Thursday, August 13, 2020

All Of My TikTok Followers Are Fake

The followers poured in. Then the likes. Then tens of thousands of people watched my TikTok video. The clip itself was of a few Motherboard staffers winning a match in the hugely popular game Call of Duty: Warzone; TikTok is full of streamers and players uploading their wins or soul-crushing loses.

The video itself isn't good—there's no slick editing, no captivating TikTok personality talking to camera, and certainly no dancing—but in a few short hours the video accumulated 25,000 views and over 1,000 likes. This is very little engagement compared to the most popular videos on TikTok, but it's not bad for my first ever clip uploaded to the platform. The video climbed through the rankings of one of the Warzone-related hashtags people use to share their games.

But most of that engagement was fake. I bought the TikTok followers, likes, and views from a website that offers them all for sale. For around $50 in total I had artificially inflated the popularity of my TikTok clip, and, although my video certainly isn't about to go viral, potentially increased the chance for unsuspecting TikTok users to see it themselves.

The news comes amid increased attention on TikTok, including not-yet-publicly verified claims from the Trump administration that the app poses a national security risk. Last week President Trump signed an executive order that would ban TikTok from the United States if the company isn't bought by an American company. TikTok plans to sue in response as early as this week, NPR reported. Microsoft is in talks to purchase TikTok.

Buying followers, likes, and other engagement on TikTok highlights the grey market for social media amplification; an issue that is common across social networks writ large. The engagement we paid for didn't make the video or account viral, and we don't know if a TikTok video can go viral with inauthentic engagement alone; we only bought a relatively small amount of engagement., But paying for engagement on TikTok is easy and cheap. Nine days after paying for followers, the account and video are still up, seemingly undetected by Tiktok.

"Paid likes, follows and shares on any platform are basically a numbers game. They can make a post look more popular than it otherwise would, and that can give it an air of credibility," Ben Nimmo, director of investigations at disinformation-focused security firm Graphika, told Motherboard in an email.

Do you work at TikTok? Did you used to? We'd love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on jfcox@jabber.ccc.de, or email joseph.cox@vice.com.

With TikTok, users create an account, perhaps search for some topics they're interested in, and are then presented with an essentially endless stream of short clips to watch. Once users interact with this content, perhaps by watching clips to their completion, liking videos, leaving comments, or sharing them with others, TikTok quickly and effectively figures out what other videos to recommend. These then present themselves in the "For You" stream. TikTok differs from many other social networks in that it doesn't run on a so-called social graph which recommends content to users based on who they follow, and instead on a content graph, which looks at other indicators such as how long people watched videos or otherwise engaged with them.

To see how simple it is to buy various pieces of TikTok engagement, last week I uploaded my Warzone clip to TikTok, and then bought 250 followers from the website advertising the service. After specifying how many followers I wanted, providing my account name, and adding the item to my cart, I paid just over $12 via PayPal. The site also takes Paytr, Stripe, and other payment processors too for a cheaper price.

The results weren't subtle. I got 250 new followers seconds after making a payment. The followers I bought were a wide mix of accounts purporting to be women, men, and many users with profile pictures of things like animals or even in one case a computer graphics card. Some have obviously generated usernames such as "user2299926539189," others have full names like "Pauline Chavez."

"Looking at some of the accounts you sent over, they don't seem to be terribly high quality, but also not super low quality for fake accounts," Zarine Kharazian, assistant editor at the Digital Forensic Research Lab (DFRLab), which researches online misinformation, told Motherboard in an email after reviewing some of the purchased followers. "High quality would be something like previous users' compromised accounts with full posting histories, while low quality would be no customization at all."

These accounts sit somewhere in the middle, with profile pictures, and some also had bios and their own video uploads. One clip was a typical cat video you may see go viral (although the video appears to have been ripped from a cat-focused TikTok account that shared the same video a month earlier). Another set of at least three accounts all had generic stock art of female models as their profile photos. These accounts had each uploaded a video of showing a screen of Google Image search results of the same models. All of the videos showed a web browser with the same language bookmarks, suggesting the videos posted by multiple accounts we paid to follow us were created by the same person.

