Social bots: In their hands are we safe online?

Picture courtesy @uni-due.de

Introduction

Social media bots are automated programs used to engage other users or content in social media. These are either partially or fully autonomous, and are often designed to mimic human users. According to Twitter (Yoel Roth & Nick Pickles), Some people refer to bots when describing everything from automated account activity to individuals who would prefer to be anonymous for personal or safety reasons, or avoid a photo because they’ve got strong privacy concerns. They state that the term is often used to mischaracterize accounts with numerical usernames that are auto-generated when your preference is taken, and more worryingly, as a tool by those in positions of political power to tarnish the views of people who may disagree with them or online public opinion that’s not favourable.

While ‘good’ social media bots exist, many social media bots are used in dishonest and nefarious ways. Some estimates suggest that these malicious bots make up a sizable percentage of all accounts on social media. Some bots use real users’ accounts that were previously hijacked by an attacker that have very convincing pictures, post histories, and social networks. For activists and protestors under oppressive regimes however, the ability to maintain anonymity when creating a social media account can be necessary to their survival. To use the account posting history, the account name or shared content as the basis of AI models to determine whether an account is either a bot or not is hence not an objective premise on whether a digital account can be regarded as a bot as aptly demonstrated by researcher Darius Kazemi.

Make no mistake, bots have caused horrific outcomes online from discrimination & radicalizations, Information operations by State & non state actors, to Cyber bullying some of which have turned fatal. It’s hence important to clearly define what the problem is, what its characteristics are and what can be done by stakeholders to detect & mitigate the adverse effects of harmful bots. For the sake of this article, I will define a bot as any automated program that interacts with other users on the digital sphere without the attention of a human actor.

How they are created

Most bots are fairly generic in design though some are more complex and use artificial intelligence (AI) in an attempt to imitate human behaviour more precisely. For instance, Twitter provides a visual interface through its Application Program Interface (API) for users to create bots that tweet, retweet, like, and perform other actions on the social network. Normally, bots will operate over a network using internet based services like instant messaging interfaces or through Internet Relay Chat (IRC). A bot can be either rule based or AI based that tries to mimic human behaviour more precisely. A rule-based chatbot will interact with people by giving pre-defined prompts for the individual to select. An AI-based chatbot will make use of machine learning to learn from human inputs as well as watching out for known keywords. They may use either supervised or unsupervised machine learning models like pattern matching, natural language processing (NLP) and natural language generation (NLG) tools to try interacting more seamlessly to human inputs.

Uses of bots on Social Media

There are numerous types of bots, all with unique goals and tasks. Some common bots include:

• A chatbot: — A bot that tries to simulate human intelligence through chat conversations with humans.
• Social bots: — which are bots that operate on social media platforms to like, share, retweet or even comment on digital discussions.
• A shopbot: — A bot used by businesses to improve user experiences on the site through recommending favourite products, customising the e-commerce site and even trying to propose better prices. They can be further customised to finish transactions on behalf of users.
• A knowbot:-A bot that collects knowledge for a user by automatically visiting Internet sites to retrieve information that meets certain specified criteria. Examples include the Siri App.
• Spiders or crawlers (also known as a web crawler):- These are used to access web sites and gather their content for the indexes in search engines.
• DoS / DDoS bots: — These are bots used to overwhelm a server’s resources and halting the service from operating. These are used by hackers to prevent access to a particular service thereby denying legitimate users its utility causing losses and inconveniences.
• Spambots:- These bots post promotional content to drive traffic to a specific website.
• Botnets:- These are bots made by hackers to distribute malware and attack websites and act as controls for other more advanced attacks like Ransomware and DDOS.

Advantages of Bots.

There are plenty of advantages that come with using bots as well as disadvantages. Some potential advantages of bots include:

• Bots are faster than humans at repetitive tasks;
• Shopping bots save time for customers on E-commerce websites;
• Bots ones programmed can operate on a 24/7 hour basis;
• Bots can reach large numbers of people via messenger apps;
• Bots are customizable from simple repetitive tasks to highly advanced usage like in data research.

Disadvantages of Bots.

· Influence operations: Social bots have variously been used in Influence operations on social media for commercial purposes like market manipulation or political objectives like influencing elections .This is done through Click Farming or Like Farming through liking or reposting of content via Click Farms, which provide fake user accounts.

· Amplify phishing attacks: Phishing attacks rely on an attacker gaining their victim’s confidence. Fake social media followers and social engagement can help convince a victim that their scammer can be trusted.

· Spreading spam: Social media bots are often used for illicit advertising purposes by spamming the social web with links to commercial websites.

· Shutting down free speech: During the 2010–2012 Arab Spring movement, government agencies used twitter bots to overwhelm social media feeds. These bots were used to deliberately push down the messages of protestors and activists. Hash tag High jacking use hash tags to focus an attack. Trend Jacking and Watering Hole Attack use top trending topics to focus on an intended audience for targeting purposes.

