Skip to main content

Avenger Bot

The Twitter API was one of the first available from a major Internet organization and it is probably the most used API worldwide, even though in the past few years Twitter has been making it tougher for developers to use it, you may check this as an example.

Not everybody is on Twitter but almost every company is, specially big telcos. Most of them even provide customer support through Twitter, and despite being usually terrible (the support), at least it is an open channel and you can share your frustration with other frustrated fellow customers.


So when one of the major telecommunications operators in Spain started aggressively chasing my mom and my whole family because someone used her name and national identity number to fraudulently buy services from them which were never paid (it seems they intentionally? have barely any security controls in place), I decided to take revenge on Twitter.

I've got very mad, Jazztel (the telco) was not interested in finding the truth whatsoever, they were accusing my mom of not paying her bills and threatening her to go to court, this telephonic conversation (in Spanish) proves it.

I've got inspiration from this post which I read a few months ago.
But my "avenger bot" is more sophisticated than that, it uses the Twitter streaming API to listen for tweets addressed to Jazztel and then reply to them with an angry complain (I am aware that it probably won't make any difference but at least it was a way to release my anger while learning something since it was technically challenging and I also found it interesting).


So the first thing I needed was a Twitter account under which my bot would run and then also a "Twitter app" in order to retrieve the four security keys required for authentication and authorization against the Twitter API.

Luckily I had all that from working on a previous pet project of mine, because since few months ago, Twitter forces new users of their API to register for a developer account and wait for the registration to (hopefully) be approved.

Then I started working on my bot, and after few evenings I had it ready, the whole source code (Java 8) is available on GitHub.

These are the main features:

- The four security keys:
    Consumer Key (API Key)
    Consumer Secret (API Secret)  
    Access Token
    Access Token Secret
are encrypted in the JSON configuration file and decrypted at runtime using a password stored in an environment variable.

- It uses very simple dependency injection through Spring Framework, I chose XML configuration over annotations because as Sam Atkinson said in his famous post more than four and a half years ago: I don't like magic.
I do not like to "code" in XML either, that is why I said "very simple dependency injection" before, I strongly believe that Spring (or any other DI framework for that matter) should be used just to wire beans together, nothing more, no smart/custom type conversions, no SpEL, etc...

- It implements the producer/consumer pattern using a blocking queue.

- The application properly shuts down (disconnecting gracefully from the stream of tweets) on Linux after receiving the WINCH signal by implementing the SignalHandler interface (the complete motivation and explanation of this shutdown mechanism deserves its own post which I may write in the near future).

- The bot uses Twitter4j library so I do not need to deal directly with REST/HTTP.

- There are no unit tests but at least some "tester" classes are included which helped me to validate the code as I was writing it.


After I completed the coding, I was ready to run it and see the bot in action.

The first time I started it, everything seemed to be working fine, every time a new tweet containing the keywords defined in the config.json was published, the bot would reply after waiting a semi-random amount of time.

But after an hour or so, I got the following ugly error:

Which meant that my application had been banned from publishing tweets, even though it could still read them.
I could see it also in the Twitter Web UI

But why? I had been cautious not to reach the Twitter API limits, my bot always waited for more than 2 and a half minutes between two consecutive tweet submissions, much longer than the 36 seconds which seems to be the limit.

After some research I found the answer in the Twitter spamming rules:

My bot randomly selects the content of the tweets from a pool of twenty texts, so after several tweets were published containing the same text, my application was banned.

Future work

Something that all software developers hate are loose requirements but they are everyday fare and whole methodologies such as Scrum have been created to tackle this issue.

In this case, several unanswered questions come to my mind:
What exactly makes two tweets "substantially similar"?
If two tweets contain the same words but the order is different does Twitter consider them duplicates?
What if only 80% of the words are the same? And what if 60%?
Is it ok to repeat the same tweet just once a day? Or maybe once a week?

The Twitter documentation intentionally does not answer these questions and the information available from other sources is quite ambiguous.
So my only option is experimentation and testing.

Does this mean that all the hassle was in vain? Absolutely not!
I had an idea, a challenge, and I went through with it.
Something bothered me and I did something about it (and I also enjoyed it).
So even though the result is not ideal (yet) because of some unforeseen limitation, the whole experience was totally worth it. I have got to experiment with something new to me and I also get the chance to share the whole episode with whoever my be interested in it.

Currently I am waiting for my Twitter developer request to be accepted so that I can create a new app. Once I am able to publish tweets using the API again, I may even do some research and throw in some AI in order to generate distinct enough tweets to be published without Twitter banning me...
So if I find a workaround, I may also launch my Avenger Bot against another company which disrespects their customer/passengers: SmartWings.
Stay tuned!


Popular posts from this blog

Shared Ledger Simulator

I have been interested in the shared/distributed ledger technology (a.k.a. block chain, a.k.a. the magic behind cryptocurrencies) for more than a year already but recently I had finally put real time and effort into it.

And since I believe that the best way to understand something is to get your hands dirty, that is what I have done, after I got a grasp of the core principles (or that is what I thought back then), I decided to code my own shared ledger simulator.

Initially, I also considered to look into the main existing code bases (e.g., the source code of the main/official Bitcoin client/miner or Ethereum's) since they are open source, but seeing code like thisput me off... That file is 3229 lines big!!! Plus it is written in C++.
Do not get me wrong, I truly believe Satoshi Nakamoto (i.e., whoever hides behind that name) is a genius and also a great software developer, but he/she/they for sure did not have readability as their main priority.

I also noticed that some other people h…

Complete (working) code to verify an Android app user phone number through SMS

Update from Thursday September 14th 2017: 
The very same day I posted this (the day before yesterday), I realized that it looked like Google had just made it effectively obsolete

I thought that at least I could claim that I chose a very demanded functionality to blog about, since Google decided to add a new API to provide this very same service.
Even the names are quite similar, I called it "SMS Verifier" and they call it "SMS Retriever".
But after looking into this new Google Services API, I found out that it requires to use a paid third-party service such as Twilio... very disappointing!
So my original post (which follows below) is still relevant after all, since it allows you to verify the user's phone number for free.

Original post: Tuesday September 12th 2017
It was about time for me to give back to the open source community, so I have just pushed the complete (working) code to verify the user's phone number from within an Android app to Github.

When I goo…

Apology not accepted

TL;DR: After being disrespected multiple times as customer by Smartwings airlines over the years, now I can finally have my little revenge by claiming 400 euros for a delayed flight. The airline sent me an insincere and pathetic apologetic email message. Apology not accepted.

I have been a regular customer of Smartwings airlines for quite a long time already.
It was not by choice. The reason I fly with them is because it is the only airline which flies directly from Prague (where I live) to Valencia (my hometown).
Although I appreciate that they include 15 kg of check-in luggage at no extra charge, the ticket prices are quite high compared to other low-cost airlines (Wizzair and Ryanair, for example).

Also, they do not seem to care much about their customers. Several times they cancelled a flight just few days before the departure date due to "operational reasons". It would seem to me that the real reason was that they did not sale as many tickets for that flight as they expecte…