Apr 5, 2013

Posted by in Featured, Geek | 3 comments

I wrote some code

The following is the starting point for a talk that I hope to eventually give at a meetup or two in Wellington. I’ve modified it to fit better in a blog format. I’m interested to hear your feedback on it.

A weekend

I want to tell you about a weekend I sat down and wrote some code, but before I get to there, let me tell you a little bit about me. My accent is a blend of English, Kiwi and American. I’m a geek in many ways and in 2010 I spent 3 months volunteering in Philippines, working with prostitute rescue ministries, and 3 months in Hawai’i, giving IT training and doing web development, but none of that is terribly relevant, because this isn’t about me, it’s about you.

Everything you do has an impact on the people around you. When you include the Internet, what you do can impact a lot of people. If I wanted you to leave here with one take away, it’s that you have the potential to improve the lives of a lot of people.

Everything starts small. Google started out in a garage, so did Apple. Overnight successes don’t just happen, they start as small efforts and eventually get noticed. Trace the history of successful people or companies and you’ll also find the failures that paved the way, so don’t expect to change the world overnight with a terminal, your favourite text editor and 15 cans of Red Bull.

But everything starts small and my small project took two afternoons of my weekend and a Monday evening. I wrote a twitter bot, let me tell you why.

Last year I came across a twitter bot called @NeedADebitCard which retweets photos of debit and credit cards that people have put on Twitter or Instagram. Some of you may have seen this already but for some it’s the first time. You’re right to ask “why would they do that?” I did too. I followed the bot, it became a personal reminder that people don’t understand security. I’ve never been interested in doing anything with the card numbers, but that doesn’t mean others have been so well behaved.

The main type of cards being photographed are most certainly personalised cards. Generally from Chase in the USA and Barclays in England. Many are brand new debit cards and don’t have much money on them.

It’s tempting to think “they shouldn’t be that stupid, this will teach them a lesson they deserve” but after a while I came to another conclusion – these people don’t realise just how silly they’ve been. This isn’t a case of stupidity, it’s poor education.

This change of viewpoint was very powerful – I stopped putting blame on the people posting the photos and started asking “how much education is available about the risk of credit card numbers?” my conclusion: not nearly enough. At this point I could have started blaming credit card companies, banks, Instagram, camera manufacturers, you name it.

But I have the Internet and with the Internet I can impact a lot of people. I know how silly it is to share a credit card number online and I can make a website that tells others about it. I made this one step simpler and did the absolute bare minimum – I added a page to my blog instead. It explains the danger of what they had done and urging them to cancel that card. I was feeling imaginative that day so I named it Cancel That Card. I registered a twitter account called @CancelThatCard and decided this was a great time to learn a new programming language and I’ve always wanted to do something in Python, so I did.

The end result is 72 lines of truly awful python code that follows the @NeedADebitCard account, sees when it retweets a photo and then tweets to the person who took it, suggesting they cancel that card. There are no smarts, no image recognition, no dedicated website, just a page with useful info and a bot that links people to it and that’s enough.

I set this running on my server and since then I’ve only made slight tweaks. Because it just keeps on running without my intervention I can go on holiday knowing that people are still getting warned about posting their photos. What I’ve done has not been difficult for me and I know many people who could have done it better than I have, but none of that matters.

I didn’t know how well this project would be received. 200+ tweets later I’ve had mostly positive feedback, some minor trolling and some interesting conversations with people who posted their cards and it all makes me want to keep going and improve what I’ve got so far.


Now I said this isn’t about me, it’s about you and I meant it. I have my project to work on, do you have yours? It doesn’t have to be geeky, it doesn’t have to use the Internet, it just needs to make a positive impact on the people around you. Maybe like me you’ve had something you’ve meant to get to for a while – start this weekend, book time in your calendar, sacrifice an evening of TV and get cracking.

I advocate for online because I’ve seen how far projects can spread and connect with people but the Internet can’t give you a hug and sometimes that’s the best thing you can do. Play to your strengths and go for something you’re good at.

Geeks are the ones with the power in the online world, but we’re limited by our desire to do the job perfectly. Ignore that, it stops you doing something good and you’re too busy to put the time into make it great. If the impact your work has is positive then be willing to write quick and dirty code to get there. While the bad code is helping people you can write good code – the end result is more people helped.

Now, pick your project and go make the world a bit better!

