YouTube bans thousands of Chinese accounts to combat ‘coordinated influence operations’

YouTube has banned a large number of Chinese accounts it said were engaging in “coordinated influence operations” on political issues, the company announced today. 2,596 accounts from China alone were taken down from April to June, compared with 277 in the first three months of 2020.

“These channels mostly uploaded spammy, non-political content, but a small subset posted political content primarily in Chinese similar to the findings in a recent Graphika report, including content related to the U.S. response to COVID-19,” Google posted in its Threat Analysis Group bulletin for Q2.

The Graphika report, entitled “Return of the (Spamouflage) Dragon: Pro Chinese Spam Network Tries Again,” can be read here. It details a large set of accounts on YouTube, Facebook, Twitter, and other social media that began to be activated early this year that appeared to be part of a global propaganda push:

The network made heavy use of video footage taken from pro-Chinese government channels, together with memes and lengthy texts in both Chinese and English. It interspersed its political content with spam posts, typically of scenery, basketball, models, and TikTok videos. These appeared designed to camouflage the operation’s political content, hence the name.

It’s the “return” of this particular spam dragon because it showed up last fall in a similar form, and whoever is pulling the strings appears undeterred by detection. New, sleeper, and stolen accounts were amassed again and deployed for similar purposes, though now — as Google notes — with a COVID-19 twist.

When June rolled around, content was also being pushed related to the ongoing protests regarding the killings of George Floyd and Breonna Taylor and other racial justice matters.

The Google post notes that the Chinese campaign, as well as others from Russia and Iran, were multi-platform, as similar findings were reported by Facebook, Twitter, and cybersecurity outfits like FireEye.

Having taken down 186 channels in April, 1,098 in May, and 1,312 in June, we may be in for a bumper crop in the summer as well. Watch with care.

New email service, OnMail, will let recipients control who can send them mail

A number of startups over the years have promised to re-invent email only to have fallen short. Even Google’s radical re-imagining, the Inbox app, finally closed up shop last year. Today, another company is announcing its plans to build a better inbox. Edison Software is preparing to launch OnMail, a new email service that lets you control who enters your inbox. This is handled through a new blocking feature called Permission Control. The service is also introducing a number of other enhancements, like automatic read receipt and tracker blocking, large attachment support, fast delivery, and more.

Edison is already home to the popular third-party email app, Edison Mail.

Edison Mail is designed to work with your existing email, like your Gmail, Yahoo, Microsoft, or iCloud email, for example, among others. OnMail, however, is a new email service where users will be assigned their own email account at when the product debuts later this summer.

At launch, the web version of OnMail will work in a number of browsers. It will also work in the existing Edison Mail apps for Mac, iOS, and Android.


The biggest idea behind OnMail is to create a better spam and blocking system.

Though Gmail,, and others today do a fairly decent job at automatically filtering out obvious spam and phishing attempts, our inboxes still remain clogged with invasive messages — newsletters, promotions, shopping catalogs, and so on. We may have even signed up for these at some point. We may have even tried to unsubscribe, but can’t get the messages to stop.

In other cases, there are people with our email address who we’d rather cut off.

The last time Gmail took on this “clogged inbox” problem was in 2013 when it unveiled a redesigned inbox that separated promotions, updates, and emails from your social media sites into separate tabs. OnMail’s premise is that we should be able to just ban these emails entirely from our inbox, not just relocate them.

OnMail’s “Permission Control” feature allows users to accept or decline a specific email address from being able to place mail in your inbox. This is a stronger feature than Edison Mail’s “Block Sender” or “Unsubscribe” as a declined sender’s future emails will never hit your inbox — well, at least not in a way that’s visible to you.

In technical terms, declined senders are being routed to a folder called “Blocked.” But this folder isn’t displayed anywhere in the user interface. The blocked emails won’t get pulled up in Search, either. It really feels like the unwanted mail is gone. This is all done without any notification to the sender — whether that’s a human or an automated mailing list.

