why do you think that methodology isn’t vulnerable to bots or other kinds of attacks?
Ah, yes, I thought that methodology wasn’t vulnerable to bots or other kinds of attacks because I was wrong. Oops. Glad I asked.
For the other stuff, I’ve explained it pretty well in the past but you’re right that I did an inadequate job covering it here. Blocking bots is basically giving constructive feedback to the people running the botnet (since they can tell when bots are blocked), on how to run botnets without detection; it’s critical to conceal every instance of a detected bot for as long as possible, which is why things like shadowbanning and vote fuzzing are critical for security for modern social media platforms. This might potentially explain why amateurish bots are so prevalent; state-level attackers can easily run both competent botnets and incompetent botnets simultaneously and learn valuable lessons about the platform’s security system from both types of botnets (there’s other good explanations though). Not sure how I missed such a large hole in my explanation in the original comment, but still, glad I asked.
Does that logic apply to crawlers that don’t try to post or vote, as in the public-opinion-research use case? The reason to block those is just that they drain your resources, so sophisticated measures to feed them fake data would be counterproductive.
Ah, yes, I thought that methodology wasn’t vulnerable to bots or other kinds of attacks because I was wrong. Oops. Glad I asked.
For the other stuff, I’ve explained it pretty well in the past but you’re right that I did an inadequate job covering it here. Blocking bots is basically giving constructive feedback to the people running the botnet (since they can tell when bots are blocked), on how to run botnets without detection; it’s critical to conceal every instance of a detected bot for as long as possible, which is why things like shadowbanning and vote fuzzing are critical for security for modern social media platforms. This might potentially explain why amateurish bots are so prevalent; state-level attackers can easily run both competent botnets and incompetent botnets simultaneously and learn valuable lessons about the platform’s security system from both types of botnets (there’s other good explanations though). Not sure how I missed such a large hole in my explanation in the original comment, but still, glad I asked.
Does that logic apply to crawlers that don’t try to post or vote, as in the public-opinion-research use case? The reason to block those is just that they drain your resources, so sophisticated measures to feed them fake data would be counterproductive.