r/BotDefense is shutting down - I hope Reddit likes spam and malicious actors

DocMcStuffin@lemmy.world to Reddit@lemmy.world – 825 points –
reddit.com

Post contents (and a mirror):

BotDefense is wrapping up operations

TL;DR below.

When we announced the BotDefense project in 2019, we had no idea how large the project would become. Our initial list of bots was just 879 accounts. Most of them were annoying rather than outright malicious.

Since then, we've witnessed the rise of malicious bots being used to farm karma for the purpose of spamming and scamming users across Reddit and we've done our best to help communities stem the tide. We spent countless hours finding and reviewing accounts, writing code to automate detections, and reviewing appeals (mostly from outright criminals and karma farmers definitely running bots, but we typically unban about 4 accounts per month, and unlike similar bots an unban means that we unban the account everywhere we banned it).

Along the way, we've struggled with the scope of the problem, rewritting our back-end code multiple times and figuring out how to scale to the 3,650 subreddits that BotDefense now moderates. We came up with new algorithms to identify content theft, reduce the number of times we accidentally ban an innocent account, and more. In January of 2023, we added an incredible 10,070 bots to our ban list which now stands at an incredible 144,926 accounts.

Like many anti-abuse projects on Reddit, we've done all of this for free while putting up with Reddit's penchant for springing detrimental changes on developers and moderators (e.g., adding API limits without advance notice and blocking Pushshift) and figuring out workarounds for numerous scalability issues that Reddit never seems to fix. Without Pushshift, the number of malicious bots we were able to ban dropped to 5,517 in May.

Now, Reddit has changed the Reddit API terms to destroy third-party apps and harm communities. A group of developers and moderators tried to convince Reddit to not continue down this path and communities protested like never before, but that was all in vain. Reddit is so brazenly hostile to moderators and developers that the CEO of Reddit has referred to us as "landed gentry".

With these changes and in this environment, we no longer believe we can effectively perform our mission. The community of users and moderators submitting accounts to us depend on Pushshift, the API, and third-party apps. And we would be deluding ourselves if we believed any assurances from Reddit given the track record of broken promises. Investing further resources into Reddit as a platform presents significant risks, and it's safer to allocate one's time, energy, and passions elsewhere.

Therefore, we have already disabled submissions of new accounts and our back-end analytics, and we will be disabling future actions on malicious and annoying bots. We will continue to review appeals and process unbans for a minimum of 90 days, or until Reddit breaks the code running BotDefense.

We'd rather be figuring out how to combat the influx of ChatGPT bots flooding Reddit, temu bots flooding subreddits with fake comments, and every other malicious bot out there, of course.

At this time, we advise keeping BotDefense as a moderator through October 3rd so any future unbans can be processed. We will provide updates if the situation changes or if we have any other news to share.

Finally, I want to thank all of the users and moderators who have contributed accounts, my co-moderators who have helped review countless accounts, and to all of the communities that have trusted us with helping moderate their subreddits.

Regards.

β€” dequeued

TL;DR With the API changes now in place, we no longer believe we can effectively perform our mission so we are sunsetting BotDefense. We recommend keeping BotDefense on as a moderator through October 3rd so any unbans can be processed.

91

πŸ‘πŸ‘πŸ‘

Honestly it will obviously be up to you guys but I think you should pull your support right away. The faster Reddit goes downhill the faster apathetic users will think about alternatives. But either way thank you for the work you did and for joining us on Lemmy!!

I'm not associated with r/BotDefense, but I'm sure they appreciate your sentiment.

Let this be a lesson to all devs out there. Never do work for corporations for free. Only contribute to FOSS. Devs are the backbone of the internet and before the fediverse there was no outlet for them to work on actually distributed platforms as opposed to libraries and utilities. If you want to do work on a social platform do it on the fediverse where you don't have some heartless corporation exploiting your free work and not appreciating anything you do.

Reddit should have been paying their own devs to do this themselves. This is literally millions of dollars worth of dev work.

Why is this copied word for word from the comment by /u/poppyxxx@lemmynsfw.com ?

Bot or bad joke?

Maybe they accidentally commented with their porn alt? Seems like the comment was deleted.

Signed into the wrong account and Lemmy delete doesn't work 😬

I didn't think about it yet but of course there is pron on here

If reddit's entire history is any indication, yes. They like spam and malicious actors.

MoAr TrAfFiC = w1n, or something.

Just to get the investors, spez will 100% take the cash and run and let reddit burn down

When someone tells you who they are, believe them the first time.

Reddit's army of pro-spez bots likes this.

NOOOOO everyone who likes Reddit and spez is a bot NOOOO :marseysoycrytremble:

Who likes Spez who isn’t a bot tho

Anyone who lives in reality unlike you

Lemmy feels more legitimate with trolls so I’m glad you’re here. This place is growing fast.

