I would imagine that it's possible that some of the people reading these comments might already know a lot more detail about Twitter/Facebook bots than this story goes into.
Although you fine folks might remember me from a few other projects, I'm currently a Graphics Editor at The New York Times. We're actively curious and interested in pursuing lines of inquiry about this sort of behavior, and if any HN'ers have any interesting leads or tips, I'd encourage you to get in touch. You can reach me at my username @nytimes.com, or email me and I'll send you my Signal number.
There's an angle that hasn't been explored that ought to be: a lot of news and political commentary websites used to run their own comment systems for articles or use pseudonymous services like Disqus, but these were overrun by "trolls" and spammers.
Many then switched to Facebook, presumably hoping that the "Real Name" policy would improve things.
The interesting thing is that clicking on many of the Facebook profiles on these comments leads to curiously sterile profiles, with a few friends. Some of the most vehemently pro-Trump comments seem to have originated from these accounts, especially on certain Conservative sites during the Republican Primary season.
Facebook seems to have no interest (or ability) to clean this up.
I don't doubt that many of the commenters praising Trump, or any other politician for that matter, may in fact be sockpuppet accounts, but I wonder if this might be a similar situation to what we saw with polling prior to the election in which Trump voters were less willing to admit to voting for him. I'm not actually sure if this was the case but I've heard it theorized that this is one of the reasons polling might have been so off.
Perhaps there are commenters unwilling to link their real FB identity to supporting Trump? On the other hand, I see plenty of people make outrageous statements online clearly linked to their real FB profile so maybe this isn't a widespread concern.
I mentioned that this happened on Conservative sites, and it was during the Primaries. It seems unlikely that, under those circumstances, people would be so shy about expressing their preferences.
Also these are not just stand-alone fake accounts with no friends created for making comments....these are curated to have enough details that make them look plausible to an unsophisticated automated detector (or overworked FB abuse department employee), but they have few friends, all with similar sorts of profiles, and no signs of activity except for posting comments.
I do agree that there was an element of "shyness" and self-censorship, but I expect it was from supporters of other candidates, who would not want their Real Names and identities to get embroiled in fights with fake profiles.
Good points, although I didn't mean to dispute that these were mostly fake accounts meant to push an agenda.
As a side note, I don't have a FB account so I don't know how this works but do your friends have the ability to see what comments you've made on sites using FB login for commenting?
I've seen enough people doxxed in various capacities that there are good reasons for this in general. You won't find anything on mine... if I even have one. I've been avoiding Facebook since the days it required a .edu email to sign up, for example.
That said, I'm sure that all the politicians have people who can drum up social media followers or spread whatever message they want. I don't think there's any conspiracy to it. It's not like we've gotten rid of email spam, either. This is just an extension of that.
While I wouldn't dismiss the chance that some of these people are fakes I would like to point out that despite being a techie (if not because of it?) I barely use Facebook anymore and if I hadn't been registered for a long time my Facebook profile would also be pretty barren. I also always had a policy of only "friending" people I know personally and privately. The only purpose of Facebook for me is keeping up with those friends and I rarely post anything and rarely do it publicly. I doubt I'm the only one using Facebook this way.
My Facebook account is so barren that it has never existed, but if I'm ever forced to create an account to deal with websites that assume everyone has a FB acct and can't deal with you otherwise, it will be as sterile as I can make it.
And my Twitter account is so sterile that no one I know follows me. And yet, it's a real account.
The thing is, do you have only 5-10 FB Friends with eerily similar sterile accounts in a little-self contained social graph? Have you added a college to your profile, but have no Friends from that college?
I've got a fake FB account for the same reason you describe, and I don't bother go to the efffort of puttiing in the sorts of fake details that these accounts have.
There's also privacy settings - unless Facebook have wiped all my settings since I last checked (they used to do this lots but don't seem to any more) you're not going to see basically anything without adding me. That's probably distinguishable from a fake if you look closely, but similar enough that those accounts might look the same if you're just taking a quick look at each account.
All that machine learning stuff is pretty much useless against human generated fake profiles, just like captcha is useless against human captcha solvers.
