RT2Win: 50 lines of Python made me the luckiest guy on Twitter
This is a modal window.
Das Video konnte nicht geladen werden, da entweder ein Server- oder Netzwerkfehler auftrat oder das Format nicht unterstützt wird.
Formale Metadaten
| Titel |
| |
| Serientitel | ||
| Anzahl der Teile | 93 | |
| Autor | ||
| Lizenz | CC-Namensnennung 3.0 Unported: Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen. | |
| Identifikatoren | 10.5446/36242 (DOI) | |
| Herausgeber | ||
| Erscheinungsjahr | ||
| Sprache |
Inhaltliche Metadaten
| Fachgebiet | ||
| Genre | ||
| Abstract |
|
00:00
GeradeTwitter <Softwareplattform>FreewareRechenschieberMultiplikationsoperatorTwitter <Softwareplattform>Reelle ZahlComputeranimation
00:30
EINKAUF <Programm>Twitter <Softwareplattform>Reelle ZahlSkriptspracheMailing-ListeFreewareTwitter <Softwareplattform>Technische InformatikProjektive EbeneComputeranimation
01:30
Twitter <Softwareplattform>TermInverser LimesBitrateZufallszahlenBildschirmfensterBitrateDefaultInverser LimesErwartungswertTwitter <Softwareplattform>TermComputeranimation
02:16
ResultanteTwitter <Softwareplattform>Web-SeiteEindeutigkeitMultiplikationsoperatorPhysikalischer EffektComputeranimation
02:42
SchwellwertverfahrenZahlenbereichTwitter <Softwareplattform>OvalQuantenzustandRegulärer Ausdruck <Textverarbeitung>
03:10
Reelle ZahlTwitter <Softwareplattform>PunktFunktion <Mathematik>Profil <Aerodynamik>Oval
03:48
TermResultanteTwitter <Softwareplattform>SkriptspracheMailing-ListeZahlenbereich
04:20
Twitter <Softwareplattform>ZahlenbereichTotal <Mathematik>ZählenMinimumSkriptspracheRoboterDickeSoundverarbeitungInverser LimesBitrateMailing-ListeDienst <Informatik>Computeranimation
05:34
MathematikMessage-PassingZahlenbereichTwitter <Softwareplattform>Einfache GenauigkeitMultiplikationsoperatorPhysikalischer EffektOrtsoperatorSoftwareentwicklerMultiplikationRoboterInteraktives FernsehenDatensichtgerätDifferenteComputeranimation
06:50
Metropolitan area networkElektronischer ProgrammführerTwitter <Softwareplattform>WarpingInteraktives FernsehenSkriptsprachePhysikalischer Effekt
07:22
RoboterDienst <Informatik>Twitter <Softwareplattform>Skriptsprache
07:52
MinimumCodeSocial Engineering <Sicherheit>
08:49
RankingFigurierte ZahlRoboterComputeranimation
09:28
OrtsoperatorAusnahmebehandlungLesezeichen <Internet>CASE <Informatik>Mailing-ListeRoboterMinimumMetropolitan area networkSupremum <Mathematik>Wort <Informatik>Figurierte ZahlOffene MengeComputeranimation
10:44
Mailing-ListePhysikalismusComputeranimation
10:58
Fächer <Mathematik>Rechter WinkelComputerunterstützte ÜbersetzungCAMFigurierte ZahlMultiplikationsoperatorMaßerweiterungNichtlineares GleichungssystemDatensatz
12:42
Mailing-ListeÜberlagerung <Mathematik>Twitter <Softwareplattform>Güte der AnpassungPhysikalischer EffektRoboterComputeranimation
13:00
StatistikTwitter <Softwareplattform>Mailing-ListeRechter WinkelPunktComputeranimation
13:31
AggregatzustandSpieltheorieNP-hartes ProblemFacebookProzess <Informatik>BenutzerprofilIdentitätsverwaltungTwitter <Softwareplattform>DatenflussSkriptspracheVersionsverwaltungCodeMetropolitan area networkHoaxSpieltheorieE-MailSoftwareplattformMailing-ListeMereologieIdentitätsverwaltungFacebookWeb-SeiteRoboterSprachsyntheseZweiResultanteInhalt <Mathematik>MittelwertGeradeComputeranimation
Transkript: Englisch(automatisch erzeugt)
00:00
How many people like free stuff? Let's learn how to get free stuff with Twitter and Python. Let's give uh let's give our next speaker a big hand. So if you guys ever had an idea uh that you tried and it worked like a hundred times better
00:21
than you possibly could have hoped. This is one of those ideas. Um if I had to summarize this talk in one slide it would be this. Uh this is from the movie Real Genius if you've never seen it. Val Kilmer so good. Uh so my name is Hunter I'm a computer engineer and I work for a
00:41
startup in Silicon Valley that you've never heard of. Um so this started when I was on Twitter and saw that there was a bunch of contests and all you have to do to enter them is retweet them. I was like well I can write a script to do that. So I'm sure you guys have all seen this comic it's the XKCD where he writes a script to buy something on eBay every day
01:02
for one dollar with free shipping. The idea is that like you get all these packages showing up at your house and you don't know what's in them and that's super fun. And it kind of backfires on him because at the end he gets put on an FBI watch list because it buys all this really suspicious stuff. So this is kind of what I was going for um and it basically worked because it was actually a little better
01:21
because I didn't have to pay any money um and as far as I know I didn't end up on any watch list because of this particular project but I'm you know you can never be sure. Um so here's the Twitter account that I set up. Um you'll see that I really didn't try to be stealthy at all. Um this is a default picture from Windows because I was too lazy to Google for
01:42
anything else. And um it turns out you don't have to be stealthy and this seems to work anyway which is kind of interesting. So how hard could it possibly be? Um you look for contests and then you retweet them uh and then you're done. So I started with the terms you might expect variants of retweet to win and I was using the Twitter API
02:03
just tweet me in Python. Um unfortunately the Twitter API has a bunch of rate limits in it so this is kind of lame because it means you have to add a bunch of delays which means you can't enter as many as you otherwise would be able to. So the first thing I did to get around this was um rather than use the API to search I just scraped the Twitter search results page. And this works because you
