Steemvoter News: Anonymous Attacker and Security Guilds (Part 2 of 3)

in #steemvoter8 years ago (edited)

@anonymous Attacker

You may have read the title on yesterday's post about the attacker, in this issue we will explain the situation.

The @anonymous account, created on 25th March 2016 by someone long in this community, recently started downvoting our posts, this 144 000 SP account has weighed in on our posts but did not stop there. The account started downvoting every one of our comments as well and since we only have 6000 SP they would get hidden, this was done automatically with no abatement in sight.

One could argue that the downvoting of our posts were to distribute rewards but the act of censoring our comments was taking away our voice deliberately in an act of malice.

Fortunately, we were able to defend ourselves with a defensive script which auto-commented from our account every few minutes in order to drain the voting power of the account and render its downvote useless.

It kept on downvoting our comments indiscriminately and we therefore increased the frequency of our defensive comments to every 22 seconds until the @anonymous account was drained to around 0.6% voting power and we left it idling, auto-commenting at a greater interval overnight until the account stopped attacking our comments when the operator eventually realised.

Below you can see that this account relentlessly downvoted our comments as fast as we could put them out:

Here you can see what our comments looked like from the front-end:

Now imagine a scenario where a non-tech user got abused in this way, having their comments downvoted by a bigger "bully" account, they would simply have no voice and their rights stripped from them by malice. This is a great concern going forward, a few people decided it would be a good idea to flag some projects and top trending posts but they have no idea what they have just awakened and what we can see coming, it will be "flag-maggeddon" before the end of 2017 and a wasteland of a platform.

We made peace with witness @clayop in chat but we do need to highlight an issue of concern that this situation brought to our attention. @clayop flagged our post which fair enough, the argument is that he wanted to distribute rewards more fairly, but in addition to this he claimed allegiance to the Korean community in comments and some time later another Korean member, witness @abit "nuke-flagged" our post with his main and secondary account, @adm , in solidarity to the first Korean community member.

Here we have situations of gang activity, where it isn't sufficient to just downvote and move along, but others have to be called in to downvote as well, this was the same with the smaller accounts who incited other accounts and most likely summoned @clayop who was helping them downvote the @steemsports project simultaneously. The interesting thing is that our @steemvoter community managed to withstand nukes from three whale accounts, and several other anonymous and troll accounts and only half of the rewards pool was affected, which shows when we stand together we are truly powerful.

All of the above situations are very concerning, especially to community members who can't defend themselves. The comment censorship is a real issue and so is the fact that there are 100 plus whale accounts with people with a finger on a "nuke button", and all it takes is for one to have too much Tequila on a Sunday for mayhem to ensue, especially when new whales come onboard whose intentions we will not know. Competing Bitcoiners could be looking to destroy our platform and create a whale account for this very reason.

Aggrieved parties could try reach out to whales in chat for help but other than @smooth, @fuzzyvest and @nextgencrypto who would be likely to reply and assist, we don't know of who else would even be contactable at short notice, let alone sending an email to support@steemit.com which could take weeks for a response, if one is even given.

In countries where crime is rife, security businesses are often necessary to improve on the work of the police or lack thereof.

Marc Godard is a highly competent CTO of Equibit as seen in his profile on their team page, http://equibit.org/team/ and no doubt we could find other tech savvy community members that we can consult with as well.

We thus propose a security service where we defend the community from potential attackers, firstly by providing passive defence strategies and early warning systems that could be enabled in a user front-end like Steemvoter, with defensive comments posted at intervals, and increased as multiple auto-flags are detected to neutralise the attacker like we did.

Secondly, active measures employed as counter attacks to abusive accounts, which would be a separate Security Guild which can be an opt-in on Steemvoter as an easy gateway to set this up, where civilian accounts would load themselves in as individual cartridges to form a bigger nuke to ward off abusive accounts.

The use of such active defence strategies would have to be much more controlled than a standard upvote guild and get clearance from two posting keys on the software, one from a Steemvoter member and another from a responsible community member, several members can be on standby incase a particular one is not available for quick response to the community. In a sense it would be a multi-sig version of @steemcleaners, with a call to action on abuse issues and not content policing.

Ëach situation would have to be assessed on its merit and action taken accordingly to the severity and whether action is warranted or not or just a warning given.

A triage upvote could also be given to the aggrieved post that was downvoted out of malice or no sufficiently good explanation given that is not apparent. The triage upvote could be administered by just one authorisation from a Steemvoter owner as an immediate band-aid, whereas the reactive flag would need to have a community member okay the action as well.