If you want another angle on the story, consider non-bot bots. (aka "sock puppets")
You have an argument with someone on twitter and the next second 4 or 5 newly formed eggs with 1 follower apiece pile in to defend the other POV, sometimes without regard to civility.
It could be a coincidence.
Or it could be that the person you were debating let their ID out in another way.
Edit: Just to be clear, I was talking about the Freudian "Id" in all caps, used these days as a short-hand for a sort of unfiltered emotional inner child, and not "I.D." which is short for identification.
There are certainly a great many interesting angles ;)
For a neat paper that actually has some nice hard evidence about what government production of social posts can look like, check out Gary King and co. at Harvard's exploration of Zhanggong, China:
These bots (and human run trolling accounts) have been widely reported on[1], but by many different organizations in different languages. Which seems to have made it not as widely known as it should be. I still see people arguing on twitter with what is clearly a bot.
I would like to see someone write the story of the overarching result of what a world will look like in an increasing internet-focused world, when disinformation campaigns can be funded by the highest bidder, and actual individual voices get drained out.
Try to remember the last time you heard anything positive about Russia.
Consider how it is compatible with the existence of Putin's troll army.
At the very least try to imagine the relative scale of money/power involved in the propaganda in the West compared to the rest of the world. (for reference, check military spendings)
>Try to remember the last time you heard anything positive about Russia.
Why would you assume the troll army is trying to make "Russia" look good? It's far more likely they would focus on individual goals like keeping the US out of Ukraine. Or making us look bad on the international stage to other countries. They don't need to look good, they just need us to look bad. Putin isn't an idiot, no amount of propaganda is going to change the fact that some of what happens in Russia will never be accepted by the rest of the world. He just needs to look better than the alternative. It's far easier to make us look bad than himself look good.
>Try to remember the last time you heard anything positive about Russia.
Consider how it is compatible with the existence of Putin's troll army.
This completely misses the point of what the troll army is there to do. It isn't aiming at convincing people of a point of view, but confusing the audience. You should read this story from 2015: http://www.bbc.com/news/world-europe-31962644
Online marketing is completely dominated by this type of activity. I tried to market through legitimate means only (paid ads, word of mouth, fair, legitimately-earned reviews and press coverage). A competitor showed up and exceeded our 1 year+ head start in two months with spammy tactics, including fake social media reviews.
It's impossible to win a competitive SEO game without a PBN for link manufacturing, a bunch of lackeys and bots posting on astroturfed accounts, and so forth. I learned that if I'm going to do another business that depends on traffic, there will be no option but to spam and turf aggressively.
Google's dirty secret is that it's been completely and thoroughly gamed for a long time now. People are just used to sorting through the crap.
I wonder if others share my interest in what legitimate businesses are doing.
For example, Hootsuite Amplify is a platform designed to dominate social media by making it easy for your company's employee base to share and promote curated content.
This has a similar effect to botnets, except it's not violating t&c.
We're entering a world where authentic conversation is harder and harder to find. Historically personal content such as emails and tweets are now carefully constructed and managed, but still presented as personal content.
> We're entering a world where authentic conversation is harder and harder to find.
I guess. When I was a youth you found authentic conversation by being in the world and meeting an authentic person and having a conversation. If we keep that definition constant then it's precisely as hard to find today as it has always been.
Anyone with $10 can go buy tens of thousands of followers. And they work. And stay for a fair while. I've done this a few times myself, it really doesn't take any more than a quick google search.
Not the OP, but I previously worked for a company that did this. We had tens of thousands of fake accounts on both Twitter and Facebook and had a script that would have them all (or specific sets) follow the same account at random points over the course of a few days (to avoid giving the client a few thousand followers instantly, which might draw attention). I can't remember full details since I wasn't involved, but I think we were charging $10 per 1,000 followers per network.
The customers were generally people trying to get their small business out there or some local thinking it could make them into an internet celebrity (I work in/around Scottsdale, AZ and there are a lot of people here that think like that).
