elon musk tweet

“Authenticate All Real Humans” – How Can Elon Musk Combat Bots on Twitter?

Last week Elon Musk bought Twitter for $45b. His goal? Make the platform “free speech friendly.” But he faces a tough challenge: how to enable free speech without letting bots and bad actors run amok. Musk’s solution: “authenticate all real humans.”

But what does authenticating all real humans mean? During my nearly 20 years in identity technology I’ve worked hard to help educate businesses about what “authentication” means. So naturally when I heard Musk use the term authenticate I began to think of his true meaning, and how he might implement a strategy that makes Twitter open, usable, and bot-free. Or how he might take it one level further to match individual identities to each Twitter user.

Bots Vs. Humans

A very simple way to keep the bots off Twitter is to force users to perform a liveness check using facial recognition. Liveness checks are a feature of our Age Restricted Vending product, and are used in that instance to check that someone is not holding a photo up to a camera to scam the system. A liveness check can include actions such as:

  • Smile
  • Turn head side to side
  • Remove glasses
  • Remove mask

Liveness checks can be performed via selfie. The user simply uses the backward facing camera, and places their head inside an oval that is overlaid on the screen. They are then prompted to perform between 1 and 3 liveness checks. The program can then virtually confirm that they are a live human. 

Liveness checks can be performed and liveness can be validated in <5 seconds. This step could be done as a pass fail with no other identity verification or authentication checks. It would simply confirm that a real human is associated with the account. It would, however, exclude potential Twitter users who do not have access to a camera. Live humans would also, theoretically, be able to be verified on multiple accounts. So it would not necessarily solve the issue of call centers or troll farms where real humans are acting as bots. 

Mobile ID Validation

Liveness checks are a great option to ensure that Twitter users are real humans. But they don’t actually tie a user to a real human. To do this, Musk would need to perform some type of ID checking. The information on the ID could then be checked against self-reported information. Mobile ID validation is commonly used by banks and financial institutions for loan origination, and for online gaming to verify age. 

To perform ID verification remotely, the user would need to take front and back photos of their ID. Then two key things occur. One, the information on the front of the ID is read using optical character recognition, and matched to the information stored in the barcode. Then the barcode is scanned and reviewed for any issues, as many fakes contain issues inside the barcode itself. 

PII could be flushed after front and back matching, and/or checking against the existing Twitter database is performed. Or some combination of information could be retained. It all depends on the policies created when the system is set up. 

When combined with a selfie, mobile ID verification is a great way to match a digital identity to a real human, and perform some basic checks to ensure the ID is real. However, because phone cameras can’t perform UV/IR scanning, or look for holograms, they won’t be able to perform more stringent authentication.

ID verification is one of the three methods Twitter currently uses to confirm identities for the blue checkmark for verified accounts.

An actual photo of a troll farm – showing it is real humans, not “bots” that negatively impact the user experience on platforms such as Twitter

Mobile Authentication

So as I mentioned, authentication needs more sophisticated, powerful hardware such as the E-Seek M500 (used by the TSA) or the CR5400. These scanners include powerful cameras with high image resolution and several different types of light, so they are great at catching fake IDs. 

However, it isn’t practical for Twitter to physically authenticate everyone. A mobile solution is required. So to truly check for fakes and authenticate identity, a mobile authentication solution would be required. This is accomplished by checking identities against a third party database. It is a similar solution to what we provide for our cannabis delivery customers, who need to authenticate IDs in a mobile environment. 

Twitter would simply scan the back of the ID, containing the barcode, and then run a check against a trusted third party database (we offer both US and global checks). This would match a real individual to the account, confirming that the individual exists, and could perform additional checks such as location, which could mitigate foreign call centers using IDs.

Mobile authentication is typically priced per scan, with volume discounts applying at the scale in which Twitter would be operating. They would likely want to implement a stepped approach, in which their most high risk or controversial accounts are forced to go through the mobile authentication process first, or accounts are forced to undergo mobile authentication after a ban or a warning. 

Conclusion

In the end, it really comes down to the nuance of what Musk said. Does he want to match every Twitter account to a real human? Or does he just want to block obvious bots? If the former, will this information be public, like Facebook? Or will only Twitter know the true identities of users? And how will this work for companies? If removing bots is the true motive, then how will he eliminate call centers and farms that are behaving like bots?

Identity Fraud History

Return Fraud: What It Is and How to Prevent It

Return Fraud is a persistent problem for retail businesses today, resulting in billions of dollars in lost revenue and additional costs in the U.S. every year. According to the National Retail Federation, the world’s largest retail trade association, the surge in eCommerce since the onset of the Covid-19 pandemic has continued to drive return fraud losses even higher, with retailers losing more than $78.4 billion in 2021 alone. 

Read more

How to Protect Yourself from Cryptocurrency Fraud

How to Protect Yourself from Cryptocurrency Fraud

What You Need to Know to Protect Yourself from Cryptocurrency Fraud

Read more

identity proofing

Identity Proofing – an Easy to Understand Explanation of an Essential Business Security Process

The process of identity proofing is garnering renewed interest lately. As reputable businesses and savvy consumers work to protect themselves from the alarming increase in digital crime, identity theft, and fraud during the Covid-19 pandemic, the demand for proven security measures that mitigate the escalating risks has steadily grown to become one of the most critically urgent issues facing companies today. To meet this demand, business leaders must routinely take a hard look at their own security procedures and investigate the efficacy of their organizational defenses.

Read more
driver-license-security-features-hologram

The Most Common Security Features to Look for When Verifying IDs

Verifying the authenticity of a driver’s license and other forms of identification is one of the smartest things a business can do to protect its interests and foster growth. Read more

Benefits of DMV Data Verification Service

Benefits of DMV Data Verification Service

How will it improve and strengthen your identity authentication decisions?

Read more

How Your Company Can Prevent Account Takeovers

How Your Company Can Prevent Account Takeovers

What is account takeover?

Account takeover is when a cybercriminal gets access to a user’s login credentials for a website and poses as that user in order to make fraudulent purchases, access payment information for use elsewhere, or send out phishing scams. Read more

identity proofing

Mitigate Risk with Identity Verification

Recently everything has been moving digital. Digital transactions are booming and companies are necessarily embracing digital resources in order to grow. With more online capabilities, businesses are able to open themselves up to customers they may not otherwise have had – ones with time constraints that prevent face-to-face interactions, customers not located in their region, etc. Read more

Preventing Transaction Fraud in eCommerce

All kinds of eCommerce fraud have been on the rise in the last five to ten years. There’s no denying that as transactions have moved partially or fully online over time, fraudsters have jumped in to take advantage. Read more

Visually Catching a Fake ID

If I don’t have a scanner, how hard is it?

Read more