Ask HN: Is it just me or Facebook is being bombarded by spam?

104 points by dondraper36 ↗ HN
I have noticed that my timeline is full of thousands of random posts on celebrities' account pages.

Based on other comments to some of them, I am not the only one. I checked my account's activity log and security settings just in case but everything is fine.

Do you experience the same?

129 comments

[ 4.2 ms ] story [ 181 ms ] thread
Have to imagine they're trying to less aggressively order posts by engagement, and as a result this is what bubbles to the top.
Yes, as usual hn answers my own question in quick time! Will be interesting to see how long it takes them to sort this one.
I think the algorithm is broken and it just shows all posts of liked sites.
The turkey sandwich in those photos looks great, delicious, but makes me think of spam/pretentiousness.

The tomatoes are too thick, and will cause a mess when eating. They are that thick IMO for appearance sake, not for flavour sake. I only need so much of berries on my sandwich!

And it uses those purple onions, which I suspect I see everywhere because they are pretty, and show in pictures better, not for flavour.

And the cheese and meat are hanging off the bread on purpose, after all, the camera must see them! Never mind that it makes eating more difficult.

Yup, even the spammy turkey sandwich pic is all pizazz, hype, shallow appearances.

Bah.

Oh thank goodness, I'm not the only one.
And you didn't check instagram. if you use hashtags you're spammed by bot comments
It's in their "reels" as well... every fifth video is a rip off of an existing popular reel either promoting free Robux or 18+ content. The whole platform is just riddled with spam at the moment.
Everything is.. Internet is weird.. The past months, I've had people subscribe to my youtube channel and comment on my videos.. I don't upload very interesting things, and only rarely.. I created the channel in 2006, so it's definitely weird that now in 2022, people would start to notice.. much more likely to be spam and bots.
They’re evading the spam filters by trying to appear “real” before going on a spam binge.

They’ll do things like repost comments from other videos to similar ones, etc. pretty pernicious.

I greatly feel this is it.. Probably an army of underpaid people actually having to watch content to make realistic-sounding comments.
Yep. My feed is now an endless scroll of ads and "recommended" channels which are literally also just ads. As an experiment I counted once - had to scroll past 30 of these ads/recommended posts before I was finally shown a post from a friend or a group I was actually a part of.
1 out of every 4 posts is an ad nowadays.
It's certainly higher than it used to be, but I doubt many users would tolerate anything that high. I just did a quick scroll through my feed (first in a while) and it was pretty much what I expected to see. From comments I'm reading in this thread I can only assume FB have been doing some sort of A/B testing. Luckily for me I seem to be in the control group. Maybe because I only check my feed once a week or so...
For me it is literally 1/4 posts are an ad.
Your friends presumably don't post ads. So filter out things that aren't from your friends.
Facebook really wants you to scroll past no more than 5 posts. It will chose the "best 5" by some algiorthm, and after that it is mostly garbage. Their best 5 algorithm isn't very good, it finds the most important stuff (a friend had a new baby - these get a lot of likes), but will miss most of the next level down. Then it descends into memes that people share instead of the actual life people live.
Seeing very similar things in my feed. 4 out of 5 posts are now an ad or "recommended" which only further douses my already very small desire to use Facebook at all.
I'm going posts from groups I'm not in and have no interest in. None from the actual groups I'm in. Beyond pointless and useless.
That's absurd, I'm in Facebook and Instagram mostly to check what's happening to my friends, not some random dude thousands km away.

Do they really think that changing the algorithm in this way is going to help them in the long term?

Yes! I noticed the same thing this very morning. Absolutely appalling that they managed to botch the timeline so bad. How could anyone in their right mind believe that I may ever want to see things that random strangers post on those pages?
Facebook - and indeed every other content posting system on the internet - is always being bombarded by spam. It seems the spammers have briefly found a gap in the wall and are pouring in.

This is your regular reminder that if you want a decentralized anything, you need to solve the spam problem again, which means censoring content.

Spam needs censorship? But isn’t spam only profitable at scale? Can’t you just charge a nominal fee or something?
(comment deleted)
I'm reminded of https://craphound.com/spamsolutions.txt which is 20+ years old and remains true.

> Spam needs censorship?

Spam needs to be deleted or hidden by someone or something or your inbox/feed will be full of spam. Trying to manage this individually with keyword filters or even the more sophisticated Bayesian anti-spam is exhausting.

> But isn’t spam only profitable at scale?

Yes. So what? Spam scales. It's like cryptocurrency, you burn trillions of FLOPS of computing power to make a few cents.

> Can’t you just charge a nominal fee or something?

