
A Pinterest spammer tells all - taylorbuley
http://www.dailydot.com/news/pinterest-steve-amazon-spammer-tells-all/
======
DanielBMarkham
There are multiple angles to this story, and each has a compelling narrative.

Social sites are not just games or freebies. They exist based on the premise
that they can use human nature against itself in order to create free content
from users to be consumed by other users. At the end of this road we have
Facebook, where they spend tens of millions of dollars to program users to
create and consume like you'd program an alarm clock.

The spammers of course are in it for nobody but themselves, so it's tough to
ding them any more than the rest of folks. At least most of them seem honest
about it.

There's a third party here too, though: the honest internet citizen who likes
creating and sharing content and making money while doing so. They don't run
bots and they actually review the stuff they talk about.

The spammers make their money because they can "fake out" the system to think
they're the honest money-making folks. The danger here is that we're going to
only end up with two giant contenders, the addictive social sites and the
spammers. That the little guys get crushed. To me it seems that the web, once
wide open, is closing in bit by bit. (That probably sounds hyperbolic.
Apologies.)

~~~
user2459
_The spammers make their money because they can "fake out" the system to think
they're the honest money-making folks._

None of this is any different than basic capitalism. Now this isn't an anti-
capitalism rant, it's just an observation. Rite-Aide and Walmart can buy
entire city blocks and run their businesses at a loss for years to _fake out_
and overcome _honest citizens_ ' businesses and we celebrate their success.

I suspect if people could invest in spammers there'd be a different public
perception of them.

~~~
JDShu
For your Walmart example, wouldn't that violate section 2 of the Sherman Act?
In principle, it isn't a strategy the United States government allows.

------
joshuahedlund
Will Skimlinks (or someone similar) offer a reverse-affiliate service that
_strips_ affiliate IDs from links on your site instead of adding them? Does
this already exist?

(It would be trivial for Pinterest to manually do this, say, for Amazon, which
could instantly crush a spam model based only on Amazon, without any spam
network detection/banning required)

Personally, though, I think affiliate links in social networks are pretty
innocuous, if not slightly positive.

~~~
blhack
You'll always lose in an arms race that you didn't start.

If you start stripping affiliate IDs, I'll just write a redirector and link to
that, or link to an existing redirector. Are you going to ban all of bit.ly?
Or t.co? or letter.obscure_tld from your website?

~~~
aqme28
There's a better way.

Make a crawler that follows your redirects. If it hits an affiliate page, you
can presume (with some likelihood) that it's a spam link.

If you put in intermediate redirects that the crawler wouldn't pick up,
there's a chance your targets won't either and you'll lose customers.

~~~
reginaldo
The crawler better be undetectable as such. For instance, it better send
"expected" headers (User Agent, Accepts, etc.), and it better have cookies
enabled, and also operate from many distinct and perpetually changing IP
addresses.

Otherwise, the spammer will be able to run his/her own URL shortener service
in a 5USD/month VPS and be able to show a spammy link to the users and a
regular-looking link for the crawler.

BTW: a "crawler" implemented with Mechanical Turk workers would be a little
bit harder to detect, but would also have its downsides.

~~~
aqme28
_"For instance, it better send "expected" headers (User Agent, Accepts, etc.),
and it better have cookies enabled..."_

How are these challenges exactly? Just set the user-agent and enable cookies.
Done.

 _"...also operate from many distinct and perpetually changing IP addresses."_

Okay. Change the IP it operates on every few days.

------
pavel_lishin
I'm not suggesting that this is trivial to implement, but in principle,
wouldn't it be fairly simple for Pinterest to identify these guys based on
their 'social networks'? If a group of accounts only 'pins' posts of other
accounts in that same group, that suggests either a spambot farm, or a very
inclusive group of friends. False-positive detection could be decreased by
looking at account sign-up dates, or profile photos.

~~~
dangrossman
It sounds like he only has one Amazon Associates account. Identifying all his
accounts would be trivial, then -- find all accounts that have posted an
Amazon link with the same associate ID in the URL.

~~~
Father
Most of the experienced spammers fake the referrer. They'll have a scrub site
setup which will appear as any blog. The spammer will spam links to the blog
page (often using a url shortener); however the link will contain a id. If you
visit the page with the id it will selectively redirect traffic to their
amazon affiliate link, without the id link it will appear as a normal
blogpost.

Amazon will think the traffic comes from the blogpost. The person getting
spammed won't get any protection if they filter amazon links.

~~~
SpiderX
All they'd have to do is add a captcha to the submit. Trivial to implement and
it would reduce the spammers.

~~~
dennisgorelik
CAPTHCA is trivial to implement, but is terrible for usability.

~~~
boyter
And in many cases trivial to circumvent <http://www.wausita.com/captcha/>

------
bproper
If he is pinning relevant pictures to themed board and simply doing it at
scale, is he really abusing the site?

e.g: pictures of cakes on a recipe board about desserts that link back to a
cookbook and he gets 4 cents per click through...