02:21
don't have to be signed in to use the search page. All you gotta do is um make your request of whatever search time you want as fast as you want and then uh I used beautiful soup to go through and pull out all of the tweets that looked like contests and then I stored their unique tweet ID so I didn't have to check later to see if I had already retweeted that cause there's a lot of uh overlap between search results. Uh as you
02:44
start doing this you'll notice that there's a lot of contests that require you to be following the person to win. So this is a pretty easy modification to make. You just uh ray eggs against it and see if they ask you to follow and if they do then you follow them. The problem comes when uh you start following about person number two thousand because Twitter has a limit that if you don't have any followers or you have an under a
03:02
threshold number that uh you have to you can't follow more than two thousand people. So okay I need more followers. So what's the easiest way to get more followers? Buy them. Um this is this is Fiverr um and this here is actually a bad deal. Five hundred followers for five dollars. Um I paid five dollars and I got about four thousand
03:22
followers. Um also I can guarantee you that they are not real Twitter followers. Um this like so this works okay. Um I mean they four thousand people did actually show up which was nice. Unfortunately it's pretty easy to tell that they're not real people. Some of them still had like the egg as their uh profile picture and if you went into any of their profiles it was clear they're not real people
03:41
and I'm sure if you did any kind of network analysis you would find that they were all highly connected to each other. Um so at this point this is uh the output of the script. Basically I'm just I've extended the number of search terms now so I have quite a few. And by the end of this um I'm fairly confident that I was covering almost every single contest that was launched on Twitter. Um so this
04:00
was a pretty long list of search terms. You know you just kind of guess and check to see what people use when they're trying to launch a contest. So uh you go through the search results looping through each time and see okay is this a contest? If it does have we already entered it? If not then enter it. Uh do we need to follow them? Are we already following them? If we're not then follow them. So to get around the follower problem um I just
04:21
built a FIFO which is a pretty obvious solution. Um it's two thousand people long and so whenever we need to follow someone new we kick out the very last person and pop on the new first person. And um this had a couple I well I got lucky in a couple ways here. First of all um it turns out that the length of a contest is shorter than how long it
04:40
takes one name to propagate all the way down to the bottom of the list. Which means I basically was never unfollowing someone too early. Their contest had already ended. The other way I got lucky was the total number of contests that were launched on Twitter was low enough that I was able to enter every single one of them without hitting up uh any rate limits once I implemented a few of these uh tricks here. And there's a side effect here
05:00
which is that I guess it's some people when you follow them they automatically follow you back. There's a lot of bot activity on Twitter and scripts and services and things. I didn't realize how much there was until I started interacting with like thousands of these things. But um the way it works is like you'll follow them and they'll say oh great thanks and they'll automatically follow you back but then when you unfollow them later they don't unfollow you back. So my follower count started increasing with like
05:22
increasingly legitimate looking accounts. Companies and people and stuff that were running these things. Um so I kind of got a bonus there that I was the total number of people that uh I was able to follow kept going up as I did this. So then I tried to figure out uh how I could parallelize this and run multiple accounts at the same time. Um I should say that the majority of the time that I was running this I was
05:41
actually only using a single account but um if you want to make multiple this is what I try to do. So to use the Twitter API you need a developer account which means you need a phone number. And so I need to get another phone number. Okay I can use Google Voice. Well to activate Google Voice you need a phone number. Okay so I can use Twilio to make a phone number to activate Google Voice account to activate Twitter. You can't use Twilio
06:01
to activate Twitter because Twitter somehow knows you're using a Twilio number. And now I think even Google Voice knows if you're using a Twilio number. I don't know how that works so if you know how they're able to tell that let me know cause I'm really curious how that works. Uh over the course of doing this of course I had a lot of interesting interactions with the great Twitter public um
06:20
so this was one uh that I got busted on because this was when I was running two bots and um I had different Twitter usernames but I forgot to change the display name. So the person was running an account uh running a contest and they were picking multiple winners and I won multiple of the wins. Um so uh yeah I got busted here and ditched to
06:42
this one. Um another really great thing that I liked about this was some of the false positives I got. Some things look like contests but they're not. Um so this guy says uh retweet for a chance to win these Tupperware lids that have been warped in the dishwasher. Must be following.