We had a separate script that would check to make sure each account was still active once a day and if accounts were removed, they would be replenished automatically, although once a client lost a follower, it was gone and a new one didn't replace it for them.
It was all kinda shady and it was one of the numerous reasons I left that web agency (which went bankrupt a year later and is no more), but it apparently produced decent results since search ranking increased both on Twitter/Facebook and on Google. I'm unsure if it is still as effective, though; this was almost 4 years ago that I left.
Only time I've seen it first hand since was with a client trying to get famous. They made some YouTube videos and bought tens of thousands of YouTube subscribers from somewhere (we don't offer that at my current agency)
It was highly effective. Catapulted a few local businesses (I believe one gained enough exposure to open a second location) and a few temporary internet celebrities owed at least some of their fame to it.
That said, the latter example on YouTube was not effective at all, but that was probably because the content wasn't great.
not op, but this is essentially what SEO boils down to. More links to your site from legitimate sites with high page rank push your site up the natural listings.
It doesn't matter how 'pure' a site is, you can still buy a link, it just costs more.
It's all about looking at how the algorithm works, then gaming it. Tinker with Twitter and facebook, spend some money, keep the results secret. Sell this information. Do what works to your clients.
Bot nets work. For now. Does Twitter want to kill them? Maybe not, active accounts is a big number that they love to tell people.
I've bought fake followers before. It's actually fun. You'd be surprised how much of the "chattering class" will check your follower count before they decide if they should read and respond to your comments.
If you enjoy chiming in on national conversations then it's a cheap way to appear prestigious. Of course, you need to be able to argue well enough to not out yourself as some random joe.
Go over to google and put in the words "buy retweets". That's really not a problem. They have full control over the accounts (via either fake signups themselves or script kiddie iStealer means), so anything like that in demand enough is probably something you can buy.
A look at the history or content of mentions is probably the best bet to detect a faked account. Still, a clever person might slip by a cursory check.
Hell there are even Chrome plugins for free that'll get you followers, retweets and likes all automatically. Twitter is a joke. Anyone that takes their user count and interactions seriously on that platform is in for a bad time.
The answer probably isn't satisfying - pranks on friends, it's cheap and is usually a good laugh. 20k followers for around $10 found on a blackhat SEO site. 19.5k of which are still around after about a year.
You could totally use it for business purposes too - as a really shitty form of advertising or just to make your popularity look higher. I doubt it'd be too effective, but hey, it's cheap.
I'm familiar with this space and I think the biggest benefit is providing 'social proof' to new websites / startups / brands.
I know from my own experience when doing research on a company - whether it's a prospective client, vendor or competitor, I'll click through to their social properties to gauge their traction.
I definitely look at their engagement ratios to determine whether their social following is organic or fake, but I think typical consumers miss this.
Marketing and credibility. It's not about the followers, it's about the metrics. Whether it's Twitter followers, Facebook likes, GitHub stars or Hacker News upvotes -- if the metrics matter to someone, there's a market for manipulating them.
I'm actually surprised this is news to anyone. Some of my first Twitter followers were blatantly fake (unless vacuous Russian models are really into JavaScript programming all of a sudden) accounts trying to appear legitimate at a glance -- following random people and posting credibly arbitrary nonsense to avoid easy detection when they later follow/like whatever someone paid their owner to.
One thing I can think of is getting support from the "social media" arm of companies; if they believe you're an "influencer", you're likely to get white glove treatment (and may otherwise be ignored).
This reminds me of when I first heard of people buying "traffic" or "visitors" to their site --- being the type to not see the Internet in any commercial sense, the idea of paying to increase the bandwidth to your site (back in those days, bandwidth was not exactly cheap) was a bit puzzling... and then after seeing that many sites had ads and analytics, it all suddenly made sense.
I want to mention Reddit bots who copy user content to make karma and gain influence on Reddit. There is one kind that mostly copies images with karma in the 1.000s and repost them with the same title a year or two later.
To appear more legit these bots also copy user comments and post them to /r/askreddit in threads that are similar named but most often not exactly the same as the original post. I suspect that often this /r/askreddit thread is also created by another bot from the same farm.
