Removing delegations from faucet abusers

in utopian-io •  2 months ago

Repository

https://github.com/steemit/redeemer-irredeemables

Introduction

Steemit Inc. is currently the main provider for free Steem accounts, also known as "faucet". These accounts can be registered via https://signup.steemit.com. Accounts created via steemit.com receive a free delegation of around 15 SP in order to be able to interact with the blockchain. This delegation is usually only fully revoked as soon as the account exceeds 15 SP of own stake. Earlier account registrations even had a bunch of STEEM vested into new accounts. The Steemit signup system officially allows each user to register one single free account via steemit.com:


faq.png
Source: Steemit FAQ

This is tried to be enforced by requiring a unique and verified email address and mobile phone number. Blacklists of email domains and variants, IP/retry detection mechanisms, as well as a review system, try to further decrease chances of users registering multiple accounts. Unsurprisingly, people still try (and obviously succeed) to game this verification procedure.

A spam post network of 360+ Steemit-delegated accounts

Each Steemit-created account means controlling another 15 SP of stake. Having a large number of those voting for themselves can generate own stake and liquid funds without investment. Since the initial account stake is fully coming from Steemit there is no way to transfer or delegate this to one account, so all created accounts have to be involved in the farming. We all know that it is hard to produce 10 valuable posts/comments per day in order to most effectively vote for ourselves - choosing automated or lower-value content is clearly an easier path.

Some of these automated posts were found by a @steemflagrewards member a few days ago, drawing the attention of more abuse fighters to the author. Not surprisingly, a couple of voters in these posts also published identical or similar content - math text book exercises in this case. A special signature in this was, that hundreds of accounts voted each of these posts, all with similar vote values and voting times. A Steemd excerpt is shown as an example here:

steemd_votes_crop.png

Note the almost identical rshares values (3nd column), voting percents (4th column) and voting time (last column). Each of the posts had between 350 and 400 voters. There was little doubt that this network is controlled from a single entity.

What can we do?

There are actually three possibilities:

  • Use your own stake to remove their rewards: Yes, this may come with some risks. Big shoutout to @steemflagrewards, a community to reward users using their stake to flag different kinds of abuse on Steem. For each verified/approved flag, you'll get an upvote a little higher than the value of your flag. (Yes, it's better than self-voting!). For a general introduction to @steemflagrewards see for example here.
  • Convince others to use their stake to flag: Besides @steemflagrewards, there may be support from @steemcleaners, @spaminator, @mack-bot, etc, but that strongly depends on the type of content/abuse.
  • Reduce the stake of the spam post network so there's less gain for them and less rewards to remove. This network was running mostly on Steemit stake. This post is about reporting faucet abuser to Steemit to have their delegations removed.

How to identify the spam network members with Steemit delegations

With a large number of curation-oriented bot accounts on Steem, not each voter on such posts is automatically a member of the spam network. With a bit of code, however, a good estimate on the size of the network can be made:

  • take all voters on such a spam post
  • filter those created by Steemit
  • filter those with a Steemit delegation
  • check which authors outside this list of accounts were voted, eventually add them to the list
  • check the voting patterns of all the accounts over time, eventually exclude those with unique/different patterns

This is often an iterative process. I made a bunch of beem scripts for that but they are not ready for release in their current state. The result in this case can be seen here in the voting pattern of 365 accounts over the last 7 days before their Steemit delegation was removed:

(click to enlarge)

Each dot is typically 10 votes and there is little doubt that these account all belong to a single entity.

The following graph shows the growth of this network over time. Each dot is a new account created via steemit.com and joining the vote farming.

creation_times.png

It is remarkable to see that there are steep "steps" in the number of accounts with 50 or more accounts created per day. I'm not sure if they were really created in blocks, or if the Steemit account creation/review system just approved the creations in batches.

Removing the Steemit delegations

Steemit maintains a list of accounts that should have their delegations revoked, the "redeemer-irredeemables" list at https://github.com/steemit/redeemer-irredeemables.
Adding new accounts there can be done with a pull request like this one. If approved and merged by Steemit, the accounts in this list will have their delegations removed. I have no official information on what kind of evidence has to be provided for a PR to be accepted. I made two PRs so far and both got accepted, but I had two obvious cases. A few of more PRs came from @themarkymark, taking care of the "Steemit Defence League" and a couple of more spam/vote-farming networks.

My PR to add the 365 accounts in this example got accepted within only a couple of hours. Shortly after the PR was in master, the first accounts got their delegations removed.

