https://www.reddit.com/r/RedditSafety/comments/f9xfmp/reddit_security_report_february_26_2019/
created by worstnerd on 26/02/2020 at 18:11 UTC*
318 upvotes, 35 top-level comments (showing 25)
Welcome to the second installation of the Reddit Security Quarterly report (see the first one here[1]). The goal of these posts is to keep you up to speed on our efforts and highlight how we are evolving our thinking.
1: https://www.reddit.com/r/redditsecurity/comments/dp9nbg/reddit_security_report_october_30_2019/
​
┌──────────────────────────┬─────────────────────────┬─────────────────────────┐ │ **Category** │ **Volume (Oct - Dec │ **Volume (July - Sep │ │ │ 2019)** │ 2019)** │ ╞══════════════════════════╪═════════════════════════╪═════════════════════════╡ │ Content manipulation │ 5,502,545 │ 5,461,005 │ │ reports │ │ │ ├──────────────────────────┼─────────────────────────┼─────────────────────────┤ │ Admin content │ 30,916,804 │ 19,149,133 │ │ manipulation removals │ │ │ ├─────────────��────────────┼─────────────────────────┼─────────────────────────┤ │ Admin content │ │ │ │ manipulation account │ 1,887,487 │ 1,406,440 │ │ sanctions │ │ │ ├──────────────────────────┼─────────────────────────┼─────────────────────────┤ │ 3rd party breach │ 816,771,370 │ 4,681,297,045 │ │ accounts processed │ │ │ ├──────────────────────────┼─────────────────��───────┼─────────────────────────┤ │ Protective account │ 1,887,487 │ 7,190,318 │ │ security actions │ │ │ └──────────────────────────┴─────────────────────────┴─────────────────────────┘
​
Again, these are some of the metrics that we look at internally. With time we may add or remove metrics, so if you have any metrics that you would like to see, please let us know.
Throughout 2019, we focused on overhauling how we tackle content manipulation issues (which includes spam, community interference, vote manipulation, etc). In Q4 specifically, we saw a large increase in the number of admin content manipulation removals. This was largely driven by a relatively small number of VERY prolific streaming spammers (~150 accounts were responsible for ~10M posts!). Interestingly, while the removals went up by about 50%, the number of reports was reasonably flat. The implication is that this content was largely removed before users were ever exposed to it and that our systems were effective at blunting the impact.
Ban evasion is a constant thorn in the side of admins, mods, and users (ban evasion is a common tactic to abuse members of a subreddit). Ban evasion is when a person creates a new account to bypass site or community bans. Recently we overhauled how we handle ban evasion on the platform with our own admin-level ban evasion detection and enforcement, and we are super excited about the results. After a sufficient testing period, we have started to roll this out to subreddit level ban evasion, starting with mod reported ban evasion. As a result this month, we’ve actioned **more than 6K accounts**, reduced time to action (from report time) by a factor of 10 , and achieved a **90% increase** in the number of accounts actioned.
While the roll out has been effective so far and we hope that it will have a big impact for mods, we still see a lot of room for progress. Today, less than 10% of ban evaders are reported by mods. There are a number of reasons for this. Some mods are actually ok with people creating new accounts and “coming back and playing nice.” Some ban evaders are just not recognized by mods because they don’t have tools that allow them to detect it due to privacy concerns. We will start to slowly increase our proactive ban evasion detection so that mods don’t have to worry about identifying this in the future (though their help is always appreciated). In the next report, I'll try to dive a little deeper and share some results.
As we mentioned in the previous post, we finished a massive historical credential matching effort. This is why we see a significant reduction in both the number of accounts processed and the protective account actions. With this complete, we can start working on more account hardening efforts like encouraging 2fa for high value accounts (think mods and high karma accounts) and ensuring that people aren’t using commonly-breached passwords[2] (have I plugged password managers[3] lately!? I strongly encourage!). We are still working on refining the help center articles to ease the process for users that are hit in these efforts. We want to make it as clear as possible to ensure that the right person gets access to the account. One last plug, please take the time to ensure that you have an up-to-date verified email address associated with your account, this is one of the most common reasons why people get locked out of their account after being hit by a forced password reset. In many cases, there is nothing we can do when this happens as we don’t have the ability to verify account ownership.
