Twitter Wants You to Build a Bot. So I Did
Twitter Wants You to Build a Bot. So I Did
For all the controversy about bots on Twitter, stoked most recently by Elon Musk’s aborted acquisition plans, it would seem reasonable to expect the company to close access to the platform and shy away from automation. Twitter Inc. is doing just the opposite, instead encouraging people to tap into its vast and open repository of data and build software around it.
In fact, it has a tutorial online — How to create a Twitter bot with v2 of the Twitter API — that walks you through the process step by step. So that’s what Bloomberg Opinion did. We successfully ran an automated account that retweeted trends, garnered a few dozen followers, and attracted thousands of visitors. This is what we learned about the process, and how interaction works on Twitter when an automated system is in charge.
Musk’s assertion that there’s far more bots on the system than Twitter has disclosed (it claims the figure is less than 5%) prompted the billionaire last week to call off his planned $44 billion takeover. The company has denied the allegation and said it will fight to have the acquisition enforced.
While Twitter was aware of our bot (I told them), the company wasn’t involved in the process nor was it given the account’s handle. The goal was to mimic how a spammer might set up a bot to spread misinformation or promote cryptocurrencies, two of the most common and unwanted uses of the platform.
The jargon can seem a bit scary to the uninitiated. Bot is a word that tends to elicit strong feelings. Yet it simply means a system that runs with some degree of automation — they’re neither good nor evil. API stands for application programming interface and functions as a guide map for accessing information on users, tweets, images and a lot of the statistics connected to them.
The first step in setting up a bot is to open a Twitter account, and then apply for developer access. You can do it with your existing handle if you like. A nefarious actor could do so anonymously by first opening up a free Google account, and then using that to log in to Twitter. A phone number was only required once, for authentication, and there are plenty of online services that provide free internet phone numbers to help maintain anonymity. This isn’t assured, though, as many internet protocol numbers are blocked from receiving the confirmation text message.
Getting approved to be a developer was far easier than expected. There’s a series of questions that ask what you’ll use the bot for, and whether you’ll share data with governments. You even have to write out a short explanation of your project. This process suggested that a human would review the application and respond within hours or days. In fact, it was automatic. Registration and approval took less than an hour.
Twitter later explained that this quick access is deliberate, not a flaw. New developers get put on a low tier, called Essentials, which has limits to how many times the bot can connect to its systems, post tweets and retweets, add users and so forth. Its strategy is to onboard people as quickly as possible so they can try out the platform and learn how to use it, while maintaining caps to mitigate misuse. If you want even deeper access, you can apply and pay a fee. Twitter also asks developers to voluntarily identify a bot-run account, but it doesn’t enforce the practice. Since many bots out there don’t seem to, I didn’t either.
Not wanting to trigger Twitter’s algorithms, we chose a generic name and profile with no connection to any personal accounts or Bloomberg. You can find it @BotofBots2022. After all, crypto bots and spammers don’t piggyback off well-known names. We followed @elonmusk, @bitcoin, @CoinMarketCap and @CoinBase to see which other accounts might be drawn to us (none of them followed back). That association seemed to do nothing for the bot’s follower count.
One thing that may surprise many Twitter users is just how much data is included in a single tweet. While the public will see basic content such as who posted it, tweet text, any images or links, and how many likes and retweets it garnered, there’s a whole lot more information tied to that post. This includes how many followers that user has and how many it follows. Language, location, and time zone information, as well as whether the tweet is withheld in certain countries (for copyright or other reasons), includes a web link to possibly sensitive information, or if translation has been enabled.
This bot was simple, dare I say boring. The initial test run had it searching for tweets with the hashtag #bot, and retweeting it. It was set to retweet just a few times per hour over the course of a few hours. A handful of accounts started following the bot, and they seemed to be human (but who knows).
After a few days playing around, it was time to switch tactics. One of the coolest features on Twitter is the data it compiles on trends. The API allows developers to download a list of the hottest topics by location. You can set it to worldwide, or home in on locales like the US or Paris. So the Python program was tweaked to grab this list, randomly choose one of the topics, find a post on that theme, and retweet it. This garnered a couple more followers, but not many.
Then we lit the afterburners. The bot retweeted 325 times in less than 30 minutes. From time to time it was stopped in its tracks with an automated message from Twitter’s servers saying that it was over the daily limit. So I put it to sleep for a few hours before starting again. It then managed 385 retweets in 26 minutes before again being halted by the cap. Overall the little bot managed 3,200 retweets within 24 hours and more than 7,000 within a few days. When the retweet rate rose so too did engagement, climbing to 40 followers. That doesn’t seem like much, but the bot only sent retweets and had nothing of discernible interest in its Twitter profile. At the time of writing, it had amassed more than 15,000 profile visits since its inception.
According to Twitter, the two topics that gain the most attention on its platform are crypto and porn, which helps explain why so many bots are built around these two themes. We made the choice not to add fuel to the fire of misinformation, especially in crypto, and so stuck only to existing trends. But even in that more generic sphere it became quickly evident that a high volume of posting is an easy way to drive follower count, which is crucial to pushing whatever (mis)information you have to offer.
It would have been extremely easy to configure this bot to tweet (instead of retweet) posts pumping cryptocurrencies, promoting scams or distributing links. And given the generous limits afforded even by the Essentials developer account that can be opened within an hour, there’s a lot of room for malicious actors to jump on and spray the platform with spam before being booted. In its defense, Twitter does have both human and automated systems in place to stop such malicious activity. It’s likely that our bot was too well-behaved to trigger any alarms. Executives were loath to share exactly how the company detects bad actors. It’s a relentless game of Whac-A-Mole and Twitter wants to avoid adversaries learning how to game the system.
The biggest takeaway from building a Twitter bot is understanding just how easy it is, and what a powerful tool it can be. Not all automated processes are evil, just as not all human accounts are good. But the platform’s automation makes it incredibly easy to boost usage — tweet on steroids. There are many great bots out there — posting cat pics, collating content, providing earthquake information, or sharing an inside joke. And there are many malign humans, too (we won’t name them).
Over time, and under new management should Musk end up owning the company, the world and Twitter itself may rethink its approach to automation. That would be a pity. There’s no doubt Twitter bots are being used for bad purposes, yet there are numerous cases where open access to Twitter’s data serves as a public good — including tracking the flow of misinformation by human-run accounts. Putting curbs on bots might be warranted, but getting rid of them entirely would be overkill.