Posts tagged ‘spam’


Despite being blatantly obvious, Facebook does nothing about thousands-strong bot nets

01.04.2021

We already know that Facebook does nothing if you want to use scripts to join groups, even if the scripts all give roughly the same answers. Apparently that’s not enough to trigger the systems at this company that’s worth almost a billion dollars (that’s a proper billion, or what the Americans call a trillion). Unless, of course, they want these bot accounts on there to continue lying about reach, or run some other sort of scam.
   But what about brand-new accounts that are clearly bots, that write nonsensical things that bots are programmed to do, and which friend other bots? These are bot nets, the sort I saw all the time when I used Facebook regularly. The nights in 2014 when I spotted over 200 bot accounts? A lot of them were in these nets, and I made it a mission to report them, since they tended to exist in groups of a few dozen, maybe a hundred at most.
   Last night I saw nets of thousands. Imagine a new account that’s friended thousands of other new accounts, all using a series of names, and all pretending to work for a limited number of workplaces. Surely these are obviously bots, and Facebook’s systems would detect them? I mean, if you’ve been on Facebook for even six months you’d know that these patterns existed, let alone 17 years.
   Um, no.
   I’ve been reporting a whole bunch of these bots and Facebook’s reaction is to tell me, as they do with bot accounts running group-joining scripts, that no community standards have been violated.



   Normally I would see a dozen or so bot accounts each time I pop in (and my friends who moderate on there tell me they can see many per minute). Even as an irregular user it means I see more bots than humans, but now that I’ve seen over 4,000 (just go to one of these bots’ friends’ lists and take a sufficiently large sample) that Facebook allows, then come on, you can’t tell me that this site is still worth giving your money to.
   In 2014 I called seeing 277 bots in one night an ‘epidemic’, on the basis that if a regular Joe like me could, then how many were really on there? Now I see 4,000 in one night. These two have over 4,000 and 3,000, with some overlap:


   And in 2014, I could report them, and some would actually be deleted. Others would need repeated reports. In 2021, none are deleted, based on the ones I reported.
   Therefore, Facebook’s systems neither detect bots nor do a thing about them when a user blatantly points them out.
   And given that this company is worth over US$800 milliard, then you know they exist with their blessing—at the least with their inaction. Because US$800 milliard buys a lot of technology, but apparently not enough to deal with bots or misinformation.
   The scammers know this and the con artists know this. Governments know this. This is a danger zone for consumers, yet the last few years still weren’t sufficient for most western governments to act. It makes you wonder just what it’ll take to wake people up, since folks don’t even seem to mind giving their money to a company that has such a poor track record and no independent certification of its metrics. Would shame work? ‘You dumbass, you gave money to them?!’ Surely this now makes it more obvious than ever just what a terrible waste of money Facebook is?

PS.: Here’s another new account with what appears to be 4,326 bot friends (based on a reasonable sample).—JY

P.PS.: Only 4,326? How about one that’s hit the 5,000 limit filled with bots?

Tags: , , , , , , , ,
Posted in internet, technology, USA | 2 Comments »


Computing in 2021: Gmail’s advertorial spammers, Facebook bots, and Twitter fatigue

25.03.2021

I’m not entirely sure I need to block out the email addresses here since they’re likely to be burner Gmail accounts, but I’ll give these spammers the courtesy they don’t deserve.
   As shown below, they’ve been coming for over a year; there’s a chance I may have even received them in 2019.




The text of the latest reads:

Hello,

I hope you’re well!
   I am currently working with a number of clients in placing guest blogs/sponsored articles on high-quality sites, such as yours. I recently came across your site and, after having a quick read through some of your more recent posts and articles, I think it’d be a great fit for some of the sorts of content campaigns that we frequently work on.
   I work with a range of clients across different areas such as fashion, lifestyle, home decor, legal, travel plus loads more. Would you be interested in working together on one of our future/upcoming content campaigns?
   Looking forward to hopefully working on a campaign together soon!