2: https://haveibeenpwned.com/
3: https://www.reddit.com/r/redditsecurity/comments/bletrr/how_to_keep_your_reddit_account_safe/
2020 is a big election year in the US, and we would be remiss if we did not acknowledge that it is top of mind for us. As I’ve mentioned in previous posts[4], in the wake of the 2016 election, we spun up a special team focused on scaled content threats on the platform. That has led us to this point. Over the last couple of years, we have heavily focused on hardening our systems, improving our detection and tooling, and improving our response time. While we will continue to make investments in new detection capabilities (see ban evasion), this year we will also focus on providing additional resources to communities that may be more susceptible to manipulation (I know, I know you want to know what it means to be “susceptible”. We won't get into the specifics for security reasons, but there are a number of factors that can influence this such as the size of the mod team to the topic of the community..but often not in the obvious ways you'd suspect). We will be as open as possible with you throughout this all – as we were with our recent investigation[5] into the campaign behind the leaked US-UK trade documents. And as I’ve repeated many times, our superpower is you! Our users and our moderators are a big part of why influence campaigns have not been particularly successful on Reddit. Today, I feel even more confident in our platform’s resilience...but we are not taking that for granted. We will continue to evolve and improve the teams and technologies we have to ensure that Reddit is a place for authentic conversation...not manipulation.
5: https://www.reddit.com/r/redditsecurity/comments/e74nml/suspected_campaign_from_russia_on_reddit/
Thanks for reading, and I hope you find this information helpful. I will be sticking around to answer any questions that you may have.
[edit: Yes, Im still writing 2019 on my checks too...]
[edit2: Yes, I still write checks]
Comment by kossssssst at 26/02/2020 at 18:33 UTC
35 upvotes, 1 direct replies
For those of us that are new, is there some place that explains what these metrics mean? For example, 3rd party breach accounts processed at 4B, sounds like there were 4B accounts breached.
Comment by svc518 at 26/02/2020 at 18:33 UTC
26 upvotes, 1 direct replies
(~150 accounts were responsible for ~10M posts!)
Is my ~~one cell in Libre calc~~ back of the envelope math right - that's about one post every two minutes? Is posting not throttled to avoid this?
Comment by [deleted] at 26/02/2020 at 18:18 UTC
22 upvotes, 1 direct replies
[deleted]
Comment by ThaddeusJP at 26/02/2020 at 18:36 UTC
17 upvotes, 1 direct replies
Has reddit done any digging on ban evaders and content manipulation motivation?
Is it just mostly jerks who dont like they are banned so they make a new account or do you find "hey holy crap there is X hits at this one IP over in Y country all messing with /r/subnamehere"?
Its great the stuff is being dealt with, so thanks there.
Comment by BaneWilliams at 26/02/2020 at 19:18 UTC*
42 upvotes, 1 direct replies
cheerful fear ring slap insurance zesty yam practice crown vast
Comment by indi_n0rd at 26/02/2020 at 19:16 UTC
15 upvotes, 1 direct replies
Ban evasion is a constant thorn in the side of admins, mods, and users (ban evasion is a common tactic to abuse members of a subreddit). Ban evasion is when a person creates a new account to bypass site or community bans. Recently we overhauled how we handle ban evasion on the platform with our own admin-level ban evasion detection and enforcement, and we are super excited about the results. After a sufficient testing period, we have started to roll this out to subreddit level ban evasion, starting with mod reported ban evasion. As a result this month, we’ve actioned more than 6K accounts, reduced time to action (from report time) by a factor of 10 , and achieved a 90% increase in the number of accounts actioned.
Are site-wide suspended users allowed to return with alts? I have this issue where a known spammer is still posting spam links on my subreddits despite getting their alts suspended by admin several times (including 4-5 counts of ban evasion). And by several I mean more than 10 suspended accounts. It is a nuisance that you have to configure automod in advance just to filter their bs.
Comment by WoozleWuzzle at 26/02/2020 at 18:53 UTC*
9 upvotes, 1 direct replies
How do we report ban evaders? Also how do we know if they're ban evading?
Any help/guidance to better report ban evaders to increase that 10% metric would help.
Comment by MajorParadox at 26/02/2020 at 19:11 UTC
6 upvotes, 1 direct replies
We will start to slowly increase our proactive ban evasion detection so that mods don’t have to worry about identifying this in the future (though their help is always appreciated)
So does this mean they will be detected and actioned without us having to guess which toxic accounts are connected and which users that threatened to ban evade actually did? On that note, any update on allowing us to report threats of ban evasion? We got kind of a mixed answer previously.
