Now that I have been reading and absorbing data and clues on social media for the behavior of bots and sockpuppet accounts, it is getting easier for me to spot them.
While reviewing tweets about the affair in DC where a government contractor fired Juli Briskman for flipping the bird at Donald Trump from her road bike as his motorcade passed her, I came across a Twitter user named Therese tweeting a fairly standard slam against ms Briskman.
Using the hover button reveals the first clue:
251k tweets? That’s a lot of tweets…so I surfed over to her Twitter profile.
Clue #2 – only a Twitter member since October 2015, just over 2 years, and the account has tweeted 251k times? Quick math says an average of well over 300 Tweets a day. That’s a lot of tweets…
So then I ran “Therese” through foller.me analytics. The results for the tweet pattern are…not normal, at least not for a personally-operated account.
Note the two short periods of intense Tweeting (upwards of 30 tweets in a single hour), with a big separation. This is not a human tweeting randonly during the day.
So are there any further clues as to how “Therese” is generating some of those tweets? Well, yes, there are. Here is a snapshot of two recent tweets.
Note the “%s” characters at the end of the tweets. Those are string terminators used in Java and older version of Python.
Most probably, a lot of the activity on this account is automated, with the account’s controlling software (probably Python) running keyword searches for tweets, and copying those tweets into a table for re-tweeting. I suspect there is a bug in the code for copying tweets or embedding them in a posting script, which occasionally causes duplication of string terminators, thus leaving a second string terminator at the end of the re-posted Tweet.
Another interesting factoid: these tweets can be found, exactly the same, in other tweets by other Twitter users, even with the same %s spurious terminator. Other bots are propagating the same defective Tweet string.