The only advantage of a such name is uniqueness (more precisely, a google-wide uniqueness), but why exactly is that an advantage?
Perhaps to make it easier to track which sites were successfully attacked? For example 100 000 websites under attack, 100 000 silly user names; a month later an automated google search reveals which websites are insecure, and those are selected for a second wave of attack? For example, to avoid Google penalty for getting 100 000 links on the same day, the spammer could create accounts on 100 000 websites the same day, but only add 200 links a day from the attacked sites to their own websites.
This was my first idea, but… why google for a unique username associated with a website, when you can just look at the given website to check whether the user’s wiki page still exists? (Is the Google search perhaps more anonymous?)
There is an added bonus that it is harder to link related attacks and find out which group is behind which wave.
Also, there will always be some amount of legitimate users with random names—and any other easy to generate will-always-exist pattern would fall into collisions more often.
At least on LW proper, I have deliberately random username. I don’t have LW wiki account, though, but if I ever find a maths article there that I would want to edit, I will use the same screen name. I didn’t notice that I am a spambot (outside “Product Recommendation” at least).
I don’t think they are actually editing the page, the message is just the page being automatically created when the account is registered.
I believe there was a measure enacted recently that put an extra step (email confirmation) between registration and the ability to modify pages. This was because there was significant amounts of actual spam (not just spam accounts) being posted, which seems to have been entirely stopped.
(ETA: and also requiring a captcha when inserting external links into a page, at least for new-ish users.)
Why are users long, nonsensical names editing their own wiki pages? Here and here are two recent examples, but I’ve noticed it for a couple weeks now.
I guess those users are spambots, and they probably try to add hyperlinks (not necessarily successfully).
Not sure why they use long nonsensical names.
Yeah. You’d think they’d have sensible names, like all the other users on the site.
The only advantage of a such name is uniqueness (more precisely, a google-wide uniqueness), but why exactly is that an advantage?
Perhaps to make it easier to track which sites were successfully attacked? For example 100 000 websites under attack, 100 000 silly user names; a month later an automated google search reveals which websites are insecure, and those are selected for a second wave of attack? For example, to avoid Google penalty for getting 100 000 links on the same day, the spammer could create accounts on 100 000 websites the same day, but only add 200 links a day from the attacked sites to their own websites.
This was my first idea, but… why google for a unique username associated with a website, when you can just look at the given website to check whether the user’s wiki page still exists? (Is the Google search perhaps more anonymous?)
Another advantage is reduced likelihood of name collisions (in this case meaning reduced likelihood of the account creation failing).
There is an added bonus that it is harder to link related attacks and find out which group is behind which wave.
Also, there will always be some amount of legitimate users with random names—and any other easy to generate will-always-exist pattern would fall into collisions more often.
Relevant username? It seems that the spambots are learning at a geometric rate—I give them a few weeks before they go FOOM.
At least on LW proper, I have deliberately random username. I don’t have LW wiki account, though, but if I ever find a maths article there that I would want to edit, I will use the same screen name. I didn’t notice that I am a spambot (outside “Product Recommendation” at least).
I don’t think they are actually editing the page, the message is just the page being automatically created when the account is registered.
I believe there was a measure enacted recently that put an extra step (email confirmation) between registration and the ability to modify pages. This was because there was significant amounts of actual spam (not just spam accounts) being posted, which seems to have been entirely stopped.
(ETA: and also requiring a captcha when inserting external links into a page, at least for new-ish users.)