   First up, I already know they never visited since the latest refers to Lucire as a ‘blog’ in its subject line. Just because you run Wordpress doesn’t mean it’s a blog.
   A more crazy one recently actually requested we publish something at lucire.net, which is a brochureware site with no posts on it—so I don’t think they are even hunting specifically for Wordpress-driven sites. Anything will do.
   Last year, I replied to one of them, thinking they could be a legit enquiry for advertorial. It went nowhere, since, as far as I know, they were just after backlinks, and not prepared to pay what a commercial advertorial purchaser would.
   I wouldn’t have been any the wiser if they didn’t keep repeating the messages, and it seems that during the last few weeks they’ve shifted into high gear. And when you know they’re spam, the innocent experience that you had in 2020 suddenly becomes a supreme waste of time.
   I know, all the signs are there: they run Gmail accounts and there are no signature files or details of what company they represent. Gmail, to me, has plenty of spammers, and it is not the service used by professionals. (When 200 people can share the same email address, why would you?) But there was that charitable side of me wondering if the first one was just someone who had shifted to working from home and trying to make a buck. I didn’t really think, since I’m not of this mind myself, that it was spam and that I was a mark.
   I now have common phrases from the spams fed in to my filters so these will just go into the trash folder. I’m posting this in case others have received these spams, and wish to do the same.

Here’s a recent Tweet of mine. Not altogether an accurate one, but when I wrote it I genuinely believed Facebook claimed it had 2 milliard users.

   As Don Marti says, the fact Facebook even has to claim this tells us they are fighting a losing battle.
   On one of the groups I administer there, I’d say over 99 per cent of the members’ queue are bots. Here’s a typical screen in botland, I mean, Facebook:

   These are common patterns and I see them all the time; they all use a variety of responses but they all come out of the same program. ‘I will seriously abide!’, ‘Yes bro’ and ‘OK bro’ are pretty common, and there are others.
   The thing is, I’ve seen these for years, reported each one as a fake account (since there is no option for ‘they are using automated software’), and in 99 per cent of cases (no exaggeration; in fact I may be underestimating), Facebook tells me there is no violation of their terms of service.

   This can mean only one of two things: Facebook is too stupid to realize that an account that feeds the same things into group questionnaires constantly is a bot or running some sort of software that is not permitted under its own terms; or these accounts exist with Facebook’s blessing.
   In the queues, legitimate humans are being outnumbered by over 99 to 1, and if this is a representative sample of Facebook’s current user base (I’m betting I see more accounts than the average person), then hardly anyone is on site any more. I wouldn’t know, I only check client pages and this queue for the most part.
   But if you wish to waste your money advertising to bots on the Facebook platform, then be my guest. Zuckerberg and co. are already getting enough money for doing nothing useful.

I wonder if I’m getting more Twitter fatigue after 14 years. I have built up a fun network there, especially of car people that I made a point of following over the last couple of years. But the cellphone keyboard is such a fidgety, impractical and slow device, I’ve found myself starting to respond, even writing the first few words of a Tweet, then giving up. This has had wonders on my email inbox as the number of messages drops. I’m getting through stuff.
   Fortunately for Twitter, Jack Dorsey hasn’t come across as big a dick as the Facebook and Google people, and the man has been doing some good with his money, like donating US$1 milliard to COVID-19 research. Yes, Twitter still has some major problems, especially when it comes to censorship, but when someone says, ‘I can afford to give that away because I’d still be a rich bastard with the US$2 milliard I have left,’ it’s actually a contrast to Jeff Bezos and Mark Zuckerberg. Unlike the latter, he also hasn’t been publicly lying and calling us ‘dumb f***s’.
   Even so, more often than not I now find myself stopping. Is Tweeting that really worth it? Who cares? So I have a different opinion to that person. I don’t need a global audience for it. If I feel strongly enough, and have the time, there’s always long-form blogging.

Finally, here’s a page explaining just why Google is corrupt.

