Twitter's iconic blue ticks came into existence circa 2009, when the platform was sued by a retired American baseball player named Tony La Russa who was allegedly impersonated by another user.
Instead of playing ball with La Russa, Twitter rolled out a verification mechanism designed to protect celebrities like him from being impersonated.
Though the lawsuit was dropped, the blue ticks managed to stick around until recently. On Thursday, 20 April, the Elon Musk-owned platform stripped verification from those users who hadn't paid up, and the next day, it seems to have reinstated the symbol for users (living or dead) with more than one million followers.
Learning lessons from the previous fiasco, Twitter has laid down ground rules on who is eligible for a blue tick, such as ensuring that the account has been active for the past 30 days, is at least 30 days old, and has a confirmed phone number, among others.
However, these rules haven't stopped imposter accounts from having a field day. For instance, a Disney account that was verified as an organisation (gold tick) actually turned out to be a parody account, according to a BBC report.
As the risk of impersonation on Twitter shoots up, how do you go about about telling real users from their digital doppelgängers?
Here are five workarounds.
Twitter Blue Ticks May Come and Go, but Here Are 5 Ways To Know Who's Legit
1. Workaround #1: Cross-Check
In order to determine if a Twitter account is held by the person that they're claiming to be, we return to how blue ticks were handed out prior to Musk's takeover of Twitter.
Back then, Twitter's verification process used to depend on the following factors:
Authenticity: In order to prove that one's account was authentic, an individual user would have had to either provide an official email address, link to an official website, or a valid government-issued ID such as driver's licence or passport.
Notability: A user was considered 'notable' if they had been in the news, if their name had been Googled, if they had a Wikipedia page, or if their follower count had put them in the top 0.05 percent locally.
Activity: The user's account would have had to be public at the time of applying for a blue tick and must have logged into that account in the last six months.
Now, it appears that the process of verification is less rigorous as it only involves paying for Twitter Blue and verifying your phone number. Hence, users with legacy blue ticks are more likely to be who they claim to be than the ones with (or without) paid blue ticks.
The easiest way to determine the legitimacy of a Twitter account would be to cross-verify the username of the said account with information that is available from credible websites and online sources.
For instance, here's a screenshot of The Quint's official Twitter handle. How do we know it's the right one?
(Screenshot: Twitter/@TheQuint)
Because this is the Twitter handle that we're redirected to via the link on The Quint's website.
(Screenshot: thequint.com)
These steps may help determine the legitimacy of an organisation, but what about the unverified handles of individual employees working at that organisation?
There's a hack for that too. Twitter's blue tick apocalypse has led to '@BBC' being verified as it has more than one million followers. But other affiliated accounts such as '@bbcpress' and '@BBCNewsPR' are unverified as they have smaller follower counts. In response, the verified handle of the BBC has started following all its affiliated accounts to lend them a mark of authenticity.
Expand2. Workaround #2: Wayback Machine
The second possible way of seeing whether a Twitter account was previously verified is to use the Wayback Machine. What's that?
"The Internet Archive Wayback Machine is a service that allows people to visit archived versions of Web sites. Visitors to the Wayback Machine can type in a URL, select a date range, and then begin surfing on an archived version of the Web," its website reads.
"Imagine surfing circa 1999 and looking at all the Y2K hype, or revisiting an older version of your favorite Web site," the page continues.
We demonstrate how to verify an account via the Wayback Machine, taking Olympic gold medallist Neeraj Chopra's unverified Twitter handle as an example.
- 01/04
Step 1: Copy the link of the concerned Twitter account.
(Screenshot: Twitter/@Neeraj_chopra1)
- 02/04
Step 2: Paste it in the URL box that appears when you visit https://archive.org/web/.
(Screenshot: Wayback Machine)
- 03/04
Step 3: The timeline that appears indicates the dates when that specific web page was archived. In this case, we need to look at an archived version of the Twitter page prior to October 2022, which is when Musk first announced paid verification for Twitter. In this screenshot, we see that there exists an archived version of Neeraj Chopra's Twitter page on 10 September 2022. Click on the date in blue.
(Screenshot: Wayback Machine)
- 04/04
Step 4: Voila! The blue tick is clearly visible next to the display name 'Neeraj Chopra'.
(Screenshot: Wayback Machine)
What does this tell us? It shows that the account with the username '@Neeraj_chopra1' had received a blue tick through the old system of verification, making it more likely that the account indeed belongs to the javelin star.
However, this method comes with limitations. There is a possibility that a particular Twitter handle hasn't been archived by the Wayback Machine, making this process futile.
Expand3. Workaround #3: Google Search Cache
To help brainstorm a few more workarounds, The Quint spoke to Karan Saini, a security technologist at the Centre for Internet and Society in Bengaluru.
