https://www.reddit.com/r/RedditSafety/comments/nmhmj0/q1_safety_security_report_may_27_2021/
created by worstnerd on 27/05/2021 at 21:05 UTC
190 upvotes, 28 top-level comments (showing 25)
Hey there!
Holy cow, it's hard to believe that May is already coming to an end! With the US election and January 6 incidents behind us, we’ve focused more of our efforts on long term initiatives particularly in the anti-abuse space.
But before we dive in, some housekeeping first...you may have noticed that we changed the name of this report to better encapsulate everything that we share in these quarterly updates, which includes events and topics that fall under Safety-related work.
With that in mind, we’re going back to some of the basic fundamentals of the work we do and talk about spam (and notably a spam campaign posting sexually explicit content/links that has been impacting a lot of mods this year). We’re also announcing new requirements for your account password security!
Let's jump into the numbers…
┌──────────────────────────┬─────────────────────────┬─────────────────────────┐ │ **Category** │ **Volume (Mar - Jan │ **Volume (Oct - Dec │ │ │ 2021)** │ 2020)** │ ╞══════════════════════════╪═════════════════════════╪═════════════════════════╡ │ Reports for content │ 7,429,914 │ 6,986,253 │ │ manipulation │ │ │ ├─────────────────────────���┼─────────────────────────┼─────────────────────────┤ │ Admin removals for │ 36,830,585 │ 29,755,692 │ │ content manipulation │ │ │ ├──────────────────────────┼─────────────────────────┼─────────────────────────┤ │ Admin account sanctions │ 4,804,895 │ 4,511,545 │ │ for content manipulation │ │ │ ├──────────────────────────┼─────────────────────────┼─────────────────────────┤ │ Admin subreddit │ │ │ │ sanctions for content │ 28,863 │ 11,489 │ │ manipulation │ │ │ ├──────────────────────────┼─────────────────────────┼─────────────────────────┤ │ 3rd party breach │ 492,585,150 │ 743,362,977 │ │ accounts processed │ │ │ ├──────────────────────────┼─────────────────────────┼─────────────────────────┤ │ Protective account │ 956,834 │ 1,011,486 │ │ security actions │ │ │ ├──────────────────────────┼─────────────────────────┼─────────────────────────┤ │ Reports for ban evasion │ 22,213 │ 12,753 │ ├──────────────────────────┼─────────────────────────┼─────────────────────────┤ │ Account sanctions for │ 57,506 │ 55,998 │ │ ban evasion │ │ │ ├──────────────────────────┼─────────────────────────┼──────────────��──────────┤ │ Reports for abuse │ 1,678,565 │ 1,432,630 │ ├──────────────────────────┼─────────────────────────┼─────────────────────────┤ │ Admin account sanctions │ 118,938 │ 94,503 │ │ for abuse │ │ │ ├──────────────────────────┼─────────────────────────┼─────────────────────────┤ │ Admin subreddit │ 4,863 │ 2,891 │ │ sanctions for abuse │ │ │ └──────────────────────────┴─────────────────────────┴─────────────────────────┘
Content Manipulation
Over the last six months or so we have been dealing with a particularly aggressive and advanced spammer. While efforts on both sides are still ongoing, we wanted to be transparent and share the latest updates. Also, we want to acknowledge that this spammer has caused a heavy burden on mods. We appreciate the support and share the frustration that you feel.
The tl;dr is that there is a fairly sustained spam campaign posting links to sexually explicit content. This started off by hiding redirects behind fairly innocuous domains. It migrated into embedding URLs in text. Then there have been more advanced efforts to bypass our ability to detect strings embedded in images. We’re starting to see this migrate to non-sexually explicit images with legit looking URLs embedded in them. Complicating this is the heavy use of vulnerable accounts with weak/compromised credentials. Everytime we shut one vector down, the spammer finds a new attack vector.
The silver lining is that we have improved our approaches to quickly detect and ban the accounts. That said, there is often a delay of a couple of hours before that happens. While a couple hours may seem fairly quick, it can still be enough time for thousands of posts, comments, PMs, chat messages to go through. This is why we are heavily investing in building tools that can shrink that response time closer to real-time. This work will take some time to complete, though.