Comment by [deleted] at 26/02/2020 at 19:13 UTC*
3 upvotes, 3 direct replies
[deleted]
Comment by soundeziner at 26/02/2020 at 19:18 UTC
4 upvotes, 1 direct replies
Today, less than 10% of ban evaders are reported by mods. There are a number of reasons for this.
When a sub gets to a certain point of activity, it becomes difficult to look at the participation from 100K+ subscribers and catch subtle similarities from someone who may have been banned / ban evaded the day before or a week ago. That is the reality of your statistic.
EDIT - The fact that all mods can't see a report sent to admins doesn't help to have cohesive info either
Comment by bwfcwalshy at 26/02/2020 at 22:28 UTC*
4 upvotes, 0 direct replies
I'm glad to see more action being taken against account security (also huge props for using HIBP!!).
The "ensuring people aren't using commonly-breached passwords" Will at least part of this checking with HIBPs API during the login/signup flow and then if using a pwned password **at least** strongly encourage the user to change/use another password?
Comment by [deleted] at 26/02/2020 at 23:42 UTC
4 upvotes, 0 direct replies
Out of curiosity, how are you exactly detecting ban evasion?
Comment by 7hr0wn at 27/02/2020 at 19:18 UTC
3 upvotes, 0 direct replies
How do we get admins to take action against ban evaders - particularly ones who threaten violence?
Our moderation team has been dealing with a serial ban evader for over a year. I know we've made a combined total of over 1,000 reports, but the behavior has only increased. On the worst days, the abuser makes 10-12 accounts to spread hate. I've personally hit my report limit multiple times reporting ban evasion, violence, and harassment against this single user.
What further steps can we take? Is there a point where reddit.com will step in and help?
Comment by Memetic1 at 26/02/2020 at 22:01 UTC
5 upvotes, 0 direct replies
What's going on with the sub r/pan Virtually the entire front page has been taken over by them. Some of the content isn't good at all, and is still getting tons of upvotes. I know this is a so called "new feature", and I don't want to filter out that sub yet. It's just this is starting to feel like vote manipulation /cyberwarfare.
Comment by cheechak0 at 26/02/2020 at 21:58 UTC
2 upvotes, 1 direct replies
As a result this month, we’ve actioned more than 6K accounts, reduced time to action (from report time) by a factor of 10 , and achieved a 90% increase in the number of accounts actioned.
Which is great to hear, but I am still wondering, if we report someone ban evading, how long should we expect it will take for action?
What are the outcomes of such a report and what communications should we expect?
I understand it may depend on the circumstance, and workload, but even with the new interface, you make a report and it seems like it just disappears into a black hole.
It's discouraging to have the "New Help Center report has been received." message be the last you hear about a ban evasion report.
Comment by VEC7OR at 26/02/2020 at 22:58 UTC
2 upvotes, 0 direct replies
Great job guys!
BTW What do you do with spammers that make multiple accounts or have botnets and whatnot, and share content that is vaguely resembles the usual content, but have more accounts that spam in the comments 'Hey I saw this here %URL%', if you just browse, it appears like your usual 'I've stumled upon', but if you moderate it really apparent, I've tried reporting it to spam, some of them got whacked, some didn't, are there any automatic systems in place for this?
Comment by totallynotahooman at 27/02/2020 at 15:30 UTC
2 upvotes, 0 direct replies
For content manipulation what content were they manipulating and in which way?
Comment by Halaku at 26/02/2020 at 19:17 UTC
7 upvotes, 1 direct replies
In the last report, this came up:
"a highly coordinated ban evasion ring from users of r/opieandanthony. This began after we banned the subreddit for targeted harassment of users, as well as repeated copyright infringement. The group would quickly pop up on both new and abandoned subreddits to continue the abuse. We also learned that they were coordinating on another platform and through dedicated websites to redirect users to the latest target of their harassment."
While some people might (understandably) be concerned about this happening again due to actions taken on a subreddit that we won't specifically mention, and their establishment of a .win platform / dedicated website, that's for the future, and likely a future security report.