07:02
So dutifully my script followed them and retweeted them and uh it actually won. The guy DMed me was like hey man you won those warped Tupperware lids. I was like yes. It was really disappointing though cause he never actually mailed them to me. I was really hoping he would mail them to me but he never did. Um you get a lot of weird interaction
07:23
between other bots when you do this kind of stuff. So this is an example where someone is running some kind of service that at the end of the week on Friday they tweet out the top five people who retweeted you. So when you don't have that many people who retweet you but you do have a bot following you that's retweeting everything that you tweet about your contest and your script is not checking to see
07:42
if those people are the same then you get all five slots. So my best retweets came from me and me and me and me and me. Uh you also get asked for really weird stuff. Um so the top one was someone I don't know if this was an a script or if it was like a person copying and
08:00
pasting. Um but it was some like teenage girl who was trying to get people to retweet to get the attention of some like pop star she wanted to ask on a date or something. Um so the fact that I was sent this makes me think that I don't know maybe she I like to think that it's some like 14 year old girl slinging code somewhere like trying to get a date with this guy but I don't know. Um the
08:21
middle one like super weird I don't understand what this is. Um can you make it to my party? April 27th 7pm where snow forts comma sleet. Like I don't know if this is these seem like there may be some kind of spam or social engineering I don't know what these are but uh they're almost certainly all not real people. Um another and the
08:42
bottom one there is someone who is promoting my account. I this is a DM I got that I thought initially oh someone sent me like some rot 13 or something but uh no. This is just how the kids are talking now so um and this was a
09:03
really good one. This is uh someone whose contest the prize was an autograph by me. What? So I don't understand first of all how they expected to pull this off. I have no clue who this person is. And I don't understand why anyone would be motivated to win an autograph by what is very clearly a like account that is only sending out
09:21
contests. Um so I couldn't figure out what the motivation behind this one is either but it was surprising to run across. Sometimes my bot was accidentally a jerk um like in this case this is because of the FIFO. This person doesn't have a lot of followers and they ran a contest so I entered because I found it and then I didn't win so they got pushed off the bottom. Later they ran another
09:41
one so I followed them again and like if you're a big company you don't notice this kind of stuff but if you're just like a person they're like oh man I can't believe this person is only in it for the contest. So sorry man I don't know who you are but this is another one of my favorites. Um it looks exactly like a contest except for you win
10:01
absolutely nothing. Um so yeah I entered that one too. Only entry. Uh here's one more false positive I couldn't figure out why my bot entered this. It's a list of people's like favorite cereals. What? And I figured out I think it's
10:20
because of this word lucky here even though I wasn't actually looking for just the word lucky um for some reason I picked it up. The reason I was showing you these false positives is because I was not trying to like hone in on any particular contest or any particular prize or anything. Because I was able to enter everything that I could find like why not? You don't make your filter wide open. Um you can't lose a contest that doesn't exist but you can
10:42
lose a contest that you don't find. So here is uh the list of stuff that actually got shipped to my house. And I should point out that this is the stuff that managed to ship which means it's not the huge list of stuff that wasn't physical and it's not the list of stuff that uh they wouldn't ship because I lived in the United States and I'd won the prize in some other country. Um so some of
11:01
the uh some items to point out here. The top thing there is a uh an album. It's a vinyl. Papa Roach. Um pretty great. Bunch of books and CDs. Most of which were signed which was cool. Uh t-shirts. A lot of like stuff you would kinda get at like a career fair. You know glasses and pens and stuff like that. Uh 12 bottles of cherry juice. A uh
11:24
calendar of 365 cats. And my favorite physical thing that I got was that cowboy hat over there. Because that is a cowboy hat that is signed by the stars of a Mexican soap opera that I have never heard of before. The reason I love it is
11:45
because it's like the perfect example of the totally random stuff that showed up at my door that I would never have expected to get. Some people like when I uh wrote about this were saying hey you know that's kinda lame because maybe there was someone who like was a huge fan of that Mexican soap opera and like they didn't get that thing and
12:02
