White hats reveal: The Internet’s 100 billion black production scare away Musk

Welcome to the WeChat subscription number of “Sina Technology”: techsina

text/salad dressing

Source/New Entropy (ID: baaliaohui)

Unexpectedly, Musk and Twitter would “break up” because of “spam accounts”.

On July 19, Beijing time, the Twitter v. Musk case held its first hearing. A Delaware judge announced that Musk’s termination of the Twitter acquisition will be tried in October.

Earlier, Musk firmly offered to take Twitter private for $44 billion. But while the acquisition was in full swing, Musk suddenly announced the suspension of the acquisition, citing too many “spam accounts” on Twitter.

As early as May, Musk said that Twitter’s “spam accounts” accounted for more than 19%, and he may revisit the acquisition for this reason.

Some analysts believe that the so-called “junk account” is just an excuse for Musk. “Personally, I think Musk just made an offer and then felt that it was too expensive, so he used a ‘junk account’ to talk about it, and finally found that the money could not be negotiated and simply ‘rotten’.” Xiao Yang, a domestic analyst who has been concerned about the incident for a long time, said.

However, there are also relevant people who believe that Musk does care very much about the authenticity of his Twitter account.

Colin, an overseas investor, said, “I don’t think the whole process of Musk’s acquisition of Twitter is to manipulate the stock price or to manipulate public opinion. Musk often publishes news about Tesla’s companies or products on Twitter. Come and see everyone. I think Musk’s original intention is to turn Twitter into a huge market research traffic portal, so the authenticity of the account can directly affect the results, which is what Musk really cares about.”

The reason why Twitter was “dropped off midway” by Musk may be controversial whether it is a “spam account”. But there is no doubt that these “junk accounts”, or “water army” in the Chinese context, do harm to the entire virtual and even real world.

Yanzi, a “white hater” who is engaged in Internet security, said that after the rapid development of the mobile smart device and app industry in 2014, the “water army” industry also began to flourish. By this year, the market size of “screen swiping”, “swiping orders”, “fake accounts”, “fake clicks” and other related black products developed on the basis of fake accounts has exceeded 100 billion yuan.

The “fake” brigade of all kinds of tricks

Yanzi’s data security company was established around 2014, which is also the era of rapid development of the domestic mobile Internet. With the popularization of smart devices, various mobile phone manufacturers have begun to establish their own software stores, and the methods of software promotion have become various.

The most classic ones are the recommendations in the mobile software mall and the information flow advertisements in the major apps.

“There are several common settlement methods for app promotion, such as CPM (billed by impressions), CPA (billed by user actions) or CPC (billed by clicks). App owners generally choose CPA.” Yanzi introduced “User actions here are dictated by advertisers. Some apps only require users to download and click to open, while others require users to complete the first registration.”

As a result, cheating methods to cope with the need for promotion have also begun to emerge.

“The cheating behavior of all fake accounts can be highly summarized into two types – the repeated use of real devices and the simulated user behavior of fake devices.” Yanzi said.

The reuse of real devices refers to changing the authentication logo of the same device by restarting, flashing, etc., and clicking the same advertising download channel repeatedly, forging the illusion of different devices clicking and downloading.

“The device authentication logo here can be understood as a human ID card.” Yanzi said that mobile devices are marked and recognized in the Internet world through the identification of the device, just as humans pass ID card authentication in the real world. Same.

The logos of some mobile phones can be changed by simply restarting, so this also gives an opportunity for the black production of “swiping orders”.

The other is simply to use a virtual machine to simulate and generate mobile phone information, and imitate user behavior to click, download, and even complete registration.

“Of course, there are also fakes that use real equipment. We call it a ‘task wall’ in the industry. The channel will find some part-time college students or older people who want to make extra money, let them click to download a certain software and complete the registration, One registration ranges from a few yuan to dozens of yuan.” Yanzi said frankly.

However, the cost of counterfeiting a real device is much higher than the aforementioned flashing and virtual machines, so it is not the most common cheating method.

Usually, these fake accounts are “done” after completing the registration task. Therefore, in the future, no one will operate the account activities at all, and “laying” in the App for a long time has also become commonly known as “zombie account” or “water army”.

As there are more types of apps and more complex functions, the usefulness of the “navy” of the Internet is also full of tricks.

Giving gifts to the anchors on the live broadcast app, giving comments to the bloggers of the entertainment app, picking up the wool of the e-commerce app, and even forging the orders of the travel app… These “navy soldiers” are simply “omnipotent”.

“Tell me about an operation that has opened my eyes recently.” Yanzi shared with interest the fraudulent methods of virtual orders discovered by the company last year.

Some drivers on travel apps will receive an order from a long distance, such as from Beijing Chaoyang to Yizhuang. There may be a higher unit price for the trip, but if there is no order, it will be empty. Gas money and time stuck in traffic don’t make much money.