Here are some numbers to provide a better look at the actions that have been taken during this period of time:
​
Visualization of posts per week
In an effort to reduce the occurence of account takeovers (when someone other than you is able to login to your account by guessing or somehow knowing your password) on Reddit, we're introducing new password complexity requirements:
Any password changes or new account registrations **after** June 2, 2021 will be rejected if it doesn’t follow these three new requirements. Existing passwords won’t be affected by this change - but if your password is terrible, maybe go ahead and update it.
While these changes might not be groundbreaking, it’s been long overdue and we’re taking the first steps to align with modern password security requirements[1] and improve platform account security for all users. Going forward, you’ll have to pick a better password for your throwaway accounts.
1: https://pages.nist.gov/800-63-3/sp800-63-3.html
As usual, we’ll advocate for using a password manager[2] to reduce the number of passwords you have to remember and utilizing 2FA[3] on your account (for more details on protecting your account, check out this[4] other article).
4: https://old.reddit.com/r/redditsecurity/comments/bletrr/how_to_keep_your_reddit_account_safe/
As we evolve our policies and approaches to mitigating different types of content on the platform, it’s important to note that we can’t fix things that we don’t measure. By sharing more insights around our safety and security efforts, we aim to increase the transparency around how we tackle these platform issues while simultaneously improving how we handle them.
We are also excited about our roadmap this year. We are investing more in native moderator tooling, scaling up our enforcement efforts, and building better tools that allow us to tackle general shitheadery more quickly. Please continue to share your feedback, we hope that you will all feel these efforts as the year goes on.
If you have any questions, I’ll be in the comments below for a little bit ready to answer!
Comment by shiruken at 27/05/2021 at 21:31 UTC
22 upvotes, 1 direct replies
I'm confused by that chart. Is that the number of posts on Reddit per week? Or the number of posts you're actioning for spam per week?
Also I can't believe you actually labeled the y-axis 😮
Comment by TheNewPoetLawyerette at 27/05/2021 at 21:34 UTC
19 upvotes, 1 direct replies
(psst... You flipped March and January in the chart heading)
Comment by SeriousSamStone at 27/05/2021 at 21:51 UTC
16 upvotes, 1 direct replies
Can you provide any insight into extremely long report response times for obvious bot types? About a week and a half ago, I spent several days reporting around 650 discord-advertising spam bots, with a calculated total spam comment volume of over 14,000. After checking back just now, 15 of the first 16 bots I reported still have visible profile pages (meaning no shadowban or permanent suspension) and they still have fully visible spam comments on various subreddits (meaning the accounts haven't been purged of spam and returned to their original owners), which leads me to heavily suspect that they have not yet been actioned:
https://www.reddit.com/r/OverSimplified/comments/nbpe9u/meme/gybzq5u/
https://www.reddit.com/r/OverSimplified/comments/nbpe9u/meme/gybzpde/
https://www.reddit.com/r/ketamine/comments/ndomp0/warning_melbourne/gyc0sx5/
https://www.reddit.com/r/Winnipeg/comments/ndad37/bridgewater_medical_centre/gybzz76/
https://www.reddit.com/r/ShermanPosting/comments/nc3ssi/confederate_surrender_flag/gya3mri/
https://www.reddit.com/r/OneyPlays/comments/nd77i6/all_for_mafia/gyamjag/
https://www.reddit.com/r/holesome/comments/nbz6lz/quite_holesum/gyc24cf/
https://www.reddit.com/r/holesome/comments/n50lkf/we_did_it_guys/gyc25h8/
https://www.reddit.com/r/holesome/comments/nckwzx/holesome_gay/gyc25gm/
Here are the links to my submitted reports for these accounts, all of which were sent more than 10 days ago:
https://www.reddit.com/message/messages/11nojzv
https://www.reddit.com/message/messages/11np2jy
https://www.reddit.com/message/messages/11nok57
Why do the bots you describe in your post get actioned in hours but these bots still aren't actioned after over a week?
