抵抗“造假”程序大战在即,我们准备好了吗?
假新闻,假社交媒体账号,线上调查假受访者,还有假购票者。造假泛滥反映出一个趋势:程序造假泛滥。 什么时候才能去伪存真,制止造假程序? 造假程序几乎占互联网流量的20%。这些电脑程序窃取商业网站的内容,迫使一些网站关闭,影响收费广告指标的正常表现,在各种论坛灌水,还会抢购百老汇音乐剧《汉密尔顿》(Hamilton )的票高价倒卖。 随着媒体曝光俄罗斯利用程序干涉美国总统大选,《纽约时报》推出有关Twitter僵尸粉丝交易和转发帖子的热门调查报道,事实已经生动地说明,造假程序比大多数人意识的严重。 然而造假程序仍在泛滥,主要由于两大因素:一是开发和销售程序的监管法律含糊不清,二是社交媒体公司对用户数量的真实性睁一只眼闭一只眼。 严厉打击造假程序并非易事,但新近一些实例显示行动已经开始。我们应该将造假程序视为社会公敌。 造假程序渗透社交媒体 不久以前,造假程序主要涉及信息技术或者某些深奥的商业问题,犯罪分子的主要手段包括网页抓取、暴力破解攻击、竞争数据挖掘、侵入账号、未经授权的漏洞检测、发送垃圾邮件和点击量作假等。 可如今,造假程序的应用趋势令人不安,已经能通过大型社交媒体平台操纵选举和政治议题。 去年10月,美国国会议员举行听证会,召集Facebook、Twitter和谷歌的高管,要求其解释俄罗斯方面如何利用三家公司旗下的平台干扰2016年美国总统大选。三家公司的高管承诺会改进。今年1月末,美国民主党议会领袖又呼吁Facebook和Twitter分析俄罗斯的程序在网上竞选活动中发挥的作用,并公布一份包含美国联邦调查局(FBI)对俄罗斯政府干扰大选绝密信息的备忘录。 今年2月16日,美国特别检察官罗伯特·米勒起诉13名俄罗斯公民,指控其操纵电脑程序传播不实信息,在社交媒体散布有利于现任美国总统唐纳德·特朗普的宣传信息。 造假程序在Twitter上肆虐的形势比很多人意识中还严重。Twitter的高管在美国国会作证称,约5%的Twitter账号来自造假程序。但一些研究显示,实际占比高达15%。去年11月,Facebook告知股东,社交平台上约有6000万账号可能是虚假账号,占其月均用户总数的2%。 和线上内容出版商一样,社交媒体公司容许平台上存在造假程序,因为月度活跃用户是衡量业绩的一大指标。不管背后是不是真人,账号就是账号。 制止疯狂 这个问题上,社交媒体公司非常虚伪,就像好莱坞经典电影《卡萨布兰卡》(Casablanca)里反面人物雷诺局长(Captain Renault)。片中,身为警察局局长的雷诺一边在男主人公的酒吧里赌钱,转头又惊呼“我非常震惊,这里(酒吧)居然有赌场。”现状必须改变。因为社交媒体实际上有能力影响言论,所以在造假程序操纵选举和公众议论的过程中,其不作为造成了极大危害。社交媒体必须积极行动,加强自我管理。 他们完全能做到。看看吧,在《纽约时报》公布上述调查后,Twitter的几十个知名用户账号一下子减少了超过100万关注者。我可不信这是巧合。 Twitter应该考虑将“认证”服务范围扩大到所有人类用户,认证账号会获得蓝色徽标,可以帮用户识别账号真伪。假如Twitter这么做,技术上会是个大工程,毕竟造假程序太难阻止,一般来说虚假账号会假扮合法用户,又通过人工智能技术模仿人类。不过,人工智能同样可以用来鉴定账号身份。 政府的作用 与此同时,政府应该参与打击造假程序的战争。这场仗不好打,因为造假程序的传播者是匿名的,无法识别身份就很难通过法律手段惩治。 2016年9月,美国联邦政府才第一次针对造假程序立法。当时国会通过了打击黄牛票的《优化线上售票法案》(BOTS)。耐人寻味的是,法案推出后票务问题仍然存在。部分原因是美国联邦贸易委员会(FTC)没怎么落实。 国会接下来会更新早已过时的《电脑欺诈和滥用法》(CFAA),明确侵入电脑获取和修改信息属于违法行为。令人吃惊的是,直到现在这部1986年出台的法案还是执法依据。美国的法律应该清晰地界定允许和禁止的行为。 美国各州政府也能发挥作用。今年1月,纽约州检察长史树德就做出了一项为人称道的决定:调查出售社交媒体假粉丝账号的公司Devumi,也是《纽约时报》调查报道中曝光的对象。 无须再忍 最后,我们身为消费者也都受够了造假程序。公平地说,受害者就两块:一是社交媒体公司二是用户。当年创始人创立Twitter时并没料到会被俄罗斯攻击,初衷是帮助人们互相交流。用户也没想到身份信息会被窃取,账号被滥用。尽管如此,我们仍然要求社交媒体平台更透明,否则只能抛弃。 现在当务之急是认清造假程序的危险性,然后着手解决问题。不能容忍造假继续,不然每个人都会受害。(财富中文网) 本文作者拉米·埃塞德是Distil Networks的联合创始人兼董事长。该公司主要业务为检测造假程序并降低危害。 译者:Pessy 审稿:夏林 |
Fake news. Fake social media accounts. Fake online poll takers. Fake ticket buyers. And behind them all: The prolific fakery of botnets. When will we get real and stop them? Malicious bots account for nearly 20% of all Internet traffic. These robotic computer scripts have been responsible for stealing content from commercial websites, shutting down websites, swaying advertising metrics, spamming forums, and snatching away Hamilton tickets for exorbitant resale. But revelations about Russian bots meddling in the U.S. election and a scorching New York Times investigation into the selling of fake Twitter followers and retweets vividly illustrate that the bot epidemic is even more severe than most people realized. And yet the bots march on, aided by a double whammy: murky laws governing their creation and sale, and social media companies that have too often turned a blind eye to the veracity of their reported user numbers. Tightening our defenses against malicious bots won’t be easy, but recent events show that the effort is warranted. Bots should be considered nothing less than a public enemy. Bots infiltrate social media Not long ago, bots were mainly thought of as an IT or somewhat esoteric business problem—the main culprits behind web scraping, brute force attacks, competitive data mining, account hijacking, unauthorized vulnerability scans, spam, and click fraud. But the use of bots to manipulate elections and political discussion via the major social media platforms is a new and unnerving trend. In October, members of Congress hauled executives from Facebook, Twitter, and Googleinto a hearing to explain Russian interference via their platforms in the 2016 presidential campaign. The executives promised to do better. And yet in late January, top congressional