Tags: , , , , , , , , , , , ,
Posted in business, culture, internet, technology, USA | 1 Comment »


December 2020 gallery

01.12.2020

Here are the images that have piqued my interest for December 2020. For November’s gallery, click here (all gallery posts are here). And for why I started this, here’s my earlier post on this blog, and also here and here on NewTumbl.


 

Sources
   Auckland City Library opening, via Auckland City Council Residents’ Group on Twitter.
   Jono Barber scanned the Aston Martin DB5 story from newspaper clippings he recently found.
   From the Instagram of hairstylist extraordinaire, my friend Adrian Gutierrez. Photographed by Steve Yu, hair by Adrian Gutierrez, make-up by Meri, modelled by Chanel Margaux.
   Volkswagen Käfer advertisement from the Car Factoids on Twitter.
   Star Trek–Star Wars series from Alex on NewTumbl.
   Manawatū Guardian front page relates to this Tweet.
   Alexa Breit promotes masks by Peggell, via Instagram.
   Amber Peebles photographed by me in 2003 on a Voigtländer Bessamatic Deluxe.
   Google Forms’ 419 scam relates to this Toot.
   Peugeot 504 advertisement from the Car Factoids on Twitter.
   Triumph TR7 brochure cover from the Car Factoids on Twitter.
   Katharina Mazepa photograph from her Instagram.
   More about the JAC Jiayue A5 (JAC J7 for export) at Autocade.
   Tardis image from Alex on NewTumbl.
   More information on the Toyota Yaris Cross at Autocade.

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in cars, China, design, gallery, interests, internet, media, TV, UK, USA | 1 Comment »


Two big reasons not to use Gmail

03.10.2020

I was absolutely shocked to learn this is how Gmail works.

   As you’ll read in the thread, this has been confirmed by other Gmail users.
   That should rule out ever using Gmail for secure communications. Not that you should be using a service like that for anything important, but the fact is Gmail has become ubiquitous, and I believe a lot of people don’t know any better.
   Just imagine being able to receive some emails meant for your rival by signing up to an address that varies from it by a full stop or period.
   Secondly, we’ve noticed a large amount of spam where we can trace (via Spamcop) the origins back to Gmail. Oftentimes they have Gmail reply addresses, as in the case of 419 scams (where they may use another ISP or email service with a “sacrificial” address to send them). Why would you risk being among that lot?
   Add this to the massive list of shortcomings already detailed here and elsewhere and you have a totally unreliable platform that doesn’t really give a toss. They didn’t care when they removed my friend’s blog in 2009 and then obstructed any attempt to get it back, until a product manager became involved. They didn’t care when their website blacklisting service libelled clean sites in 2013, telling people not to visit them or link to them. And they don’t care now.
   There really is no reason to use Gmail. You’ll risk your emails going to someone else with a similar address, and you’ll be among the company of unethical actors. I can truly say that if Gmail weren’t this ubiquitous, and used by so many friends, I’d just set up a rule on our server and block the lot.

Tags: , , , , , , , , , , ,
Posted in business, internet, technology, USA | 4 Comments »


Catfished on Facebook? That’s OK, too, they’re there to provide the tools

11.06.2020

I don’t particularly have it in for Google and Facebook. I’m only pointing out the obvious: if you say your policy is x, or your product is y, then don’t deliver us z. Put it into non-electronic terms: if you sell me a car and I put it into first gear, and it instead reverses, then I will complain. And if you look back through 11 years of critique, that is what lies at the foundation of every post about them. Medinge does Brands with a Conscience, Big Tech does Brands without a Conscience. Once they start being honest and levelling with people, then I’ll stop pointing out their hypocrisy.

Speaking of which, a Facebook user calling themselves Barbara Black has taken a photo of former Miss Universe New Zealand Tania Dawson, using Tania’s photo as her profile pic and, of course, catfishing men. You know where this is going: despite numerous reports from Tania’s friends since the D-Day anniversary, including multiple ones from me, nothing has been done. Facebook tells me that there has been no violation of their terms. Some have actually found it impossible to report the fake profile, as their screen fills up with gibberish.

