151 comments

[ 2.4 ms ] story [ 214 ms ] thread
Have any similar 'attacks' been pulled off in practice?
As briefly referenced in the article SushiSwap was able to steal roughly $1B liquidity from the Uniswap platform by taking their users and offering various incentives for them to move their funds
It wasn't a 'steal'... it was an incentive to move, which was only the cost of a transaction. Liquidity providers are looking for the best rates and most amount of transaction fees, which far outweighed the cost of the transaction to move. The bar was very low. It was also brief and only lasted until the next thing came along...
> 100k people would install this, and you’d scrape Twitter quite quickly.

Yeah, uh, definitely.

> Tons of creators would migrate for the FREE MONEY! ... Even lurkers will use TWITCHAIN front end because it doesn’t have ads and fake “trending” topics.

So the whole gimmick here is that supposedly you're going to get ordinary users to switch (i.e. install your extension that puts them on a duplicate site)? Actually, if you succeed at anything at all you're going to run into the issue that the people who want to use your site are, for the lack of a better word, cringe. Most people are like me and won't use it exactly because of the sort of audience this kind of supposed "Twitter alternative" would draw. That's if they even care, and most people don't.

(I realize describing people as "cringe" is judgmental sounding, but there's really not a better word here from the point of view of the people who I'd call "normies".)

Only "normies" call stuff "cringe".
Freak here. Blockchain stuff is super-cringe to almost everyone. "It's called blockchain because I block u."
Seriously, "cringe" (as a non-verb) has been incredibly widespread and lame for a couple years now. Mostly used by literal children, as far as I can tell.
I mean, yes, that's why I used it. I'm implicitly calling myself (and most people) "normies".
this kind of manœuvre will mostly get you Twitter rejects as early adopters, that's not the audience you want to bootstrap your new shiny social network
Reminds me of "Voat"

The initially harmless Reddit alternative that got overrun with nazis. I actually started working on a Voat app for Android back when it seemed like it actually had a chance to be successful... but when I connected it to the site and saw racist garbage polluting my shiny new app, I decided to abandon ship.

> If you provide an unseen tweet to the chain, you get TWITCOIN

How does the chain "know" that the tweet you just provided is legitimate and not spam you just made up? Malicious actors can quickly exploit this to farm endless amounts of the coin as it is cheaper than searching for true tweets that haven't yet been seen.

Furthermore if your objective is just to pay people to join your site then I don't see the need for a bullshitchain.

I guess you could just provide the coin-site-or-whatever with the ID of the tweet instead of the content.
So, basically a blockchained-twitter-client with the hope of removing twitter at some point by swapping out the backing service? People will come for the free coins and nowhere to spend them, or will it cost coins to post or something?

I don't get it. But I don't get the point of most blockchain bs.

> People will come for the free coins and nowhere to spend them, or will it cost coins to post or something?

That's where the 1B in buy-orders backing the coin is meant to come in, allowing people to exchange those coins for real currency.

That's not a lot of money for the number of users twitter has and the number of tweets that exist.
What if it was $20 billion? Maybe the idea is feasible if you go bigger? Still less than half of the current strategy of a hostile takeover.
That billion dollars isn't going to last very long when folks start piping GPT-3 into the system for free coins
GPT-3 isn't free either.

But neither is the GPT-3 to verify if the GPT-3 is GPT-3.

Do the mechanics of the Skinner Box really matter? If GPT-3 generates interesting popular content and posting it is profitable because it gets retweets and reactions, is it any worse than the content that comes from real people?
So instead of trying to limit the number of bots on this new social network, we'll encourage them!
The system isn’t immune to spam attacks.
Posting costs a variable amount of shitcoin (just like transaction fees on a blockchain).
okay and why am I not paying them in real currency to begin with if all I want to do is steal twitter users by paying them to come to my platform
Because you need a number-go-up coin to allow for rampant speculation and to build hype. Then everyone that joins thinks they’re getting millions instead of nothing.
"Blockchain, the internet, but worse"
Ok, what do those numbers actually mean?

Twitter has 200M "monetizable" DAUs. The poster suggests that spending $1B would move those users and those users traffic over. That implies that $5 in some shitcoin would be enough to make people switch to this app. That does not seem plausible at all. If acquiring and retaining users was that easy and cheap, there would be a lot more major social networks around.

Twitter in 2014 had 500M tweets per day. How long a time period will the $1B be distributed over? The poster doesn't say, but let's assume a year. That'd be about 5 cents per tweet. No real users would care about that. If anything they'd be insulted. But botnets posting spam would have a field day with it. It would of course be botnets that the company would have no way to fight, since with this distributed scraping idea they'd struggle to collect any kind of abuse signals related to the actual tweets/likes/other monetizable events.

This would never work.