Fee? For Facebook? This absolutely kills customer acquisition. It has often been suggested and never worked; the only site I think that does it is Metafilter?

Facebook went in the other direction with subsidised data plans that were free to access Facebook. The economics does not permit them to charge the eyeballs to look at Facebook. On the other hand, they can't afford to let people advertise for free on Facebook, since that's the service they do charge for.

In practice this is why accounts get tied to phone numbers so often, because it's slightly more difficult to acquire another few thousand phone numbers after the first thousand are banned for spamming, than it is with IP4 addresses.

It seems so weird that we all happily pay $5 or $10 a month for a bunch of random services, but a central platform like Facebook or Twitter can't even charge a buck?
You pay for services where there isn't a network effect (streaming) or where the market isn't super competitive (telecom). Social is an incredibly competitive market with a huge network effect - if Facebook or Twitter charged money, young users would migrate somewhere else and would continue using that network when they got older. So that would be the end of any social network that decided to charge, unless it was trying to be a small niche network for adults to have more intellectual conversations (metafilter?)
There is the network effect where to make it worthwhile, you need to have pretty much all of your friends on it, if not, it doesn't work. Most people won't pay for anything they don't have to pay for.

There is also the fact that it can be hard to see the overall gain when each interaction is very marginal. For example, updating your timeline with a photo and a status by itself doesn't seem worth paying for even if the cummulative effect over an entire year could be very beneficial for your networks.

Facebook might be valuable enough for me to pay for, but it is marginal. For every friend who decides to get off facebook the value of facebook also goes down. I wouldn't pay more than a buck/month for facebook, and to get that they need to focus on the things that provide me value (that is they need to show me more about the life of my friends and cut all the memes and political garbage that my friends share). However I never would have joined facebook if there was a price and for years after I wouldn't have been willing to pay, it is only now that I realize the ability to share pictures of my kids with my parents and other friends is a valuable service.
Customers are funny like that.

My own personal gimmick ideas for twitter, that will never be tried, would be "premium" which gives you abuse reporting that actually works (and maybe some other stuff), and a system to enable people to pay for premium (or part thereof) for other users.

(comment deleted)
Charging a fee is censorship.

But there’s also nothing inherently wrong with censorship. It just tastes extra bad when the things we like get censored.

There’s censorship right here on HN for example and that’s OK.

Blockchain based decentralized social networks offer the interesting option of charging a small fee for every transaction, potentially making spam unprofitable. E.g. having to pay $0.001 for every post and comment or something similar.
Why would you need a blockchain for this?
(comment deleted)
Because they sell blockchain
The blockchain infrastructure allows decentralization of the transaction payments. Are there other ways to do that?
The payment need not be decentralized for such a scheme to work (if it would work at all).
You're right, but I was specifically talking about a decentralized social network.
Indeed, a periodical subscription (say $10) with a number of posts or comments included would serve the same purpose.

Gee this sounds like telephone billing...

And telephones are well known to completely free of all spam.
do you think spammers would pay with their own money? lol
As I recall Bill Gates proposed doing this for email in his book "The Road Ahead" in 1995.
Not the OP, but I could imagine a system where instead of paying money, a sender might have to calculate a certain number of hashes. In this way, mining on a blockchain would be a substitute for actual payment.

There are many other problems with this (not least of which being the amount of energy required now just to send a message).

gMail used to be near impenetrable. Now every day I get `Confirmation receipt! You are the Lucky online-Winner !You've been chosen!#5646`
I keep winning a free Yeti Cooler. It's so odd - I barely get any other spam and yet this particular strain keeps showing up.
I get a few of these every day lately with yahoo mail. I was getting a bunch of confirm delivery receipt phishing emails for costco, walmart, fedex as well as tractors and bitcoin recently as well. They all seemed to have the same wacky text style used in the subject line.
Same, I've got a garage full of Yeti coolers by now (as soon as they show up, surely they will, I won!)

Fortunately I don't really rely on my gmail email for anything important, but it's filling up with that spam and marking it spam doesn't make any difference.

Interestingly I don't get any of those on my primary email which is self-hosted (and the address is a lot more public and older than my gmail address).

Yeah, not sure what happened but I've been experiencing the same thing. My email was leaked onto the web many moons ago but the spam has been harassing me for just a year or so
Blocking the senders simply files the emails under the Spam label.

I'm currently trying to get rid of them by filtering the messages. I do

Settings --> Full settings --> Filters and Blocked Addresses

Create a new Filter

Add the display name or similar to the 'Includes the Words' field

Create Filter

Select 'Delete it'

The spammers seem to be training on transactional (rather than marketing) emails. New account info, receipts, etc are allowed under can-spam and it looks like Gmail actually privileges them to make sure they get through.
I don't see why decentralization would lead to a spam problem.