Comment by UnacceptableUse at 27/05/2021 at 21:15 UTC
27 upvotes, 1 direct replies
Glad you mentioned the NSFW spam campaign. It's good to see you're making a dent in it. Over at /r/TheseFuckingAccounts this has been quite a hot topic
Comment by BlogSpammr at 27/05/2021 at 21:21 UTC
12 upvotes, 1 direct replies
There’s a t-shirt spammer that also uses text in images - “say yes if you want to buy…” It would be nice to see the end of his kind.
Comment by MajorParadox at 27/05/2021 at 21:23 UTC
12 upvotes, 1 direct replies
Awesome post as usual, thanks for sharing!
|**Category**|**Volume (Mar - Jan 2021)**|**Volume (Oct - Dec 2020)**|
|:-|:-|:-| |... |Reports for ban evasion|22,213|12,753| |Account sanctions for ban evasion|57,506|55,998|
Is there any reason the reports have gone up so high, yet the sanctions only went up a little? Much more false reports or was more of it ignored, perhaps?
Comment by svc518 at 27/05/2021 at 21:32 UTC
9 upvotes, 1 direct replies
Is the aggressive and advanced spammer you mentioned related to the account farming bots mentioned here[1], or is this a separate problem? If the latter, can you share any insights or updates on that?
Comment by abrownn at 27/05/2021 at 21:36 UTC
8 upvotes, 3 direct replies
My Investigations@zendesk emails for the last half year seem to have fallen into the roundfile. I sent an r/modsupport followup (since r/reddit.com is now dead and there's no way to reach an admin in a remotely timely manner otherwise) request for clarification and help but that seems to have been roundfiled too. Any suggestions u/Worstnerd?
Comment by KKingler at 27/05/2021 at 23:14 UTC
4 upvotes, 0 direct replies
Thank you for the transparency, especially on the spamming incident. Do you have any plans to work on the comment/repost farming issues plaguing the site? I know it's certainly a difficult thing to achieve, but thought I'd ask.
Comment by itskdog at 28/05/2021 at 06:25 UTC
4 upvotes, 0 direct replies
While a couple hours may seem fairly quick, it can still be enough time for thousands of posts, comments, PMs, chat messages to go through.
How is it even possible for an account to post "thousands" in a couple of hours. Especially if it is a hacked account which was likely dormant for a while if the owner had abandoned the account. The sudden change in behaviour should kick off alarm bells instantaneously. Over 1k posts an hour isn't a reasonable number for anyone except a bot (and bots are supposed to register themselves on the Google Form, anyway)
Comment by LimBomber at 28/05/2021 at 00:35 UTC
4 upvotes, 3 direct replies
Why not enroll accounts into checkpoints in case of IP/region change or new login on unknown device id ie potential account compromise? You can limit checkpointed accounts ability to send messages and post links until they click an email(confirming ownership of email/contact point means it's the legit user and not credential stuffing).
Obviously every security engineer knows you have to argue or justify to the growth/user count metric people for this type of stuff but honestly with the amount of spam and credential stuffing here at Reddit you really got to start considering enforcing this type of limitations onto OG users with bad passwords or just limit accounts on suspicious logins.
Comment by Kahzgul at 28/05/2021 at 17:26 UTC
4 upvotes, 0 direct replies
What are you doing about cyberstalking/bullying? I had to report a guy more than a dozen times before action was taken, and I never once received any notice of action being taken, what kind was taken, or if my reports were just being dismissed without action being taken at all. In fact, I'm only assuming action was taken, but it's possible the guy just deleted his account on his own.
In addition, do you have plans to streamline the reporting process for spam chat requests? Right now it's a confusing mess that involves googling "how to report chat" because not one step of the process is intuitive.
Comment by CatUpvoter at 28/05/2021 at 00:18 UTC
3 upvotes, 1 direct replies
3. Excluding your username from your password.
I'm a bit curious about 3. It isn't a practice that I use, but what is the rationale here?
13p8-dfsa9yworstnerd0@96
is a decent password. That would be excluded, correct?