I think that in the mind of people that think this will work TWITCOIN is _obviously_ going ‘to the moon’, and will be worth 1000s of times what it was at conception, because that’s what crypto does.
Rewards for creators will cause people to post junk. Rewards for likers and retweeters will cause useless likes and bots to spam. Was he drunk when he said it’d totally work?
it sounds to me he posted the idea knowing the vulnerabilities, so that he could then do the bot exploit and earn free money. Or he was sarcastic. can't really tell...
And the tweets and media lives on the block chain? So to use twitter I need to download tweeter? Sync my local copy? Or would it be "somewhere" linked to from the contract? Potentially wiped out in the future?
If there was ANY value in those shitcoins then it would be flooded by botnets.
The big issue here is that it’s not clear that you need a blockchain for any of it. Economically you’re launching a Twitter clone with the intention of spending $1B on customer and content acquisition. The rest is details of how that’s budgeted.

The smaller problem is in those details—the scheme described is highly vulnerable to attacks like the following: I create a network of private bot accounts who post high-frequency generated content, and a follower account who follows them all and installs the browser extension. Whenever I want I can print money (well, Twitcoin) by uploading these fake hornet tweets to the new platform. I can think of ways to defeat this specific attack relatively easily, but I’m not sure it’s easy to defeat all such attacks.

Perhaps a way to migrate this is to only allow tweets < a certain creation date. Would this make TWITCOIN have a hard limit similar to how Bitcoin has a Hard limit ?
That's going to be 0.000000032 Twitcoin. If you want a a coin to succeed you need to make the amount people pay easier to fathom. This goes especially for people that come from a fiat world.
i think a better way is to forgo the browser extension and simply pull a users timeline via the twitter API. Only grab tweets within the past 30mins to an hour (this interval is arbitrary but can most likely be optimized) as to prevent spam
If you're paying users to scrape, how do you ensure that they are indeed scraping and not just making up spam? You've got a catch-22 here - you need people to scrape but at the same time you need an authoritative source of the scraped data to ensure people aren't cheating, but then if you've got that source then you don't need those people to begin with.

Interaction with the real-world (outside the blockchain) is where the vast majority of these bullshitchain projects fall apart.

> how do you ensure that they are indeed scraping and not just making up spam?

For TLS 1.1 (and supposedly "TLS 1.2+" since https://github.com/tlsnotary/PageSigner/commit/4e12573): https://tlsnotary.org/pagesigner

For TLS 1.3 there's also TLS-N from https://eprint.iacr.org/2017/578.pdf but it requires a cooperating server:

"TLS-N generates non-interactive proofs about the content of a TLS session that can be efficiently verified by third parties and blockchain based smart contracts. As such, TLS-N increases the accountability for content provided on the web and enables a practical and decentralized blockchain oracle for web content. TLS-N is compatible with TLS 1.3 and adds a minor overhead to a typical TLS session. When a proof is generated, parts of the TLS session (e.g., passwords, cookies) can be hidden for privacy reasons, while the remaining content can be verified."

You could bypass this kind of verification by routing your spam through Twitter. Send spam to twitter, scrape spam from Twitter for twitcoin.
If your plan is to scrape all of twitter, the question is if that matters among the years of existing spam.

Probably not. If it does start to matter it should start becoming an issue for twitter too and they'd probably have to deal with it.

> If you're paying users to scrape, how do you ensure that they are indeed scraping and not just making up spam?

Ironically the fact that they are paying 10x for original "tweets" posted through their interface makes it so that nobody who can think would try fake scraping. You are 10x better of just blasting your crap directly at their interface as "original" "content". :)

But why is the scraping so crucial? The history is probably less important to most users than the reach of their posts, so the mirroring on Twitter seems more crucial (Twitter could probably prevent that if they wished, though).
>The big issue here is that it’s not clear that you need a blockchain for any of it.

Doesn't the same apply to many blockchain applications ?

The gist of the idea is that:

- if you provide an essentially identical service

- you make it seamless to switch

- and you incentivize users to switch

Then you may be able to aggressively siphon users from your target.

OP’s example is using a blockchain as the distribution mechanism for the incentives.

> you incentivize users to switch

Lot of startups do this but have pretty high CaC. In the Sushi/Uniswap case, users were already crypto-native. In the twitter case, the majority of users are not. There's just going to be a bigger barrier than in the former case. Sure, I think if you spend money some people will switch, but it's much less clear to me how much money you'd need.

Seems like you need the blockchain there to guarantee that your outrageous copyright violation becomes unpunishable.

Basically this strategy is "steal Twitter and fund the effort with another crypto Ponzi".

Blockchain has extremely narrow potential in a decentralized social network. Blockchain was designed to prevent double-spending. In a social network, the only analagous purpose might be to reserve a name, or to locate the servers (bypass DNS).