Presumably you would hardly see messages that haven't been approved by someone who has been transitively approved by you. Decentralized systems are usually networks, and if you got spam or uninteresting messages you would reduce the weight of that part of the network.

You can't trust a centralized party to censor for you, because then that entity has power over you through what you see. It has to be your secretary, i.e. it has to actually work for you and be a reliable servant. What better to use as a secretary than network of people connected by who is interested in the output stream from whom?

looks at e-mail and SMS

Sure you could install filters, but decentralised networks in practice has spam (the only ones that don't have any spam and don't have any filters are those too niche that spammers won't bother).

Then we have to checks notes - make every network niche!

I quip, but I think there are solutions in that kind of thinking. Not everything needs to connect to everything.

Yes, but in both the case pf e-mail and SMS you are not looking at public streams, and neither uses a disyributed system. It uses a centralized system with a small number of telephone companies that are slow to respond to reports of spam.

In a distributed system of the kind I propsed above, if you got a spam message you wpuld reduce your trust in those who transitively approved the source of the message, immediately.

Someone spamming would be cut off quick, as would anyone with high trust in a spammer.

> In a distributed system of the kind I propsed above, if you got a spam message you wpuld reduce your trust in those who transitively approved the source of the message, immediately.

I won't think too deeply if your solution works theoretically, but in reality in our imperfect world most people would just choose to outsource the job to the point that we're back to the email problem. Majority of people liked Gmail - majority chosed Gmail and spammers galore we have. Even Mastodon is not resistant to centralization despite their efforts to be decentralized - most wouldn't bother to set up their server and so a lot ends up signing up to mastodon.social.

Parent's idea is called Web of Trust and it does work, but it doesn't have wide adoption for exactly this reason. For the average person it's too much work to curate their network, or to "debug" the chain of trust that let some spam slip by.

https://en.wikipedia.org/wiki/Web_of_trust

Yes, although I imagine continuous connection weights and for the trust to be based on upvotes and downvotes on the public comments of others, not something for cryptography or private messages.
Email and SMS are very much distributed systems. There are many mail servers, and many telephone companies, cell phone companies and VoIP providers that can send SMS messages. With SMS messages the problem is quite similar to e-mail in that the protocol the network is built on (SS7) was designed in a time when all carriers that had access to the phone network were trusted.

You've fallen into the naive assumption that spammers use the same identity for each piece of spam being sent out, which is simply not true. I get plenty of spam phone calls with fake phone numbers despite the fact that STIR/SHAKEN has supposedly been implemented. Forged digital identities are cheap. And if forged identities are cheap, there's no trust mechanism that can work.

Presumably you'll counter by saying that you can simply assign a negative trust to unknown identities. In the real world there are plenty of us that have to communicate with people we haven't communicated with before (my business can't afford to turn away customers I don't already know), so we can't simply drop unknown identities.

The spam problem is hard because identities are hard, and digital identities are doubly so. Time and time again has proven that simple hand wavey solutions do not work.

No, I haven't.

A message from an entity which has not yet sent a spam message does indeed have the save priorization characteristics as one from any other entity withour connections to anything, but presumably a new user is invited by someone.

Furthermore, a new user could presumably say things on the spam-filled rubbish subforums, until he gets an upvote from someone who is trusted by somebody, and then after a while he becomes a participant.

The readon you see problems is, I think, that you imagine a system of private, individual, communication, while I imagine an enormous public forum.

You are failing to address a use-case that matters. As a result, your solution can't be adopted by everyone, and will therefore fail. You need to consider privacy concerns, as not everyone in the world wants to see their web of associations made public. Look at privacy laws in Europe and other countries to get a better idea of what is required.

Writing code is dead easy if you remove all the requirements from users.

Yes, but I am interested in forums-- things resembling slashdot, or reddit or flashback.

Furthermore, among high-trust users PMs can be permitted even on such systems; and I csn actually give a superb procedure for dealing with spam in PMs among moderately trusted users: by letting a receiving user move a PM into the public flow of the sender.

Forums still have individual to individual conversations. Forums also have instances where individuals have an excellent reputation on one group but post what is considered to be spam in other groups. Take reddit and /r/theDonald. Reputation management is non-trivial, and trivial designs fail in the real world.

Plus you still have the problem of how to treat an individual that is a first time poster. On many forums I never bothered creating an account until I felt I had something useful to contribute. In your system, how do you distinguish between the first time poster making a beneficial addition to the conversation versus a first time spammer? I feel you're hand waving this really hard problem away.