This is a good topic for discussion and hope it stimulates some constructive and non-trolling talk around this topic. Trolls will be downvoted -- just kidding -- they will get a warning first -- haha!

Steemvoter Upvote Guilds will be revealed in tomorrow's final part of our three part news post series.


Steemvoter is a public curation bot with an easy to use interface, it truly is a bot for the people, making automatic curation on Steemit easy with just a few clicks.

This is a payment post! Thank you for allowing us to use your accounts to upvote this post! Anyone not signed up for SteemVoter.com is welcome to do so or just vote this post to help the project.

Sort:  

If someone has greater reputation than you, and want to downvote your post, this doesn't mean that he is attacker.

You gave to community a plenty reasons why someone may want to downvote your activity, and saying.. "oh gosh... he writes a bot which downvote our stuff" is just ridiculous from guys which are using automation to drain rewards pool.

My understanding is this was all started when you guys made 2 posts in one day and had your users upvote it../

Now, I am a huge fan of your service.. However I do think the use of one vote is pretty high cost for such a thing, especially when abused given the weight in your users.

I would suggest putting ads on your site and cease using users upvote.. This would be the correct way to monetize your code.. Not siphoning off votes from your users. (my thought)

If steemvoter is truly for the people.. You'd not be taking one post a day and upvoting your own content with it. When words and actions end up on different ends of the spectrum people tend to kuestion them.

The two post on one day was a co-ordinating error between the two of us. The terms say the posts may not be exactly every day. We didnt post the next day to make up for it.

That is hardly an excuse for a big account to be auto hiding all of our comments, you should be concerned it may happen to you some day.

To be fair you have been inciting flagging of posts of late on your crusades, most of the community is riled up and gun tooting because of you and a few others. Even blackmailing witnesses to stop voting certain projects by telling people to unvote those witnesses that do. That goes far beyond a simple downvote to redistribute rewards; but rather that is gang incitement and malice.

"you should be concerned it may happen to you some day."

Well no actually, not sure what type of world of fear you live in but if someone takes it upon themselves to start being asshats and flagging all of my posts simply put I'd have them smoked with more flags than they could possibly have access to..

It's a matter of the community as a whole combating garbage, and we do.

I am a mouthpiece for a large number of users here.. I'm also highly respected by a large chunk of the userbase here for speaking up against things I believe are wrong.

Why would I be concerned of a high rep account attacking me? Generally speaking you're only flagged if you've done something wrong here. The exception to that is when accounts I call out for shady shit get butthurt and have tantrums instead of being civilized about it.

Look at it this way.. I'm someone you'd certainly not want to writing a post about your service or person. I think the fallout and my track record speak for themselves in regards to me taking down accounts that are up to shady shit.

Blackmail, bullying, flagging or hinting I'm some type of zealot crusader simply doesn't work on me. The reason behind this is that when the dust settles I'm not just speaking my own thoughts but the collective murmurs of many.

"To be fair you have been inciting flagging of posts of late on your crusades"

Never ONCE have I ever posted on here demanding people flag any particular account.

What people do I cannot control.. I can however, make things change around here with a few keystrokes. With that being said I've not riled up anyone, I merely let them express themselves freely without fear of retaliation or ridicule.

You speak as if I'm an unnecessary "evil" on the network.. Which is fine. Not everyone likes me and frankly I'm not out to make friends with everyone.

I hope you guys can make a mends with the users that have taken it upon themselves to scrub you from the network. If not that's a shame, but another service with cheaper fees / less intrusive business model will just pop up in the end.

I don't understand the butthurt on this. People give the keys voluntarily. They can just as easily take them back. There is already a mechanism of self interest to balance abuse. At the moment it appears to me as a case of someone 'doth protest too loudly.' Steemvoter is giving power to the masses to bot vote according to rules they deem appropriate. Are some people afraid of empowering the masses?

The butthurt is: People who have already shown they can't stick to their own rules and use loose TOS are now gearing up to become a flag brigade.. Dishing out "justice" to those they see fit... With borrowed powers.

I'll be releasing the source code to the back end of steemvoter tonight to allow out community to build other services similar to Steemvoter..

This isn't even a loud protest sir! This is merely the start of a STEEM evolution.

Also bear in mind that we have released 3$ per month pay for service, those that pay will be removed from the daily payment vote, so from now it is really up the users and for everyone else to respect their choice.

If we are the ones paying for their use of the service through their distribution of the reward pool we do NOT have to respect that, we can simply use our votes to negate theirs and that is how the system works. You are consistently manipulating people on how to vote. Right now you are shaming those who use their down vote. You need to take a good look at your revenue model, the importance of this community to you and your own self destructive actions. Cop yourself on!

