[Steemit Etiquette] Using 95+ Bot Accounts to Upvote your own Content. Fair Game or Not Cool?

in steemit •  2 years ago

A Front Page post from @anyx used 95+ Bot Accounts to Upvote his own content. Fair Game or Not Cool?

I noticed today on the front page a post from @anyx:
https://steemit.com/steemit/@anyx/reputation-and-the-bot-crisis-sybils-and-cheetah

It was a great post about cheetah and other bots in relation to the upcoming reputation system. What I found however is that @anyx used 95+ of his bot accounts to upvote his content. In the following I will discuss:

  1. Why Vote Manipulation is Bad
  2. Implications of Vote Manipulation
  3. Present and Discuss the Evidence in the Case of @anyx

Why Vote Manipulation is Bad: Higher Hot Ranking

The more users or bots upvote content the higher it will ends up in the hot category. This will helps to get more visibility and get even more votes. The following example shows the first page of the Hot category. You can clearly see that in spite of a much lower vote weight (payout value) some posts rank higher because of more votes being cast:


In the above image we see that older content with a lower payout ranks higher than content with a higher payout. The reason: More Total Upvotes

Why Vote Manipulation is Bad: Imitating High Minnow Support

A second effect is that users will think that the upvotes represent real users and assume that a post has a high minnow support. Something that a dolphin or a whale may want to support. In this case though these are not real minnows but only bots - this fakes support.

Implications of Vote Manipulation

If this is fair game than probably everyone should be encouraged to manipulate their vote count by using their own bots in the future. After all this would just level the playing field.

If @anyx uses 95 Bots why can I not use 5000 Bots to upvote my next post?

@anyx voted openly with his own bots. Next time (or already) a sophisticated hacker might just use names which appear as minnows instead. We cannot distinguish between Bots and Minnows. The degree of manipulation that is allowed on Steemit is undefined. @dantheman is working on a solution using a reputation system which is great! However, it may take a few iterations until it is released and it will likely not be bulletproof very soon; Processes like captchas, post count, comments can be circumvented using scripts built with mechanical turk to still create 1000s of Bots per hour with low financial investment. Given enough effort and resources most systems can be cracked or in this case flooded with bots.

In fact, just making it more difficult to create new verified accounts just makes vote manipulation more difficult for the average Joes which puts them at a further disadvantage.

This issue becomes a known philosophical / social problem: The Tragedy of the Commons. The only final resolution is that Bots and Minnows have the same degree of influence: None. While this would prevent vote manipulation once and for all it is likely a last resort as this would greatly harm steemit's democracy.

Case @anyx: The Evidence

This is what I found on the vote distribution on one of @anyx posts [SOURCE]:




As you can see @anyx used his 95+ bot army to vote for himself: @anyx01@anyx45 and @cheetah00@cheetah50

This is not the first time this has happened, as you can see

Vote Spamming has happened before, but I have not seen it being done by a high profile steem member so openly and so often. I am not accusing @anyx of malicious intent, everyone needs to make up their own mind. These are the facts:

  1. @anyx used about 95+ of his newly created Bots to upvote his own content: Casting 95+ votes manipulates the vote count and visibility in the "Hot category". The average user and the system will assume minnows voted instead of bots.
  2. @anyx used bot names that are clearly associated with him: It is quite obvious that these are @anyx bots just by looking at the names. This was an open action for everyone to see. If it was truly done to manipulate his content to the top then he probably would have done it in a smarter way. However, this action still manipulated the vote count, ranking and as a result payout.

@anyx garnered a lot of respect from other steemers as steemrollin puts it:

So there's been a lot of talk of bots, plagiarism, catfishing and deception on Steemit and a lot of it is probably to be expected. I'm actually surprised that there hasn't been more of it, but thanks to bots like Cheetah and enforcers in the community there has been far less abuse.

It almost sounds like a contradiction. @anyx created @cheetah to fight against spam and bots. He is someone who built a great deal of trust and is one of the most respected members; he also runs a witness node. Yet, the more surprising it is that he openly used 95+ of his own Bots to upvote his own content.