If you ever want to receive emails from the blocked senders again, the only way to do so will be by reviewing a list of those senders you’ve banned from within your Contacts section and make the change. You can’t just dig into a spam folder to resurface them.

In another update that puts the needs of the receiver above those of the sender, OnMail will remove all information sent from any invisible tracking pixels.

Today, most savvy email users know to disable images in their Gmail or other mail apps that allow it, so their email opens are not tracked. But OnMail promises to remove this tracking without the need to disable the images.

“We view pixel tracking as this horrific invasion of privacy and this is why we block all read receipts,” noted Edison Co-Founder and CEO, Mikael Berner. “The sender will never know that you opened their email,” he says.

Other promised features include an improved Search experience with easy filtering tools, support for large attachments, enhanced speed of delivery, and more.

Edison says it’s been working to develop OnMail for over two years, after realizing how broken email remains.

Today, U.S. adults still spend over 5 hours per day in our inboxes and feel like they’ve lost control. Tracking pixels and targeted ads are now common to the email experience. And searching for anything specific requires complicated syntax. (Google only recently addressed this too, by adding filters to Gmail search — but just for G Suite users for now.)

It may be hard for people who have set up shop for 10 or 20 years in the same inbox to make a switch. But there’s always a new generation of email users to target — just like Gmail once did.

And now that Gmail has won the market with over 1.5 billion active users, its innovations have slowed. Every now and then Gmail throws a bone — as with 2018’s debut of Smart Compose, for example — but it largely considered the email problem solved. A little fresh competition is just the thing it needs.

“We’ve invested years as a company working to bring back happiness to the inbox,” said Berner, in a statement. “OnMail is built from the ground up to change mail. Nobody should fear giving out their address or have to create multiple accounts to escape an overcrowded mailbox,” he said.

OnMail’s premise sounds interesting. However, its software is not yet live so none of its claims can be tested at this time. But based on Edison’s history with its Edison Mail app, it has a good handle on design and understanding what features email users need.

Currently, OnMail is open only to sign-ups for those who want to claim their spot on its platform first. Like Gmail once did, OnMail will send out invites when the service becomes available. Unlike Gmail, OnMail won’t be ad-supported, but will eventually offer free and paid versions of its service.


Twitter details new policies designed to crack down on financial scams

Twitter today says it’s expanding its policies to prohibit financial scams on its platform — something you’d think would have already been banned, but apparently was never directly addressed through Twitter’s policy documentation. Instead, financial scams until now have been handled through Twitter’s spam reporting tool which was expanded last year to specifically identify what exact type of spam a tweet contained.

Among the choices were options to indicate if the tweet contained malicious links, was from a fake account, or was using hashtags or the reply function to post spam, among other things. It didn’t address the numerous sorts of financial spams that appear on Twitter, however.

The new policy better spells out what Twitter considers a financial scam.

Specifically, it says that using scam tactics to obtain money or private financial information is prohibited under the new policy, and users may not create accounts, tweets or send Direct Messages for this purpose.

It also details what kind of scams it’s on the lookout for, including relationship/trust-building scams, money-flipping schemes, fraudulent discounts, and phishing scams. These are detailed in its help documentation here.

The new policy arrives at a time when Twitter has been criticized for allowing crypto scams to proliferate on its service. Many of these involve impersonation, using the reply function to spam, and general promises to make victims lots of money. Twitter also this year allowed an obvious PayPal phishing attempt to run as a promoted tweet, which spoke to the need for stronger oversight in this area.

With regard to the new policy, users are still instructed to report the tweet, as before. That means clicking the “report tweet” option from the menu, then selecting “It’s suspicious or spam,” followed by the option that best explains how the tweet is suspicious.

Twitter also clarified that it doesn’t intervene in other financial disputes that fall outside this policy, like claims related to the sale of goods on Twitter, disputed refunds, or complaints about poor quality goods.