As mentioned in another comment, clean up your FAQ and keep it updated. Then other issues can be discussed.

To be clear:

  1. @adm and @abit are not Korean community members.
  2. What I made some consensus with @thecryptodrive is @steemsports not @steemvoter. I am still raising a concern that it does not provide explicit agreement checking page (or TOS) for using users' posting key to upvote their posts.
  3. What I suggested to SteemSports is not a fair distribution. I did about more efficient distribution with much less fee and not depending on certain whales' continuous support, which in combination monetizing whales' voting power in favor to the house (@steemsports).
  1. They are part of the greater Asian community, we don't suspect they would have weighed in if you hadn't alerted them to it.
  2. @steemsports and @steemvoter are two separate entities, although @thecryptodrive does have a stake in both.

Korea and China communities are very independent entities, and I never have privately communicated to bring them in. You are too much suspicious with far-fetched assumptions and offending people.

Re: 1, based on my own experience they both probably weighed in because they are both active Steem witnesses and it had nothing to do with their broad geographical locations.

Related to 2), I am not sure whether this comment is intentionally ignored.

No that query was posted on an old post.

When we announced our services, our blogs show what our terms are. The FAQ indicate what our terms are even though they are not specifically wrapped in a TOS header, they are still conditions shown on our website. We can amend that to make it more clear.

Again if users aren't happy with it they can remove their posting keys but we don't see anyone doing that, we have been receiving mostly new signups.

I think these events have shown that before signing up, the person owning the account must agree to simple TOS message including a mention that participating accounts will upvote 7 posts per week, but these votes may not be made evenly throughout the (defined) one week period. This seems to be the source of the controversy, and if it's made less ambiguous when someone signs up to use the service, there is less potential for controversy.

As for current users, who may not understand your terms because there were no terms presented on signup (forgive me if I'm wrong, I don't use the service), here's one suggestion on reducing confusion: Send a 0.001 STEEM transfer to all active Steemvoter users with a memo/brief message linking to a post that explicitly states the terms of the service. This way you can make a reasonable effort at clarifying terms for all existing users.

They collect email address so may easily contact the users. And I am confirmed that there is no TOS message on signup or adding account.

Sure, we can send out a reminder of our terms of service, but if the hope is that people will unsubscribe,we don't envisage many will.

They also retain keys to accounts that are not even still online.

I unsubscribed from your service not because of the change in terms but because there was no communication of the change in terms. ie. No effort to contact users and ensure satisfaction with altered terms.

This made me consider whether I should trust you with my voting keys.

No matter all the rest, you should immediately add to your FAQ that you "may change the rules/terms of service at any time". Change nothing else in there. Just add this disclaimer.

Then the discussion can and should continue from there.

I am not sure whether they changed TOS. Can you confirm?
If so, where is a blog post about changing TOS? @steemvoter

I never took a screenshot of the original TOS / FAQ but I did email to ask when I noticed they voted twice in one day.

We thus propose a security service where we defend the community from potential attackers, firstly by providing passive defence strategies and early warning systems that could be enabled in a user front-end like Steemvoter, with defensive comments posted at intervals, and increased as multiple auto-flags are detected to neutralise the attacker like we did.

There is a name for what you propose. It is called a protection racket.

All this flagging back and forth is really getting rediculous ! I along with many others will be happy when it all ends and we can all get along happily blogging in this community ! It's keeping people from joining and some are leaving ! Something for sure needs to be done to stop this stupid flag war ! We are getting tired of it in our feeds ! We have other things to be blogging and commenting on then this ! Thanks !👍😉 Upvoted

Thank you so much, we are glad you are like-minded on this, a flag police is what is needed and we are prepared to be just that, we are tired of it as well and like you, believe it will kill the community.

Ozchartart here's the link https://steemit.com/bitshares/@ozchartart/usdbts-btc-daily-poloniex-technical-analysis-market-report-update-40-jan-2-2017
Was also just flagged and it was upvoted by Bernie Sanders ! I'm seriously tired about all of it ! 😲😔

Was also just flagged and it was upvoted by Bernie Sanders ! I'm seriously tired about all of it !

Why? Are you saying people don't have the right to disagree with how @berniesanders wants to distribute the reward pool? Or that they just can't vote that way.

FWIW, bernie himself has said many times that users should be able to downvote any post they do not like, or that they think is overvalued.