Last year, Swallow’s customers reported to them that they found a black product that simulates virtual orders. Because some newer travel apps encourage drivers to register, the platform will first settle the order fee to the driver, and after the user settles to the platform, the platform will charge the fee, so the black industry has seized this loophole.

Black production sends virtual orders to drivers through technical means. After the driver accepts the order, the platform will first subsidize the cost to the driver, and the driver will run back to the city center from a distant place to end the virtual order. However, the order is false, and there will be no real users to settle settlements at all, and the platform will eventually become a “take advantage”.

“Including some commodity vouchers sold at very low prices on some second-hand platforms. Some of them come from virtual machines simulating real users to receive vouchers in batches.” Yanzi added, “However, it is only a part, not all.”

The “sadistic love” between the app and the “water army”

“I still remember the first big customer I talked to. After the test, their app had more than 90% fake users, and he almost immediately rejected our product.” said Xiaoyu, a programmer engaged in anti-cheating on mobile devices.

The relationship between the app and these “navy soldiers” is sometimes like a “sadistic love”, knowing that you will do me no harm, but still can’t help but “need”.

Internet entrepreneurship has long passed the capital boom that can be financed with PPT and stories, and there have even been voices such as “the Internet no longer needs new apps”. Therefore, in recent years, if App projects want to gain the favor of capital, they need more solid user data and monetization methods.

Fangfang, the salesperson of the anti-cheating program, said that when she was selling by phone, the person in charge of a start-up app who had just exceeded 10,000 daily activities directly told her that the user’s data had not been “refreshed”. What’s the use of talking about the authenticity of users, Then just hang up the phone.

This kind of project or enterprise that blurs the authenticity of users is not only a start-up app that urgently needs data to prove itself, but also some mature and large-scale platforms.

“One of our old customers is an entertainment social app. They only open anti-cheating solutions to our overseas business users. The domestic business has not been opened for a long time.” Yanzi said.

There are two reasons for this situation. First, large-scale apps are more stringent in reviewing their user data sharing permissions. Second, large-scale apps will have their own security departments inside, and purchasing external security solutions will “offend” their own people. In addition, large-scale Internet companies have more complicated interpersonal relationships and longer chains, so the promotion effect is slower.

“It’s like a customer had an ‘Oolong incident’.” Fangfang said, “We have been working with a community app data security department for more than a year, but their company’s business department contacted us when they needed a solution. But they have absolutely no idea what their company has already done with us.”

Even apps that have a strong need for user authenticity will take a lot of detours on the road to anti-cheating.

“Some apps are aware of ‘anti-cheating’, so they will require more in-depth data to increase the difficulty of cheating with fake accounts. For example, seven-day retention rate, three-day continuous login, etc.” Yanzi explained, “Must be Payment will be made only after the conditions are met.”

However, the mandatory depth data requirement increases the difficulty of cheating, but also affects the authenticity of the data.

“I have encountered a case where the operation and interaction of a start-up app was not designed smoothly enough, resulting in a lot of accumulated users or users quickly uninstalling, but in order to fulfill the continuous login requirement required by the main app, the promotion channel forced the use of ‘technical means’ A three-day continuous login rate of more than 80% was achieved, which temporarily blinded the developers, and they did not see the problem from the data.” Yanzi recalled.

“Authenticity” is something that these “navies” do not have, but how deeply the lack of “authenticity” affects an app is a problem that is difficult to quantify. The reason for the rectification is still “spring wind blows again”. Unless you encounter a tough stubborn pursuit of authenticity, such as Musk.

write at the end

Can the Internet say goodbye to the “navy army”?

In fact, as early as September last year, a policy to rectify the Internet “water army” was introduced.

Surging News reported on September 18, 2021 that the Cyberspace Administration of China recently issued the “Opinions on Further Compacting the Main Responsibilities of Information Content Management on Websites and Platforms”. According to the opinions, strengthen account registration management, strictly implement the relevant requirements for real identity information registration; increase the disposal of illegal and illegal accounts, and strictly prevent the reincarnation of illegal and illegal accounts; comprehensively clean up “zombie accounts” and “empty accounts”.

However, the “clearness” of the entire Internet still requires the joint efforts of “white haters” and various app entities.

The data security tripartite platform uses blacklisting, sensitive behavior detection and other technologies to strengthen the identification of “water army”, app owners enhance anti-cheating awareness of fake accounts, and gradually tighten the registration mechanism and real-name authentication mechanism. Army” is an indispensable “combination boxing”.

(All characters in the text are pseudonyms)

This article is reproduced from: http://finance.sina.com.cn/tech/csj/2022-07-25/doc-imizirav5376359.shtml
This site is for inclusion only, and the copyright belongs to the original author.

Leave a Comment

Your email address will not be published.