keybase / keybase-issues

A single repo for managing publicly recognized issues with the keybase client, installer, and website.
900 stars 37 forks source link

Keybase has a spam account problem. Options to block, report? #3546

Open Dabitch opened 5 years ago

Dabitch commented 5 years ago

Many people have discussed the issues with spam, in the form of any keybase user being able to message any other user - whether they follow them or not.

But what can we do about fake users?

Example here: https://keybase.io/titania99

That is a photograph of the Indonesian actress Ida Ayu Kade Devie , and obviously not "Titiania" (here's the photo session it came from in case you are curious https://www.kapanlagi.com/ida-ayu-kadek-devi/foto/foto-rez-ida-ayu-kadek-devi-038.html )

Now, I am not a fan of having fake users follow me, but I can't find a way to block this, or report the user. I do however find that I can "unblock". Interestingly backwards.

Am I missing something or is there no way of reporting obvious fake accounts?

plttn commented 5 years ago

This is really just because of the airdrop. Once they realize there's no way to game the eligibility requirements, it'll calm down.

Hexstream commented 5 years ago

I think it's fair to assume that as Keybase scales up, there will inevitably be some pure-spam accounts, regardless of their motivations, and thus there should be a way to report them. Of course, if this isn't done then the problem is likely to (quickly?) exacerbate as spammers realize that they have found a safe haven, and this would be likely to subsequently erode trust among real users.

eedgar commented 5 years ago

I just had a user trying to impersonate another of my followers, reusing their photo. They were trying to scam btc.

In this case I would like to report them as an impersonation account and maybe if enough others do the same they are automatically blocked or some sort of strike system is implemented.

Dabitch commented 5 years ago

How does one report accounts? I see no obvious simple "report user" buttons anywhere, hence this thread. The actress-avatar fake account I use an example here is an impersonation account, trying to scam bitcoin.

Also, there's a huge uptick of random men following just to say "hi" or fumbly hit on you in messages, I would like an option to not accept messages from complete strangers before this turns into Tinder 2.0

strib commented 5 years ago

How does one report accounts? I see no obvious simple "report user" buttons anywhere, hence this thread. The actress-avatar fake account I use an example here is an impersonation account, trying to scam bitcoin.

It's a bit hidden now, but when you block a conversation (from the info panel within the conversation, under settings), there is be a checkbox for "Report abuse". We are working on designs to make this more prominent in new conversations, but it's an option that has been there for a while.

Sorry for the bad experience, we are listening to feedback and actively thinking about ways to improve here.

Hexstream commented 5 years ago

She is also asking for a way to pre-emptively block complete strangers, which seems reasonable. (Whitelist instead of blacklist.)

Dabitch commented 5 years ago

Yes, that would be simple. A greylist might work, for example someone who is followed by and is following friends of mine may message me.

strib commented 5 years ago

Yep, I understand. It's something we're looking at, but I can't comment on now. I was just responding to the question about how to report a user for abuse.

snowkeld commented 5 years ago

I have a scammer trying to get people I know to send them BTC. It's an obvious impersonation; my keybase: https://keybase.io/snowkeld scammer keybase: https://keybase.io/mainebitcoin

A way to use reputation to hide accounts in some way, or block incoming chats automatically based on reputation so they can't easily contact others who did not already follow them would be great. There is no negative reputation system, there really should be something.

Hexstream commented 5 years ago

I agree, but please make sure that it doesn't become possible to censor real people through simple malicious mass-reporting. (Here's an example, if you don't mind.)

There absolutely needs to be a human in the loop for this, and preferably also accountability and transparency. Please DO NOT implement shadow-banning, that's the stupidest thing on the internet. Do let accounts flagged as spam know that they've been restricted, and provide an appeals process. (If you're successfully killing spam accounts, then it's smart to let spammers know that keybase is useless as a platform for spam.)

snowkeld commented 5 years ago

I do not favor banning at all - keybase should operate without a human to act as authority and should not outright ban anyone. The algorithms can simply mute incoming chats from users who have been "shadowbanned" until that user follows them. There could easily be cool off periods on reports and ratios between a rating on a user being "real" vs "fake" so a few reports can't effect more connected users.

When a user messages someone they may take the name of that user at face value from the messaging interface. This can lead to being scammed. If they must follow the user first they cannot be spammed or solicited without their consent and to consent they will have to view the users proofs.

msfeldstein commented 5 years ago

Not just a spam problem also a harassment and safety problem

https://jenngineering.glitch.me/hello-world-except-keybase/

davidcelis commented 5 years ago

There should be an option to disallow receiving messages from people you don't follow. Being able to have a random spammer/scammer/new account follow me and immediately send me a private message doesn't fit what this service should be about.

dahacouk commented 5 years ago

Can we assign a Keybase developer to this issue? How can we get the developers to notice this issue? Spammers are annoying and we need to be able to get them off Keybase.

dahacouk commented 5 years ago

What I want to be able to do is block unverified accounts from messaging me. @joshblum ?

msfeldstein commented 5 years ago

I get about 2 spam messages per day, some with payment requests. I had to turn off notifications and close my app when im not actively using it.

