The Bluesky Mass-Follow Scam
Social media has a problem. Bluesky made it visible.
1. A Plague On Social Media
You have probably seen at least one account like this:
And some accounts that look like this:
1.1 What's happening here?
Some users or bots follow completely unreasonably many people in order to get at least some of them to follow them back.
Most regular people do not have follow notifications disabled, so these accounts basically get to send a notification to thousands of people that are likely not at all interested in the accounts.
Manually following people is (as far as I know) almost never against the Terms of Service of any social media platforms, so they often have some level of plausible deniability.
For example, these are the Bluesky Community Guidelines.
I am not a lawyer and this is not legal advice, but as of the time of writing of this article,
per my interpretation they forbid automated actions like following thousands of accounts to generate engagement.
And yet we constantly see people or computers run by people ignore this.
2. Bots
Let's talk about the obvious thing first: Bots are everywhere. Some of them get banned in only a few hours, but some stay up longer.
The purpose of these bots is varied, but many of them either sell a product, get you to click a shady link or try to shift the overton window by pretending to be a human that just happens to be very political.
I think they fall under two main categories:
2.1 Predefined accounts
These accounts look roughly like this:
They tend to post predefined messages and are usually quite easily recognizable as bots.
While they often get flagged as spam quickly, in the time they stay up, they can still generate lots of donations to some obviously fake campaign to help people in need or get people to subscribe to some 18+ site.
2.2 LLM "powered" accounts
As far as I've seen these are most often used to push some political agenda.
Usually this is done by having them automatically interact with as many people as the rate-limits of the servers or the LLM computation times allow.
3. Real people
What surprised me, is that some acutal humans also use it to gain engagement,
and they seem to be doing JUST FINE.
Let's look at an example:
Ramin Nasibov
I can't for suuuure say that this person has automated mass-following people, mostly because I don't want to get sued and there might be some plausible deniability, so I will ask you to draw your own conclusions.
On their website they boast about their high follower counts on various sites and their "social media savviness":
Clearly this "strategy" has worked even better for them on X.
Also, at the time of writing they are pushing an NFT thing to their audience, who would have guessed?
This was the account that lead to me investigate this tactic:
dinislam
The funniest part about this account is that he seems to be self-aware:
The post
Wanting a "proof of humanity" for the internet is great! But it coming from them is just rich.
following 105k people right now / about a month since he created his account => on average he followed about 3k people a day.
While writing this article he gained a few thousand followers!
While bots get banned, humans that abuse the following interaction seem to go completely under the radar.
Even those labelled as intolerant don't seem to face any repercussions for this:
This user
If you want to see the extent of the problem, it's easy!
4. You can watch the scams happening in real time
I had a rough idea they were happening frequently, but after finding the Syfaro Bluesky Graph I saw JUST HOW OFTEN they were happening.
To get you up to speed, this tool shows live follow events on Bluesky in the form of a 2d graph connecting users.
(UserA)->(UserB) means that UserA followed UserB while you were watching.
If you wait just a few seconds you'll probably see a few users that follow dozens of others, roughly like this:
If you go to their profile, the odds are pretty good they are currently actively scamming people.
5. Bluesky made it visible, but it's everywhere
Due to Bluesky having an open protocol, anyone can see all new posts via a firehose or jetstream (PS: you can try that out here), see who followed who and which accounts were created when.
On one hand this makes it very visible how much sketchy activity is going on so you might think Bluesky is completely filled with this stuff, on the other hand I believe it is much worse on other social media plaforms who don't make everything public.
Due to Blueky being as open as it is however, I can see a future where we adapt it to make this sort of tactic ineffective or even impossible.
6. Solutions social media platforms could implement
6.1 Why not just hide all accounts that follow more than n people?
No normal person has ANY need to follow thousands of people, so why not decide on a reasonable number to limit how many people you can follow or hide people that go over that number?
At first I thought this might be an okay solution, but sites like Bluesky Follower already seem to automatically unsubscibe from accounts that don't follow their users back.
For the record I personally believe this tool is likely against the Bluesky Community Guidelines, but I am not a lawyer and do not want to get sued by the company behind this tool, so I can only ask you to draw your own conclusion here.
6.2 Limit the amount of people you can follow in a day
If you drastically limit the follow actions that can be performed in a given timespan, surely this would take care of most of these scams. It might make new accounts a bit more tedious to set up if you can't follow everyone you know immediately, but in my opinion, this tradeoff is worth it.
7. It's way too easy to do
For reasearch purposes I wrote a sript that does the whole following thing automatically.
It took 30 minutes to write the code. No, I won't use it and no, I won't share it.
I really hope Bluesky will attempt to solve this, but in the meantime here's my first attempt at making a difference
8. Mass-Follow Account Finder
I wrote a small tool to find potentially suspicious accounts you can find here.
9. Next Steps
- Report people you think break the rules
- Work on solutions directly
- Please share this article around
2024-12-18
Julian Noah Leser