you did and let's waste it on you. And like I understand where they're coming from. To some extent they're right. But I would say that I have exactly the same amount of appreciation if not more for that thing than they do but for a totally different reason. Um so I think that's okay. There's a lot of weird uh intangible stuff I got too. Um there was some restaurant in England that I won Reservations 2 like 30 times in a row. Couldn't figure
12:22
out why they weren't getting onto me. Um I also won a uh there was some like cam girl who had a contest to win. She would write whatever you wanted on her body in chocolate sauce and take a picture of it and send it to you. So I won. And so I'm trying to think alright what can I have her write? So I tried to get her to write the Maxwell's equations. Um but. She didn't do it. It's kinda lame. Uh if you want to see the full list of
12:43
stuff this is it. Um there's a ton of stuff on here that I didn't cover because it's way too long but it's fun to dig through there. There's uh some really random stuff. Uh so towards the end I uh tried to repurpose my bot for good. Cause I noticed that there were some tweets uh where you would retweet to uh donate to stuff. People would say
13:03
retweet and I'll donate a dollar to some charity. I was like well I can add that to the end of the list why not? So some people like actually appreciate it and they were like hey this is great because I had real followers at this point who were seeing it. But uh even this backfired uh at the end unfortunately. Yup retweeted that one. Alright so the the
13:29
stats at the end here uh I entered about 165,000 contests and uh on average I won 4 contests per day every day for 9 months straight. Um so this works. Uh the most
13:51
uh valuable thing that I won was a 4,000 dollar trip to Fashion Week in New York City. Uh I did not actually redeem this prize because first of all they didn't pay for travel and
14:00
I didn't live in New York. Second of all I wasn't that interested in going to Fashion Week anyway. And third of all you have to pay taxes on a 4,000 dollar prize which I was not psyched about. Um if you're not from the US you may be surprised to learn that you have to pay taxes on contest winnings in the United States. Uh and speaking of that yes I paid the taxes on the things that I won. Uh I never released the code for this in what may have been a futile
14:21
attempt to try to uh stem the flow of Twitter contest spam. Um but I wrote about it and people made their own version anyway. So there's a whole bunch on GitHub if you wanna look at some. Um most of them are fairly naive. I still get emails sometimes when people are like hey man I tried to make a version of that Python script and I got banned immediately. It's like well yeah. So if you if you look
14:44
through some of these there there are some things that uh in this talk that I don't think a lot of them implement that you could probably improve if you wanted to. Um so if you want to keep me from winning uh contests it's really simple. Um obviously I was not trying to do this stealthily and it turns
15:02
out that that didn't really matter. So if you're trying to prevent this kind of people from winning then all you gotta do is check to see if the person looks very obviously like a spam bot. If you would have gone to my page you would have seen that it's tweeting contests every 30 seconds without sleeping ever. It's probably not a person. Um weirdly there were
15:20
versions of this that I found. I was looking before I started to see if anyone had tried this before and um I know there was at least one or two people who were doing an extremely stealthy version of this. Um and cause the only reason I know is because he emailed me and said like hey I tried this too. Um and those it's unlikely uh you would ever be able to actually catch. But um I also saw some
15:41
examples of what looked like I don't know people who were kind of doing this manually. They would sit at their computer for like 4 or 5 hour stretches and just like literally do the exact same thing. Go through the search results and just retweet retweet retweet. Um so I guess it depends how much you want uh how insane you want your entrance to be able to be to be able to tell the
16:01
person who spends 4 hours versus a script. Um you can also try to make it harder uh to programmatically enter and you can do this by adding a second step like you know asking a question or something. This works okay but it's not great because um all you have to do because everything on Twitter is public is look to see what everyone else is
16:21
responding to this question about and then just repeat it. Um so this may stem like some really naive attempts. And you can also try running it on another platform. Um it seems like it's more difficult to make a legitimate looking fake Facebook account than it is a fake Twitter account. Um and it can also be tied to a real identity which Twitter
16:40
account obviously isn't. Um and finally you just have to accept the fact that if you're running a contest people are gonna try to game it. Ever since people have been running contests people have been trying to game them and that's kind of the way it's always gonna be. So that's just part of doing it. Um so again here's the list of stuff uh if you wanna look over it. Um and if you wanna follow me on Twitter I
17:02
guarantee it's 100% human generated content. Um then that's my username. Thanks.