Is Vote Manipulation against the Steemit Etiquette? Please let me know your thoughts in the comments!

UPDATE: @anyx upvoted this post with 150 Bots to show how broken the system is:

This Post has little payout and most upvotes are done by Bots on this Post. As you can see in the above image it appears at the top of the Hot category - proof of how easily it can be manipulated by anyone at the moment.

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

Yep, I do this openly with obvious accounts to garner attention to how stupid sybil attacks are currently, how stupid easy it is to make accounts and game the Hot section, and the vote count. This is what the sybil section on my recent post (this one) was about. I want attention so that the devs make better ways to counter this. This is why I was hoping to get dev attention with my post, sybils are a problem. So thank you for giving this even more notice! Not everyone read my section on sybils.

I did this in previous posts to test my theory (if I could skyrocket up hot). You will notice I only tested on posts that I expected to trend anyway -- my photography is not that great, yet! :)

In my post, you can see my discussion on how miners have many accounts and wish to use all their Steem Power to upvote their own content, but this causes a sybil attack on Hot, which is unfortunate. How do I use my mining power? I earned it, can I not upvote my own content with my power?

It is a tough question, and you can see my suggestion in my post to have an official channel to do this (via vote proxies). I would much rather use an official channel.

Smooth also responded to my post with a great suggestion to remove the "vote count" or even the Hot section all together, and I agree with him.

·

Yep, I do this openly with obvious accounts to garner attention to how stupid sybil attacks are currently, how stupid easy it is to make accounts and game the Hot section, and the vote count.

Fair enough, but it would be more effective to sybil a post that explains the problem rather than a random Cheetah related post. Some posts like an exploit report that would hang on the top of the ranking for weeks is sure to push the message unambiguously.

·
·

I tested at first, and then I tried to talk about sybils in my latest post. In retrospect I agree, I should have been more clear that I was trying to break things -- e.g. just make a single post about sybils and push that one (not just as one of the 3 topics in my last post).
The more attention we get the better, at least, so we can fix the problem. See smooth's response as well for some more insight and how to fix it.

·
·
·

See also this newly created a Bug Report.
There is an on-going discussion on how to fix this issue with the steem Devs: https://github.com/steemit/steem/issues/233

Both Hot and the Vote Count can be easily manipulated to make an article more visible and thus indirectly increase payout.
Using the API we can easily create hundred of accounts whenever a POW is found. In fact this behaviour is encouraged in order to mine continuously, or we are penalized. However when duplicate accounts are used to upvote content than it skyrockets in the Hot section. Also the vote count is misleading as it suggest that many low steem power users support the post although it is actually the same person.
The below image is a an example. It was upvoted with 150 Bot accounts and appears at the top of the Hot section although there is little payout associated with it.

·
·
·

You're worse than Dr. Gero! The work is appreciated however to help prevent future Dr. Gero's on here.

·

Great to have you on this @anyx

I earned it, can I not upvote my own content with my power

Absolutely! But more awareness needs to be raised on this. It essentially means that the number of people that have voted on a post is meaningless. Also as you pointed out in your article the hot algorithm is broken.

The average must be empowered to do the same e.g. create 90+ Bot accounts to vote for their own post to level the playing field.

I do this openly with obvious accounts

I have acknowledged this in the above article and I am not saying it was done with malicious intent. It was however manipulating the vote count.

·
·

I would argue I am being outright malicious. I completely admit to it in my post:

if I want to upvote with all my VESTS, I cause a sybil attack and can immediately start trending on hot (it is quite silly)

On the other hand, I am actively trying to figure out how to break the system, and garner discussion on how to fix it, before too many people start breaking things.

I tried to raise awareness about sybils in my posts, but that topic did not get much attention, other than people suggesting NOT to limit accounts. So I hope your post gets attention.

This is why I really like smooth's response to a) Destroy the Hot section, and b) Do not display vote count, only 'stake' that a post has earned.

·
·
·

What a great response @anyx !