We aren't in favour of flags as we feel it will lead to flag-maggedon so we wouldn't get involved if someone upvoted a flag.

Now all your comments are being flagged ! So I'm going to stop commenting ! Do they even read anything people say !? OMG ! 😔😲

Lol, it's ok we actually have the posting key for the.masses, it's an account that the posting key was made public some time back, I'm too lazy to use the key to unflag each time, I'll just get marc to make a script later to remove all the.masses flags, lol. It just shows how malicious some people are and hide behind a public account.

If you wish to diversify into the flag police service business, please make sure it's explicitly opt-in.

To be fair no flag guild would ever be able to compete with well thought out and worded private messages to some whales..

"Oh no we need defence!"

Go buy some STEEM and power it up. Upvote yourself. No more need for defence.

I guess if and when we do see these "security" guilds pop up and start being abused it won't be terribly hard to nullify them by taking out the sites they operate on. >_>

Sure, we wouldn't have done it any other way for a security guild.

Well if you have ever wondered to yourself if this guy is good or bad for the community. this should answer it; Oh how I hope he votes for himself on this one, so it gets visibility.

Thankyou for update on situation

Wow, that's not nice. I did have a rogue whale downvoting my posts a while back, but he was doing it to others too. I know some people are against certain practices such as automatic voting and betting. Those are still legitimate uses of Steemit. As long as those people have enough SP they can do damage. All you can really do is cancel out their votes if you can match them

We are sorry to hear that, you are exactly the type of customer we want to serve and protect from the crazies out there. Our members can match quite a few whales, we have 8 million SP combined and growing in our steemvoter community. @abit, @adm and @clayop only removed half of our rewards by downvoting and those are some big accounts, so our customers have more power than the three combined, provided they select to be involved.

This is the only way we can stop flag-maggeddon, if every unfiar flag is countered by the @steemvoter community and thumps every offending flagger (edited) then very few would want to start flag wars.

Please stop using the term flaggot.. It isn't professional and has a pretty homophobic feel to it.

Simply put if your service starts handing out massive flaggings without your user consenting to each case your site will be taken offline. Fighting bullying with bullying isn't the answer and it certainly isn't going to fly while I'm on watch..

I've for the most part tried to keep an open mind and stay out of most of this turmoil with flagging people's posts.

I have spoken up that while I supported and participated in @steemsports the addition of the steemy games crossed the line from having some fun with legitimate sports to let's make up crap to get more rewards. Not to mention that at least one of the 'writers' of them is a viscious troll. Do not feed the trolls. I ended my participation.

I've also observed comments by you in chats and posts and found them somewhat reactionary and inflammatory. I have tried to cut you slack in that at the moment you feel somewhat under siege BUT now that you are proposing setting yourself up as some sort of 'flagging police' --- that slack from me just got removed.

I like your service. In view of my concerns about your behaviour, I'll be removing my account. When the dust settles if you seem to have your head back on straight, I may reconsider. For now, I want to be absolutely sure my votes are not being used for your crusade.

Yesterday I tried to remove my account from SteemVoter, but for some reason I cannot login, so I decided to regenerate my posting key (by changing steemit password), just in case if they would like to still use my key without my permission.

Not sure why you couldn't login, try using Chrome browser. You can also email us or contact us in the steemvoter chat channel.

I am not interested any more in using your service. Sorry.

interesting point @noisy. I was able to login this morning and deleted my account. At this point, I will give them the benefit of some doubt and am optimistic that wont be betrayed by me finding votes of mine used improperly.

Votes won't be used improperly, all guild votes will have a separate checkbox. We are glad you were able to login.

Why I'm getting black screen, when I open steemvoter.com?...:)...

It works for us, try Chrome browser, we have issues with Firefox. Edge browser and Internet Explorer works too.

we see @the.masses account is also being used to flag all of our comments, it may be doing this to other people, we can create a script that people can enable on our service to remove @the.masses flag from anyone's post or key since the posting key was made available to the public and we have it also. Will leave the downvote here as proof, we can also drain that account of voting power if necessary.

Since you've stated you have access to @the.masses account, how do people know you are not using the account to flag your own comments and creating this scenario to justify your 'flag police'? You're really killing community trust here. Maybe you need to rethink this .

It's a public account that someone created and blog posted the posting key for all, @timcliff maybe, can't quite remember. Here's the posting key if you like:

5JYoxENB7MRc75DxqyH6eyW7ZZNYXvN9gtUFRqrifTLf1JmoddU

It doesn't change that the @anonymous account was flagging all of our comments.

OK, thanks...:)...