I'm not sure what the owners do with these bots, but I suspect you could downvote views you don't like or upvote videos to the frontpage and make lots of views and money from that.
There are "I'm here to provide a service" bots which are almost always named appropriately. Like a reddit bot that links to IMDB or Wikipedia or converts between metric and imperial units.
The bots or sock puppets or fake accounts I mentioned don't provide any other value than copying old front-page material and repost it a year or 2 later without any indication that this isn't their own material.
I personally have thousands of Twitter accounts I control just for fun; I mostly use them for pranks, though in aggregate there are a few million followers between them (not sure how many duplicates there are, or, ironically, how many of their followers are bots). You can even buy software to create and manage Twitter accounts pretty easily in blackhat forums.
For mine, I scraped a bunch of Instagram pictures for photos, auto-generated a bunch of bios using a few basic parameters, e.g. "Beer lover, proud parent." Names were easy - the most popular first & last names from census records, mix and match. Grab a few lat/longs and convert them to the biggest US cities and you have a location, find some data source to tweet from (breaking news is easiest) and you have a fully automated, human-like Twitter account. For bonus points, Pick a random color toward the low ends of the hexadecimal range ( rand(a..c)++rand(0..f)++rand(a..c)++rand(0..f)++rand(a..c)++rand(0..f) works fine) and you even look like your page is personalized down to the color.
Start following random people and 10% follow back (even more if you follow people who are tweeting about similar keywords as you - kindred spirits I guess).
The only tricky part is making sure you don't cross lines with your IPs. You could buy/rent them privately, but you really only want to keep a few accounts (3-5) to each IP, so that gets expensive ($.75/IP/month) when you don't have a really good reason to use your accounts. You can scrape free listings for them, but those are nasty, slow, and can cause bans if Twitter decides to take down a whole range or if you are forced to switch IPs too quickly.
Device type, browser, etc. is easy to spoof.
Should you decide to, it's also really easy to change name, username, and profile picture of an account in the future. So if I wanted a few thousand Trump-supporting (or Trump-hating) sock puppets I could have them today.
If you don't want to buy/create/manage Twitter accounts yourself you can get access to what's called a "panel." A panel is basically an automated, coin-operated network of fake accounts that you can control at wholesale prices. Want 5,000 followers? Plug $1/1,000 followers into the panel, supply the username, and you'll have them in a couple of minutes. Or resell 5,000 followers for $25 and pocket the $20 difference. For example of a panel, see this ad on blackhatworld: https://www.blackhatworld.com/seo/the-biggest-smm-panel-yout.... Nothing special about this one, just the first I found when I googled. They're a dime a dozen.
I'm certain there are millions of fake accounts for every service imaginable.
I'm quite curious about this as a dabbling Twitter comedy content producer/dabbling Twitter developer.
Are there any services out there that sell followers which are less distinguishable from a basic bot account? Or to ask a related question, how much work goes into creating the illusion of authenticity? I'm interested in estimating the likelihood of a given user being real.
I don't really know of any "premium" services; it's just a matter of how much effort the creator puts in. I'm sure there's a spectrum, but I'm not sure how to analyze it/control for it or find more "legitimate" ones.
If you're looking to analyze the legitimacy of a Twitter user it would probably be from the content they tweet. Creating unique tweets is really difficult at scale, so most just retweet or pull from some data source. And if they create enough unique original, valuable content, well https://xkcd.com/810/. Watching people argue with Markov chain generators, incidentally, is one of my favorite things in the world.
There are quite a few services that attempt to determine what percentage of an account's followers are legitimate, but I'm not sure how they do it; probably each a different way.
As an aside, I did watch someone sell a famous author 100,000 twitter followers for $15,000, only to turn around and buy those followers for $100 and take his family to Disneyland.
I think it's silly that people downvoted me for being curious about a controversial topic. I would never pay for followers because the point is actual audience, not the perception of one. I'm interested in it because social networks interest me, and so does the problem of validation of users on social networks.
IP meaning internet protocol number? What about students on a campus network, where there may be hundreds coming from the same IP? And you are managing hundreds of different IPs for your Twitter accounts? How does that work?
