{"id":31991,"date":"2020-01-06T11:45:45","date_gmt":"2020-01-06T16:45:45","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=31991"},"modified":"2020-05-18T07:41:07","modified_gmt":"2020-05-18T11:41:07","slug":"twitter-epilepsy-attack-aftermath","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/twitter-epilepsy-attack-aftermath\/31991\/","title":{"rendered":"The aftermath of the Twitter epilepsy attack"},"content":{"rendered":"<p>November was National Epilepsy Awareness Month in the United States. Last November indeed saw a greater awareness of epilepsy, but most likely because of a scandalous attack: Internet trolls on Twitter used flashing animated images, and tagged <a href=\"https:\/\/twitter.com\/EpilepsyFdn\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">the Epilepsy Foundation<\/a>, to harm people by causing epileptic seizures.<\/p>\n<h2>How the attack worked<\/h2>\n<p>Epilepsy, a neurological disorder, is characterized by recurrent epileptic seizures. Every year more than 100,000 people die because of epilepsy. One of its common variants is <em>photosensitive epilepsy,<\/em> in which seizures can be triggered by flickering lights, and the attack targeted people with this form of epilepsy.<\/p>\n<p>Twitter users can post not only short text messages, but also images, videos, and animated images as well. The latter comes in two flavors: GIF and animated PNG (APNG). The two file types are largely the same, differing mainly in image quality and color depth, but in this case, the attackers took advantage of APNGs\u2019 ability to bypass Twitter\u2019s autoplay settings.<\/p>\n<p>Registered Twitter users can choose if they want GIFs and videos to start playing as soon as the media appears in their feeds. Users with epilepsy may turn off autoplay specifically to avoid animated content that could trigger a seizure, but until recently the setting did not apply to APNGs, which started playing automatically no matter what.<\/p>\n<p>Abusing APNGs was the core idea of the troll attack. According to CNN\u2019s report, more than 30 accounts <a href=\"https:\/\/edition.cnn.com\/2019\/12\/17\/tech\/epilepsy-strobe-twitter-attack-trnd\/index.html\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">posted tweets with strobing images<\/a>, tagging the Epilepsy Foundation and copying its hashtags. The images were mostly APNGs, so they started playing \u2014 and strobing \u2014 automatically. And during national awareness month, more people than usual were following the Epilepsy Foundation account and hashtags. Quite a few likely had photosensitive epilepsy.<\/p>\n<h2>After the attack<\/h2>\n<p>In the month that followed, a lot happened.<\/p>\n<ul>\n<li>Many major media outlets covered the attack, making 2019\u2019s National Epilepsy Awareness Month a month of awareness indeed.<\/li>\n<li>The Epilepsy Foundation <a href=\"https:\/\/www.epilepsy.com\/release\/2019\/12\/epilepsy-foundation-files-criminal-complaint-and-requests-investigation-response\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">filed a criminal complaint<\/a> and requested an investigation in response to the attack. We have yet to see where the story will go, but it\u2019s hard to disagree that the attack aimed to cause serious and widespread harm.<\/li>\n<li>For its part, Twitter made some tweaks to the platform, trying to prevent such attacks from happening again. First and foremost, the platform banned APNGs. Second, Twitter now prevents GIFs from appearing when someone searches for \u201cseizure.\u201d<\/li>\n<\/ul>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">We want everyone to have a safe experience on Twitter.<\/p>\n<p>APNGs were fun, but they don\u2019t respect autoplay settings, so we're removing the ability to add them to Tweets. This is for the safety of people with sensitivity to motion and flashing imagery, including those with epilepsy. <a href=\"https:\/\/t.co\/Suogtrop1u\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/Suogtrop1u<\/a><\/p>\n<p>\u2014 A11y (@XA11y) <a href=\"https:\/\/twitter.com\/XA11y\/status\/1209172620123394048?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">December 23, 2019<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<h2>Is banning APNGs enough?<\/h2>\n<p>The steps Twitter took were certainly helpful for preventing such attacks from happening in the future, but they may not be enough. And it is actually up to Twitter to do more.<\/p>\n<p>According to the Epilepsy Foundation, many people do not know that they have photosensitive epilepsy until they have a seizure. However, Twitter\u2019s autoplay setting is active by default, which means that for users who are unaware either of their own epilepsy or of Twitter\u2019s autoplay settings, GIFs and videos still play automatically, even if they contain strobing lights. That\u2019s dangerous.<\/p>\n<p>In addition to that, people who are not logged in to their Twitter accounts or who aren\u2019t registered with Twitter don\u2019t have any option at all. With autoplay on by default, if someone sends you a link to a tweet with animated images, they will play automatically.