As with other scams, financial scammers will risk permanent suspension if they continue to post scams, phishing, and fraud, Twitter says.

Twitter to test a new filter for spam and abuse in the Direct Message inbox

Twitter is testing a new way to filter unwanted messages from your Direct Message inbox. Today, Twitter allows users to set their Direct Message inbox as being open to receiving messages from anyone, but this can invite a lot of unwanted messages, including abuse. While one solution is to adjust your settings so only those you follow can send you private messages, that doesn’t work for everyone. Some people — like reporters, for example — want to have an open inbox in order to have private conversations and receive tips.

This new experiment will test a filter that will move unwanted messages, including those with offensive content or spam, to a separate tab.

Instead of lumping all your messages into a single view, the Message Requests section will include the messages from people you don’t follow, and below that, you’ll find a way to access these newly filtered messages.

Users would have to click on the “Show” button to even read these, which protects them from having to face the stream of unwanted content that can pour in at times when the inbox is left open.

And even upon viewing this list of filtered messages, all the content itself isn’t immediately visible.

In the case that Twitter identifies content that’s potentially offensive, the message preview will say the message is hidden because it may contain offensive content. That way, users can decide if they want to open the message itself or just click the delete button to trash it.

The change could allow Direct Messages to become a more useful tool for those who prefer an open inbox, as well as an additional means of clamping down on online abuse.

It’s also similar to how Facebook Messenger handles requests — those from people you aren’t friends with are relocated to a separate Message Requests area. And those that are spammy or more questionable are in a hard-to-find Filtered section below that.

It’s not clear why a feature like this really requires a “test,” however — arguably, most people would want junk and abuse filtered out. And those who for some reason did not, could just toggle a setting to turn off the filter.

Instead, this feels like another example of Twitter’s slow pace when it comes to making changes to clamp down on abuse. Facebook Messenger has been filtering messages in this way since late 2017. Twitter should just launch a change like this, instead of “testing” it.

The idea of hiding — instead of entirely deleting — unwanted content is something Twitter has been testing in other areas, too. Last month, for example, it began piloting a new “Hide Replies” feature in Canada, which allows users to hide unwanted replies to their tweets so they’re not visible to everyone. The tweets aren’t deleted, but rather placed behind an extra click — similar to this Direct Message change.

Twitter is updating is Direct Message system in other ways, too.

At a press conference this week, Twitter announced several changes coming to its platform, including a way to follow topics, plus a search tool for the Direct Message inbox, as well as support for iOS Live Photos as GIFs, the ability to reorder photos and more.

To cut down on spam, Twitter cuts the number of accounts you can follow per day

Twitter just took another big step to help boot spammers off its platform: it’s cutting the number of accounts Twitter users can follow, from 1,000 per day to just 400. The idea with the new limits is that it helps prevent spammers from rapidly growing their networks by following then unfollowing Twitter accounts in a “bulk, aggressive or indiscriminate manner” – something that’s a violation of the Twitter Rules.

A number of services were recently banned from Twitter’s API for doing this same thing.

Several companies had been offering tools that allowed their customers to automatically follow a large number of users with little effort. This works as a growth tactic because some people will follow back out of courtesy, without realizing they’ve followed a bot.

The companies also offered tools to mass unfollow the Twitter accounts of those who didn’t return the favor by following the bot back. Other automated tools were often provided, as well –  like ones for creating those annoying auto-DMs, for example.

Twitter at the beginning of the year suspended a good handful of apps for violating its rules around “following and follow churn.” But booting the companies only addressed those that aimed profit by providing spammy automations as a service that others could use.

To really take on the spammers, the limits around how many people Twitter users can follow also had to be changed at the API level.

However, some people believe Twitter hasn’t gone far enough with today’s move.

