a signature using its own keys when it received the tweet. That would simplify key management immensely while still being a good indicator of “really came from Twitter”.

    Any system that relies on individuals managing their own encryption keys? Is already a failure.)

  • Sigivald

    Yeah, the only difference here is that it’s Slightly Easier.

    Beware, Journalists! It is now slightly easier to hoodwink you, not that you ever checked anything in the first place if it was juicy!

  • http://twitter.com/GusQuad Gus Ferguson

    You could really, really easily do this in Windows Paint… which even the average person could use.

  • http://www.facebook.com/vboyxuanhong Xuân Hồng

    Thankyou for thread
    ——————————
    http://xuanhongnet.com

  • http://www.linkfest.com/ Druce

    Thanks! Linkfest.com is an attempt at a social news aggregator for financial market news … has a bit of traction among financial journalists. Any comments let me know!

  • Fassil Tassew Tadesse

    Megabit is different from March in a number of ways. Megabit is a subset of Ethiopian calendar, and it has a set of 30 days and the 7th month. When March is a subset of Gregorian calendar, it has a subset of 31 days and the 3rd month. Besides, Megabit reveals 30 shorter variations of day and night and faster rotations of the Tropics, when March does 31 longer variations of day and night and slower rotations of the Temperates. Moreover, Megabit 12 is optimum day in the Tropics, when March 21 does in the Temperates. These Megabit 12 and March 21 are optimum days of the Tropics and Temperates respectively, because that day is the day when the sun overhead at the equator. So that Megabit equinox of the Tropics is different from March equinox of the Temperates. According to the Ethiopian calendar, today is Maksegno 10 Megabit 2005 in the Tropics, when Tuesday 19 March 2013 is in the Temperates.

  • http://myindigolives.wordpress.com/ Ellie K

    Aren’t we though? Do you count yourself among us? Your profile image looks like a miniature Gustav Klimt. Or a human, gazing at terraced banks of computer monitors?

  • http://myindigolives.wordpress.com/ Ellie K

    @druce:disqus I took a break. Gut YomTov! Thank you, GeekBuzzer is cool. But LinkFest, your website… wow! It is an extravaganza of lurid, witty au courante content: “Russian Oligarch Found Dead in his Bath!”, “Cyprus central bank renamed Banco de Mattress”. Yet balanced, e.g. U.S. rushes to reverse The Enlightenment, install feudal-hedge-fund overlords with 99.99999% of America as e-serf’s, or similar (that was mine). With the hope that I have found a less-dour, kindred soul in you, try AlcoWebizer, with IBM developerWorks as input: http://www.alcowebizer.com/www.developerworks.com You WILL lol, I promise. No harm will be done, none disrespected. IBM is tolerant, social, kindly.

  • http://www.linkfest.com/ Druce

    There are sites to create fake screenshots of anything, Facebook posts, iPhone messages, you name it, those humorous screenshots on social media sites are not all real, and if this is not common newsroom knowledge, that’s unfortunate. See for example http://www.geekbuzzer.com/tech-info/how-to-make-fake-screenshots/

  • http://myindigolives.wordpress.com/ Ellie K

    @jeffsonderman:disqus When you embed a tweet, it retains all the active links. I wrote a post on my website, embedding and uploading, then comparing your three tweets. (I praised you, and this article, and Poynter). An embedded tweet behaves and looks different from an image, whether “real” or “not real”. Embedding, as recommended by Twitter, assures authenticity.

  • Jeff Sonderman

    Fair point. However, a site like this makes it much easier for an average person who doesn’t know how to do that. It also plants the idea in the minds of mischievous people who might not have thought to do this but will now.

  • Jeff Sonderman

    It is a real tweet; I linked to it. The Storify logo is just from a browser extension.

  • http://myindigolives.wordpress.com/ Ellie K

    @jeffsonderman Problem: The image, the one you said is genuine, is not . It is “more real” than lemmetweetthatforyou’s fake. But it isn’t a screen shot of a “real tweet”. If it were, it wouldn’t have the logo and word Storify, between “Favorite” and “More”. A “real Tweet” can be embedded directly on one’s website (well, it can if Twitter whitelists you). Here’s a demonstration: Ersatz or not. Please note that no disrespect is intended.

  • http://myindigolives.wordpress.com/ Ellie K

    Every Twitter message has a (probably) unique URL, user name/alphanumeric ID. It’s sufficiently unique for indexing by search engines and archives. Also, Twitter uses SSL. Wait. Are you being facetious? You said “the tweeter’s public key”! ;o)

  • http://myindigolives.wordpress.com/ Ellie K

    True. It has been possible for years, with IE 8, 9 and Chrome browser. Yes, anyone may alter and reload HTML/CSS, then take a screen shot. NOTE WELL: One cannot save it, nor affect how others see it (that requires access credentials).

    With minimal precautions, this shouldn’t cause trouble for anyone. Twitter clearly (repeatedly!) documents the features that make content sent via its platform uniquely identifiable. Screen shots and lemmetweetthatforyou’s don’t have those features. Doesn’t change my opinion of okfocus. It is irresponsible; okfocus’s website is tacky. I’m not even certain if their office location is genuine, as they use a screen shot of Google Maps, rather than embedding it like everyone else.

  • http://www.facebook.com/jorge.roboting Jorge Roboting

    Hell, you’re right. With Firebug it is pretty easy to do it.

  • Jerkob

    They are in Firefox. And IE. In Firefox you go to Tools -> Web Developer -> Inspect and they show up. I don’t use Windows so I don’t have IE in front of me to tell you how, but when we do compatibility testing I use them. Or you can just use the bookmarklet Firebug Lite in any browser and you get the same tools.

    The ability to do this has almost nothing to do with the technology used to build the site. I say “almost” just because if you build a site entirely out of images or Flash, then yes, this method won’t really work. But since 99.99% of the text on the web is actual text it’s kind of a moot point.

  • http://www.facebook.com/jorge.roboting Jorge Roboting

    What are those “developer tools” you are talking about? They don’t exist on FireFox or IE, and doing that is not as easy as you say depending on the technology used to build the site. Can you demonstrate your point ?

  • http://twitter.com/flydeeby scott deeby

    It’s inevitable that tweets will have to include a message digest for verifying authenticity against the tweeter’s public key.

  • http://www.facebook.com/thenumber3 Ben Turner
  • http://www.digitalhorticulture.com/ Andrew Hanelly

    Came here to say this. You can do it with any HTML piece of the web. Including modifying headlines on CNN.com. You could even do it to this comment and make it seem like I’m saying something totally incendiary.

  • http://twitter.com/mbusse Matt Busse

    This is why “screenshot evidence” is an oxymoron.

  • Jerkob

    It’s superficially easy to do stuff like this. Open any browser, turn on the developer tools in preferences (if they aren’t on by default), right click on any text in your browser, click “Inspect Element”, then manually edit the text. Voila! You can now take a screenshot of anyone saying anything on the internet. Doing it this way is even more effective than this “Let Me Tweet That For You” service, as you can take a screenshot of the tweet in the context of all their other tweets, or your timeline, etc.

  • http://www.postlinearity.com gregorylent

    humans are sooo weird to each other and to themselves