Yes, and this is why this one-graph-for-everyone makes so much sense for forums.

The Donald was genuinely popular. Some people didn't want it to be, but it was. I believe that this contributed more to its banning than any incidents relating to it.

The problem you're bringing up isn't really a solvable problem unless you have a human secretary as intelligent as yourself, and then it would be as appropriate for you to be the secretary for the person you'd have as a secretary.

Curation by some entity is going to involve being manipulated, which is very dangerous.

The spam may not be as dangerous as other types of attack - that is when spammer gets frustrated that they get blocked, they may go nuclear and post illegal content to the site and then report it to hosting provider and / or authorities causing problems to someone running the node. And if you don't have good measures to filter or prevent such content from being uploaded you are toast.
Yes, although I don't think a site as such is a good idea. Instead I imagine a WebRTC application connecting to many peers and exchanging text with them. The main website then has little to do with the content.

Furyhermore, it's not like people can't post illegal content even if they can't spam. In a way, your readoning regarding it is like responding to a threat as if the person in question can't realize it even if his conditions are met.

It means shunning users and avoiding Sybil attacks. If you can't avoid Sybil attacks, then you're stuck censoring content, and that's an unhappy job.

Blockchain tech is good at one thing: making numbers expensive. That property has made them really unpopular, along with doing it by turning huge amounts of electricity into heat, but it's useful in that an identity is just a number, and if you can make identities allodial and somewhat expensive, you can solve the problem at the user level, by banning bad actors.

If a user ID costs ten bucks, spammers have to make that plus labor back before everyone shuns them. That's discouragingly difficult to do.

Hashcash is a similar solution to make spam computationally intensive, but minimally invasive for regular users.

Bitcoin's proof-of-work system is inspired by Hashcash.

But yes, the solution to spam is to make it expensive: either monetarily or energetically.

If hashcash involves taking a penny or more from someone for it to work, it won't work.
It does work, since when have you ever received spam from Hashcash?
By that logic the solution to spam is alcohol, since I have never received it from wine either :)

I also don't ever remember having received an email with Hashcash.

Hashcash does not require money, it only requires you to burn CPU cycles. But it's tough to implement fairly. A feature phone might take 60 seconds to do the same proof of work that a PC can do in 0.1 seconds. (And spammers would eventually just build ASICs anyway.) So those without powerful hardware are back to trusting some centralized entity to burn CPU for them and relay their message.
I'm not sure modern phones are 600x as slow as an average PC in single threaded performance.

These days the performance difference is about less than 10x on the cheapest of phones. A hashcash that takes 100ms on my PC and 1s on my phone to send an email would be prohibitively expensive for any spammer.

This MUST be Adam, no one else argues by ignoring the main points and focusing on the pointless random numbers involved instead, it's kind of his specialty.

(The "inventor" of HashCash is also responsible for the corporate take over of the GitHub repository of Bitcoin Core).

Hashcash's proof of work is an embarrassingly parallel problem, and I'm typing this on a CPU with 24 cores.
Didn't some HN develop a hash strengtening algorithm that relied on using memory, rather than CPU cycles?

If not Chia coin works that way, maybe that algorithm could be used? In either case it would make ASIC useless.

I think bitcoin has proven that if the economic advantage of a proof-of-waste system is big enough you can create truly huge amounts of waste. I don't think we want to add that to spam.

> the solution to spam is to make it expensive: either monetarily or energetically.

This is used nowhere in practice? In practice, the solution is for a small number of dedicated central spamfighters to cooperate on lists of known spam IPs, or correlate across a large number of emails to produce statistical markers of spam.

If this is not Adam Back I will eat my hat.

The biggest mistake Satoshi made was including a reference to HashCash in his white paper

This ain't Reddit, we can do without novelty accounts, especially to imply I am Adam Back. You have my blessing to eat your hat.
They're not being bombarded by spam, just increasing revenue without even pretending anyone is checking these 'ads'.
FB is on the descending end of the hype curve. Maybe they're just trying to squeeze out the last drops of revenue before it dies.
Yes same here. If a facebook engineer is reading this, you need to offer a "updates from my friends" timeline, separate from the rest. Make facebook a useful tool again, and add additional functionalities in a non-ambiguous way (so either not to the timeline directly, or in another tab)

Oh and, bring back a clear way to make the timeline chronological. This is the first sign that facebook is not designed to be useful, but designed to increase engagement. Let users choose. Power users will tweak their timelines and make it chronological, while others will continue to use the default way.

