Puffing up the number of social media followers is just a click away

About 15,000 of singer Lady Gaga's 70 million online followers are said to be fake bots.
About 15,000 of singer Lady Gaga's 70 million online followers are said to be fake bots. PHOTO: REUTERS
Leonid Bershidsky
Updated
Jan 31, 2018, 05:00 AM
Published
Jan 31, 2018, 05:00 AM

Lady Gaga, not all your Internet followers are humans, with close to 15,000 estimated to be fake bots.

But how do the companies which peddle such fake accounts click?

A case study comes from a New York Times story about a company, Devumi, that has sold more than 200 million fake followers to celebrities and "influencers".

New York Attorney General Eric Schneiderman said his office has opened a probe into Devumi's "impersonation and deception". But the firm is just a tiny outfit with an office above a restaurant in Florida.

What needs to be investigated is to what extent social networks' user bases are fake and what benefits the giant companies that own them - Facebook, Google, Twitter - draw from the fakery.

Devumi does not appear to be a particularly sophisticated player in the large market for social media fraud. It acquired Twitter bots from shadowy operations such as Peakerr, Cheap Panel and YTbot and sold them with a mark-up.

Marketplaces exist for Facebook likes and fake reviews. People create Internet-of-things botnets that use routers and smart TVs infected with malware to register and exploit fake social network accounts.

Canadian cybersecurity researcher Masarah Paquet-Clouston and collaborators documented the activity of such a botnet, Linux/Moose, in a July 2017 paper.

In April last year, Mr Juan Echeverria and Mr Shi Zhou at University College London described a network of more than 350,000 Twitter bots that tweeted only quotes from novels based on Star Wars movies.

Even singer Lady Gaga counted 14,315 of the Star Wars bots among her more than 70 million followers.

The Devumi story focuses on Twitter, the easiest network to exploit because of its purposely lax identification policies.

Twitter followers are the cheapest on the black market. Devumi, which according to the Times charged US$17 (S$22) for 1,000 followers, was more expensive that most of the competition.

YouTube subscribers command the highest prices. Thanks to the way YouTube shares advertising revenue with content creators, they are potentially the most lucrative.

The most difficult part of launching a social media bot is registering a fake account.

On some networks, a bot must cheat Captcha robot detection. Others require a working telephone number, a feature bypassed via voice-over Internet telephony.

The registration barriers are never high enough that it would become prohibitively expensive for the bot farms to jump over them.

Ms Paquet-Clouston and her collaborators pointed out that to register accounts on Instagram, the Linux/Moose botnet simply generated e-mail addresses such as "Groe****elwub*nhwt@wzgvf.org" on the fly.

Instagram did not even check them by sending an e-mail with a confirmation link.

After failing to set serious entry barriers, the networks make a show of detecting and suspending the bots.

However, some - like the Star Wars botnet, set up as long ago as 2013 - avoid detection, with their creators knowing how the algorithms work.

Others are disposable: They are just needed to spread spam or help a political campaign. It is easy enough to produce more as needed.

Why are the account registration policies of the social media networks so lax? The usual argument is that they make it easier for dissidents living under oppressive regimes or whistle blowers to make their voices heard.

But these regimes tend to ban social media and develop detection mechanisms that work far better than the networks' algorithms to weed out fakes.

As a dissident or whistle blower, one would be extremely unwise to set up a public social media account - anonymous or not.

Another question is why the social platforms make users' follower and subscriber numbers, as well as the numbers of likes and shares, so easily available.

Taking them out of public access would remove the temptation to inflate them by paying for robotic "mercenaries".

It should be enough for all practical purposes to release the audience numbers to the user and, perhaps, advertisers, but not the world.

It is not right that the only estimates of the number of fake accounts come from the platforms.

Nor is it right for these companies' stock valuations and ability to attract advertisers to be based on their own, unaudited user numbers.

So far, the authorities have allowed this. In doing so, they have let the enormous fraud market develop.

WASHINGTON POST

•The writer is a Bloomberg View columnist.

Join ST's Telegram channel and get the latest breaking news delivered to you.

A version of this article appeared in the print edition of The Straits Times on January 31, 2018, with the headline Puffing up the number of social media followers is just a click away. Subscribe

Available for
iPhones and iPads
Available in
Google Play

MCI (P) 066/10/2023. Published by SPH Media Limited, Co. Regn. No. 202120748H. Copyright © 2024 SPH Media Limited. All rights reserved.

Back to the top