Dabitch commented 5 years ago

Yes, this is getting increasingly annoying. At this point I'm logging in just to block people after the fact.

nilicule commented 5 years ago

Another spammer requesting payment: https://keybase.io/michael14531

Even the ability to report users for spam would be helpful, was surprised to find no such option in Keybase.

maxtaco commented 5 years ago

Improved blocking tools are shipping with the next release. Thank you everyone for your feedback here.

maxtaco commented 5 years ago

BTW, that user is deleted.

Hexstream commented 5 years ago

Improved blocking tools are shipping with the next release. Thank you everyone for your feedback here.

Kickass! Finally!

BTW, that user is deleted.

You mean michael14531?? His profile is still available...

maxtaco commented 5 years ago

Hmm, meaning, he's not able to message any more

Hexstream commented 5 years ago

Ah, ok. So no profiles are ever deleted (other than by the user themselves) currently?

On Fri, Nov 22, 2019, 4:11 PM Maxwell Krohn notifications@github.com wrote:

Hmm, meaning, he's not able to message any more

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/keybase/keybase-issues/issues/3546?email_source=notifications&email_token=AAADFSH5PQ4PDRZIOG6TEY3QVBDG3A5CNFSM4IW3G2OKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEE64GTA#issuecomment-557695820, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAADFSGLJB2C4PW4G642Z43QVBDG3ANCNFSM4IW3G2OA .

Dabitch commented 5 years ago

The 'blocking' and apparently 'delete' features will hopefully change soon as maxtaco said:

Improved blocking tools are shipping with the next release. Thank you everyone for your feedback here.

I have blocked many obvious spammers from following and thus messaging me, but they still show up as most recent users in my 'people' list, albeit with a different link color. This is getting cluttered, fast, and also it still seems to affect my user-suggestions. I am now suggested to connect with more obvious spammers. No thank you.

maxtaco commented 5 years ago

I have blocked many obvious spammers from following and thus messaging me, but they still show up as most recent users in my 'people' list, albeit with a different link color. This is getting cluttered, fast, and also it still seems to affect my user-suggestions. I am now suggested to connect with more obvious spammers. No thank you.

Funny, I just put up a PR for this: https://github.com/keybase/client/pull/21202. Fixed in the next release, thanks for your patience.

Ah, ok. So no profiles are ever deleted (other than by the user themselves) currently?

It is possible for us to delete profiles, but we try not to, since it can't be undone.

davidcelis commented 5 years ago

Improved blocking tools are shipping with the next release. Thank you everyone for your feedback here.

That’s great and an improvement, though I’d still like to see a way to restrict who can message me in the first place. I don’t understand the point of receiving DMs from strangers whom I don’t follow.

Hexstream commented 5 years ago

I'm assuming that's going to be among the improvements... (After all, that is a form of "blocking"...)

brennx0r commented 5 years ago

Improved blocking tools are shipping with the next release. Thank you everyone for your feedback here.

That’s great and an improvement, though I’d still like to see a way to restrict who can message me in the first place. I don’t understand the point of receiving DMs from strangers whom I don’t follow.

+1 on this - We're looking for better control on permissions out of the gate. There's a number of people who have followed me who are abusive. Others have too. We need better tooling here.

ceejbot commented 5 years ago

Blocking? Not a fix. Limiting messages so they can only be exchanged between mutual follows would be the behavior I expect from Keybase.

bmadsen85 commented 5 years ago

Noticed an increase as well. Not only with SPAM accounts, but from what seem like legitimate accounts from users I do not tknow.

An accept / allow user X to follow me would be a nice feature. In the interim I have been manually blocking unknown users via macOS app -- did not see this ability within the web UI.

Hexstream commented 5 years ago

See this blog post!

snowkeld commented 5 years ago

I'm a bit disappointed keybase went this direction. They already have what seems to be a great system for profile authenticity which is used in the XLM drops. Users blocking other users and reporting them can easily be judged by the system in a rated scale - causing reported users below a particular margin from messaging people who don't follow them. It might even be enough to simply create new accounts in a "walled garden" environment by default, meaning they can message others, but others cannot message them without them following the other user -or- changing their settings manually. The direction of enforcing rules on speech within the platform at any level can only lead to an expanding definition of what is unacceptable. The blocking and deletion of accounts by admins should not be how to handle the issue.

Hexstream commented 5 years ago

The direction of enforcing rules on speech within the platform at any level can only lead to an expanding definition of what is unacceptable. The blocking and deletion of accounts by admins should not be how to handle the issue.

Read the most excellent article "Well-Kept Gardens Die By Pacifism" for a contrasting viewpoint.

edit: How is this not a contrasting viewpoint, LOL.

snowkeld commented 5 years ago

That's not a contrasting viewpoint. I agree - but the platform does not have to be the censoring authority. Keybase is not an open forum, it's a private discussion and file sharing platform. There should be a mechanisms to pacify the "unsavory" by community input and algorithm. That pacified user is then in a position where they must be invited to chats and communities within keybase by others choosing to follow that user. For real scammers and spammers this is equivalent to being banned, because no one wants to invite them in. For real users that are being reported out of spite, this is an annoyance that can be worked around for any communities that want them to take part.

Hexstream commented 4 years ago

I banned 25 "suspected" spam accounts from my keybase team and shared the results.

M3l0dame commented 1 year ago

Can you request that Keybase kick the SPAM user account that has reached out to me and others on my team through DM on Keybase?