  1. Hi Ben,

    As a fellow dev, I appreciate what you’re doing with @cancelthatcard (and I hope Twitter’s recent API changes aren’t/haven’t had too much of an effect). I follow both @cancelthatcard and @needadebitcard on Twitter (as an aside…you might want to add a “.” before the user’s Twitter handle so that people who only follow @cancelthatcard see your tweets – although I can see there are probably reasons why you don’t do this) but, sadly, I’m not really surprised that this sort of thing goes on (shocked, yes), particularly given that the vast majority of the “offenders” appear to be under the age of 25 (with the odd exception).

    For me, the problem all comes down to the concept of the Digital Divide, which I (personally) think is misplaced as “younger people know how to use technology, older people don’t”. The way that I see it is that younger people *do* know how to work with technology, but they have comparatively little understanding about the security, privacy or, and this is the crucial bit, what goes on “under the hood” of tools like Twitter in terms of who can see the information (which I’ll come to shortly). Additionally, many of their parents may be just as “innocent” – while they might be more security/privacy aware, they may lack the technical/social knowledge of how Twitter works to understand the full implications of their offspring’s actions.

    For instance, I’d be interested to know if any research has been carried out into whether Twitter users (particularly those within the affected age group) know the difference between (1) how many followers they have, and (2) how many people can see their tweets. For example, if someone tweets, “Got a new debit card today, yay!”, do they think they’re only showing it off to 14 of their classmates (who make up all of their followers), or are they aware that the tweet can easily be found by anyone in the world? I had a look through some of the “Twitter Conversations” related to your RTs a while back, and I noted one of the “offenders” (I’m using that word again – not the right one, but I can’t think of another) saying something along the lines of “I’m amazed you found my photo”, not realising that simply searching for “credit card photo” in Twitter’s own search facility will almost certainly return his/her tweet at the top, if it has been recently posted.

    I’m not a “tinfoil hat” person at all, but this is why things like Facebook’s Home is scary. A small minority of kids are growing up willing, at best, to share private information without understanding the consequences or, at worst, are willing to share *everything* about their lives with *everyone*, and simply not care – if it gets them more followers/attention, great!

    So, what’s the solution? You mention “education”, but I’m not sure that’s the correct response, because (1) who educates them (their teachers/parents may not be the correct people), and (2) can we rely on “terms and conditions”, which may provide a list of dos and don’ts, but are unlikely to be read?

    Personally, I think the approach you are taking – in a way, a “crowdsourcing education” method – is the best approach, even if it does cause a little embarrassment or a few “My mum is going to kill me!” follow-up tweets. I’m always, always, always, against flaming/trolling, but even shock-value tweets such as “Thanks! I’ll use these details on Amazon!” responses might be enough to get the message across, as long as they’re done in a humorous way (e.g. a follow-up “Not really, but it’s not a good idea to post your…etc…” tweet).

    One final thing – I’d suggest changing your auto-tweet to something a bit less generic than what you have at the moment, which is:

    “Hi, I saw your credit/debit card photo, you should cancel that card. More info here:”

    I’d change it to (within 140 characters, obviously):

    “You posted a credit/debit card photo. This is not a good idea, as your details are now publicly available. More info here:”

    It’s a bit more hard-hitting and less friendly, but I’ve noticed that a couple of people have not removed the photo after receiving your tweet, suggesting it’s not “visible” enough, or it looks too much like a “spam” tweet and is therefore ignored.


    • Hi Graeme,

      I’m terribly sorry I took so long to approve your post. The blog should email me, but it looks like when I migrated servers that broke. I’ll look into it right after I reply to you.

      The twitter API 1.1 was fine to integrate with and I have https://github.com/bear/python-twitter to thank for that. The usage limits were also pretty simple to stay under.

      I deliberately chose not to [email protected] people because I didn’t want people following @CancelThatCard for the purpose of finding cards or people to message and taunt.

      In terms of crowd sourcing a response to this, I both agree and disagree. @NeedADebitCard gives visibility to the issue and does trigger that crowd response, but I think the crowd response thus far has been negative, sometimes to the point that people will argue with the crowd and keep the photo there to show they disagree.

      I still think that education is the answer. Even if it comes a bit too late it can stop you making the same mistake again. Your point about followers vs. people who see the tweet is well put – it’s easy to believe you’re hidden in the crowd when you’re not.

      I would love to see twitter deal with this directly, but until that happens I’m left doing what I can, which right now is trying to get the bot running again. It was suspended 3 weeks ago for repeated @mentions to people it doesn’t follow. Until I get that sorted I’ve had to turn it off, which is very disappointing.

      Here’s hoping it’s back soon.

    • Found the email issue – the new server didn’t have sendmail installed, the php mail() function was failing and WordPress is suppressing the error in that call.

      All fixed up now, so long as my spam filter doesn’t catch the emails :)

Leave a Comment