I know, right? It's lovely to see a real, genuine, bona fide dickhead in the comments. God bless you Slacker, you fucking moron.

I've been on here about a month, but this is the first comment that fucking killed me. The real reddit is in the comments.

Regardless of whether you like Reddit or not why would you like spez? He’s a horrible business professional who idolizes a worse business professional.

Spez, the honorary moderator, pimpdaddy awarding public defender of r/jailbait? That spez? You're off your rocker, bro.

7,000+ subreddits and their communities demonstrated that they don't like spez or what he's doing to reddit. You are objectively wrong.

This Reddit meltdown gets better and better. All of this could've been so easily avoided. Instead we have Reddit, doubling, tripling, quadrupling(sp?) down on terrible ideas. Fun to watch though.

When 90% of the value of your company is created by a small group of unpaid volunteers, it's not a good idea to piss them off. That said, the repercussions from all this will take a few months at least to be analyzed.

Especially when ChatGPT bots are on the rise... Reddit couldn't have picked a worse time to alienate the BotDefense team.

It's a game of Jenga and Spez won't let you take your turn. There's no way he can win it.

Another nail in the coffin for Reddit.

As someone that makes a living off of finding and stopping bots, I wish I had known about this project and subreddit. I would have liked to work alongside these folks.

If anyone reading this is in need of bot detection on the Fediverse please message me.

This is a bit out of my realm, but are you referring to actual software for detection, or that you can teach the patterns that many bots follow to better detect?

Apologies for the late reply. I'm open to help in either way, actually. It would be fun to contribute to a FOSS project that manages bots for the Fediverse or to answer questions for those already trying to mitigate their presence here.

I'm sure that reddit realizes it but I'll share for all of you that don't. If CGPT fills reddit with it's own comments then future AI projects won't be able to use Reddit data to train on. An AI that trains on itself or other AI data will suffer what's known as model collapse. Basically if you don't have enough variability in the training data you create an unuseable model, that will happen as CGPT fills the internet more and more with it's content. Sadly if we don't solve this problem then we likely won't get past current gen AI in terms of capabilities and scale.

Bots count as active users on the metrics, I’m sure Reddit admins see this as a huge win

This is how you fight the money men, take away their toys. The manager-CEO class of people don't understand technology, they think everything is a matter of applying the right amount of psychopathic charisma to cut deals and generate profit. Meanwhile, back in reality, none of this technology works without expertise. The type of person who holds this expertise is the antithesis of the manager-CEO. They run the show, they keep the lights on and they should never forget that.

Reddit is literally using bots to generate artificial activity, so I don't think they'll care much.

Reddit continues to crumble, what else is new ?

Is there any chance that BotDefence might be tempted to turn its talents to the Fediverse?

Reddit fucked around, and now they're about to find out.

Le Reddit is finished take #1000000000000000000. I'm sure Reddit will fall any day now, any day as it continues to thrive

You're really determined to plug your ears and drown out a sentiment that permeates reddit itself, nevermind the big media sites picking up this whole debacle.

Reddit isn't thriving. It's not even profiting, the ceo said it himself.

Your thesis of this being a nothing-burger is disproven by the simple fact that you're here, in a rapidly growing social network (because of reddit) on the comment section of a post stating the exact opposite of what you want to desperately believe.

Look in the mirror, bro.

Holy shit if you keep following the link about the GPT influx it just keeps getting worse and worse. First link: nearly 1000 bots. Next link: 2400 bots! An even further link: Over 5000 now!

Don't you feel bad?

Because of how fat you are gonna get eating all those popcorns while enjoying this shit show!?

Bro I'm already fat, this is making weight loss difficult.

Spez's goal to turn Reddit into Twitter seems to be working, at least

Reddit is now dependent on bots anyway. Who else will write their 5-star reviews and keep shitting on Lemmy in comments?

This is what I’m wondering: are they going to unban every bot on the list, or are they just going to stop updating it with new ones? The former would devastate Reddit IMO.

They're no longer adding accounts to the list since they can't get the data they need to determine if an account is a bot or not. They're still going to process unbans for false positives for the next 90 days.

There's no indication that they're going to "set the barn on fire". They're just going to walk away and let it collapse on its own.

They should really pull a Jurassic Park and open up all of the dinosaur cages. Would make for some great popcorn moments. 🍿

I imagine most dinosaur cages have been abandoned once they were blocked on every subreddit that used this service.

did they just make a bot to clean up shit on Reddit out of pure enthusiasm?

Did you just ask that has Reddit ever given anything back to their volunteers, besides sticks, rocks and ill will?

Anything that lets them pretend things are going just fine and user activity has never been higher. Especially if the bots view ads.

