I love Twitter. An unabashed Twitter addict, friends and clients have figured out they can reach me faster there than by phone or email. I love Twitter so much, I have begun designing apps that utilize the api, which are not yet released. I preface this piece with this bit of info, because it pains me to have to bash the good people there in any way, but there is a big problem going on, that might hold lessons for other companies with web applications.
Some time back I wrote a post about how to launch a product. This one is about what to do when things go horribly wrong (and they will sometimes.) I’ve made up a new little term that I hope people will remember: CIA. When things go wrong, if you have even ONE user (and Twitter has hundreds-of-thousands active, millions registered), you are duty-bound to enact a policy of CIA to help the user base remain stable and calm.
CIA stands for “Communicate, Inform & Address” – I am borrowing it from the Central Intelligence Agency without permission because the sentiment is the same. But instead of keeping information private, in this case I am advocating sharing it with the people that matter most to your bottom line: your users.
This weekend, a totally stupid individual has decided to conduct phishing attacks on innocent Twitter users. The intent is to expose a Twitter vulnerability and publically humiliate people, from my vantage point. Other reasons could be to knock Twitter down, give it a bad name, or hurt its chances to earn revenue in early 2009, as they announced. The phishing attacks began last night and quickly escalated. Bloggers from news sites immediately began posting articles so that Twitter users could point others to them for information, which was helpful. But I wanted more information from Twitter about what they were doing, and what we could, as users, expect.
Here’s what they did last night:
A. They posted a “Warning” message in small text yesterday on the site, and linked to a short status update. Within a couple of hours they linked to this blog post which gave a bit more information. (It could have used an icon for attention & much larger text. This only appeared on the Twitter website itself, so those using clients did not see it.)
B. They sent 3 tweets from the @twitter account:
- ! be careful of DMs with a link to blogspot.com that seemingly redirects to Twitter.com and asks for your credentials (we’re on the case)
- Don’t Click That Link! http://tinyurl.com/9sste4
- Check out our blog post about “Phishing” http://tinyurl.com/88mas4
C. They did something to their app or the server, which seemed to make things better overnight at least.
Today, the phishing scam picked up steam again, with new and different messages and url’s. Some reported it on their blogs, but Twitter has done NOTHING visible to users. For the last several hours, I have been on Twitter communicating with concerned users and trying to track down information and piece together why this issue is still occuring.
A post went up today at a SANS security site that states: “It looks like the Twitter folks have it well under control” – I got this link from the list at yesterday’s blog post, which it points to, so they must have added it today. The problem is, yesterday’s news is no longer comforting when TODAY there is more stuff going on in your application. When this is extent of the security news coming out, how much can we trust that source for security information?
I am angry. Twitter has grown mighty fast, and they provide a great service for free, but the congratulations and revenue-generating plans are mighty premature when the site is notoriously buggy for basic functions, the free use of the api has created havoc, and users are largely ignored in times of crisis.
Why hasn’t anyone from Twitter responded to the Get Satisfaction question regarding this issue today? What is more important than this issue for the company? A football game? Frisbee in the California sunshine? Margarita’s on the patio? Shopping at the mall?
I could go on (and on), but Twitter’s problem and chaos surrounding it have sucked away too much of my life last night and today. Here is what I recommend for other web applications who face an issue of this type:
COMMUNICATE EARLY & OFTEN
When things are bad, your users NEED to hear from you, and if your brand does not contain the promise that you will be there for them, then you need to re-examine every single thing about your business. Don’t be a fairweather friend. The last communication from the @twitter account was 19 hours ago, and that is unacceptable. You better have your friendliest, most personable employee – I don’t care if it’s the receptionist or the CEO’s mother – out on the front lines, available and responsive, FOR THE DURATION OF THE CRISIS.
INFORM YOUR USERS – KEEP THEM IN THE LOOP
Having worked with numerous security companies, I know there are things you just don’t want to say. But you can keep your users informed with non-critical pieces of information that will provide the comfort they need to have some peace of mind. And their comfort levels affect your bottom line and brand reputation, so I don’t consider it optional.
ADDRESS USER’S CONCERNS
Even at the risk of repeating yourself and the tedium that goes with that, you have got to be willing to address user’s concerns if you operate a web application – free or not. This phishing incident is important to users… they are concerned about a number of things: the followers they have lost, the password they gave out, where the source of this problem is, what they can do about it next. If you don’t have all the answers, don’t be too damn proud and arrogant to admit it! In Twitter’s case, surely they could say who they are working with and what they are trying to do to STOP the messages from coming through on their system, as Matt Cutts did from his Twitter account regarding Google’s attempts to do what they can from their side.