   Yet again it’s Facebook being on the side of the spammers, bots and phonies, as usual, because they have the potential to help their bottom line.
   I can safely say that all my reports of fake or compromised accounts this year have resulted in no take-downs whatsoever, making it far, far worse than what I experienced in 2014 when I said that Facebook faced a bot ‘epidemic’ (I used that very word).
   Very easy prediction for 2020: despite COVID-19, Facebook will have to remove more fake accounts than there are people on the planet. I reckon it has already happened but they won’t admit it. I just don’t know when people will wake up to the fact that this dubious site isn’t serving them, but at least the fakes have got to such a point now that everyday people recognize them: at some point, we will either know someone, or be that someone, who has been catfished or cloned. I’ve been off it for personal stuff for three years and have missed nowt.

Tags: , , , , , , , ,
Posted in culture, internet, New Zealand, technology, USA | No Comments »


Netflix spams, Amazon doesn’t care

07.02.2020

It pays to have some ground rules when dealing with the internet. A very big one that I’m sure that you all observe is: don’t do business with spammers. If a Nigerian prince tells you he has $5 million for you, ignore him.
   There are tainted email lists that have been going around for years. I used to have filters for all sorts of permutations of my real address, back in the days when we had a “catch-all” email. My address definitely wound up on a South African spammers’ list in the late 1990s or early 2000s, and to this day I get South African spam from some respectable looking companies that took an unethical shortcut in compiling their targets. There’s a third where the spammer has confused the ‘company’ and ‘first name’ fields that began doing the rounds during the 2010s. All so easy to spot. If they claimed I signed up to their list, and don’t know my first and last names, then there’s a massive clue right there.
   This all begs the question of why a company with the size and reputation of Netflix feels the need to resort to such lists. Here’s the fourth one this Gregorian calendar year as they up their frequency of spam:


Netflix spam, shown actual size.

   There’s a thread online where one netizen was told by Netflix that someone else had signed them up, which is incredibly unlikely, and more likely an excuse to cover one’s dodgy behaviour.
   These began in November 2019 for me. The ‘This message was mailed to […] by Netflix because you created a Netflix account’ is untrue, and if it were true, how come there is no email confirmation of this account creation in any of my emails from 2019? Surely if you created one, Netflix would confirm your address at the very least? And if they don’t, then that’s pretty poor business practice.
   This isn’t a phishing attempt, as the links all go to Netflix and it’s come from Netflix’s account with Amazon, who doesn’t seem to do much about it. If you’d like to see a similar one, someone has posted it online at samplespam.com/messages/2019-07-20/V801I2196eM554074 but where they have a header line with ‘00948.EMAIL.REMARKETING_GLOBAL_SERIES_CORE_2_DAY_4.-0005.-5.en.UA’, mine has ‘00948.EMAIL.REMARKETING_GLOBAL_SERIES_CORE_2_DAY_4.-0005.-5.en.US’. (Netflix thinks I live in the US.)
   There’s no reply on Twitter. Nor was there any reply from this email that I sent to privacy@netflix.com last November:

The people they claim are in charge of privacy don’t care about privacy.
   I shan’t subscribe to Netflix any time soon because of Internet 101. If they don’t care about your privacy now, they’re probably not going to care about it after you’re a customer. In the 2020s, with people more sensitive about it, it’s foolhardy for Netflix to go against the trend. Right now, their email marketing has all the subtlety of a cheap scammer’s—just with nicer presentation.

Tags: , , , , , , ,
Posted in business, internet, marketing, USA | No Comments »


Verizon’s continued hypocrisy borne of pettiness

12.07.2019

Remember Tumblr, the platform owned by Verizon that I left?
   I left because of Verizon’s policies, of placing their corporate agenda ahead of the users.
   I went to NewTumbl instead—a site that Tumblr users might not know about, since Verizon has ensured that searches for its competitor come up empty.
   I was very surprised to find that Verizon Media has opened an account at NewTumbl—a site that they effectively tell their users does not exist.
   And what are they doing on it? Running their sit vac ads for free:


   It’s not technically in violation of NewTumbl’s terms, but what is interesting are their hashtags.
   One of the hashtags is sexy, albeit misspelled as sexu.