Good for them. We need to fight to maintain a freeweb imo a lot of people aren’t fond of people around the world comparing notes and organizing. I greatly appreciate all the developers, coders, and other people who actually give a fuck.

I reported a bunch of spam-link bots, porn-bots posting CSAM-adjacent stuff, and a slew of stuff that was very obviously and blatantly in violation of Reddit ToS.

All the links/content remained and my account got suspended for "abusing the report function". Considering the content I reported, it's a safe guess that Reddit admin and moderation teams benefit from having such material on the site. Not sure how, or why. But their actions seem to indicate something.

Then you look at the controversies Reddit has had... that one dude's suicide, Ghislaine Maxwell holding a powermod position on front-page subs, the powermod controversy wherein a dozen or so mods had thousands of subreddits under their control.

There's also been a huge attitude shift. While most of it seems the same, there's a very strong anti-American presence now that seems to make sure they fit that sentiment into every thread whether it's justified, related, or completely out of place.

The Reddit algorithms or whatever also seem to love pushing certain topics to the point of stripping it of any/all meaning and turning into propaganda.

Hiw do you scam users with farmed karma?

Having 0 or negative karma is a barrier to posting. Some subs completely disallow posting if you don't meet a threshold, but even outside of those subs you still run into things like having your comments held up in the spam queue until they are manually reviewed.

So having a bit of karma allows them to post their scam and/or spam links and have a chance of being visible.

I struggled with that when I first started on reddit... Couldn't post because no karma and no karma because no post.

LPT for anyone living in the past prior to reddit imploding: you can get a lot of karma from going to AITA or another relationship advice sub and making a quick spicy and/or sympathetic comment. Esp in an interesting thread that was recently posted so you are one of the first comments. I'd say that >80% of all my karma came from my infrequent dipping into those subs, maybe <5% of my contributions. With the other 95% being arguably more useful and constructive but less mass appeal.

I wouldn't make a very good robot. :/

Let’s say I have an account with lots of positive karma. Let’s say I take that account, and make it look nice, I can look like a paragon of a community, or a customer service account or anything I want. Now let’s say I go into a mmo community and use that nice good looking account to run a scam where I get people to send me passwords and 2FA codes, now I’m running off with their MMO gold and selling it.

Let’s say I setup an account that seems to be related to a crypto wallet company, you post to a subreddit asking for help and I come along and convince you to send me your crypto, or to screenshot something that compromises your seed without you thinking, or send you to a webpage that looks like you’re signing a transaction to sign in.

Basically if karma is a metric of community trust, someone will use that trust against the community

Is this really a thing that happens? I'm incredulous.

Would people really give their passwords and 2FA codes to a reddit stranger? ... and of the people who would, how many of those would not give their passwords and 2FA codes to a reddit stranger if their karma was too low.

Same with the crypto example.

Do people really think that karma means someone is trust worthy ? That seems kind of absurd.

Yes it happens, no I wouldn’t, go search the 2007scape sub for hacked and hijacked. The Monero subreddit has people pretending to be part of cake wallet. Go to cryptocurrency and ask for a link to an exchange.

Think of how stupid the average person is, and realize half of them are stupider than that.

George Carlin

I think the term used in the post "spam or scam" might not be that accurate ? My understanding is that the vast majority of bots on reddit are there to influence opinions.

I'm pretty sure everyone (absolutely including myself) is heavily influenced by the reading the opinions of others, especially if it's repetitive.

Additionally, I'm also sure that most people (yes probably me included) tend to post opinions or at lease phrase their own opinions in a way that they hope will gather more upvotes.

Also you don't need to change peoples strongly held opinions - you only need to tip the scale in your favour.

With that in mind, imagine that you had infinite voting power. You can give a comment the 2,000 upvotes it needs for visibility, or give another comment however many downvotes it needs to fade into obscurity. It would be pretty easy to support a particular opinion or idea.

Now, as to why karma is required - if you're going to direct your bot net to descend on a single comment and downvote it to oblivion, then you need them to look and behave the way people do rather than bots. A few comments here and there, a little karma, general meandering engagement.

That's my take anyway - makes more sense than trying direct scams on reddit.

I am especially upvoting you because you are wiling to admit that the upvotedness of prior comments influences how you craft future contributions.

And I am articulating it in the hopes that others will see it and have the the fortitude to stop pretending they are immune to it. I promise to upvote you when I see it.

Scam and spambots always start out with farming karma, because most subs have automoderation which prevents posting by low post and low karma accounts. Having a high amount of karma means that you have access to all subs in reddit.

Good, less censorship on Reddit

In what way is disabling the banning of malicious bots good?

I can freely karma whore with repost bots. If you fall for any scam on Reddit, you deserve what you get for being a smoothbrain.