Every single employee of Twitter, no matter what their role, EXCEPT those developers working round the clock to block the bad guys, should be visible and available today, on Twitter, making blog posts, sending an email out with info, and at the Get Satisfaction site responding to questions. This is what I would be rallying the troops to do if I worked for Twitter today, in any capacity.
I am horribly disappointed in them right now. I am EXTREMELY concerned about releasing a Twitter-related app that I have worked so hard to design because my company and my users may be on their own when it comes to big problems. I want the security of knowing Twitter is not too egotistical to learn from grave mistakes. Many users will give them a lot of license here, because they feel they get the service for free and they don’t deserve much else. I give them no room for error, because talking to users is relatively cheap and easy! I admire the product and community a great deal, so my standards are high for them now, because they have done a lot that is right. This weekend, my admiration is dropping by the hour, and it saddens me. I love the cottage industry that has sprung up around them… books, games, applications, niche information. I have great plans and ideas for my product, Twitterface. But I am worried about Twitter’s priorities and perception of themselves, if what I have been witnessing in the media and this weekend is the best they can do.
If you design, sell or develop web apps, is this how you want your users to feel?
Additional links:
Advice on What to Do if Phished
Visual of Tweets
One User’s Experience
Comments are welcome. I know everyone will not agree with me on this issue. I wish everyone a totally phish-free week. I just don’t know that we will get it.
Nice write-up. Very in-depth and informative rantiness! Gotta love it! I agree that they could have been a lot more proactive and forthcoming.
Kris,
This is an excellent post that clearly outlines the proper ways in which any service provider should effectively manage — and maintain — their users’ [positive] experience. And while it should be central to their business strategy, it’s one at which, unfortunately, Twitter continues to fail.
But what’s more disturbing to me is not that they’ve virtually ignored the issue, sweeping it under the proverbial rug with vague text and little reassurance that the problem is actually being addressed, it’s that this yet another example of their lack of focus — and commitment — to their loyal users.
A few months ago when they had a database issue that caused users to lose more than half of their contacts, they handled it in the exact same fashion — quick tweets, a short blog post and thinly veiled assurances that it was ‘being taken care of’ and ‘not to worry,’ cavalierly brushing user concern and outrage aside.
And users reacted much in the same way that you and I, and others, have today over this latest phishing scam. In fact, I wrote a post about it that was very similar to yours, offering them ideas and solutions for how to better manage user-facing issues in the future: http://jellyflux.wordpress.com/2008/07/24/when-youre-dealing-with-twits-you-might-as-well-call-it-quits/
But like the many support tickets that I’ve submitted in the past, it looks as though that advice was ignored, which only leads me to believe that yours will fall on deaf ears as well.
Is a potential security vulnerability a big issue? Yes. But it’s also one that can be corrected. Twitter’s ongoing disregard for the users who have made it a viable commodity in the market, on the other hand, cannot be so easily fixed with a few lines of code and some new protocols.
Like you, I am an active Twitterer and have remained loyal through all the bugs and glitches that continue to go unrepaired today, but the core problem is a management one, and if Twitter does not acknowledge — and support — the early adopters who have brought them into the mainstream, it does not instill confidence for what users can expect once they’ve instituted a revenue model.
The bottom line is that when you offer a service, regardless of whether it’s free, it is incumbent upon you to communicate with your users, address their concerns (even if you can’t fix them all right away), respond to them in a timely fashion and, overall, ensure the most positive experience possible. Users are far more likely to overlook technical errors and issues if they feel valued, and receive ongoing communications to keep them updated and informed.
It’s ironic that a transparent platform such as Twitter seems to have no transparency from the management team. It can only lead one to believe that they’re either too lazy, don’t care, or are ill equipped to manage even the most basic functions. They’d be well served taking a lesson from betas like SocialMedian and 12Seconds.tv whose regular updates and ongoing commitment — and respect — for their loyal users, have catapulted their success.
After all, without the users, Twitter is just a poorly architected, glorified chat room. If someone tweets and there’s no one around to hear it, does it make a sound? Or more aptly, will Twitter turn a profit?
Kris, I agree. I used to work in data processing. We kept our customers (other employees) frequently informed and ALWAYS overestimated resolution of problems. They knew who was in control in main console and would often ask to speak to specific techs.