It would be ridiculous to use a blockchain to authenticate posts, upvotes, friend connections, etc, since these should all be done with digital signatures alone

Yeah, I think adding users post, comments will add too much of friction to the app. I'm trying to build a social media on Polygon chain but haven't figured out do I store the content on chain or not.
I think blockchain is actually central to the scheme. Like this:

The ostensible scheme can't possibly actually work (it requires Twitter to not do anything to stop it -- of course, Twitter would work to stop it to the extent it ever actually threatens them).

What can work, though, is the narrative of the scheme. What you need is a mechanism to incentivize people to promote the narrative of the scheme.

That's where the crypto comes in. It's a viral mechanism to franchise selling the scheme. Anyone can buy in, promote the narrative, and get others to buy in. It doesn't really matter how many of the people have a deep belief in the original narrative or not. Get people's attention, get them to believe there is more money in it if they put in a little money, and once the money starts moving around, there will be opportunities to grab some, or perhaps a lot of it.

if you're relying on the narrative, you're going to run into the same problem as any of the other twitter clones that have tried to siphon away twitter's audience by targeting a specific demographic (e.g. parler) - you end up with only that group, and the prolific posters who bring the most value to the platform do so because they're chasing the broad audience that twitter provides.

the crypto bros don't want to perform for an audience that's only other crypto bros, they want to reach the people who aren't part of their circle, and twitter provides that. same for the right-wingers - if they can't reach the suburban wine moms, there's no point in posting.

> It's a viral mechanism to franchise selling the scheme. Anyone can buy in, promote the narrative, and get others to buy in.

This is a great definition of cryptocurrency. It nicely frames how they become pyramidal.

> The big issue here is that it’s not clear that you need a blockchain for any of it.

This could be said about 99.9% of all blockchain products and companies.

That's just one of the big issues.

Another is that Twitter is 6000 transactions per second, whereas Ethereum only manages about 15tps - 1/400th as much - and BTC 7tps.

I think this is way more significant than many people think. Twitter scale information distribution is a hard problem, and tying the platform to a blockchain makes the engineering side of this impossible. You'd want your blockchain to run independently from the social media platform.

You could add the crypto layer to Mastodon, and by the time scale becomes an issue, you haven't irretrievably crippled yourself and you build it from there. Plus federation and so on.

I would think scraping Twitter would come with legal hassle, so a lawsuit could be worse than any technicalities.

> Create a browser extension that watches while someone browses Twitter, and puts any tweets they see on the TWITCHAIN. If you provide an unseen tweet to the chain, you get TWITCOIN. 100k people would install this, and you’d scrape Twitter quite quickly.

I can't tell if the author is serious or not. This seems like the most roundabout (and optimistic) way to solve this problem possible.

But more generally, Twitter is tweets, and tweets are written by people, and lots of folks think the promise of "free money" is a bad one. Your weird uncle switching does little to help this plan, you need Matt Levine and Popehat and all the other prolific posters to move. This plan, at its core, tries to attack Twitter the wrong way. It tries to replace the utility of Twitter (reading tweets by interesting people) with financial incentive.

Honestly a great way to waste a billion dollars.

As soon as I saw the word 'blockchain'… heh :)

'it would totally work!'… uh-huh. Suuuure.

Twitter would get those extensions taken down immediately.
I've installed a few extensions directly from git. Certainly another barrier, but not the worst. Can also consider that something like FB Purity hasn't been taken down.
(comment deleted)
Glaring technical issues aside, scraping and reproducing the entirety of Twitter is a pretty blatant copyright violation.
Does twitter hold the copyright to tweets on its platform? I would assume the writers of the individual tweets do but I know nothing about this kind of stuff.
you only need to do it for enough time to eventually acquire twitter lol
This is another example of the blockchain “solution” looking for a problem. There’s nothing in the provided description that requires blockchain in the slightest.
In addition, if you replace all mentions of blockchain/crypto with their fiat equivalents you'd pretty quickly realize it's a flawed business model.
that’s the entire point. this scheme would not be possible without some sort of technology to distribute value to users in an automated fashion. it would take a significant amount of capital to take over twitter if you wanted to implement such a scheme and deliver payouts in fiat. it would never work. this is about a hostile take over of a company in a short period of time with a relatively small capital investment.
> this scheme would not be possible without some sort of technology to distribute value to users in an automated fashion

No, your plan of giving away money and giving away bandwidth and making money... through magic? is not going to fly.

Somewhere out there, a person really believes that the way to take twitter over is to make a random cryptocurrency and crypto-pay people to clone things through a browser extension

Nevermind the insane electricity costs - how are you getting anyone to install the extension, when nobody values your fake coin?

