Twitter Followers: Please Use the Correct Feed

The official Twitter feed for my blog is @schneierblog. The account @Bruce_Schneier also mirrors my blog, but it is not mine. I have nothing to do with it, and I don’t know who owns it.

Normally I wouldn’t mind, but the unofficial blog fails intermittently. Also, @Bruce_Schneier follows people who then think I’m following them. I’m not; I never log in to Twitter and I don’t follow anyone there.

So if you want to read my blog on Twitter, please make sure you’re following @schneierblog. If you are the person who runs the @Bruce_Schneier account—if anyone is even running it anymore—please e-mail me at the address on my Contact page.

And if anyone from the Twitter fraud department is reading this, please contact me. I know I can get the @Bruce_Schneier account deleted, but I don’t want to lose the 27,300 followers on it. What I want is to consolidate them with the 67,700 followers on my real account. There’s no way to explain this on the form to report Twitter impersonation. (Although maybe I should just delete the account. I didn’t do it 18 months ago when there were only 16,000 followers on that account, and look what happened. It’ll only be worse next year.)

EDITED TO ADD (7/2): It’s done. @Bruce_Schneier is gone.

Posted on June 30, 2015 at 1:16 PM25 Comments


andrew rich June 30, 2015 1:29 PM

Unfortunately Twitter doesn’t have any facility to merge accounts. They’ll delete an impersonator (eventually) if you report it, but can’t merge. They might possibly allow you to take over the account without deleting it though.

Rob Douglas June 30, 2015 1:31 PM

Yes, you should have the impersonation account deleted and you should also have Twitter mark (blue check mark) your account as a Verified account.

Justin June 30, 2015 1:53 PM

@Bruce Schneier

I’ll say it straight out. Complain and have that fake account deleted as soon as possible. Anything else is a waste of time. It’s a case of identity theft. Someone is impersonating you and communicating with others in your name. Don’t let vanity get in the way. As you well know (and have reported yourself) the followers on the fake twitter account may be fake themselves. If they want to follow you, they will simply have to find the correct feed.

You’ve just duly notified anybody who is actually following your blog and reading it here. If you’re a well-known personality in the security field, and you are going to be active on “social media,” you need to be pro-active about your own personal security, too.

Andrew June 30, 2015 2:00 PM

Since the fake @Bruce_Schneier twitter user only produces a portion of the headline, I think you really need to be short and punchy with your headlines in order to get it across to the followers (if the take @Bruce_Schneier publishes it.)

Something like:

“Fake @Bruce_Schneier fools twitter followers” will alert the people following the fake account, even if it is cut to two words.

I didn’t fully compare the two, but for Twitters “n followers you know” blurb on both pages, most of the people Twitter thinks I know follow both @schneierblog and @Bruce_Schneier, so you aren’t losing a full 10K of people by closing the fake account.

Archon June 30, 2015 2:09 PM

Rip the band-aid off, Bruce. The problem has only become twice as bad in two years, and while I’m not a Twitter user myself, from what little I know you don’t really have alternatives. (If anyone has any better an understanding, please correct me.)

While the user seems harmless and might well be, they’ve set up a MITM attack with a potential of hitting almost 30,000 victims. Do you really want to put yourself in a spot where one day you have to explain why you didn’t do anything about a (very public) MITM until after Fake!Bruce posted a link to CryptoLocker suggesting it was a new firewall or password safe everyone should have?

You’ve given warning with this post, so pull the plug. I’m sure anyone who didn’t just blindly follow you will find you again easily enough.

Bill P. Godfrey June 30, 2015 2:12 PM

You could add an item on the RSS with a title encrypting the IP of the requesting client. (So each client that requests the RSS is given a different article title that identifies their source.)

Once the robot publishes their own IP to twitter, you can then redirect future requests to a special RSS feed that does nothing but post regular “Please follow @schneierblog for all future updates.”

I’m not sure all that is worth the effort.

Bradford June 30, 2015 2:12 PM

Can’t you reach most of the likely perpetrators simply by speaking aloud using a clear voice?

CJD June 30, 2015 2:15 PM

I have it on good authority that it is actually an NSA account that is used to hit people that care about security with the quantum insert attacks.