~~~
DanBC
> _simply doing it at scale_

That's the most abusive part. As a Pinterest user I want to see what other
real users are pinning. I don't want to see what 4,000 bots are pinning.

~~~
nullflux
Everyone talks about authenticity in social media (that somebody wants to see
"real" content from "real" people) which really makes sense because it is the
most human thing. But what if the bots pass a Turing test and deliver relevant
content with said links? Does it not become spam anymore? That's the weird
part. All of the spam I get in my email I don't want because it is completely
irrelevant. Same goes for ads on nearly every site. That's why it's spam: I
don't want it, it's being forced on me, and is completely irrelevant to my
productivity. But if some bot dug up something cool, isn't that just what gets
defined these days as "targeted advertising"?

The utilitarian argument here invalidates this premise of the pins needing to
be human, which is what is interesting. If you are getting utility out of it
and you didn't know it was a bot, you are actually still better off.

~~~
mattmanser
It's not going to be cool though is it? AI is nowhere near being able to know
what cool is.

~~~
gravitronic
<https://twitter.com/#!/Horse_ebooks>

------
AznHisoka
As Google is killing more and more content farms, it makes sense spammers are
moving towards sites that have tons of authority, and spamming there. Can't
get "buy car insurance" to rank for your spamblog? No problem, create a fake
question in Yahoo Answers with the keywords in your title, and a fake answer
with your affiliate link. Repeat in Pinterest, Amazon Askville, Quora, etc.

~~~
slouch
Affiliate links are filtered out of Yahoo Answers, or at least they were 4 or
5 years ago when I posted one.

~~~
getsat
You could use a redirection service. If they actually follow the redirects to
the final destination, you could simply inspect the User-Agent header and
redirect their automatic checker to a different page. If they pretend to be a
browser by faking the agent, you can create a page with a hidden form
(method=get, target=your_affiliate_url) that is submitted using Javascript.

------
jcdavis
Aside from the (good) conversation here, I'm actually shocked the guy agreed
to an interview. How many HN people just spent some time thinking about how
you would do one of these? Not that nobody could have possibly thought about
pinterest spamming before, but this interview has certainly increased
knowledge of it

~~~
cowkingdeluxe
Probably because he knows the end is coming quicker than he said in the
interview.

------
akrymski
Wouldn't be surprised if 90% of their amazing growth is actually spammers
creating accounts by the million daily.

The interesting thing is that Pinterest founders have an incentive to look
away, while promoting their growth to the VCs, raising massive rounds whilst
potentially cashing out big time. Tumblr seems to be going a similar route,
maybe its a Twitter-initiated trend of bot-generated companies?)

------
jcfrei
sounded very tempting at first, but since spammers are already releasing tools
to do automated spamming, they might have realized that their methods wont
work forever (otherwise they would be making an irrational decision, since
they could make much more money by using them themselves).

there are actually plenty of bots out there already:

[http://www.blackhatworld.com/blackhat-seo/buy-sell-
trade/419...](http://www.blackhatworld.com/blackhat-seo/buy-sell-
trade/419090-my-personal-pinterest-com-bot-collection.html)

<http://pinblaster.com/>

~~~
rokhayakebe
Pinblaster, you have got to be f __* kidding me.

~~~
MichaelApproved
Please elaborate.

------
codexon
An easy way to find Pinterest spammers.

<http://pinterest.com/source/amazon.com/>

I think the spammer moved his affiliate tag to womansdesign-20.

~~~
chrisohara
How are they not picking it up as spam? The same affiliate link from multiple
accounts... The description also looks like a snippet of one the product
reviews on Amazon

~~~
AJ007
They aren't picking it up as spam because they aren't trying to stop spam.
They will soon, and it will become very difficult to make much smaller amounts
of money. Or, if they don't, they will end up in a place where pinterest is
the Myspace of pinboards.

------
taylorbuley
So-called "skimming" of links does not strike me as being terribly wrong (or
different from what Pinterest does itself), but the practice likely still
undercuts their bizmodel because they don't skim links that already have
affiliate ids attached to them.

~~~
SpiderX
It seems to me that it's pretty dumb to leave the affiliate ids attached. If
anything, I think their initial idea of replacing affiliate links with their
own affiliate smart. People don't like it, they can use another site.

------
toddnessa
In life there are often short-term gains that can be made by someone either
lacking in principle or who simply fails to exercise it. In simple terms, in
this world there are always going to be temptations to travel down a road that
in the end leads to death. In this case, it is eventual financial death for
the marketer.

I know the temptation is for this road to be traveled because it's most often
the easier road in the short-run for someone to take. There is no doubt in
marketing a product or service that you are going to have to knock on many
doors. Most often this will mean having to spend money in the process of
running ads in order to get the word out. Bots such as those used by the
Pinterest spammer automate the process but do so by taking advantage of loop-
holes in the system and in so doing exploit whatever platform they are using
(in this case Pinterest).

It is one thing to offer a product or service and to let people know about it
and quite another to use technology to exploit a Platform for the purpose of
sending unsolicited information to those who you do not know. There are better
ways to market products and to profit from the sale of them through proven,
sound marketing strategies.

The use of spam bots are not a reflection of anyone who has pursued an
education of good marketing techniques. Such people only serve to give
marketers in general a bad name. Those who pursue get rich quick strategies
like this are not they type of people that endure for the long-run.

------
krschultz
Frankly this sounds like what Pinterest should be doing for revenue. Isn't
basically what promoted tweets are for Twitter?