This is the SP-distribution of these 365 accounts before and after the undelegation:

sp_distribution.png

Not surprisingly, most of them were operating on hardly more than the Steemit-delegated stake and only a few of them had some own SP.

Total SP of these 365 accountsSP
before undelegation5494 SP
after undelegation168 SP
back to Steemit5326 SP

More than 5k SP went back to Steemit due to the undelegations and are available now for genuine user sign-ups. The undelegated accounts seem inactive since then, at least up to now, and some of them will certainly have serious RC problems now as well. In parallel, the accounts were added to mack-bot/spaminator who took care of removing pending rewards:

undeleg_flag.png

This all was only possible with strong support of

  • the @steemflagrewards team coordinating the efforts
  • @pjau providing Steemcleaners support
  • Steemit reacting super fast on the PR

Thank you!

You can help to make Steem better. Checkout

Disclaimer: I personally think that @steemflagrewards is a great initative, I have some SP delegated there, I place some flags with them every now and then and help out with the bot code from time to time. I'm not associated with Steemcleaners or Steemit.

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

Thank you for this awesome contribution @crokkon.

The progression of this network is staggering and saddening to look at.

The points identified on how to find (through code) the related accounts are reasonable. When you can publish the script, it would be great to see it. We are going to generate a library of anti-abuse tools to increase the efficiency of our abuse fighters.

Indeed, everyone can help tackle abuse. Downvoting abuse and reporting them are the most common ones. Raising awareness on this 3rd option of removing Steemit Inc delegations is another.

What a great start on your first post for the anti-abuse category. I'm sure we'll see more excellent posts from you in this category.



Your contribution has been evaluated according to Utopian policies and guidelines, as well as a predefined set of questions pertaining to the category.

To view those questions and the relevant answers related to your post, click here.


Need help? Write a ticket on https://support.utopian.io/.
Chat with us on Discord.
[utopian-moderator]

·

Thanks a lot, @lovenfreedom! I heard about your ideas to build a library of anti-abuse tools and I'd be glad to contribute a few bits and pieces! :)

·
·

You are simply an amazing person. Thank you for all you do for us!

·

Thank you for your review, @lovenfreedom! Keep up the good work!

What a great post @crokkon. You did an awesome job and what a great contribution to the antiabuse Initiative. I want to personally thank for you making the pull request to remove the faucet delegations from this vote farm.
My eyes watered up when I got to that part of the post. It must have suddenly got dusty in my office? LOL
I have worked with @themarkymark on some vote farms and the SDL. Its very rewarding when you see those delegations removed! He does more than most on the platform to combat abuse.
More of us need to learn how to make pull requests.
Thanks for fighting abuse thanks for your help with the SFR bot.

·

Thanks a lot, @iamstan, highly appreciated!

Great work @crokkon! A very clear case.

I hope to see more of this kind of contribution in utopian antiabuse. With all the data transparent and available from the blockchain we should be able to make good use of pattern recognition tools to uncover persistent abuse.

·

Totally agree.

I was wondering if this is something ML (Tensor Flow and the like) can be applied?

·
·

I think a big data approach. Throw all the blockchain data into a pool. See what patterns past abuse cases throw up. Use these to find and predict new abuse at early stages.

·

Thanks @miniature-tiger! In this case, it was indeed very clear. However, not all are that clear. Having the blockchain data helps a lot, though. Pattern recognition is an interesting approach, and also ML as mentioned in @lovenfreedom's comment. I tried once to analyze only a few days in the context of "who votes mostly together with whom" in a brute-force approach - This gave a few interesting results, but the processing time requirements would not have scaled to larger time ranges. Applying ML/AI techniques could indeed help there to build models...

I'm hopeful that this is exactly what the anti-abuse team are looking for in regards to research and presentation of contribution. Nice!

·

100% - the graphs were very helpful.

I was really happy to see his contribution. This is another flavor of antiabuse contribution.

We need to look at how @pibarabot creates his life-feed of flag wars and see how we can apply that to faucet upvoting networks.

Thanks for your support to the anti-abuse community.

·
·

@pibarabot is not a bad place to look for drama, and sometimes hidden abusive behaviors.

·

thanks Asher!

Hey, @crokkon.

Nothing against steemcleaners, the steemflagrewards folks, or anyone else who uses their stake to genuinely flag bad actors (as opposed to those who seem to use them for retaliatory purposes, or just because), but this—removing Steemit delegated SP in the nascent stages of accounts—to me, is the most effective way to fight spam.

While I know there is plenty more stake that could get involved in the flagging of rewards if they so chose, as it stands, there is still a goodly amount of resources and man hours that go into knocking down these accounts who only seem to find ways to adapt and continue more than they fade away. Or the same bad actors open more accounts and start all over again in the blockchain version of cat and mouse.