"One way I can think of is Google Search cache. Google has been maintaining an index of whatever Twitter accounts are there," he said.
"Google cache used to be very visibly, very publicly available. Now there's no sort of dashboard where you can just enter the link and find it," security technologist Karan Saini said.
However, there are third party websites that generate the link for you given that Twitter is showing that this link has been indexed, Saini continued. Google also tells you when a particular page that you're trying to visit was cached, according to him.
- 01/05
Let's take this unverified handle of TMC MP Mahua Moitra as an example.
(Screenshot: Twitter/@MahuaMoitra)
- 02/05
Step 1: Search for the Twitter username on Google in the format shown in this screenshot.
(Screenshot: Google)
- 03/05
Step 2: Once the search results appear, identify a tweet prior to October 2022 and click on the three dots next to it. A pop-up box should appear as seen in this image, then proceed to copy the Twitter link in the box.
Note: Only choose a tweet that is from the concerned handle and not a tweet that has mentioned it. In this case, we chose Mahua Moitra's tweet from December 2021.
(Screenshot: Google)
- 04/05
Step 4: Paste that link in this free third party site called CachedView.com and hit the 'Google Web Cache' button.
(Screenshot: CachedView.com)
- 05/05
Step 5: The cached version of this tweet by Mahua Moitra bears the verified symbol. Hence, it is a legitimate account.
(Screenshot: CachedView.com)
However, this method is not foolproof either. Why? Because it depends on who you interact with on the platform.
"There can be certain Twitter accounts which are verified and they may not have interacted with any particular account that links back to them. Therefore, they may not show up on Google Search results," Saini explained.
He also mentioned that Google's cached files are periodically erased. "Depending on how Google is sort of updating its index and how Twitter sort of changes, these tweets may not be viable in a year. Because Google doesn't maintain an archive sort of thing. It just maintains the last time it was successfully able to query that page," he said.
Expand4. Workaround #4: Scanning User Activity & Replies
Shortly after President Murmu announced her candidature for the presidential elections in 2022, three Twitter users started impersonating Murmu who did not have a verified handle at the time.
WebQoof, the fact-checking unit of The Quint, was able to show that the impersonator accounts did not belong to President Murmu.
It was able to prove this through a combination of steps that essentially involved matching Twitter IDs as well as scanning replies and tweets for inconsistencies. You can read the full fact-check here.
While fact-checkers may use a slightly sophisticated process, there are simpler steps whereby you could search for tweets sent to the account whose legitimacy is in question:
Step 1: Copy the username of the account
Step 2: Paste it in the search bar on Twitter in the format (to:username)
Step 3: Scan the replies for any inconsistencies in the username that you searched and the username that has appeared
Take this WebQoof fact-check of fake accounts posing as former J&K Governor Satyapal Malik – again, someone who doesn't have a verified handle. You can clearly see that searching for tweets sent to the username '@Satyapalmalik_' pulls up a tweet tagging '@Deepakpunia_'. Thus, the account is fake.
A tweet sent to the account mentioned the username '@Deepakpunia_'
(Source: Twitter/Altered by The Quint)
And how do fact-checkers feel about Twitter's new verification method? (Hint: They're not thrilled)
"Fact-checking would become increasingly difficult with Musk's new Twitter Blue policy as a number of imposter accounts can be created easily and be used to disseminate disinformation," said Abhilash Mallick, the associate editor of WebQoof.
"The blue tick will boost tweets and content, meaning disinformation will also get a boost on the platform and reach more people, which already had a bigger audience than our fact-checks did," he added.
Expand5. Workaround #5: Scraped Data?
In January this year, there were multiple reports of a Twitter data breach. The email addresses of more than 200 million Twitter users had reportedly been stolen by hackers and posted on an online hacking forum.
The alleged data breach was first flagged by Alon Gal, the co-founder of Israeli cybersecurity firm Hudson Rock, as per Reuters. "This is one of the most significant leaks I've seen," the report quoted him as saying.
While the exact scale of the breach and when it happened is still unclear, the scraped data could possibly be used to hatch a workaround.
"So I think 200 million is the actual user count. And I do happen to have a copy of the database. And I think it goes up to 2021 or 2022," Karan Saini of CIS told The Quint.
"The way it worked is that they compiled a collection of 500 million email addresses and then sort of queried them against Twitter. Then, Twitter's API would return the name, how many followers that account had, the username, and just regular account details like description and whatnot," he said.
More importantly, it would show whether the account was verified or not, according to Saini.
"Now something like this could be made into a browser extension or website. Given that it is non-sensitive data, I don't think it really carries some kind of fine or jail time for whoever does something like this," Saini said.