<\/p>\n<p>Last year\u2019s attack serves as yet another reminder that our physical and digital worlds are not separate. They merged long ago, and digital things affect people\u2019s health (and not only our own biology; we\u2019ll be covering the ecological impacts of our digital world soon as well) just as physical things have.<\/p>\n<p>People with photosensitive epilepsy do not go to nightclubs, where avoiding strobing lights would be impossible. Many movies and video games display a warning about strobing lights that may cause seizures. It would be nice to have something like that on the Internet as well, but unfortunately, we\u2019re not there yet.<\/p>\n<h2>Can you protect yourself?<\/h2>\n<p>We\u2019re not medical consultants here at Kaspersky, so our main suggestion for people who have, or suspect they have, epilepsy is to consult a specialist. As for Twitter, here\u2019s what you can do:<\/p>\n<ul>\n<li>Disable autoplay. To do that, go to <em>Settings and privacy<\/em> in your Twitter account, select <em>Accessibility,<\/em> choose <em>Autoplay,<\/em> and select <em>Never<\/em>. You will still be able to see videos and animated GIFs, but they will start playing only after you click on them.<\/li>\n<li>Pay attention to privacy settings. To prevent people you don\u2019t follow from sending you direct messages with unwanted content (such as strobing GIFs) in Twitter, go to <em>Settings and privacy<\/em>, choose <em>Privacy and Safety<\/em> and untick <em>Receive messages from anyone<\/em>.<\/li>\n<li>If you want to consider leaving Twitter for good, check out <a href=\"https:\/\/www.kaspersky.com\/blog\/how-to-delete-twitter\/24882\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">our post on how to delete your Twitter account and back up your content<\/a>. Keep in mind though, that if you get rid of your Twitter account but keep reading Twitter, you\u2019ll be subject to default settings, with autoplay on.<\/li>\n<\/ul>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kis-trial-privacy\">\n","protected":false},"excerpt":{"rendered":"<p>Twitter has taken actions to prevent attacks with strobing images on people with epilepsy. Are these actions sufficient?<\/p>\n","protected":false},"author":675,"featured_media":31992,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5],"tags":[111,43,83],"class_list":{"0":"post-31991","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"tag-attacks","9":"tag-privacy","10":"tag-twitter"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/twitter-epilepsy-attack-aftermath\/31991\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/twitter-epilepsy-attack-aftermath\/18366\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/twitter-epilepsy-attack-aftermath\/15241\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/twitter-epilepsy-attack-aftermath\/20111\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/twitter-epilepsy-attack-aftermath\/18428\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/twitter-epilepsy-attack-aftermath\/16847\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/twitter-epilepsy-attack-aftermath\/20847\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/twitter-epilepsy-attack-aftermath\/19611\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/twitter-epilepsy-attack-aftermath\/26004\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/twitter-epilepsy-attack-aftermath\/7529\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/twitter-epilepsy-attack-aftermath\/13590\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/twitter-epilepsy-attack-aftermath\/13865\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/twitter-epilepsy-attack-aftermath\/12627\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/twitter-epilepsy-attack-aftermath\/21855\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/twitter-epilepsy-attack-aftermath\/26516\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/twitter-epilepsy-attack-aftermath\/24776\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/twitter-epilepsy-attack-aftermath\/20816\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/twitter-epilepsy-attack-aftermath\/25652\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/twitter-epilepsy-attack-aftermath\/25483\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/twitter\/","name":"twitter"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/31991","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/675"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=31991"}],"version-history":[{"count":4,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/31991\/revisions"}],"predecessor-version":[{"id":35478,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/31991\/revisions\/35478"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/31992"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=31991"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=31991"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=31991"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}