   Now, either you have to be sexy to work for Verizon (given the other hashtags used), or they are hashtag-spamming, in the hope their ads will be seen more widely.
   It is, basically, douchebag behaviour—but this also tells us that NewTumbl has them rattled. Why else would they advertise here instead of a regular job site?
   The effect on their brand is very negative—since people can see these ads for what they are: a cheap shot across the bow. This is how petty big US companies are. We see this from Google, so why not Verizon?

PS.: Unlike Big Tech and the bigger players in corporate America, I own up when I learn more. The Verizon account on NewTumbl was revealed to be a fake, and has since been deleted. However, Verizon’s censorship on Tumblr continues (you can’t find NewTumbl but you can find Pornhub—all hail their potential buyers!).—JY

Tags: , , , , , , , , ,
Posted in business, culture, internet, media, publishing, USA | No Comments »


The porn blackmail scam—ignore it if you receive it

24.07.2018

I’m not saying I can’t be conned—because by my own admission, I have been—but sometimes when you’re very sure of your position, scammers’ lies don’t work.
   Here’s a fascinating one that came in today, a lot more aggressive than the usual request for helping someone move millions of dollars of bullion out of the country. I can imagine people getting sucked in to this, because I have a friend who really was filmed without his knowledge and then (unsuccessfully) blackmailed. I’m posting it in case others have received something similar.

From: Klemens Munger
To: [Redacted]
Subject: jack.yan – [redacted]
Date: Tue, 24 Jul 2018 04:27:08 +0000

I am well aware [redacted] one of your passphrase. Lets get straight to the purpose. You may not know me and you’re probably thinking why you are getting this e mail? No one has paid me to investigate you. In fact, I setup a software on the X videos (pornography) website and guess what, you visited this website to have fun (you know what I mean). When you were watching video clips, your web browser initiated functioning as a Remote Desktop having a keylogger which gave me access to your display screen and also web camera. after that, my software program gathered every one of your contacts from your Messenger, FB, and email . And then I created a double-screen video. 1st part displays the video you were viewing (you’ve got a good taste haha . . .), and second part displays the view of your webcam, and its u. You have got a pair of choices. Lets analyze these solutions in details: Very first choice is to dismiss this e-mail. In such a case, I will send out your actual video to all of your contacts and visualize regarding the awkwardness that you receive. Keep in mind if you are in an affair, exactly how it will affect? Other alternative will be to pay me $7000. Let us describe it as a donation. In such a case, I most certainly will right away remove your video. You will keep daily life like this never happened and you will not hear back again from me. You’ll make the payment by Bitcoin (if you don’t know this, search for “how to buy bitcoin” in Google search engine). BTC Address to send to: 1AarwsrgvhQ5CNuhWGMjmv34yPQTXWEaxh [case SENSITIVE, copy and paste it] Should you are wondering about going to the cop, surely, this message cannot be traced back to me. I have covered my moves. I am not trying to ask you for a huge amount, I would like to be paid for. I have a unique pixel within this e-mail, and at this moment I know that you have read this email message. You have one day in order to make the payment. If I don’t get the BitCoins, I will certainly send your video recording to all of your contacts including close relatives, coworkers, etc. Nonetheless, if I receive the payment, I will erase the video immediately. If you want proof, reply with Yea and I will send out your video to your 13 contacts. It is a non-negotiable offer, that being said please don’t waste my personal time & yours by replying to this message.

