[octosphere]

You need more than one single solitary account to do psyops on Twitter (I know - I regularly play around with Twitter sockpuppet accounts because I have inordinate amounts of free time to do research on the effects of a campaign, albeit small experimental campaigns :p). Twitter have since made it very difficult to keep an account in good standing if you are suspected of doing psyop-type things like auto-liking specific keywords, 'pouncing' on tweets that have just been sent so that you have the first few replies, constantly monitoring their search feature for specific keywords and engaging with others and spreading some sort of repeated message. Gaming the retweet and like count with several bot-accounts that all use the same IP and useragent will surely get you banned.

I think over the last few years Twitter have done a good job at filtering out bad actors, though like some game of whack-a-mole - bad actors continue to crop up and game Twitter using more novel methods. I suspect the new way of doing psyops is to buy multiple smartphones which all have separate IPs due to a GSM/4G network, and have different and distinct device fingerprints due to different Android versions in use. Then it's a case of constantly feeding the sim-cards with credit (to keep them registered on the network) and if prompted to verify a Twitter account with a phone number, you have a dedicated device for that.

[mattlutze]

The concern isn't that this person is writing posts on behalf of the British government.

The concern is that he influences editorial policy for Europe, the Middle East and Africa, while at the same time having a side gig with an agency that uses social media to shape conversations. It would unfortunately be very easy for his side gig to influence the decisions made in his day job, or at the very least very difficult for him to argue with impunity that it doesn't.

[CharlesColeman]

> I suspect the new way of doing psyops is to buy multiple smartphones which all have separate IPs due to a GSM/4G network, and have different and distinct useragents due to different Android versions in use.

That seems like a lot of enormously expensive trouble to do something that probably could be done a lot easier and cheaper: user agents are trivial to spoof and a sufficiently sophisticated attacker can probably just steal any needed IPs from legitimate organizations using BGP (I understand the hosters used by spammers already do this).

The only benefit I could think of for using actual smartphones is that they'd provide different, legitimate device fingerprinting results.

[octosphere]

I suppose it could be done a lot cheaper and easier, but don't forget the initial research required to figure out how to do it efficiently. All the trial and error required to create a set of OPSEC rules to abide by as you operate.

In terms of useragents, you are right that they are easy to spoof; I actually meant the device fingerprints aren't easy to spoof (Twitter probably looks at heuristics like screen resolution for example) which is why I would suggest getting a variety of different phones like a mix of legacy Android, newer model Samsungs, iPhones, etc So you have different screen resolutions (which are not trivial to spoof) even different timezones, along with a mix of other unique specs

One caveat to using hundreds (if not thousands of phones) is the cost. I get that. But remember these are the army we are talking about that have a large budget to spend on psyops and can actually pull something like that off. Another caveat to using phones is the lack of dexterity; using a phone is slower than using a desktop environment with keyboard, mouse, et al, although you can extend a phone with a keyboard for faster typing.

[concordDance]

> I actually meant the device fingerprints aren't easy to spoof

Device fingerprints aren't easy to spoof for the average IT nerd, they are trivial to spoof for NSA.

I know enough that I could probably spoof most websites given a couple of days of research and poking. Now, don't get me wrong, my odds of convincing Google I'm actually two people are basically nil, even NSA might struggle to just manufacture Googleproof identities, but device fingerprints themselves are pretty spoofable.

[ryacko]

You can spoof device fingerprints, but you can't spoof the top 100 common devices easily.

[bjourne]

So if the British military has a man on the inside, wouldn't that make the job orders of magnitudes easier for them? They wouldn't have to figure out how to game Twitter's algorithms themselves and would instead just ask Gordon MacMillan.

[cwkoss]

Probably-not-ethical study I'd like to try. Pick two innocuous subject that somewhat uncommon. Pick a group of target accounts, randomly divide in two, assign each group of accounts a 'target subject'. Whenever you see a tweet from one of these accounts that mentions target subject, have a bot network like the post. After running experiment for a period, measure whether the relative frequency of posting about each subject is different between groups.

Would be interesting if previously unrelated accounts in same targeting group would find each other. I suspect you could make a weird cult of 'asparagus enthusiasts' or something if you worked at it.