Comment by desdendelle at 27/05/2021 at 21:19 UTC
19 upvotes, 3 direct replies
Gotta ask why you guys aren't taking action when we report antisemites. While thankfully the end of the recent Gaza operation means we're not *as* flooded with antisemitic bile as we were before, we still get people in modmail calling us Nazi kikes and stuff like that. We report all of them, yet only some get suspended. Why do you guys not take action?
Comment by nimitz34 at 30/05/2021 at 00:43 UTC
2 upvotes, 0 direct replies
Have you detected wide-scale actions, possibly involving corrupt admin involvement, to use reddit as a giant link farm for blackhat SEO purposes, with such users selling such links?
Comment by goldenarms at 27/05/2021 at 21:34 UTC
6 upvotes, 1 direct replies
When are you going to look into the obvious botnet and vote manipulation that u/lrlourpresident is doing?
Comment by BamboozleDoggo4 at 27/05/2021 at 21:24 UTC
-10 upvotes, 0 direct replies
Ok
Comment by [deleted] at 27/05/2021 at 22:06 UTC*
-2 upvotes, 0 direct replies
[deleted]
Comment by zxtbgglcivsbspbjpq at 28/05/2021 at 20:17 UTC
-2 upvotes, 0 direct replies
I don't work on the LG spam project but I had a few beers with the dude behind it back at Webmaster Access 2019. He's a real hoot and I just pinged him on Skype with a link to this.
It makes me happy that he's draining your 'le baby yoda updoots' energy/vibe. Fingers crossed the burden only increases with time! Far too many TyRANNY Jannies on this site.
p.s. this isn't a ban evasion account, so don't even bother checking: not worth your time.
Comment by [deleted] at 27/05/2021 at 22:46 UTC
-4 upvotes, 0 direct replies
[deleted]
Comment by socookre at 29/05/2021 at 16:38 UTC*
1 upvotes, 0 direct replies
I'm a head mod of small sub. One of our members/profiles /u/elsa-fidelis has been suspended since about late February/early March because it was frequently on VPN network that made it be mistaken with other else. It has been so long time ever since but despite sending you a lot of appeals with the appeals form[1] and also the standard reports flow[2], there isn't any word or response from Reddit and the problem is left dangling up in air. How do we get this problem to resolve faster?
1: https://www.reddit.com/appeals
2: https://reddit.zendesk.com/hc/en-us/requests/new
The impact of the issue did not just limited to here only; I found and heard some who were similarly affected by it. After investigating we also know that there is possibly an incel or more using major VPN services like ZenMate to threaten and harass girls with DMs; /r/inceltear has a whole ton of screenshots about that. As far as I know so far, the incel has since been reported to the police as his DMs contains a lot of rape and death threats.
TL-DR: Anti-Evil Operations appears dysfunctional at this point with its trigger happy ban script, with resulting ban appeals being left hanging up in the air.
Comment by I_Shah at 29/05/2021 at 19:28 UTC
1 upvotes, 0 direct replies
This started off by hiding redirects behind fairly innocuous domains. It migrated into embedding URLs in text. Then there have been more advanced efforts to bypass our ability to detect strings embedded in images. We’re starting to see this migrate to non-sexually explicit images with legit looking URLs embedded in them
/u/Worstnerd. So if I am reading this correctly, clicking on an imgur or i.reddit picture will redirect you?
Comment by [deleted] at 01/06/2021 at 00:11 UTC
1 upvotes, 0 direct replies
Since we’re here right now, can I please talk with you regarding account issues?
Comment by skacey at 21/06/2021 at 14:00 UTC
1 upvotes, 0 direct replies
Wow - changing passwords from 6 to 8 increased the time to hack from 5 seconds to 8 hours at best.
https://www.komando.com/security-privacy/check-your-password-strength/783192/
Comment by Lenins2ndCat at 09/07/2021 at 02:32 UTC
1 upvotes, 1 direct replies
Admin subreddit sanctions for abuse | 4,863 | 2,891
Can you explain what a "subreddit sanction" is in this data set?
Is this subreddits being quarantined? Subreddits being banned? Both combined together? Or an internal metric for black marks that a subreddit has earned?
