Twitter has been accused of covering up security flaws and prioritizing user growth over spam removal in a fiery whistleblower complaint from former security chief Peiter “Mudge” Zatko.
First reported by CNN and The Washington PostZatko alleges Twitter executives misled users, regulators and its board of directors about flaws in its security, privacy and spam detection systems.
It’s the latest in a series of crises for Twitter, which is embroiled in a lawsuit with billionaire Elon Musk, who is seeking to back out of his deal to buy the company after he stinks about the volume of spam on the platform.
Zatko claims Twitter lied to Musk about inducing him to delete spam. According to Zatko, executive bonuses are tied to their ability to increase the number of monetizable daily active users (mDAUs), but no incentive is offered to measure or clean up the “millions” of non-monetizable accounts on the platform. , which include spam. Twitter’s strategy, as described in the complaint, was to “deprioritize the health of the platform to focus on the growth of mDAU.”
Spam worsens the user experience on a platform – and not acting on it is “very short-term thinking” because it could have ripple effects on user growth, says partner Hilary Wolfe. and creative director of Hub SF.
Several advertising frames that United States campaign spoke had a similar concern: that Twitter’s audience would decline as a result of the whistleblower complaint.
Zatko’s Revelation also alleges serious privacy violations and potential foreign interference, including that Twitter employees installed spyware on their computers, and that executives knowingly risked exposing users’ identities in China to protect their earnings. Twitter is banned in China, but the company allows Chinese advertisers access to its global users.
Privacy researcher Zach Edwards described in a thread how Twitter’s Custom Audience product could, in theory, be used by Chinese authorities to identify users circumventing the country’s firewall.
Advertisers are worried
Advertisers don’t want to be associated with security risks or foreign interference and are asking their agencies if Twitter is brand safe. “If security is at risk, it looks like companies will want to cut their advertising budgets,” Wolfe said.
“Advertisers do not want to help lure potential customers into a scheme that could invade their privacy and lead them to become victims of crime. This is a moral, reputational and financial red line for marketers,” said Mark DiMassimo, Founder and Chief Creative Officer of DiMassimo Goldstein. “Twitter will have to explain why advertising on the platform is not a mortal danger for brands.”
Several high-profile Twitter accounts were hacked in July 2020, including that of former President Barack Obama. According to Zatko, the hack involved teenagers tricking Twitter employees into handing them their account passwords.
Sam Huston, chief strategy officer at 3Q/Dept, said Zatko’s allegations of how Twitter succumbed to grassroots hacks indicate a “very low level of security within Twitter, which could lead to reduced of mDAU and broader privacy concerns from advertisers and users”.
Concerns ≠ action
The platforms’ past crises, however, indicate that advertisers’ concerns rarely drive spending. Facebook ad spend grew steadily throughout the Cambridge Analytica scandalwhen a whistleblower revealed how data on millions of Facebook users had been improperly obtained for use in political campaigns.
This is partly due to the frequency of data breaches and system failures on major technology platforms. Currently, advertisers have become desensitized.
“It’s true that bot accounts, spam content and hacking issues are pervasive on Twitter, but these are similar issues that virtually every other social platform also faces,” said Mike Margolin, chief digital officer of Twitter. RPA. “It doesn’t appear that any of these companies are willing to hire the necessary manpower to complement their AI technology, which is the most cost-effective and investor-preferred method of combating spam and hacking. .”
Twitter also operates a much smaller advertising business than competitors like Google and Meta, so advertiser budgets are less impacted.
Kristie MacDonald, CEO of performance marketing company Huddled Masses, said Twitter “has always been a low priority for our midsize brand clients because the performance results just aren’t there.”
“This news gives us a clearer look at why deliverables weren’t strong enough to earn advertising money from clients,” she added.
Advertisers will take action, however, if they find their ad spend is wasted. Because the alert disclosure calls into question the reliability of Twitter’s systems, advertisers want to know that the data they’ve used to plan and buy campaigns is valid.
“In light of recent information, how could we validate and revalidate the base of current active users, their demographics, and the profiles we aligned with? How does this affect the metrics we measured and that we trusted from the start?” asked Doron Faktor, Director of Group Connections, Social at VMLY&R.
Twitter’s systems are under surveillance from the platform unveiled in April he had erroneous measurements for almost three years. Musk subpoenaed verification companies Integral Ad Science and DoubleVerify to find out if or how they audited Twitter’s user base.
But some are more concerned about Zatko’s motives than his allegations. RPA’s Margolin pointed out that “it is difficult to take accusations like this seriously, given the circumstances”. The complaint comes as Musk prepares a case to walk away from his $44 billion takeover deal, which goes to court in October. Zatko could also be a “disgruntled employee,” Margolin notes, after being fired in January.
“The timing is too suspicious to warrant significant new concern,” he said.
Twitter also dismissed the complaint in the press. The company did not return a request for comment.
The time for transparency
Although advertisers are not expected to remove Twitter from their media plans, continued instability could lead to reduced budgets. Twitter ad revenue growth slowed down in the second trimester to 2% from 23% in the first quarter, which it attributed in part to uncertainty surrounding its potential acquisition.
Twitter will need to regain the trust of advertisers in order to protect its revenue. Marla Kaplowitz, president and CEO of the trade association for agencies, the 4As, said Twitter’s “first and most important step” was to be transparent about its operations.
“Marketers and agencies need to understand the impact of these issues on brand safety and appropriateness, as well as consumer trust. The opportunity is to remind the industry of the protocols that have been put in place, as well as future efforts while sharing the benefits of new product offerings to support brand goals,” Kaplowitz added.
Specifically, 3Q’s Huston said Twitter will need to be more transparent about how it calculates its mDAU metric, which has been the focus of Musk’s probes.
DiMassimo suggested that Twitter should “be clear” and “end the trickle of revelations” with “a great tsunami of truth.”
“Show us what went wrong, then show us how it’s different and why it will stay different in the future,” he said.
The company will also need to outline exactly what security and safety measures it currently has, or is putting in place, to ensure accounts are safe from hacking or hijacking, Faktor said.
Wolfe suggested addressing specific concerns, such as modifying the bonus plan for executives and assigning payment penalties for security breaches.
Money talks too. Both DiMassimo and Wolfe suggested offering discounts to advertisers would help soften the blow.
Additional reporting by Alison Weissbrot and Brandon Doerrer.
This story originally appeared on United States campaign.