However, the researcher's words came with an important disclaimer: "Advising people to sort of go out and get this leaked data wouldn't be ethical. And I think that may invite you into some trouble. But, for me personally, that is one way I can verify whether someone used to have a verification badge at the time of Twitter's compromise in 2021," he said.
Although, this method would only work if the email address of the concerned Twitter account was in the stolen database. "A lot of accounts aren't there," said Saini, adding that this may be because their information had never been publicly leaked before.
(At The Quint, we are answerable only to our audience. Play an active role in shaping our journalism by becoming a member. Because the truth is worth it.)
Expand
Workaround #1: Cross-Check
In order to determine if a Twitter account is held by the person that they're claiming to be, we return to how blue ticks were handed out prior to Musk's takeover of Twitter.
Back then, Twitter's verification process used to depend on the following factors:
Authenticity: In order to prove that one's account was authentic, an individual user would have had to either provide an official email address, link to an official website, or a valid government-issued ID such as driver's licence or passport.
Notability: A user was considered 'notable' if they had been in the news, if their name had been Googled, if they had a Wikipedia page, or if their follower count had put them in the top 0.05 percent locally.
Activity: The user's account would have had to be public at the time of applying for a blue tick and must have logged into that account in the last six months.
Now, it appears that the process of verification is less rigorous as it only involves paying for Twitter Blue and verifying your phone number. Hence, users with legacy blue ticks are more likely to be who they claim to be than the ones with (or without) paid blue ticks.
The easiest way to determine the legitimacy of a Twitter account would be to cross-verify the username of the said account with information that is available from credible websites and online sources.
For instance, here's a screenshot of The Quint's official Twitter handle. How do we know it's the right one?
(Screenshot: Twitter/@TheQuint)
Because this is the Twitter handle that we're redirected to via the link on The Quint's website.
(Screenshot: thequint.com)
These steps may help determine the legitimacy of an organisation, but what about the unverified handles of individual employees working at that organisation?
There's a hack for that too. Twitter's blue tick apocalypse has led to '@BBC' being verified as it has more than one million followers. But other affiliated accounts such as '@bbcpress' and '@BBCNewsPR' are unverified as they have smaller follower counts. In response, the verified handle of the BBC has started following all its affiliated accounts to lend them a mark of authenticity.
Workaround #2: Wayback Machine
The second possible way of seeing whether a Twitter account was previously verified is to use the Wayback Machine. What's that?
"The Internet Archive Wayback Machine is a service that allows people to visit archived versions of Web sites. Visitors to the Wayback Machine can type in a URL, select a date range, and then begin surfing on an archived version of the Web," its website reads.
"Imagine surfing circa 1999 and looking at all the Y2K hype, or revisiting an older version of your favorite Web site," the page continues.
We demonstrate how to verify an account via the Wayback Machine, taking Olympic gold medallist Neeraj Chopra's unverified Twitter handle as an example.
- 01/04
Step 1: Copy the link of the concerned Twitter account.
(Screenshot: Twitter/@Neeraj_chopra1)
- 02/04
Step 2: Paste it in the URL box that appears when you visit https://archive.org/web/.
(Screenshot: Wayback Machine)
- 03/04
Step 3: The timeline that appears indicates the dates when that specific web page was archived. In this case, we need to look at an archived version of the Twitter page prior to October 2022, which is when Musk first announced paid verification for Twitter. In this screenshot, we see that there exists an archived version of Neeraj Chopra's Twitter page on 10 September 2022. Click on the date in blue.
(Screenshot: Wayback Machine)
- 04/04
Step 4: Voila! The blue tick is clearly visible next to the display name 'Neeraj Chopra'.
(Screenshot: Wayback Machine)
What does this tell us? It shows that the account with the username '@Neeraj_chopra1' had received a blue tick through the old system of verification, making it more likely that the account indeed belongs to the javelin star.
However, this method comes with limitations. There is a possibility that a particular Twitter handle hasn't been archived by the Wayback Machine, making this process futile.
Workaround #3: Google Search Cache
To help brainstorm a few more workarounds, The Quint spoke to Karan Saini, a security technologist at the Centre for Internet and Society in Bengaluru.
"One way I can think of is Google Search cache. Google has been maintaining an index of whatever Twitter accounts are there," he said.
"Google cache used to be very visibly, very publicly available. Now there's no sort of dashboard where you can just enter the link and find it," security technologist Karan Saini said.
However, there are third party websites that generate the link for you given that Twitter is showing that this link has been indexed, Saini continued. Google also tells you when a particular page that you're trying to visit was cached, according to him.
- 01/05
Let's take this unverified handle of TMC MP Mahua Moitra as an example.