Probably this post this will not garner enough attention and it did not use Bots to upvote itself. Your post already had quite a few upvotes when you used your "attack" it would only increase the payout. Also the post itself was not only about your own attack. Neither your post nor this post might be enough to really make the problem obvious to everyone.

In my opinion more awareness needs to be raised.

For now I will propose to create a Bug report to see what the Devs say.

If the problem is ignored:

  1. We need to be another more obvious attack with even more bots 1000 - 5000 within the first 10 minutes. The content needs to be shit! E.g. This is why we cannot display vote count and must destroy hot.
  2. A simple one-click solution or guide for the average Joe to create hundreds of Bots. We need to level the playing field
·
·
·
·

Well, let's get some attention. 150 votes aught to do it, eh? We're at the top of /hot already.

·
·
·
·

Created a Bug Report Here: https://github.com/steemit/steem/issues/233

Both Hot and the Vote Count can be easily manipulated to make an article more visible and thus indirectly increase payout.
Using the API we can easily create hundred of accounts whenever a POW is found. In fact this behaviour is encouraged in order to mine continuously, or we are penalized. However when duplicate accounts are used to upvote content than it skyrockets in the Hot section. Also the vote count is misleading as it suggest that many low steem power users support the post although it is actually the same person.
The below image is a an example. It was upvoted with 150 Bot accounts and appears at the top of the Hot section although there is little payout associated with it.

·
·
·

Hola, disculpen todos.! Soy desarrollador de software y comprendo lo que hablan. Ademas que hice algo similiar pero con fb.com xD en 2014. Luego, aplicaron la verificación de cédula y teléfono por cuenta. En cuanto a steemit.com, tengamos en cuenta que es un proyecto de la ICO STEEM, y ellos proporcionan su código en un repositorio de forma publica https://github.com/steemit/devportal, para que otros desarrolladores haga su red social usando las mismas API, ¿Porque digo esto?, porque son interesantes sus intenciones, además que cobran de inmediato por el servicio prestado. Sin embargo, los invito a que interactúen directamente con ellos en https://steem.io, seguro los recompensan! Además, que no hay un control directo sobre los FRON-END en github con que ya se han desarrollado otras redes sociales. El tiempo es dinero y vida. El equipo de STEEM, con los datos que ustedes han recolectado. Ellos tienen que ver, si corrigen validando la base de datos o el BACK-END. y quizás les tome su tiempo. o nose. Pero no es necesario, armar tanta polémica. Es necesaria Obviamente para la evidencia, pero no esperen que el programador venga a ustedes. Si dicen que a ustedes tambien les interesa. Saludos.!
Nota: De mi parte, también he detectado errores y pronto los publicare. No los reporto directamente porque son temas dóciles, pero el de ustedes es muy importante.

Comento como si la publicación fuera de hoy, debido a veo a que aun falta que algunos conozcan estas opiniones y quizás a alguien le sirva.
¿Lo lograron resolver.? Me gustaria saber que paso luego de un año.

·

@anyx, can you try it with this post here?

·

Apart from getting you into the "hot" area, is there any other benefit? Can those bot accounts get you more money if they vote after something has trended?

·
·

Yes there is another benefit: Bait Dolphins and Whales to vote for you, because they assume high support from a lot of (poor) users. After all, the vote count is quite prominently placed below your post.

Both of these effects together will indirectly help you to increase your payout! This post would probably not have achieved this payout if @anyx had not upvoted it with his bot army.

·

So what is the solution?

Cg

·
·

My ideal solution is in my post. I encourage you guys to read my last post, especially the sybil section, if you have not already!
If there is an official channel to use all my VESTS, then I will have no need to vote explicitly with my mined accounts.
Again, note that I only did this on specific posts, to see if I can game the system.
Is this bad? Yep! Am I glad people are noticing? Absolutely!

·

I've been trying for two weeks to get one pow, how are you getting so many pows. What's your hashrate?
Also i don't see any issue with what you're doing @anyx, If you're able to get out of the box and make your ends, good for you. Like what fiftee says "if they hate, then let 'em hate and watch the money pile up".