My question: Has there been any other highly coordinated ban evasion rings of this caliber since the October 2019 report, or did the lessons learned with the r/opieandanthony scenario lead to this no longer being a viable tactic?
Comment by TotesMessenger at 26/02/2020 at 18:59 UTC
1 upvotes, 0 direct replies
I'm a bot, *bleep*, *bloop*. Someone has linked to this thread from another place on reddit:
*^(If you follow any of the above links, please respect the rules of reddit and don't vote in the other threads.) ^(Info[2] ^/ ^Contact[3])*
1: https://www.reddit.com/r/RedditUpdateLog/comments/f9y5m4/reddit_security_report_february_26_2019/
3: /message/compose?to=/r/TotesMessenger
Comment by [deleted] at 26/02/2020 at 21:33 UTC
1 upvotes, 2 direct replies
[deleted]
Comment by Porencephaly at 29/02/2020 at 12:19 UTC
1 upvotes, 0 direct replies
You make a lot of references to things that mods “report,” but how is that measured? I moderate two decent-size subs, but whenever I find a problem user evading a ban or violating site wide rules, I don’t really feel that there’s an adequate reporting system. There’s no designated person or group inbox I’m supposed to contact and no “report this account to admins” button. There used to be a modhelp sub but it was pretty dead last time I went. I usually just DM u/spez or one of the other 1-2 admin accounts I can remember by name and hope that it gets taken care of (and not once have I received a reply to such a DM). Is there some secret system I’m supposed to be using?
Comment by cyrilio at 29/02/2020 at 12:37 UTC
1 upvotes, 0 direct replies
Due to spammers and shady vendors one of the subreddits I moderate got banned. We tried are fucking best to keep it clean and not break any reddit rules or content policy. It happened without any warning. We would loved to have worked with the admins to figure out a way to keep spam out but didn't have the opportunity, The mods of /r/drugstashes are quite sad about what happened and would really like the opportunity to get a second chance. There were 62k subscribers and probably double that in monthly unique visitors.
Would be nice of you could help us /u/worstnerd to bring back that community.
Comment by wordsworths_bitch at 03/03/2020 at 08:05 UTC
1 upvotes, 0 direct replies
So... You preach about the security measures being taken for community sake, yet most of the actions seem like they were taken for the good of any community. As a matter of fact, most actions seem to be appeasement of investors, and damage control of appeasement. What do you see your strategies leading to in the long term if this cycle continues?
Comment by Pinkglittersparkles at 23/04/2020 at 22:17 UTC
1 upvotes, 0 direct replies
> But we think about ban evasion a little more broadly, where a ban evader is any account that tries to bypass enforcement efforts. So that could be content manipulators spinning up new accounts, and it could be users banned from a community (or the site) for abusive content.
Can you look into u/LRLOurPresident? Their previous account u/ChickenPeak was banned and removed for content manipulation on r/politics as well as other subreddits, and now they’re at it again, but on their own “new” subreddits.
u/FThumb has previously reported this user for vote manipulation on reddit:
> I shared this to admins along with other example of posts that rocketed to 10-20k upvotes while his traffic and surrounding posts never aligned with those numbers. I also showed where he held 121 of the top 125 posts. I know of others who have also tracked the blatant vote manipulation and tried to show admins, and I also know he was originally running that sub[1] as u/ChickenPeak but was banned from reddit for vote manipulation, which is why his other "mods" are blank placeholder accounts in case he's banned again he can just resume with one of them. Admins don't care, and I don't know why.
>
>
u/LRLOurPresident (previous account: u/chickenpeak) (alts: u/berniebrain u/PrimitiveRaga u/beeskneesleesjeans u/circlelightpark) AstroTurfs various liberal subreddits (u/AOC u/ILHAN u/DemocraticSocialism u/democraticparty) with anti-Democrat /Pro-Republican talking points and delete relevant posts, e.g., AOC endorsing Joe Biden
This is especially concerning given that you (Reddit) sell ads to companies that target users based on these subreddits.
Here are a list of posts calling out this user for manipulating reddit:
15 days ago https://www.removeddit.com/r/TheoryOfReddit/comments/fx5eac/shades_of_the_donald/
Comment by darknep at 26/02/2020 at 23:10 UTC
1 upvotes, 0 direct replies
Wrap it up, boys. Not even Admins can change post titles. Case closed, use this to your advantage.