In response to Twitter’s tweet about the new limits, several have responded to ask why the number “400” was chosen, as that still far more than a regular Twitter user would need to follow in a single day. Some users said it took years to get to the point of following hundreds of people. Meanwhile, the business use case for following 400 people is somewhat debatable, since DMs can be left open and companies can tweet a special URL to send customers to their inbox to continue a conversation – no following or unfollowing needed on either side.

While smaller businesses may still employ mass following techniques to attract customers, this at least puts more of a cap on those efforts.

These new limits and the spam dealer crackdown aren’t the only changes Twitter has taken in recent months to tackle the spam problem on its platform.

The company also updated its reporting tools to allow users to report spam, like fake accounts; and it introduced new security measures around account verification and sign-up, alongside other changes focused on more proactively identifying spammers. Last summer, Twitter also purged accounts it had previously locked for being spammy from people’s follower metrics.

Combined, the series of actions is designed to make spamming Twitter less attractive and considerably more difficult to scale. This impacts not only those who use spam for capital gain but also the new wave of fake news peddlers looking to topple democracies and disrupt elections – something that now has the U.S. government considering increased regulations for social media.

Periscope cracks on inauthentic behavior including fake hearts, follows, chats and more

Twitter’s video streaming app, Periscope, is cracking down on spam and, specifically, fake engagements. The company says it’s updating its policies around how it enforces its anti-spam rules, and is making improvements in terms of how those rules are enforced. This means users will see increased enforcement actions, Periscope notes – and these may even take place on “high-profile” accounts.

The app has had struggled for some time to get a handle on spam and other bad behavior.

For example, in 2016 the livestreaming app rolled out real-time comment moderation – a much-needed change given the real-time nature of the live video and associated comments. Last year, it updated this system so broadcasters could assign their own chat moderators instead of relying on the crowd to handle the reporting and banning.

While these changes may have helped to address issues around trolling and abuse, spam is another matter – and particularly the inauthentic behavior around “fake engagements.”

This isn’t only a Periscope problem. On any platform where engagements – like hearts, favorites, follows, and comments – are the currency of success, entire ecosystems pop up designed to help people cheat their way to the top.

With the updated spam policy, the company says it will now prohibit fake engagements  – including any artificial hearts, chat, followers and views. It classifies these actions as “spam,” because they’re “deceptive” forms of activity.

Any selling or promoting of fake engagement will be prohibited, too.

In addition, company says it will focus on proactive enforcement to help improve chat quality and will soon launch account-level spam reporting options so others can report spammy users.

Fake engagement is not a new issue for the app.

For years, there have been problems with fake followers and fake hearts, as an attempt to manipulate the system. There are YouTube videos that detail how this works, tutorials on how to make these purchases, bots, and, of course, offers filed under “social media marketing” on sites like Fiverr – a marketplace where much of the fake internet is manufactured.

While Periscope may have turned a blind eye to the spam and fakery for some time, its decision to finally crack down on fake engagement arrives only a few months after Instagram did the same. In November, Instagram began fighting back against automated apps people used to leave spammy comments and to follow and unfollow users in hopes of growing their audience.

Social media platforms, as a whole, have actively ignored these sorts of attempts to manipulate their systems for most of their existence. After all, fake engagements like hearts and follows and comments make it look like their platforms are more active than they actually are. And if these fakery tools helped birth crowds of “influencers” who then, in turn, attracted more users to the platform, that could be even seen as a perk.

But fake accounts and activity aren’t always about people wanting a shortcut to online fame – inauthentic accounts are also the source for disinformation campaigns and attempts by foreign governments to hack our democracy. That’s shifted the scale in the other direction, and has forced social media platforms to finally stop ignoring the problem of inauthentic accounts and activity.

Periscope, however, told users it’s all about listening to their feedback.

“At Periscope, we value our community’s feedback to make our service better. Periscope is a place for instant engagement and we’ve heard your concerns about spammy accounts and chats,” the company said. “Whether you’re broadcasting or catching up with your favorite broadcaster, we are always looking for ways to make Periscope feel safer and more authentic for our community.”