Now as a business owner (math and calculus tutor), I have the same policy: I inform parents that I think that grades will not improve BEFORE the tests or the grade reports come out. I ALWAYS have an explanation AND a solution. So parents advertise for us. We haven’t spent ad dollars in almost ten years.
But Twitter is free. Surely, they are growing everyday. It would probably take a mass exodus for big changes to come, so what do you do? You are doing it. Your argument is extremely reasonable. Just be a squeaky wheel. Spread the word. That usually works.
Completely agree with you Kris. On top of the responsiveness the folks at Twitter have to think ahead. Twitter squatting, phishing, worms, scams, stolen IDs are all possible. Simple controls that prevent, for instance, sending tens of DMs per minute, will protect Twitter from a complete melt down. The connection to the SMS networks has wider repercussions. What if a Twitter worm spread on the Friday after Thanksgiving? Retailers would not appreciate a major breakdown of the phone systems just then.
-Stiennon
Kris,
Great post and the CIA approach is crisis communication 101. Every company who claims to make the customer their number 1 priority should embrace and implement this kind of plan. The only thing I would add to your approach is PREPARE…a company needs to have the CIA plan developed and ready to go when the event occurs.
Cheers,
Lisa, @lqualls4444
I appreciate everyone’s comments so much! Gennefer, your post is very interesting: http://jellyflux.wordpress.com/2008/07/24/when-youre-dealing-with-twits-you-might-as-well-call-it-quits/ I was just starting to actively use Twitter in July and I remember hearing about that issue, but it did not affect me. I have been joking about needing the equivalent of a Twitter email tree (like the old phone trees that activate to spread news around) and your post makes me think it really is important. I cherish my Twitter friends, which is why I get so irate about something potentially ruining the service.
Lisa, your point is so on target! At PentaSafe, the security software company in Houston where I worked, we had a team that defined crisis strategy, came up with concrete plans about what to do, and we were tested. Houston flooded the bottom of our building totally while we were in the middle of two important things: a product prototype we had promised a customer and a needed product update. The team organized everyone, including customer support who I think worked from home as phone calls were re-routed, and our IT guys climbed down tons of flights of stairs with our computers to bring them to us so we could all work from home and meet customer expectations. You made me remember that. What Twitter faced this weekend, and fell short of, seems even more inexcusable now.
Well said. I agree that Twitter should be doing much more about this. Ironically, I read in todays Boston GLobe an interview with the big cheese Biz Stone who was talking about how Twitter turned away a $500 million offer from Facebook to sell the company.
David, thank you for posting to this from your article, which complements this one greatly: http://www.webinknow.com/2009/01/attention-twitter-you-should-be-communicating-better-during-what-some-are-calling-a-crisis.html
I was pleased to see that today at http://blog.twitter.com there is a much more informative article on Monday Morning Madness. I fear though, that this was done more to comfort celebrities whose accounts were hacked today, moreso than the MILLIONS of users who make Twitter the popular place to be, every single day. I guess time will tell regarding their priorities.
I wasn’t here for this weekends debacle. That was a good thing as I was here for the other.I was impressed with the twitter community coming together to help police the situation. I, like, many others spent most of the day relaying information and fixes to people just coming on or plain ole clueless.
I’ve seen this happen to much more sophisticated forums run by the WSJ & Market Watch… I wrote a seething letter to the Community Forum telling them that if they honestly didn’t care enough about board forum issues than to sent out a form letter when they pulled something off the forum, never returned messages,and never communicated nor co-mingled with their clients than maybe they didn’t need any clients…..
On the other hand there is a big difference between the two as WSJ&MW were there to pull in a profit through advertising and numbers/responses to their articles where as for the moment this is a free application. However it does not show very much foresight on the part of Ev and the possibilities that this creation brings to the table. I have read through his pages and yes he will bend over backwards for the celebs, when he should be looking to see the who and when of what is driving Twitter. The possibilities are mind boggling and very frustrating to people like us who see that gift just sitting there layered with a thin layer of dust, just waiting for someone to pull the ribbon.
There really is no excusse as MSN and MSNBC used volunteers to monitor,pick up on glitches and either report them or find a a path around
Nice write-up. Very in-depth and informative rantiness! Gotta love it! I agree that they could have been a lot more proactive and forthcoming.
Well said. I agree that Twitter should be doing much more about this. Ironically, I read in todays Boston GLobe an interview with the big cheese Biz Stone who was talking about how Twitter turned away a $500 million offer from Facebook to sell the company.