·

Hell yeah! But it is getting more bigger in 2018! Bot gaming

What about creating a parameter that sets a specified number of bots usable by ALL witnesses and users.

The quota per user account can be triggered by authentications per bot account used (say 1 normal user account and 2 bot user accounts, so in total, 3 accounts can be authenticated at single time).

Also, a user cannot have more than 3 accounts. This can be done through database querying and searching for a specific 'identifier' that is similar between multiple accounts (maybe browser header information, an IP address, a location, or a combination). Since each person is unique, the identifiers would be too and if its the same person creating multiple accounts, the 'identifiers' should match.

JUST THINKING OUT LOUD

Maybe I should outvote him with the thousands of accounts I have left over from mining. Or perhaps I should power down my stake and use it to create 500 000 new accounts (though fear not, I can "only" do this at a rate of 5000 per week).

Does this make any sense? The answer is no.

It is time to recognize that 'vote count' is an obsolete and unworkable concept that is a hold over from previous inferior systems such as Reddit. We don't need it and will be better off without it.

Wow 95 accounts anyx it must have taken forever to register that many reddit or FB accounts, personally I don't agree with your actions once to make a point I guess is ok thank you for pointing out the flaw though I'm sure many more will game the system now until it's fixed but I hope there is more integrity around than that.

·

You just need to find a block to register an account using JSON-RPC. No need for reddit / FB account.
Keeping these flaws under wraps just helps those which already use these attacks. Instead we need to raise awareness that the vote count and the hot section should be disregarded until fixed or destroyed.

I'm tired of all these Motherfukn bots on this motherfukn plane.. I feel like Samuel L. Jackson right now

https://steemit.com/steemit/@mrwang/steemit-comment-bots-got-me-like

👍nice post, very interesting @riensen

This bot war is going to be interesting. I'm dropping this comment so I can follow this post.

why so naiF

Still plenty of creases to be ironed out then.

Yeah, it's a real problem. Think it'll play itself out? Take a lot of votes and the bot accounts usually don't have any real power behind them.

·

Thanks for the comment! Bot accounts will not affect the payout directly, but they will do so indirectly via:

  1. More visibility by ranking you higher in the Hot category (see second image in article)
  2. Bait Dolphins and Whales to vote for you, because they assume high Minnow support

Both of these lead to a higher average payout.

·
·

We need a leopard bot. I wrote a fiction story about a leopard chasing down the cheetah lol

Dizziness also think about how to get money in the steemit, post anything do not have any upvote

Not even close to fair. I also believe unchecked bots will ruin Steem's value and Steemit's content. Check out this article on how much impact Steemit could really have:

https://steemit.com/steemit/@melek/open-discourse-and-how-steemit-is-qualitatively-different-from-every-intellectual-society-that-proceeded-it

Good point and if anyx really has a good intent, he should directly hit the topic that he made a bot to upvote his posts. So he don't need to have any excuse and as I can see he did this not only once but many times before.

·

Yep, I was experimenting to determine if the hot algorithm was game-able.
I did bring this to attention in my post where I discuss how crazy stupid sybils currently are. It's an important topic! I encourage you to read the sybil section in that post if you have not, yet.
I admit to it in my post:

if I want to upvote with all my VESTS, I cause a sybil attack and can immediately start trending on hot (it is quite silly)

I also responded to william banks explicitly saying I upvoted myself 100 times. (Ridiculous, right?)

It is funny!!! He got 95+ bot and he carry on having upvotes... for any strange reason I am in the black book!!! I don't know why I got -6!!! I don't know how to use html in fact my posts are horrible and I am scored as well so bad??? Sadness :( @riensen

yea agree with you.
lets get connected.