Twitter cuts off API access to follow/unfollow spam dealers

Notification spam ruins social networks, diluting the real human interaction. Desperate to gain an audience, users pay services to rapidly follow and unfollow tons of people in hopes that some will follow them back. The services can either automate this process or provide tools for users to generate this spam themselves, Earlier this month, a TechCrunch investigation found over two dozen follow-spam companies were paying Instagram to run ads for them. Instagram banned all the services in response an vowed to hunt down similar ones more aggressively.

ManageFlitter’s spammy follow/unfollow tools

Today, Twitter is stepping up its fight against notification spammers. Earlier today, the functionality of three of these services — ManageFlitter, Statusbrew, Crowdfire — ceased to function, as spotted by social media consultant Matt Navarra.

TechCrunch inquired with Twitter about whether it had enforced its policy against those companies. A spokesperson provided this comment: “We have suspended these three apps for having repeatedly violated our API rules related to aggressive following & follow churn. As a part of our commitment to building a healthy service, we remain focused on rapidly curbing spam and abuse originating from use of Twitter’s APIs.” These apps will cease to function since they’ll no longer be able to programatically interact with Twitter to follow or unfollow people or take other actions.

Twitter’s policies specify that “Aggressive following (Accounts who follow or unfollow Twitter accounts in a bulk, aggressive, or indiscriminate manner) is a violation of the Twitter Rules.” This is to prevent a ‘tragedy of the commons’ situation. These services and their customers exploit Twitter’s platform, worsening the experience of everyone else to grow these customers’ follower counts. We dug into these three apps and found they each promoted features designed to help their customers spam Twitter users.

ManageFlitter‘s site promotes how “Following relevant people on Twitter is a great way to gain new followers. Find people who are interested in similar topics, follow them and often they will follow you back.” For $12 to $49 per month, customers can use this feature shown in the GIF above to rapidly follow others, while another feature lets them check back a few days later and rapidly unfollow everyone who didn’t follow them back. 

Crowdfire had already gotten in trouble with Twitter for offering a prohibited auto-DM feature and tools specifically for generating follow notifications. Yep it only changed its functionality to dip just beneath the rate limits Twitter imposes. It seems it preferred charging users up to $75 per month to abuse the Twitter ecosystem than accept that what it was doing was wrong.

StatusBrew details how “Many a time when you follow users, they do not follow back . . . thereby, you might want to disconnect with such users after let’s say 7 days. Under ‘Cleanup Suggestion’ we give you a reverse sorted list of the people who’re Not Following Back”. It charges $25 to $416 month for these spam tools. After losing its API access today, StatusBrew posted a confusing half-mea culpa, half-“it was our customers’ fault” blog post announcing it will shut down its follow/unfollow features.

Twitter tells TechCrunch it will allow these companies “apply for a new developer account and register a new, compliant app” but the existing apps will remain suspended. I think they deserve an additional time-out period. But still, this is a good step towards Twitter protecting the health of conversation on its platform from greedy spam services. I’d urge the company to also work to prevent companies and sketchy individuals from selling fake followers or follow/unfollow spam via Twitter ads or tweets.

When you can’t trust that someone who follows you is real, the notifications become meaningless distractions, faith in finding real connection sinks, and we become skeptical of the whole app. It’s the users that lose, so it’s the platforms’ responsibility to play referee.

How WhatsApp is fighting spam after its encryption rollout

whatsapp WhatsApp proved itself to be the most YOLO-crypto company of 2016 when it turned on end-to-end encryption by default last April for its more than 1 billion users. (Facebook, WhatsApp’s parent company, took a more cautious approach when it added opt-in encryption to Messenger.) But WhatsApp’s all-in approach has come at a cost — the company’s executives were arrested… Read More