Twitter Blue is what happens when you start treating a tool as a status symbol, so you throw the tools away and start selling gold-plated hammers made out of thin plastic.

As anticipated, they’re getting rid of “legacy” verification in favor of charging people $8/month for the privilege of having a blue checkmark next to their name.

Not that verification was perfect before, but most of the complaints I heard prior to the enmuskification were “wait, that person got verified but this person didn’t?”…essentially treating it as a status symbol, indicating who’s worthy of being verified, rather than one tool in the toolbox to indicate that the account really does belong to who it says it does.

Making the blue check mark mean “This person can afford $20/month” instead of “This person is who they say they are” is only the latest way Twitter has downgraded its signal/noise ratio over the years.

Word is that Twitter’s new owner is planning to charge $20/month for a blue check mark.

Which of course, means the blue checkmark will now be useless. Well, useless to the users of the site, anyway. It won’t tell you which of several accounts is really the person you’re looking for, just who has $20/month to spend on it. (Not that it was perfect, but at least it was a signal.)

It’s sort of like when SSL certificates went from being expensive and needing verification — so they were a sign that you were on the right website — to cheap and later free. Except an SSL/TLS cert still tells you something: your connection is protected from eavesdropping. The checkmark doesn’t tell you anything valuable.

But Twitter’s been messing with the signal/noise ratio for ages.

Downgrade the Signal

Ads themselves (or promoted tweets, or whatever you call them) are already adding noise. Then they started showing you other people’s “likes,” removing some meaning from the action and adding noise to the stream. These days they even show you tweets from people that people you follow are following.

On Mastodon I’ll sometimes get distracted from something I wanted to do or look for, but I can almost always get back to it. I’ll pop onto Twitter for 5 minutes to look for something and I’m there twice as long because I can’t find it in all the attention-grabbing “features.” The other day I decided to unfollow all the corporations and organizations and only keep the actual people on the list, and I still had trouble finding things.

I suppose from Twitter’s perspective it worked, because I was there for 10 minutes instead of 5…but it makes me less interested in coming back later.

Every bit of noise you add to a signal cuts down on how much value the listener gets out of it. Eventually the ratio is no longer worth it, and all that attention you managed to extract from them by ratcheting up the noise drops to zero.

OK, I appreciate that eBay has a dedicated email address for reporting phishing attempts. I appreciate that their abuse department is a lot busier than I am, and therefore has to rely heavily on form letters. And I appreciate that they’re making an effort to educate the public on how to spot phishing and avoid getting caught.

But when I forward them a message with the comment, “Here’s a sample of a blatant phish,” is it really necessary to reply with the full two-page notice explaining, “This is a spoof, we didn’t send it, here’s how to avoid it, blah blah blah” and the entire body of the original message, complete with the links to the phishing site?

I’d think in this case a simple, “Thanks for the report, we’ve notified the authorities” note would be sufficient, especially since the “how to spot a phish” stuff is already in the auto-response. All it takes is giving their abuse staff an extra choice for the form letter.

And under no circumstances should they be including the full, original text of the phish. At best, it’s asking for the response to get lost in a spam box or blocked outright. At worst, it’s a security risk waiting to happen (since this copy really did come from eBay). Somewhere in the middle is the risk of mucking up adaptive filters as they try to reconcile the original message, which was spam, with the new message, which isn’t.

Lost in the news about the IE7 Beta and Mozilla Corporation has been Opera’s decision to stop spoofing IE in its latest preview release.

So what is User-Agent spoofing? Well, let’s say someone decides that he’ll only allow blondes into an event. Depending on how its done, UA spoofing can be like wearing a blonde wig, or it can be like a brunette wearing a badge that says “Blonde.”

For several years, Opera has done the latter, basically wearing a badge that says “I’m Internet Explorer (wink, wink).” The sites with oversimplistic detection are fooled, but anyone paying attention can tell that it’s Opera.

The next question: Why is it even an issue? Well, web developers want to make sure that visitors will actually be able to see the site as intended, but it’s historically been easier to look for the browser’s name and version than figure out exactly what it can do. So developers often do the equivalent of asking someone whether they can speak French by asking them whether they live in France. You’ll get French speakers, but you’ll also block people from Quebec or Haiti, bilinguals, etc.

These days it’s recommended to check for capabilities, not to check the name of the browser and see if it’s on the approved list. It’s not always possible, since every browser has its own quirks, but it produces better results—and blocks fewer people who might otherwise be able to visit your website.