Detection & Control of Social Bots.

The potential for misuse of bots has raised the need Detection on social media when used for nefarious uses to isolate and remove them in order to ‘clean’ the digital sphere. To detect the presence of harmful social bots; the following are simplistic ways of detection;

· Running a reverse image search on a suspect profile picture to see if they are using a photo of someone else taken off the web.

· Looking at the timing of their posts to match up with their time zone. Also for accounts making posts every few minutes every single day, these are indications that the account is automated.

· Using a bot detection service such as botcheck.me that uses machine learning to detect bot behaviour.

However the current efforts in the direction of the use of AI tools to detect harmful social bots and remove them from the social media platforms like Facebook, Twitter, Instagram, YouTube and others are limited operationally and technologically. Through tools like bot meter and bot sentinel, research organisations have come up with theories on the effects of Social bots on’ unlikely’ phenomena like the election of former president Trump and the Brexit vote in the UK.

The Computational Propaganda project of the Oxford internet institute defines a high level of automation as an account that posts 50 times a day using election related hash tags. Their research has thence been used as the Source authority of the claim that Social Bots manipulate voter opinion. Sasha Talavera, Professor of Financial Economics at the University of Birmingham, claims that Scottish politician Nicola Sturgeon ‘has 73,000 fake Twitter followers’. He defines social bots as “users with exactly 8 digits in usernames”. Adding 8 digits to names of new users is the standard naming scheme for new users joining Twitter as the default proposed to them by Twitter, which is in no way a proof that a user is fake.

Using AI to detect social bots is hampered by challenges such as lack of sufficient labelled data to effectively train the algorithms, Immaturity of narrow AI to be able detect every mutation of social bots and the ever changing nature of bots making it hard to even gather sufficient data to learn their characteristics. For example, how do you tell a bot from a troll, which is an antagonistic human just spoiling for a fight with an opposing football team fans, or a cyborg, which is a human-run account that intermittently deploys a bot. There’s also the “grandpa effect,” who are people mistaken for bots because they used social media in “uncool or gauche” ways.

Other operational challenges include the fact that the very social media platforms have as their key commercial proposition, marketing which thrives on hits and engagements and therefore the use of bots to drive engagement is good business. However, after the furore of the reported Influence operations by Cambridge Analytica on the US 2016 elections and the passage of Data protection acts like the GDPR in Europe, there has been a concerted efforts by both governments, Civil society and the technology platforms to detect and remove bot accounts that could be used for Misinformation operations on social media. The state of California passed a law that forces people to disclose when they use bots for communication on electronic platforms like Twitter, Facebook, and Instagram among others. Germany’s new State Media Treaty (in German): which states that, “Providers of telemedia services in social networks are obliged to indicate the use of automation when content or messages are created automatically by a computer program, provided that the user account used for this purpose has been made available for use by natural persons on the basis of its external appearance. The shared content or the message must be preceded or accompanied by a clearly legible indication that it has been automatically created and sent using a computer program controlling the user account “. This provision applies not only if content and messages are generated automatically immediately before they are sent, but also if they are sent automatically using a pre-programmed content or message.

Twitter, whose platform has been the subject of investigations by the US congress as a medium for Influence operations has set out unacceptable use cases for its free API as follows;

• Malicious use of automation to undermine and disrupt the public conversation, like trying to get something to trend
• Artificial amplification of conversations on Twitter, including through creating multiple or overlapping accounts
• Generating, soliciting, or purchasing fake engagements
• Engaging in bulk or aggressive tweeting, engaging, or following
• Using hash tags in a ‘spammy way’, including using unrelated hash tags in a tweet.

Conclusion.

In conclusion, we have discussed bots and their potential misuses on social media as well as given cases to demonstrate these misuses ranging from spreading of spam and malware to influence operations to Influence elections. As Darius Kazemi says in his research, “The idea of a sinister botmaster who pulls the strings in manipulating public opinion and who clouds the minds of citizens on the Internet may seem all too attractive to many, as a simple explanation for undesired political developments”.

However, there’s no measurable method to detect and quantify these effects as carried out by AI-based models whose accuracies can easily be challenged on technicalities. Furthermore, the Social media platforms have engagement as their key business models and therefore are prone to look the other way when bots are used to drive engagement on their platforms. The efforts by governments to legislate controls to mitigate the adverse effects of Bot generated traffic are laudable but to demand that users label their bot generated content may lead to litigations as an affront to freedoms of expression. Furthermore, there’s no technical way to enforce such controls as the very technologies to that have been proved to be immature.

It’s hence falls on the feet of the digital users of these platforms to be vigilant as they go about their activities and know that there are nefarious actors on these platforms that could prey on them in different ways. The Technology firms may not have the motivation to protect them and neither do the policy interventions by governments guarantee any safer a digital sphere. There the human users must exercise caution and use other open sources of information on bots in addition to the available AI tools to identify and protect themselves from these ruthless gangs that operate in grey areas technically and legally.