Democrats called on Facebook and Twitter to analyze the role of Russian bots in the online campaign to release a memo containing classified information about the federal investigation into Russia’s meddling. On Feb. 16, Special Counsel Robert Mueller filed an indictment accusing 13 Russians of running a bot farm and disinformation operation that spread pro-Donald Trump propaganda on social media. Bots are more prevalent on Twitter than many realize. While Twitter testified before Congress that about 5% of its accounts are run by bots, some studies have shown that number to be as high as 15%. In November, Facebook told shareholders that around 60 million, or 2%, of its average monthly users may be fake accounts. Social media companies—just like online publishers—have a vested interest in letting bots exist on their platforms because monthly active users are one of their main measurements of success. Accounts, human or not, are accounts. Stopping the madness Social media companies’ disingenuous Captain Renault act—he was the character in Casablanca who declared, “I’m shocked, shocked, to find that gambling is going on here”—must stop. With its ability to influence opinions, social media does remarkable harm by playing a role in the rigging of elections and public debate. So social media companies must step up and more aggressively self-police. We know they can do it. Look at how more than a million followers disappeared from the accounts of dozens of prominent Twitter users right after the New York Timesinvestigation was published. I doubt this was a coincidence. Twitter should consider extending its “verified” program—that blue badge that lets people know an account of public interest is authentic—to all human users. This would be a huge technological undertaking—after all, bots are so hard to prevent because they act as a legitimate user would—but the same artificial intelligence technologies that allow bots to emulate humans could be used to verify humans. The government’s role Meanwhile, government needs to join the fight against bad bots. This won’t be easy, as bot promulgators are anonymous and it’s difficult to legislate against those you can’t identify. The bot problem didn’t prompt its first piece of federal legislation until September 2016, when Congress passed the anti-ticket scalping Better Online Ticket Sales (BOTS) Act. Interestingly, the ticket problem persists despite the law, in part because the Federal Trade Commission has done little to enforce it. A good next move for Congress would be to launch a long-overdue update of the Computer Fraud and Abuse Act from 1986, which makes it unlawful to break into a computer to access or alter information and, astoundingly, still serves as a legal guidepost today. U.S. law needs better definition of what’s allowed and what’s not. States can play a role too, as evidenced by New York Attorney General Eric Schneiderman’s laudable decision to investigate Devumi, the company selling fake social media followers and the subject of the New York Times investigation. Enough is enough Finally, we as consumers should say we’re tired of these shenanigans. Now, to be fair, there are two victims: the social media companies and the users. Twitter’s founders didn’t create its platform expecting it to be under attack from the Russians; they wanted people to communicate. Users didn’t expect their profiles to be stolen and their accounts to be abused. Nevertheless, we can demand that social media platforms be more transparent—or else we won’t use them. It’s high time to recognize that bad bots are a serious threat and start addressing the problem head-on. The fakery can’t be allowed to continue, or we all suffer. Rami Essaid is co-founder and chairman of Distil Networks, a bot detection and mitigation company. |