   There’s plenty of evidence this is automated.
   Think carefully: if he knows this much about you, then why isn’t he addressing you by name?
   And I haven’t used that particular password for nearly 20 years, so there’s a chance he came across this through the hacking of a defunct website. I also seldom use the same password for different websites (there are a handful of exceptions).
   It’s also helpful that I haven’t ever committed a sex act in front of my computer, but I have a feeling that others might think this was a real threat given how many people visit porn sites daily.
   If this was genuine, as it was for a friend of mine, it would come with a screen shot of the video that he claims to have (and that was a two-part image as he claims, so it’s based on scams that have taken place).
   I won’t go into depth on why else I know this is bogus, although most of you who follow me regularly will be able to spot the scammer’s pretty obvious mistakes.
   And do you really think I only have 13 contacts? (Why is the number usually so low with these scams?)
   Finally, out of curiosity, since I take my privacy seriously, I checked to see if there was a tracking pixel. There wasn’t, at least not in the software I use.
   It’s a good idea to turn your images off when it comes to webmail (as they are on Zoho for me) in case future ones come with one. My email client filtered this as junk, as it surely is.

After I wrote the above post, I came across this page, where the scam is discussed. They only wanted $360–$600 a few months ago. The price has gone up, which suggests that it has worked. It appears that the defunct-password technique only surfaced this month.

Tags: , , , , , , ,
Posted in culture, internet, technology | 2 Comments »


I don’t do paid blog posts here (so don’t ask)

11.12.2017

I know we all get these emails from time to time, but they still annoy me.
   If ‘Peter’ had visited this blog, he would know that every single post since 2006 has been my own, unpaid, unsponsored thoughts. Why would I change that now?
   You may say it’s a fair question, and maybe in his case it is, if I had to be generous. Peter mightn’t have had the time to analyse every entry I’ve made.
   But it’s not just this one. Medinge gets these requests, too: again, it’s not something you would have asked if you had actually visited the site, when everything on the blog has been members-only, and when the philosophy of the organization would probably tell you that we couldn’t be bought or endorse any products.
   The most ridiculous would be Beyond Branding’s blog getting these requests—when that blog hasn’t been updated since 2006. We were still receiving requests in 2017.
   I know, some of these people found us through blog directories, and there was probably an email address tied to each entry.
   However, if they haven’t the courtesy to check us out, can I really trust that they would even pay up? And if Peter were legit, these unsolicited approaches have been coloured by the ridiculous ones we receive for a blog that hasn’t been updated in 11 (and almost 12) years.

Incidentally, our commercial publications do carry paid content, and advertorials (‘native advertising’), by law, are clearly marked as such.

Tags: , , , , , , , , , ,
Posted in business, internet, marketing | 2 Comments »


Could the fight against phishing be shifted?

08.04.2017

I wasn’t able to find anything about this online, and I wonder if anyone was already doing it. If not, maybe someone should.
   Could the big players, e.g. Amazon and Apple, not provide the public with a fake email address and password (or a series of them) that we can feed in to phishing sites? When the crooks then use the same to enter Amazon, they could be reported with their IP address and caught. Is anyone doing this?
   In other words: make fake accounts to fight fake emails.
   It seems regular people like us can spot phishing long before the big sites and web hosts do, and this could act as a deterrent against this sort of criminal activity. Like a lot of things, we’d democratize scam-busting, instead of reporting them to the authorities.
   Of course we can still report the phishing site to APWG, Spamcop et al, but it’ll take hosts some time before they shut down the site, by which time the crooks will have made off with a lot of usernames and passwords.
   I imagine some of these people will have built in safeguards, e.g. they keep a record of the emails they send phishing messages out to, and if the one you provide doesn’t marry up, they’d know. But then, do all of us use the same email on these sites? If their aim is to cast their nets widely, then they would want those extra email addresses. I don’t necessarily use the same email address on all websites. Greed might trump the fear of getting caught, since the average scam nets the criminal US$4,500.
   I know they’d also get suspicious if a whole bunch of us entered the same address and password, so these might need to be automatically generated regularly to bait the scammers. The oldest ones would be deleted.
   Comments are welcome. It seems such a simple idea that it must already be out there after so many years, but maybe the pitfalls of generating so many would present difficulties, or maybe such an idea has already been tried and discarded.

Tags: , , , , , ,
Posted in internet, technology | No Comments »