Every public action on Bluesky is available via a stream of events known as the firehose. By monitoring the firehose for repeated text, it is sometimes possible to quickly detect groups of spam accounts as they spawn.
Comments
Log in with your Bluesky account to leave a comment
There's a large contingent of supposed "blue wave" accounts on here either follow churning or following everyone, including each other. The old float many accounts and see which ones stick thing. Their feeds full of meme junk or inspirational quotes. I got followed by eight of these in under an hour
Ugh. I was on the other place since 2008 or so and never got so many DMs ..maybe 3 total since 2008. Now I'm getting at least one daily. I don't want DMs. Everybody just talk to me publicly.
I don’t mind if they’re from follows and it’s something they want to share privately. But some are just crazy or fu€king annoying. Or both. Like the 1st on this 🤡
I'm not important enough to warrant someone sending me information privately. But yeah, those type are so annoying, or the new billionaires who want to give me money or the celebrities who just want to get to know their fans...privately. Uhuh...
This is great. Let’s get rid of fake accounts and scammers. Why not set things up so you need 2 types of id and a resident address to setup an account. It’s too easy for people to setup fake accounts.
Because there is benefit to vulnerable people in being able to post anonymously. Example: it enables criticism of the state in authoritarian countries. There are many benefits to anonymity, as well as costs. Figuring out ways to reduce the costs while retaining (most of) the benefits is desirable
There is no such thing as anonymously. You use your phone your number is on file, the email you signed up with, your ip, they can watch you through your smart devices use AI to match your burner account with your real account using patterns.
This is precisely equivalent to: "ID can be faked so there is no point in requiring it." If you believe that the *existence* of a work-around means a mitigation is useless, then you must apply is equally to all cases. I don't believe it. Umasking anons is *work* and that makes anonymity valuable.
Seems this is simple for a software engineer type, which makes me wonder why Bluesky isn’t doing it. They want the traffic, bot or not. There is very little moderating here. Beware all!
Just today notice two MAGA accounts spouting nonsense and insults here. Left TwitterX due to spending all my time blocking people and not getting any worthwhile news
Hate to go through that again personally j/s
You need to find someone who already made a list or look for it somewhere like reddit and subscribe / block (upper right button). Once you've done so it will update automatically, so be careful what you subscribe to. Here's one to get you started: https://bsky.app/profile/did:plc:e4elbtctnfqocyfcml6h2lf7/lists/3l53cjwlt4o2s
it's probably too much on your own to handle but if someone could create a block list for such events automatically it would kick ass - wonder if it's possible - API's and stuff are sorta out of my wheelhouse
I'm not, but I follow someone who's been detecting bots (like the OP here has) and has been paying attention to Bluesky's response time. Here's @rahaeli.bsky.social talking about a different kind of bot & how quick Bsky is on the draw--
(Her account is a great resource for this kind of stuff!)
Now we just need someone to build a a Bluesky labeller that does this. That makes false positives have lower consequences than a blocklist but can quickly flag suspicious accounts
If only a research team did this to showcase their work
On the fly, and then reviewing it manually every now and then to remove stuff like accounts with the default biography or biographies that are otherwise insignificant.
plz put your code on GitHub or similar, I know it's in the Substack post but I sense I'm not alone in wanting to experiment with forking/iterating on your basic workflow. :)
Holy….wow. This must’ve taken a lot of work, I’m gobsmacked by the dedication. Then again, what do I know. I’m so naïve, you could be a fake person and I wouldn’t know.
If you are real, thanks for taking the time to document all of this.
that's misleading. the firehose is intended for developers, not to detect spam. it's an over-simplification to assume it's a reliable method for identifying spam accounts, and it's not a substitute for nuanced moderation.
It should be relatively simple for an AI pro to write a routine that detects and automatically flags these accounts, something Bluesky should invest in.
Monitoring the Bluesky firehose for duplicate biographies over the course of 5 days yielded 2234 fake accounts of various types, including porn, crypto spam, and account selling operations. Over half of the spam accounts detected belong to a single network.
I thought that I suddenly became a desired mature woman, instead of the hag that I really am. Now I spend a small part of my morning culling my followers.
All of the accounts in this network were created between November 30th and December 3rd, 2024. Most of the accounts in the network follow a handful of real accounts; thus far, there is no discernible pattern to the accounts that the spam accounts follow.
Daisy was blocked by me 4 times. Now she's pushing up daisies. 🤣🤣🤣 Thank you for this info. I knew I was seeing the same photo that I had already blocked and blocked again. #BlueCrew
Some of the detected spam accounts are for sale. In one case, the sales tactics border on extortion, in the form of 25 accounts named after major corporations with the repeated biography "message for a handle transfer fee or your competitor’s advertisements will be posted".
Correct, see how "affiliate marketers" do this...creating accounts of varying complexity which can be purchased in order to drive traffic to their other content on other platforms. The algorithms are the target, and the platforms are complicit.
Finally, some of the spam networks detected by monitoring the Bluesky firehose are just plain weird, such as this set of 19 accounts with the biography “Because One Checkmark Just Isn’t Enough” and checkmarks in every color of the rainbow as avatars.
Could there be a crowd sourced block list to filter out any accounts flagged for being suspicious like this? It seems like a big advantage of Bluesky should be many people doing this work, instead of it being hidden behind closed doors like at most other platforms.
What about a rudimentary script that compiles accounts with say less than 5 followers, less than 5 posts, and 5 or more other accounts who blocked it - and this list dynamically updates and becomes a widely applied proactive bot blocker…
I feel it’s easier to work off count thresholds… unless some logic can be applied to the firehouse data to parse out the “too similar” accounts based on their other attributes
I hope you can find some like minded collaborators for this effort! God it was so annoying having endless bots follow you on x, and since you can’t remove a follower on here, tools are really needed to mitigate against that.
Yeah I agree. It also looks like the open network actually makes it even easier for bots here unfortunately. Thank you! I'm starting to think building something like this will be really important for Bluesky going forward, I'll do my best.
Would it be possible to have a labeller or an automated blocklist for such accounts? I remember over on the cursed platform being followed relentlessly by these kind of account and it was so tiring.
I get several new followers a day, I don’t follow any back. I’m sure many are bots, bc no posts or no profile description. Should I block them?
Is it safe to have bots as followers?
Comments
Hate to go through that again personally j/s
(Her account is a great resource for this kind of stuff!)
If only a research team did this to showcase their work
If you are real, thanks for taking the time to document all of this.
If you are fake, beep boop bop.
https://bsky.app/profile/conspirator0.bsky.social/post/3lc7khkymps2s
[Begins singing Michael Jackson part of "The Girl is Mine"]
i assume most companies will validate with their domain, so these accounts will always be left open.
When bored I go looking for dodgy accounts, and today I came across these “surgeons” all with the same bio…
This is fascinating, thanks for sharing!
I think you could use a variety of techniques to catch them. i.e. if it is just follower count they might all start following each other.
Is it safe to have bots as followers?