Many of these fake followers I paid for followed the same TikTok accounts. One user who is followed by many of the accounts I paid to follow me was a young female TikToker with 2.2 million followers. Another account followed by many of the fake followers belonged to a talent scout from the UK. It is not clear if the suspicious accounts followed these users in an attempt to present their own accounts as genuine TikTok users, or whether the account owners also purchased followers or likes. Several TikTok creators followed by the suspicious accounts did not respond to multiple requests for comment; one person who replied on behalf of the young female TikToker said the user had just turned 13 and so did not have the ability to buy anything. Many of the fake followers also like videos from many of the same accounts.

A customer support representative for the website Motherboard used to purchase the TikTok engagement declined to answer questions on how the service manages to fulfill orders, be that using hacked accounts, making their own, and whether they use any sort of automation to like videos or follow accounts.

"Sorry i am only able to answer questions about our customers' orders. Thank you for understanding and have a good day," the person replied in an email. Notably, their response also included the date and time in Turkish.

DFRLab previously found multiple apps that promised TikTok engagement in exchange for high level access to users' phones, including contacts.

Over the next few days, I also bought 1,000 likes and 25,000 views for my video, which arrived within minutes. To test whether these purchases had any tangible impact on the video's visibility, another Motherboard staffer scrolled through a Warzone-related hashtag and successfully found the video. Generally, TikTok videos that appear near the top of the hashtag have more likes than videos that appear further down. Motherboard found our test clip among other videos that also had around 1,000 likes (some of the top videos in the hashtag have around 500,000 likes). TikTok told Motherboard that videos under a hashtag are not sorted solely based on likes, but a combination of other forms of engagement, such as views, and relevance too.

It is difficult to tell whether any of this inauthentic engagement led to TikTok users viewing the video in their "For You" feed. The video did receive over 1,100 views after Motherboard stopped purchasing for inauthentic engagement, but it is unclear where exactly those views came from, via "For You," browsing the Warzone-related hashtag, or another way.

"Buying engagement on TikTok could definitely amplify content, although it's hard to say exactly how without knowing more of the specifics of TikTok's recommendation algorithm," Kharazian from DFRLab added.

Nimmo added, "If a tweet or post has 1,000 likes or shares, it's going to look more instinctively impressive than a post with zero. In the same way, an account with 100,000 followers will appear more popular than an account with ten. But that's largely a cosmetic effect: it can make a post or user look popular, but it can't actually make them popular."

"If fake accounts can be used to make a post trend and thus bump it up the algorithm, that might attract the attention of real users, if they're searching for the trending topic. At that point, it's a question of using fake accounts to fool the trending algorithm, rather than fooling human users," Nimmo said.

Inauthentic activity is certainly not limited to just TikTok. Twitter, Facebook, Reddit, and other social networks have all shifted more focus on detecting and trying to remove inauthentic accounts, especially in the last few years. Some campaigns have involved PR agencies peddling lies on behalf of clients; governments pushing out divisive messaging, or political spin doctors doing much of the same.

"Can I be TikTok famous yet."

In a blog post published at the end of July, TikTok CEO Kevin Mayer wrote, "we believe all companies should disclose their algorithms, moderation policies, and data flows to regulators. We will not wait for regulation to come, but instead TikTok has taken the first step by launching a Transparency and Accountability Center for moderation and data practices. Experts can observe our moderation policies in real-time, as well as examine the actual code that drives our algorithms." On its website, TikTok says "Due to constraints as a result of the coronavirus pandemic, the physical opening of our Transparency and Accountability Center has been delayed. We look forward to being able to welcome guests in the near future in Los Angeles and at our upcoming Transparency and Accountability Center in Washington D.C."

"TikTok is committed to protecting the safety, integrity and authenticity of our community," a TikTok spokesperson told Motherboard in an emailed statement. "We use a combination of technology-driven security controls and human review to mitigate spam and fraud on our platform, including purchasing followers or likes, which is a violation of our Community Guidelines, and we take swift action against accounts that break our terms of service. Understanding that spam and fraud are evolving industry-wide threats, TikTok will continue investing in solutions to strengthen our security infrastructure and stay ahead of these challenges."

In the days after purchasing the 1,000 likes, TikTok appears to have suspended some of the accounts. 

"This account was banned due to multiple Community Guidelines violations," a banner on top of the impacted accounts now reads. Most of the accounts appear to be still active however, and the video itself still displays a like counter of over 1,000.

The video of another user who had many of the suspicious accounts following them says, "Can I be TikTok famous yet."

Subscribe to our cybersecurity podcast, CYBER.



from VICE US https://ift.tt/2E2Nxcp
via cheap web hosting

No comments:

Post a Comment