Unless stuff like this changes, we have a perfect example of why your average everyday non-crypto user will never come near this site or just quit in frustration because it is too complicated. I did read @anyx original reply below, and understand fully what he is trying to bring attention to.
My mother being a perfect example, she is of the older demographic, and not the most tech savvy person but she gets by. She spends a fair amount of time on Facebook and I convinced her to check out Steem with the usual selling points. Her introductory post went horribly, even explaining over the phone with exacting details she still couldn't get the picture to post, and her post was immediately inundated with bots that she was trying to reply to. She thought they were real people. After that initial experience she will most likely never come back to Steemit.
This is an individual, over 60, with a Bitcoin wallet, that uses blockchain technology infrequently, but still gets it because I have been talking to her about it for years. What do you think the average user, with zero experience using crypto, and probably an equal interest in getting to know about it, is going to think? Let's face it, this is 90-95% (more?) of the people out there. The vast majority of people just don't give a shit about crypto.
When you throw in the 'Circle-Jerk', where more than 3/4 of the articles are either about Steem or other crypto, who on the outside really cares? You say this will change as new people come on board? How, if the average user is totally put-off by the content? They curate or comment? How can they curate when bots flood the replies and votes before even the fastest people can type and vote? They can comment for pennies if they like, or they can go back to Facebook for less hassle. And let's face it, my experience watching the comments and payouts inSteemit shows the good ole boys network is alive and well within this community. The circlejerk goes well beyond the content and infiltrates the payouts extensively. How is your average user, with no coding skills, no botting skills, no mining skills, who is not already an established blogger or famous person (which get more of this same circlejerk preferential treatment) supposed to infiltrate this well entrenched system. I am not mad, malicious or in any way jealous of those who have had success. I am so happy for those of you who have benefited from what crypto was designed to do, redistribute wealth. Unfortunately, it is always the first wave adopters who benefit the most, and this platform needs some serious changes if it is going to survive and become what so many think it has the opportunity to become. We had another major failure today but I will talk about that elsewhere.

Does this still apply today or did some fork / fix change it ?

Just like everything else in life, you can't lose the game if you rig it! People sit on opposite sides of this, but unfortunately there's no denying the success of it. Technology is our gift and curse! Maybe the fine folks at Steemit will find away to level the playing field?

Agreed but, they spent sweat creating those bots, so it seems fair on steemit principle.

WHAT more use having 1000 Votes bots if the whales that assess not give 1 upvote? It is the same thing enchugar ice.

Hola, disculpen todos.! Soy desarrollador de software y comprendo lo que hablan. Ademas que hice algo similiar pero con fb.com xD en 2014. Luego, aplicaron la verificación de cédula y teléfono por cuenta. En cuanto a steemit.com, tengamos en cuenta que es un proyecto de la ICO STEEM, y ellos proporcionan su código en un repositorio de forma publica https://github.com/steemit/devportal, para que otros desarrolladores haga su red social usando las mismas API, ¿Porque digo esto?, porque son interesantes sus intenciones, además que cobran de inmediato por el servicio prestado. Sin embargo, los invito a que interactúen directamente con ellos en https://steem.io, seguro los recompensan! Además, que no hay un control directo sobre los FRON-END en github con que ya se han desarrollado otras redes sociales. El tiempo es dinero y vida. El equipo de STEEM, con los datos que ustedes han recolectado. Ellos tienen que ver, si corrigen validando la base de datos o el BACK-END. y quizás les tome su tiempo. o nose. Pero no es necesario, armar tanta polémica. Es necesaria Obviamente para la evidencia, pero no esperen que el programador venga a ustedes. Si dicen que a ustedes tambien les interesa. Saludos.!
Nota: De mi parte, también he detectado errores y pronto los publicare. No los reporto directamente porque son temas dóciles, pero el de ustedes es muy importante.

Comento como si la publicación fuera de hoy, debido a veo a que aun falta que algunos conozcan estas opiniones y quizás a alguien le sirva.
¿Lo lograron resolver.? Me gustaria saber que paso luego de un año.

Everybody is welcome to use our service @litasio.

I know this is an old post, but still relevant.
I think it's both, it's fair game if it's allowed, but not cool. I think it diminishes the community appeal of the place. It's to easy to manipulate the system with questionable tactics. Then again, society works this way too, so who knows what's right.
Just my opinion.