(Screenshot: Twitter/@MahuaMoitra)
- 02/05
Step 1: Search for the Twitter username on Google in the format shown in this screenshot.
(Screenshot: Google)
- 03/05
Step 2: Once the search results appear, identify a tweet prior to October 2022 and click on the three dots next to it. A pop-up box should appear as seen in this image, then proceed to copy the Twitter link in the box.
Note: Only choose a tweet that is from the concerned handle and not a tweet that has mentioned it. In this case, we chose Mahua Moitra's tweet from December 2021.
(Screenshot: Google)
- 04/05
Step 4: Paste that link in this free third party site called CachedView.com and hit the 'Google Web Cache' button.
(Screenshot: CachedView.com)
- 05/05
Step 5: The cached version of this tweet by Mahua Moitra bears the verified symbol. Hence, it is a legitimate account.
(Screenshot: CachedView.com)
However, this method is not foolproof either. Why? Because it depends on who you interact with on the platform.
"There can be certain Twitter accounts which are verified and they may not have interacted with any particular account that links back to them. Therefore, they may not show up on Google Search results," Saini explained.
He also mentioned that Google's cached files are periodically erased. "Depending on how Google is sort of updating its index and how Twitter sort of changes, these tweets may not be viable in a year. Because Google doesn't maintain an archive sort of thing. It just maintains the last time it was successfully able to query that page," he said.
Workaround #4: Scanning User Activity & Replies
Shortly after President Murmu announced her candidature for the presidential elections in 2022, three Twitter users started impersonating Murmu who did not have a verified handle at the time.
WebQoof, the fact-checking unit of The Quint, was able to show that the impersonator accounts did not belong to President Murmu.
It was able to prove this through a combination of steps that essentially involved matching Twitter IDs as well as scanning replies and tweets for inconsistencies. You can read the full fact-check here.
While fact-checkers may use a slightly sophisticated process, there are simpler steps whereby you could search for tweets sent to the account whose legitimacy is in question:
Step 1: Copy the username of the account
Step 2: Paste it in the search bar on Twitter in the format (to:username)
Step 3: Scan the replies for any inconsistencies in the username that you searched and the username that has appeared
Take this WebQoof fact-check of fake accounts posing as former J&K Governor Satyapal Malik – again, someone who doesn't have a verified handle. You can clearly see that searching for tweets sent to the username '@Satyapalmalik_' pulls up a tweet tagging '@Deepakpunia_'. Thus, the account is fake.
A tweet sent to the account mentioned the username '@Deepakpunia_'
(Source: Twitter/Altered by The Quint)
And how do fact-checkers feel about Twitter's new verification method? (Hint: They're not thrilled)
"Fact-checking would become increasingly difficult with Musk's new Twitter Blue policy as a number of imposter accounts can be created easily and be used to disseminate disinformation," said Abhilash Mallick, the associate editor of WebQoof.
"The blue tick will boost tweets and content, meaning disinformation will also get a boost on the platform and reach more people, which already had a bigger audience than our fact-checks did," he added.
Workaround #5: Scraped Data?
In January this year, there were multiple reports of a Twitter data breach. The email addresses of more than 200 million Twitter users had reportedly been stolen by hackers and posted on an online hacking forum.
The alleged data breach was first flagged by Alon Gal, the co-founder of Israeli cybersecurity firm Hudson Rock, as per Reuters. "This is one of the most significant leaks I've seen," the report quoted him as saying.
While the exact scale of the breach and when it happened is still unclear, the scraped data could possibly be used to hatch a workaround.
"So I think 200 million is the actual user count. And I do happen to have a copy of the database. And I think it goes up to 2021 or 2022," Karan Saini of CIS told The Quint.
"The way it worked is that they compiled a collection of 500 million email addresses and then sort of queried them against Twitter. Then, Twitter's API would return the name, how many followers that account had, the username, and just regular account details like description and whatnot," he said.
More importantly, it would show whether the account was verified or not, according to Saini.
"Now something like this could be made into a browser extension or website. Given that it is non-sensitive data, I don't think it really carries some kind of fine or jail time for whoever does something like this," Saini said.
However, the researcher's words came with an important disclaimer: "Advising people to sort of go out and get this leaked data wouldn't be ethical. And I think that may invite you into some trouble. But, for me personally, that is one way I can verify whether someone used to have a verification badge at the time of Twitter's compromise in 2021," he said.
Although, this method would only work if the email address of the concerned Twitter account was in the stolen database. "A lot of accounts aren't there," said Saini, adding that this may be because their information had never been publicly leaked before.
(At The Quint, we are answerable only to our audience. Play an active role in shaping our journalism by becoming a member. Because the truth is worth it.)