As the public combs through Elon Musk's Twitter feed for clues on how the billionaire entrepreneur intends to run the social media platform he's buying for US$44 billion, stands out: "authenticate all real humans."
That cryptic proposal is vague enough to keep people guessing about what Musk has in mind but specific enough that it offers several possible paths as he looks to shape Twitter more to his liking.
For example, Musk could seek to require real names on accounts. Or perhaps he may continue to allow pseudonyms but require photo identification, or integration with third-party services where users are already known.
Depending on the outcome, the plan could have big ramifications for Twitter's hundreds of millions of users.
Musk's drive to "authenticate" Twitter users stems from one of his biggest pet peeves with the platform: spam accounts, particularly those that push cryptocurrency scams. It's often not hard to find these accounts lurking in the replies to Musk's tweets; many even attempt to trade on his celebrity and lure the unsuspecting by impersonating him.
It didn't help that in the , Musk's verified account was affected by a widespread Twitter hack that resulted in users including former President Barack Obama and to Kanye West to unwittingly spreading a bitcoin scam. Cryptocurrency spam bots, , represent Twitter's "single most annoying problem."
Musk's diagnosis may reflect the experiences of a very particular type of user, but it so happens that this user will soon control the design of the platform. As part of his solution for battling cryptocurrency bots, Musk wants to make it easier to separate real from fake accounts under his proposal to "authenticate all real humans."
If the goal is to ensure that every account is tied to a flesh-and-blood person, the platform will need some way to verify they are real. One possibility is an expansion of Twitter's existing verification program. Currently, to , users have to supply a link to an official website that they're affiliated with, an official email address or a government-issued form of identification. Musk could stop short of requiring identification but require that users use their real names.
He could explore other methods too, such as linking accounts to credit cards or relying more on CAPTCHAs to defeat bots, said Jillian York, director for international freedom of expression at the digital rights group Electronic Frontier Foundation. (CAPTCHAs aren't a cure-all, however; as bots have grown more sophisticated, CAPTCHAs have had to become more and more difficult for humans to solve in what could be described as a technological arms race.)
Whatever method he chooses, York and other experts said Musk is likely to run into a host of challenges that complicate his plan that fall into two main categories: access and privacy.
Access is about ensuring that all people who wish to use Twitter can get on the platform. With a system that ties accounts to credit cards, for example, York said Twitter would risk excluding all those who don't have them. Maybe they're too young to have a credit card or they have poor credit and can't get approved. Maybe they don't like having their credit card transactions traded to data brokers or they just prefer using cash for cultural reasons. Tying authentication to consumer credit would "exclude millions of people," said York.
Then there's the issue of privacy. While many users may feel they have nothing to hide, a system that forces users to submit their personally identifiable information creates a single point of failure. Not only would more users have to trust Twitter not to abuse their personal information, but Twitter itself would become a much larger target for repressive governments (who could use legal demands to compel Twitter to hand over the information) or cybercriminals motivated by identity theft. Cybercriminals have even reportedly posed as real law enforcement agents to serve fraudulent government requests for tech company data. Twitter could promise to delete the records, but it would merely be mitigating a risk it created for itself.
The privacy issue is particularly worrisome to human rights groups, said Natalia Krapiva, an attorney at the digital rights group Access Now, "especially for people in countries like Russia and others where individuals get severely persecuted for criticizing the government or covering important political events like the protests, corruption, or the war in Ukraine."
Even a real-names policy could prove challenging. Facebook has some experience with this; the company was forced to in 2015 after critics pointed out that abuse victims and other vulnerable groups had good reasons to use pseudonyms. The changes at Facebook raised the bar for reporting a fake name and allowed users to provide reasons to the company why they avoid using their real names.
This points to how complex it can be to translate a simple-sounding principle such as "authenticate all real humans" into a functional product feature. The issue isn't the goal or the motivation; it's that humans are complicated creatures with personal circumstances that rarely fit neatly into boxes.
After years of trial and error, tech platforms have already developed important lessons about user authentication that could benefit Musk, said York.
"If he merely means things like CAPTCHAs, I think he's in for a surprise," said York. "He's talked a lot about how he'll get rid of bots, but Twitter's been trying to do that for years and I think he'll soon realize it's not an easy problem to solve."