*by on on good authority I mean that I completely made this up, but that it wouldn’t be shocking at all.

Jamie June 30, 2015 3:19 PM

Well, the good news is that although I was following the fake account, it dutifully tweeted the RSS of this post asking me and others to follow the correct account, which I’ve now done. Hopefully most if not all of those 27K followers will soon migrate themselves over to your real account, and Twitter will be able to help in cleaning up any stragglers. It might be worth reposting a variation of this blog entry over several days, so more people following the @Bruce_Schneier account will see it.

It’s my own fault for finding “your” account directly on Twitter, rather than coming first to your web site and using the Twitter link here. Non-vetting of Twitter accounts is both a blessing and a curse, depending on perspective.

rgaff June 30, 2015 3:40 PM

Just announce the change (as you’ve just done here with this post) and then delete the account… that’s the best way to merge. Anyone who cares will move themselves. You don’t want those who don’t care anyway (since most of those are probably fake or abandoned anyway).

anon June 30, 2015 5:08 PM

Bruce Schneier RSS ‏@Bruce_Schneier 3h3 hours ago
Twitter Followers: Please Use the Correct Feed
6 retweets 6 favorites

What would be interesting is if the phony account didn’t tweet this story…
It’s automated robot. lol

Dirk Praet June 30, 2015 7:03 PM

I’ve always wondered why both existed and delivered pretty much the same stuff. This finally clears it up.

Simon July 1, 2015 3:02 AM

One thing about the fake account is that he has a nicer photo (although still not perfect) attached to it. The official account has a small thumbnail photo that is blown up and blurry.

As others have stated the blue tick would help if you can get it. Even getting the other guy to put “unofficial” would help.

Cavender July 1, 2015 7:52 AM

Actually, there was a period a while ago where there were nothing but click bait style headlines, the general speculation was that this was Bruce’s gag canary

K.S. July 1, 2015 8:30 AM

I don’t use Twitter myself for obvious reasons, but potential threat of impersonation crossed my mind. Could anyone suggest a way to defend against impersonation while maintaining legal “no relationship, never agreed to EULA/TOS” status with these companies?

France July 1, 2015 9:49 AM


The CEA’s answer is: create accounts on facebook, twitter, then logout and forget them.

BoppingAround July 1, 2015 12:17 PM

France, K.S.,
But then, what will prevent someone from creating duplicate accounts and doing their whatever business from those dupes? Since it will be up to you to prove those dupes aren’t yours, it seems that not having any accounts (and being known for that) could do a better (or just equal) job.

Not mentioning that creating accounts violates K.S.’s ‘never agreed to EULA/TOS’ preference.

Petri Aukia July 1, 2015 1:10 PM

Wouldn’t the easy way be to
1) start following all the fake twitter account followers and
2) have the fake account deleted?


ER July 1, 2015 2:55 PM

With web and particularly social media activity becoming more integrated with credit reporting and identity and credential access management what behavior previously could be ignored should now be dealt with (though not necessarily in whack-a-mole fashion) as consequences to one’s person will likely be more harmful in the future.

Anon Y. Mouse July 2, 2015 4:26 AM


One thing about the fake account is that he has a nicer photo (although still not perfect) attached to it. The official account has a small thumbnail photo that is blown up and blurry.

Bruce Schneier encrypts all this personal data — even his face! You don’t
have the correct key to see his real appearance.

it's gone July 3, 2015 7:02 AM

I think the assumption (by some) that “fake twitter Bruce” was some sort of malicious impersonation is a little presumptuous. Looks like a bot setup to tweet your blog. Possibly due to the creator not knowing Not Fake Twitter Bruce had a twitter account. I didn’t know about that account(either account actually), so I see that speculation as more of a possibility from my viewpoint.

Account suspended anyway. Last tweet(backs up the bot theory) was…

Twitter Followers: Please Use the Correct Feed

Wouldn’t really call it “imitation” in the sense of trying to deceive(via my speculation). Though I can see how it would be annoying and look like it was trying to deceive. In reality though it was deceiving people into sending them to your blog, with the possibility and serious liability of personal communications being “stolen”, so obviously had to be shut down.

Anyway… One good thing to come out of it.
“Not Fake Twitter Bruce” was born. 🙂

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.