Conspirador Norteño: It's a great day to look at a network of Bluesky spam accounts with randomized names. #SundaySpam

It's a great day to look at a network of Bluesky spam accounts with randomized names. #SundaySpam

This spam network consists of (at least) 401 accounts, all of which were created (or added to the Bluesky app view) in August 2023. These accounts do not follow each other; rather, each one follows a small number of popular Bluesky accounts.

The accounts in this network cycle rhythmically between posting three types of content: • reposts • posts containing links to news articles • posts containing links to news articles accompanied by images

Most of this spam network's content is reposts (5012 of 7043 posts, 71.2%). There is no apparent theme to the set of accounts reposted by the network, other than that they all have decent-sized followings.

This network posts links to a variety of media sources from countries including the UK, the USA, Canada, the Philippines, Australia, India, and South Korea. The most frequently linked site is the Daily Mail. The text of each post is the first sentence or two of the linked article.

More information in this Substack article, including Python code for mapping spam networks of this type by exploring the Bluesky social graph: conspirator0.substack.com/p/spamming-w...

Update: this spam network has grown in size to 657 accounts. Thus far, none of the initial 401 accounts have been banned.

Nice work. Is there a block list for these accounts anywhere?

@katestarbird.bsky.social is there a feed for this type of information on spam networks here on bsky?

Nice work.

👍👍

Substack funds evil. Check out @buttondown.email for a better newsletter product.

...Daily Mail. That's a tell.

Wait, the george takai account is a bot?

No the bots retweet him among other high follower accounts

There are very few news accounts on this platform. Maybe they were created to bring in news? I guess that it depends on what the accounts are posting. I certainly don’t want to see Epic Times-type news agitate accounts.

You can bring in news without being part of a spam network

So my question is, how did the multiple spam accounts defeat the invite process?

Probably farming their invite codes with their alts.

Absolutely, and they should.

"very few" ... but increasingly actually some. I wrote a little list. docs.google.com/document/d/1...

One list of accounts to follow on Blueskydocs.google.com Finding good sources to follow on Bluesky This note updated on 19th August 2023 So, you’re on Bluesky (welcome!) and trying to find the good stuff. Here’s my personal list of good (interesting, t...

Thank you 🙏

There's a Bluesky news feed. Not sure if this link will work, but it is sourced by @matthewrodier.bsky.social (I think) bsky.app/profile/did:...

Sassy Eyewitness is a great name for a female TV detective.

Can't wait for season 2 of

Is that Natasha Lyonne 😂

I’m wondering that if it’s invite-only, how did so many spam accounts get in, and is BSKY going to do anything about it? Also, how do you know something is spam vs another anonymous account like many on here? (Honest question, how does one differentiate?)

If there'd been just one account, it would've been difficult to be sure - it's the presence of hundreds with same characteristics that makes it easier to spot.

Those characteristics include behavior. Spam accounts coordinate with each other, post similar messages, and like, comment, and share at abnormal rates. They can't act normally and independently and still achieve their goal of shilling and amplifying spam. So they are detectible in groups.

Ok, thanks for the primer in all this. I suppose we all have to remain vigilant and block as they appear on our TL or start to follow us. What a headache.

I have learned a lot about this kind of thing by following @rahaeli.bsky.social (who runs a different, smaller, platform). As I understand it, the answer to your first question is "no, BSKY doesn't plan to do anything about it". Unfortunately.

There's limited things they can do about it, and I'm guessing they're not experienced enough to know they have to shut this shit down instantly early on if they want a hope of not being inundated.

As to knowing whether something is spam -- it's extremely difficult to automatically identify spam accounts unless you've already IDed the characteristics of a specific network, but trained humans can spot it instantly. I can do it with a completely blank account. It's weird deep pattern matching.

There's at least one person in this thread going "oh no, my account matches this naming pattern" and I had to blink because it absolutely doesn't, but I could see why people who don't have the spam sense would think it does. It's like training a ML system except a billion times more accurate.

We've tested "me looking at every account" against a bunch of ML options so far and the only one to get over 50% accuracy hit low 60s. There's a reason exTwitter did its mDAU spot verification manually. Human brains are so much better at this it's not funny

Truly hope the t&s team spends 15 minutes each day reading your timeline. I know they dont, but better than another degree.

I think you get given more invitation codes when yours are used. So one spam artist gets in, invites themself, rinse and repeat. You'd take some time to get a bot army, but as ever, bad faith actors can make a mess wherever they go

I had one code stolen, a "bot" type account set up, no posts or profile. I reported it and I think it was removed.

But wouldn’t that make the spam accounts traceable to each other? Couldn’t they ban any account tied to the same code?

🤷 wouldn't be that hard to make the network more complex once you get a handful of accounts involved. I've given my codes to people on here who have distribution lists for them. I've trusted them. Easy for that to get gamed

Some users joined a wait list and were provided pws that way. Once in, they can farm more invites using the accounts themselves to generate more.

This is one of at least two naming conventions used by “weird” (for lack of a more specific term) accounts on BlueSky. Here’s another: single random word, all lowercase, handle and username identical. (Shame too, because I know a few real people who might like “database.”)

The nature of these accounts is identical across them: they all make a single, possibly LLM-generated post, and follow 3-4 accounts.

Note the “Translate” option. BlueSky will put that on any post sent from a system whose language does not match yours (implying that despite being in English, these posts were sent from computers whose system language was not English).

The posts themselves being potentially LLM-generated is hinted at in several ways. Most notably, observe that cylinder recommends a book but never says which book it is.

As the old quip goes, don't bring cylinder books as a gift, he already has a book

Regarding this, it’s possible it’s changed or the protocol has been refined since 2 months ago (I haven’t checked since), but as of two months ago a person posting from iOS was assumed to be posting simultaneously in every language for which they had keyboards enabled. bsky.app/profile/nort...

INTERESTING: BlueSky created this list of languages used in my skeets. This list was clearly cribbed from the list of keyboard I have enabled on iOS.

Post