~~~
pavel_lishin
Promoted tweets are a fucking scourge, at least so far. I've seen two - both
times for something totally irrelevant to me. (What the hell is the Shell
Houston 2012 Open? I have zero idea, and less than zero interest.)

~~~
krschultz
I agree I don't like them either. I thought Twitter was going to settle on
having people with >XX,000 followers pay something, Freemium style. But I
guess ads are a better moneymaker and they will convert better in the feed.

~~~
pavel_lishin
> I thought Twitter was going to settle on having people with >XX,000
> followers pay something, Freemium style.

That seems weird, like punishing people for their success, or letting others
decide how much they should pay. (Unless, I suppose, that once you hit XX,000
followers nobody could follow you until you paid up.)

------
ebaysucks
What exactly is outrageous about a community service like Pinterest or a forum
using Skimlinks?

~~~
Steko
If they had just disclosed that they were doing it no one would have cared.

~~~
billpatrianakos
I disagree. The story of Pinterest using Skimlinks became controversial
because bloggers made it so. It was fake, manufactured outrage. If they
disclosed it beforehand the same thing would have happened anyway. It would've
been in their TOS or something and we all know that when bloggers have nothing
to write about they peruse a bunch of TOS agreements looking for some outrage
to manufacture. They would have come across it, manufactured the outrage, and
Pinterest probably still would've ended up ceasing use of Skimlinks.

I'm being speculative here, I know but I think you are too. I think there'd be
controversy regardless of disclosure though not disclosing it sure helped make
the outrage easier to sell.

------
siculars
Let's say you are a "regular" user. You "pin" x number of pins/frequency
(hr/day/whatever). This establishes a normal activity baseline. Filter by
"pins" that have links that have affiliate codes in them. Now, it has been
shown that Skimlinks can identify these links and replace them. If that is the
case, they can count the number of affiliate unique id's in their system
across pinterest accounts, thereby linking seemingly disparate accounts by
their affiliate links. Unless this guy is running game with multiple affiliate
links or affiliate links are uniquely generated on a per item basis then I
think Pinterest can put a stop to this.

------
benologist
Sucky thing for pinterest to deal with and it's only going to get worse for
them - the obvious spam is just the tip of the iceberg, the more insidious
stuff can go undetected pretty much forever judging by HN, Reddit etc.

~~~
dustingetz
you can't say that without elaborating, lol.

------
webjunkie
First of all: They believe a screenshot to prove identity?

I could've faked that in 10 seconds with Firebug and then told them I make
like $10,000 a day with my super hardcore h4ck0r bots and the would have
believed it I guess.

------
huhtenberg
> _we found tons of bots that traced to your Amazon affiliate account_

This suggest a trivial fix for the problem on Pinterest's side, doesn't it?

~~~
TomAnthony
I think he is using URL shorteners or custom URLs that looks like a blog but
are a redirect to an affiliate URL. Now they'd have to start examining the
URLs in detail, which is a lot harder. Especially if he cloaks for access that
looks to be coming from Pinterest themselves.

~~~
GoodIntentions
If I were tasked with detecting these, nothing would run from a Pinterest IP
address. Use throwaway VPS hosts on different blocks and replace them
regularly.

For that matter if I were tasked with posting this spam, I'd do the same...

------
hammer9
I own 10K bots, each one post 10 pins daily, 1 random pic + 9 good pics. 9
over 1 makes the pin quality above average. Everyday I choose 10K pics for
every bot to pin as random pic. The 100 pics get most clicks become good pics
in the next day. I call my bots collaborative content election system, but not
spamfarm.

------
shagbag
Does anyone know if Steve's actions are legal under United States law?

~~~
cowkingdeluxe
I don't think it violates any specific law, but I'm guessing that a prosecutor
could come up with some charges if the website hired good enough lawyers.
Charges similar to the ones you see for denial of service or computer fraud.

~~~
Sodaware
There's also FTC disclosures to worry about, although I'm not sure if it
covers posting affiliate links to another site.

------
pepijndevos
"Trust me when I say Pinterest is NOT invite only."

How is that? Where is the hidden registration button? Or do you simply get an
automated invite after you request one?

~~~
weirdcat
The latter. The delay (if there is one) isn't too long.

------
muyuu
I had no idea it was that lucrative. I expected revenues maybe in the 100s per
day.

This story is going to bring a lot of new "fresh blood" into spamming SNs.

~~~
ry0ohki
That's what I was thinking... I assumed the click-through rate of Pins was
terrible, it's quite difficult to even figure out that you can.

------
twodayslate
Where can I get one of these bots? This seems too good to be true!

~~~
xtremecool
Here's where you can find it > <http://bit.ly/GZd7I1>

------
zuralski
Everywhere I go, I find a spammer has been there before me.

------
mkmkmmmmm
How do these scumbags get so many IPs? Botnets?

------
steph37
"And women will fall for it instantly"? WTF