I'm not sure about all of the details; I'm sure there are a variety of indicators that go into spam score and once you tip the spam threshold you're banned. So I would guess that students on a school network do things well enough to stay safe, but if you have 1,000 bot accounts on the same IP it's just a matter of time before they're all gone.
So if you want to manage a network of fake accounts I try to use a proxy IP or VPN to connect to each account every time you connect to/with it. (Also clear cookies/cache, spoof the same device, etc.) I'm sure better programmers could work around this by compensating in other ways, but I'm not sure how.
that isn't exactly how IP spoofing works: i'd argue for the most part, ip spoofing is just a DDoS hassle.
Its not very useful on a real service you intend to interact with (tcp/https require you to reply to those ip packets - it's not a fire and forget).
Going to be honest, I am bothered about people who use such bots to sway public opinion, troll or otherwise do harm to others. But, this is literally "Hacker News" and what he is describing is a hack, and his post is going into specific detail about how he achieved that hack.
Even if you disagree with people who use such hacks (I do too), it is interesting.
Just approach the providers - they have nothing to hide, they are not involved in any illegal activity, and they'll be very happy to have their name dropped in NYT.
"Buy social media followers" is a straightforward business.
It's like the battle that newspapers have against ad blockers in people's browsers. Twitter has to balance usability here.
People make fake accounts for everything everywhere for all sorts of reasons. Seems as though you stumbled on some fakes that may all be related (all posting starwars quotes) but maybe not. Could be just some off the shelf software that creates twitter accounts.
Probably a non-negligible percent of people with the job description "social media manager" create small armies of bots to do their bidding.
The first stop for any investigative journalist looking into this would have to be blackhatworld.com ... it has a really intimidating name but it's all just about marketing/spamming that violates terms of use.
> "Their potential threats are real and scary due to the sheer size of the botnet," he said.
Kind of overstates things. These accounts will likely be used for spam or advertising of some sort. Journalists have a distorted worldview when it comes to the importance of Twitter. I know you all love it, but the rest of the world doesn't really care.
Could NYT quantify - through experimentation - the value of a bot army as the "story"?
For instance a Tweet with 100 retweets is substantially more likely to generate additional retweets / be shown more by Twitter's algorithm / etc vs. a tweet with 10 retweets. And scale that up!
Easy to build an experiment and quantify even on a small level for NYT.
A few years ago, probably 3, it was very very easy to build your network of bots. Today is more difficult (those accounts don't last that long). I personally bought thousands and advertise my websites, you could get 10,000 visits per day in 1 day old sites. I can't imagine what you can do with money and a few people in your organization.
Every April Fool's Day I love to mess with family members. A (hypothetically) good effort:effect ratio I have found is Craigslist: Go into some large city's section (NYC, Austin, Sf, etc) and put up a listing for a 'free xbone' or a 'free PSS1', or something similarly typo'd. Explain that you are giving your kids' Xbone away because of a failing grade, you are moving overseas, your boyfriend cheated on you, etc. Then put down the number of the person to be pranked as the contact info. Now, here is the magic part: Specify that the callers for the free stuff must open the call with a Wookie sound, must text back in only haikus about salmon, must only refer to the xbox-one as a sausage, etc. It'll take the prank-ee a few hours to clear that mess up. This works wonders for April 1st day jokes, is fairly harmless, and generates a lot of fun stories.
The thing I am trying to say to the dear NYT reporter, is that you don't necessarily need bots to do this work for you, and not really even money either, just the promise of something for the low price of the time it takes to make a phone call is usually enough. Greed, I guess, works for a very low commission.
I understand it's all good-natured fun for you, but I'm glad I'm not in your family. You're making the world a worse place and wasting strangers' time.
Although you fine folks might remember me from a few other projects, I'm currently a Graphics Editor at The New York Times. We're actively curious and interested in pursuing lines of inquiry about this sort of behavior, and if any HN'ers have any interesting leads or tips, I'd encourage you to get in touch. You can reach me at my username @nytimes.com, or email me and I'll send you my Signal number.