Some times you don't need to be a hacker or have excellent computer skills to "game" a platform like Steemit. Humans are typically the most exploitable component in a complex system that involves both computer code and human behavior. We've already seen how this had security implications due to our tendency to create weak passwords that can be cracked easily.

Humans can be "exploited" and "gamed" towards certain directions due to exploitable psychological vulnerabilities. Exploiting these vulnerabilities is usually called "social engineering". It's like practicing game theory against other players in order to trigger responses that are beneficial to you.

We will now see how this can have an effect on a network like Steemit...

10 Gaming Techniques for Steemit

1) Creating an upvote reciprocation "demand"

This will involve a bot or a human who will upvote a post and then write on the comments that they upvoted the author. It sublimely creates an expectation of reciprocation out of courtesy. It will typically exploit the kindness or naivety of an individual along with their ignorance on upvote dynamics (a vote worth 0$ that is "traded" with a vote worth 0.02$ or 2$ is a very one-sided deal). 

The "exchange" of upvotes may seem like an equal action of someone just clicking the vote button and someone else clicking the same button in return, but it isn't - due to the different amounts involved in what each vote is worth.

It is assumed by the bot owners (or humans), that most people will not reciprocate but the few who do will produce a lot of profit for the bot owner in the long run. It won't make one rich overnight, but if done on a multi-month horizon it can generate hundreds or thousands of dollars - with minimal effort except the automated "appeal" to one's kindness. The strategy may be improved by the addition of smart memes, cute photos / animations, etc.

2) Asking curators to curate articles by messaging them (0.001$ donation memo)

An author will typically send a message to whales and dolphins, attached as a memo to a small donation. The message will be in the form of a request to have their article reviewed. This process can be automated / scripted so that one can send messages to the top 1000 curators with just 1$. If the article gets 100-200-500$ it's one dollar ...very well spent. It is unlikely that the article will not get the 1$ in cost because curators will be like "ohhh look, this guy even sent me a message to see his post..." so they'll be positively pre-conditioned to upvote him as it appeals to their "bigger" status and how they can be the "gods" of determining the value of third-party posts. In a sense it is an indirect flattery to the dolphin or whale authority and power, and this "recognition" (implied in the request) may be "rewarded" through an upvote. All in all a very beneficial social strategy for those making the requests... at least until the method is recognized for what it is and it starts raining downvotes...

3) "Licking" the whales

Frequent mentioning of whales, tagging them, saying positive things etc etc in the hope of upvotes. This is a flattery scheme of whales and it can have varying degrees in its expression.

4) Being a steemit fanboy/fangirl

Similar to (3) but in the hopes that one will gather some kind of positive reward for their demonstrations of steemit support. Being an attractive "fangirl" can perhaps be an even bigger exploit due to whale demographics (most, if not all, are men - which can be "exploited" by the attractive female figure).

5) Networking between small-medium sized users

Small-medium sized voters can create connections so that they have a network of support and upvotes. We could say that human socializing and networking is just common sense, yet if one is upvoting material of others with no regard of the quality then it's by definition a gaming of the system. It may not hurt much in smaller size votes, because they don't add up to much even when combined quadratically, but it happens nonetheless.

6) Mapping whale bias and front-running it

Identifying whale preferences in terms of who they upvote and front-running their upvotes ahead of time. For example, if I know whale A votes for articles of user B, I can upvote user B as soon as I see their post. Thus when whale A upvotes user B, I'll get the curation reward.

Obviously, if I create a script to examine vote percentages of whales towards users etc etc, I can then "map" these relations and front-run the whales with a very high probability of their preferences.

One can also use a variation of this strategy by monitoring the transaction memos of whales where some people request reviews (exploit #2 mentioned earlier). If one does the review faster than the whale (which is likely), and the article is worth it, they can front-run the whale by upvoting it and then getting the curation reward.

7) Mapping areas of interest and either front-running curation or actively posting

This is similar to (6) but in a more generic fashion. For example, someone may map the patterns related to high upvote rates (steemit articles that appear intelligent or that seem well-formatted, verified girls in the introduceyourself section, verified celebrities coming onboard, etc) and get in before it starts "raining" big upvotes.

Aside from curation, one may actively post in areas that gather heavy upvoting by gaming the curator bias to their benefit. For example, writing articles about steemit, or making a splashy introduction.

8) Public calls of sympathy, threats of quitting and complaining of how life is unfair

You may have seen this often: Someone will write that they are discouraged by the rewards that they are getting and that they may as well quit because it doesn't work for them. And then they are touched by the magic wand that rains $$$ on them and their "hope in humanity (and steemit) is restored".

9) Semi-intelligent comments to gather author upvotes

Some authors (their patterns can be searched and thus mapped) will upvote those commenting on their own threads so as to reward intelligent discussion for their posts. Once these authors have been identified then their predictable tendency can be exploited against them by "participating" in their threads with semi-intelligent comments, winks, memes, etc so that comment authors can get some comment rewards.

10) Exploiting the short-attention span reader

Most readers with short attention spans can be exploited through the presentation of articles in a format suited to their "need" for a stimuli-fix. The mechanism requires a constant alternation of words and images that is more "stimulating" than a simple sequence of words. This fuels the ADD syndrome of the reader, while exploiting it monetarily in favor of the author.

The "format of success" can be mapped for its pattern and used to replicate success, even in articles that are sub-par.

I've described the phenomenon here: https://steemit.com/psychology/@alexgr/images-text-in-articles-the-winning-combo-or-a-stimuli-dope-that-fuels-add

(note: This article does not include this exploit to maximize monetary income for myself - although it does include exploit #7 by selecting a popular topic like steemit)

More exploits

The list is not in any way full. There is a very broad range of possible social engineering exploits that are used or that can be used on Steemit. You may want to mention some in the comments. I'm typically "exploitable" due to #9 where I tip comment authors but be warned my upvotes are limited and are only worth 0.01/0.02$.

Patching our "exploits"

Our "vulnerabilities" as humans that can be manipulated towards certain directions are not very unlike software code. The mere awareness of how we can be manipulated can go a long way towards "patching" ourselves to avoid it in the future.

Patching the platform

There is so much that a platform can do to work around the issue of human vulnerabilities. In some aspects like generating high entropy passwords, or reducing bot participation, it is doable. In others, not so much. Our behavior can be indirectly tweaked through algorithmic incentives but the human element will always be the biggest nightmare for coders that have to work around it.