They did offer this for a long time -- you could make friends lists, and then use them to focus on updates that belonged to those friends.

You can still make friends lists, but sometime in the last 2 years or so, they removed the feature to focus on updates from friends, and the friends lists don't do anything at all other than interact with privacy scope for your posts, which I guess is still nice.

IMO FB long ago decided it was going to be guided by metrics rather than theories about utility. Maybe they know better what users want than users do themselves, or maybe they care about other things, either way, the days of power users are done here.

Either we’re the long tail, or we’re the users they should listen to
> Yes same here. If a facebook engineer is reading this, you need to offer a "updates from my friends" timeline, separate from the rest.

That only benefits the user, it doesn't benefit Facebook... so why it would be implemented at all? Do we really think Facebook (and other big platforms) are doing what they do in order to benefit their users? Please, it's 2022, Facebook et al. don't have to beg for our attention/loyalty; they effectively do whatever the hell they want. The sooner we stop using their services the better for the internet.

Engagement per user is not the only metric they have. DAU declines are an easy metric they can target. People are quitting Facebook because of these actively hostile patterns. They make, and charge for, money per user. Give the people what they want, and a chronological "updates from my friends" would retain a non-trivial tranche of users.

Separately, I do tend to agree, social media with engagement feedback loops is _bad for most people_ like hard drugs. The sooner folks quit, the better it is for them.

It does benefit Facebook though. The current feed doesn't engage me. I want to see what my friends are doing - not the memes they are sharing or the divisive politics they are commenting on, but their life - original content that they are creating. If they would show me this I would stay on longer, and incidentally scroll past a lot more ads. Instead I see a few shared memes (which I've been "blocking all from the originator" for months now which only helps a little) and give up even though I know there are other friends who have actually done something with their life that I want to know about that I miss.

I'm getting ready to drop facebook completely. They need to provide me more value if they want to sell my eyeballs.

>If a facebook engineer is reading this, you need to offer a "updates from my friends" timeline, separate from the rest.

FB engineer reporting. We have no control over this.

Honestly, at this point most of us just hang on to siphon off as much money as possible from the company before it all comes crumbling down.

My advice for FB users would be to stop using it. I'm not using it either.

I suspect you’re just a troll account but as an ex-fber:

I know most of the internal threads end up pointing to the URL trick to make the timeline chronological. But I think it’s worth continuing to ask and argue for more user-focused features (and even ask during Q&A).

Not a troll account. Proof: Mark posted a surfing video to Workplace on Aug 15 5:31.
Yeah, it is as if they opened some sort of a sewer floodgate. My feed is a diarrhea of alt-right and communist propaganda right now, and everything in between.

It was pretty bad before but now it's completely unusable.

Events are 10X worse than timeline. Has anyone else noticed this? All the event pages are constantly being bombarded by scammers saying they have "tickets" to the event to sell because they can no longer go for X reason. On some popular events there's scam messages every couple minutes. Thousands of fake profiles posting with no details on the profile. Some are even more sophisticated and have rather full profile details. Most of the time they sell "online" tickets, but where I am from almost all the tickets are paper so its easy to spot the scammers.
Yes, mine is almost 50% these types of scam ads - https://i.imgur.com/NH9Nd5j.jpeg

As everyone here can work out, Amazon's latest AI platform did not appear on the BBC news and it was not making banks scared. What's very strange is the url in the ad leads to a clothing website when typed in, and a MML pdf when clicked.

Anyway to answer you question yes, mind is filled to the brim with these ads and only these ads.

Your friends presumably don't post ads. So filter out things that aren't from your friends.
Not only outright spam it seems.

A Norwegian in another forum wrote that he/she (I can't remember) had the timeline full of things like birthday greetings from people they didn't know to other people they also didn't know.

I keep blocking up to 10 pages of movies theme every day that Facebook keeps suggesting to me. For months already.

I view it as extremely offensive and abusive behavior, since I don't follow any of such pages, even on others sites that can in theory track my behavior and share with Facebook.

I guess we are joining the era of corporate techno-fascism, where mega corps don't care about actual wishes of people and just push ideas, narratives, sympathies, and other emotions which are suitable to them. F*ck those narcissistic billionaires that build "virtual realities" essentially to exploit the others.

BTW, hyper-capitalism and democracy are obviously incompatible with each other. No wonder there so many different crises in the world right now.

It was a bug, and is now fixed.
That was my suspicion from reading about it, but it seems a percentage of HN commenters love to attribute to malice what can adequately be attributed to incompetency.
Has been like this since Facebook was created. This is not new