So, thank you for this post. I'm glad you're able to identify these folks and Steemit is willing and able to take pretty swift action against them.

·

They have gotten better, but it does feel like a bit too little given how long some of these guys have been abusing.

·
·

Hey, @enforcer48.

It definitely does. In my mind, that speaks to the inefficiency of the flagging tool as a means of actually stopping these guys, as opposed to having their accounts essentially powered down. No SP, No RCs. No SP, no VP. And it doesn't require any resources or man hours be spent at all after that, both of which could actually be turned around and used for something else.

STINC’s sign-up process has been one of the most exploitable processes in this ecosystem. They routinely allow exploiters to create hundred- or thousand-account bot-nets. One was able to grow to over 20,000 accounts.

They need to get out of the account creation game until they have at least some kind of adequate measures to prevent obvious exploits. It’s sad that this continues. And it’s even sadder that they wanted the ability to create these accounts for free...so that they can assume zero responsibility AND pay no price for it.

·

good point about the free account creation mechanism. While it costed at least 0.1 STEEM before, it is fully free now. I guess the whole signup process is a tricky balance between convenience for genuine users and public perception one one hand, and a burden for abusers on the user hand. But seeing wait times of several weeks isn't the best advertisement anyway. Apart from abuse prevention, the new account creations are currently at an year to date low while still taking most of @steem's RC - I wonder to which extend the account creation process could scale at all?

Nice work @crokkon :) As a follow up analysis I would be curious to see (and I think it would add a lot of context to this) the earnings from this farm over time as well as the number of accounts. How much Steem/SBD was withdrawn from network? And if you do look at that, it would also be interesting to see if there was a noticeable reduction in income potential after HF20 and the dust vote shift.

·

If you look at the post by @supposer here: https://steemit.com/utopian-io/@supposer/how-steemit-is-infiltrated-by-abusive-account-networks

Some networks do get big enough that they become dolphins and use their ill-gotten SP to spam farm. By that point, it's near impossible to stop them.

·

Thanks, Carl! These are some interesting ideas for a follow-up :) The number of accounts and the growth over time is shown in a graph above. This network had author rewards of around 8 SBD + 10 SP in its last week before undelegation, plus a bit from involved accounts that have a few hundred own SP. The 160 SP after undelegation give a rough picture of the "lifetime earnings". Good point about the dust vote shift - living off hundreds of 15 SP accounts which suddenly have a vote "worth" only 13.8 SP per vote certainly makes a difference. However, the rewards in general changed quite considerably over the HF, so the plain numbers would probably give a biased picture there.

That's a great result and I appreciate a lot of work is involved. Steemit should really be doing this themselves as it's their delegation that's being abused. I realise it's almost impossible to stop fans accounts being created, but bad behaviour like this can be detected automatically and dealt with. U until they do it we need people like you. Thanks

·

Thanks @steevc! It's true that this should actually be Steemit's job to find those or avoid the situation in the first place. Having the delegations removed only a few hours after reporting the accounts suggests to me that helping out is at least appreciated.
Thanks for the resteem!

·
·

A few hours is a pretty decent turnaround I think, and so they must be fairly happy with the lists of accounts coming in :)

Thank you for your work. tip! 1

Posted using Steeve


This post was shared in the Curation Collective Discord community for curators, and upvoted and resteemed by the @c-squared community account after manual review.

Hey, @crokkon!

Thanks for contributing on Utopian.
Congratulations! Your contribution was Staff Picked to receive a maximum vote for the anti-abuse category on Utopian for being of significant value to the project and the open source community.

We’re already looking forward to your next contribution!

Get higher incentives and support Utopian.io!
Simply set @utopian.pay as a 5% (or higher) payout beneficiary on your contribution post (via SteemPlus or Steeditor).

Want to chat? Join us on Discord https://discord.gg/h52nFrV.

Vote for Utopian Witness!

Hi @crokkon! You have received 1.0 SBD tip from @cardboard!

@tipU voting service | For investors.

Congratulations @crokkon!
Your post was mentioned in the Steemit Hit Parade in the following category:

  • Pending payout - Ranked 8 with $ 155,39

What if we convince a couple of friends to join, but they never use their accounts for several months? Are we allowed to take control of them?

Hi @crokkon!

Your post was upvoted by @steem-ua, new Steem dApp, using UserAuthority for algorithmic post curation!
Your post is eligible for our upvote, thanks to our collaboration with @utopian-io!
Feel free to join our @steem-ua Discord server