Why would there be insane electricity costs? It doesn't have to be a POS blockchain. Also, it's not completely vaporware since the proposal includes backing the coin by $1B to kick it off.
I think you tried to write "POW blockchain," because POS is what the people spending the smaller insane amount hold up as a solution

But even a POS blockchain is a giant waste of electricity on what amounts to a casino backed by illegal securities

> Also, it's not completely vaporware since the proposal includes backing the coin by $1B to kick it off.

Note: since the $1 is fictional, this remains 100% vaporware

Did not get it fully, but will celebs also move to this clone to Tweet ?
they most likely won’t. hence the need to have users scrape the TL. “content creators” refer to the smaller creators and micro celebrities with a decent twitter audience that would be likely to follow such a scheme
If they don't there'll be a queue out the door of fraudsters willing to take their place.
celebs will do anything for shitcoins
> Make a clone of Twitter [...] 6 months of engineering work for 5 good engineers.

Sure.

He should prove Twitter engineers incompetent by doing it.

Hubris of some people …

GNUSocial already exists
I mean he clearly didn't put much thought into this blog post, but from an engineering perspective I think the founder of Comma.ai could probably pull this off.
This plan ignores the part where it is going to get DMCA'd like crazy by people who do not want their tweets to have anything to do with the world's most deliberately-inefficient database, aka The Blockchain, never mind people who do not want someone stealing their work for profit.

By cloning people's accounts without their permission and storing data in these "shadow accounts" (to borrow a phrase from Facebook's fuckups) it's probably going to run afoul of the GDPR, too. Data on the blockchain is immutable and undeletable, have fun complying with the GDPR's right to data erasure, for instance. Really any "let's make $service but ON THE BLOCKCHAIN" proposal runs up against that one, hard.

This plan also ignores the part where people who do not want to be part of your pyramid scheme would start sharing blocklists of people known to be running the browser extension. How long do you think it would take to make a bot that watches for people who have linked their Twitter accounts to Vampire Twitter accounts, and auto-block them for anyone who wants to subscribe to it? Autoblock extensions sprung up very quickly after the hexagonal NFT icons popped up on Twitter.

(comment deleted)
Umm, can't just Twitter disallow this in their EULA and delete all users who engage in this behavior? Besides, doesn't Twitter have some kind of intellectual ownership of tweets posted there, so a competitor can't just scrape the site and display the results as their own?
TWITCHAIN engineers and users scraping Twitter could be anonymous
Automatically copying tweets from Twitter to a competing service, without permission of either Twitter or the original tweet authors, sounds pretty dubious from a copyright standpoint. Especially since you'd also presumably be copying any images and videos attached to those tweets.
The NFT market has pretty handily proven that the crypto crowd doesn't care about copyright.
How so, NFTs are exactly about requiring to own a picture to use it and that nobody else can use it.

Crypto is exactly about strengthening copyright.

Uhhh how do you explain people minting tokens for art they don’t own the rights to? And OpenSea turning off their reporting mechanism for this?
> OpenSea turning off their reporting mechanism

What, this?

https://support.opensea.io/hc/en-us/articles/4412092785043-W...

Art gets stolen from Deviant Art etc every day, as it has been for decades. The NFT ecosystem makes it super easy for people to look at listed art and ensure that the proper artist is getting paid. If they fail to do their due diligence, then the NFT they paid for is worthless. The system seems to be working just fine.

NFTs don't prevent theft of IP, nothing does. What it does do is prevent people from effectively profiting off IP theft.

> What it does do is prevent people from effectively profiting off IP theft.

How so? Let's say you made an NFT of your art, how does that prevent someone else printing it on a t-shirt and selling it?

> The NFT ecosystem makes it super easy for people to look at listed art and ensure that the proper artist is getting paid.

How so? Walk us through the steps that ensure the proper artist is getting paid

> If they fail to do their due diligence, then the NFT they paid for is worthless

So:

- the person who paid for stolen art was scammed out of their money

- the original artists weren't paid

- the scammer got the money

I see, NFT is working as intended

> What it does do is prevent people from effectively profiting off IP theft.

How come people are profiting off IP theft on NFTs right now?

> What it does do is prevent people from effectively profiting off IP theft.

Totally wrong. Utterly wrong.

Suppose Alice has an NFT of an image, whereas Bob has legal ownership of that image.

Charlie makes a series of T-shirts with the image. Bob can sue Charlie and win. Alice has no rights, not even legal standing to sue.

NFTs have zero legal value.

It's an amazing idea, but it needs to be fleshed out to see what's possible.

Peoples extensions will just fake tweets. Or a single bot running through many IPs can just harvest them all.

This can be solved.

But Twitter is a incredibly complex database with a lot of the data and data structure unable to be seen.

This would take years of engineering work and would assumably break copyright or maybe IP or patents.

If it's enough to scare Twitter shareholders it might allow a cut price sale. But what a MVP would be is unknown off this article.

Copyright law prohibits vampire attacks on creative works.