> But perhaps we should not be surprised by the lack of interest in fraud exhibited by Twitter’s former management. The tech industry in general suffers from a cancerous disposition towards encouraging fake traffic, fake users, and fake online activity because it makes businesses appear to be more successful than they really are. Criminals are fed millions of dollars by executives who think that price is worth paying if it will mislead investors into believing inflated valuations. The presumption is that current losses are also worth sustaining because the business will turn today’s paper valuation into real value at some vaguely-defined point in the future.
That's it. If you can't figure someone's intentions, look at their actions, and infer the intentions.
At a previous job, we had a product that was attractive with criminals. We were seeing some elevated chargeback rates and refund rates, so I dug in and determined that at least 25% of our new account purchases were fraudulent (unreported stolen credit cards). I put in some rudimentary fraud analysis, and injected a hoop that suspected fraud users had to go through before their account would be billed, simply to prevent the credit card networks from blacklisting our merchant account. The fraud rates dropped considerably with a small false-positive rate, but the new-user metrics slowed with it.
A week after I left my role, the company disabled it. They were sure that the system was a significant cause of some major userbase declines. Within three months, one of their credit card processors threatened to lock them out for elevated fraud rates, and they spent the next six months getting it resolved. Growth never returned.
No one was trying to be dishonest, but no one wanted to look bad, either. The entirety of the metrics showed something was off, but the growth narrative was so important, it was easy to ignore the questionable parts.
This was not a VC-backed business, so the pressure to perform was entirely internal. Nothing was faked, but the success wasn't (entirely) real, either.
Still those bots probably helped make TikTok popular and probably helped boost stock prices, like we see with other social media platforms and even SuperStonk!
I have a harder time believing that 390 different telcos were all running the same fraud to the tune of $60 million per year and none of the previous Twitter administration thought to check into it.
This feels like another one of those claims that has a kernel of truth, but gets exaggerated for dramatic effect as a PR move. Like those drug busts that find a small amount of drugs, but then use the entire weight of the container it was found in multiplied by the highest possible street value they can imagine so they can claim a gigantic number in the headlines.
My brother, I encountered the 1800 free conference call guy and very specifically he said that the industry for both calls and texts like this is huge. At the time he was using that info to attempt to prevent a major merger that eventually went through - but his direct account of the mechanics makes Elons claim more than probable and well beyond credible; basic fact without the individual logs.
Factoid: Every call makes money for the sender no matter if you pick it up or not. Every text the same; especially hiding in plain sight of SMS 2FA
> Basically, there are telcos who are not being super honest out there, in other parts of the world, who were basically gaming the system and running, like, two-factor authentication SMS texts over and over again, and just creating a zillion bot accounts to literally run up the tab so that Twitter would SMS text them, and Twitter would pay them millions of dollars, without even asking about it.
He’s very clearly accusing the telcos themselves of creating bot accounts.
Addressing the issue is sensible, and yet he found the least sensible way to do it. Putting the onus on the user to remove sms two factor and making worse security a paid feature is just absurd.
Considering how many spam calls come to my phone on a hourly basis, I’m inclined to believe Elon when he says some telcos aren’t in it for the enjoyable user experience.
Given the IRSF attacks that I’ve seen the number isn’t out-of-line with reality. Many of the attacks originate from countries that are perennially short hard currency and with sanctions and rising interest rates dollars are hard to come by. As a head of a telco that needs hard cash to pay for equipment that is all imported, how closely are you going to look?
Yea this is my take as well, having worked in this space. You can and will lose millions without detection, but 60M seems extremely rich, even for a VC-funded growth stock giant like twitter.
1) it makes the cost of acquiring users artificially high, since its an expense that doesn't lead to a completed signup
2) you'd think the verification process would be monitored anyway, in case of deliverability issues or false negatives on checking the codes - even if not spikey because this was always happening, surely the high baseline 'code requested and never entered' would raise questions?
I am not sure if believe the $60 million. The truth might be that banning 360 Telcos saved Twitter $60 million, however, that doesn't mean 100% of these costs are fraud.
Those 360 Telcos are likely in emerging markets that have far more potential to grow than the USA market. If you ban 2FA SMS you will also limit your growth in those markets.
And possibly limit the growth of mobile devices in those markets. They’re probably cross-subsidizing discounted fees with all that western int’l SMS revenue (one can dream anyway).
Assuming an average sms rate of $0.04, they have sent 1.5 billion messages a year.
2022 stats indicate Twitter had 396.5 Million users. So for the full picture, it would be around 5 messages per user per year, which I don’t see as a large number. This might be why it wasn’t unnoticed.
With your numbers (not checking) this would be 1.5B supposed new users requesting to sign up (or existing ones verify a new number I suppose) and then bouncing, every year. Which is a lot if you have 0.4B completed-signup users, and shouldn't go unnoticed.
Those are not the only times when 2FA happens. It happens every time you log in after closing a session. This could be multiple times a day for some users.
I remember someone did this on a smaller, individual scale. Billing a company for SMS messages..I think it was Starbucks or something. This was 4 years ago, it was shared here.
I suppose that Twitter has to pay each time a SMS is sent (ar at least, they pay according to the amount of SMS generated), so the bots pump that amount?
It very well could have been only targeted at poorly managed big companies, but I didn’t see this despite seeing quite a lot of scams. This was a smaller telco though. When I worked at one of the largest telcos I wasn’t involved in SMS.
Paying for incoming texts and calls is not common outside the US. When you call or text someone, you pay the fee listed in your contract (not theirs). That is to say, the sane system exists and most countries use it.
Preventing the fraud described in your edit is what I'm asking about. I'm wondering if anyone has set up lists to help avoid surprise prices for sending messages via SMS service APIs, not from texting someone from a phone.
Readit News
That's it. If you can't figure someone's intentions, look at their actions, and infer the intentions.
A week after I left my role, the company disabled it. They were sure that the system was a significant cause of some major userbase declines. Within three months, one of their credit card processors threatened to lock them out for elevated fraud rates, and they spent the next six months getting it resolved. Growth never returned.
No one was trying to be dishonest, but no one wanted to look bad, either. The entirety of the metrics showed something was off, but the growth narrative was so important, it was easy to ignore the questionable parts.
This was not a VC-backed business, so the pressure to perform was entirely internal. Nothing was faked, but the success wasn't (entirely) real, either.
Same TikTokker different Reddit Threads. https://www.reddit.com/r/TikTokCringe/comments/vkv8hu/aww_th...https://www.reddit.com/r/sadcringe/comments/wf1a0k/nigerian_...
Still those bots probably helped make TikTok popular and probably helped boost stock prices, like we see with other social media platforms and even SuperStonk!
https://www.reddit.com/r/Superstonk/
If you or someone you know has a social media presence with people you dont know, do the <s>computer</s> bots say no?
I have a harder time believing that 390 different telcos were all running the same fraud to the tune of $60 million per year and none of the previous Twitter administration thought to check into it.
This feels like another one of those claims that has a kernel of truth, but gets exaggerated for dramatic effect as a PR move. Like those drug busts that find a small amount of drugs, but then use the entire weight of the container it was found in multiplied by the highest possible street value they can imagine so they can claim a gigantic number in the headlines.
Factoid: Every call makes money for the sender no matter if you pick it up or not. Every text the same; especially hiding in plain sight of SMS 2FA
I think this is actually the first sensible thing Elon has done since the takeover
He’s very clearly accusing the telcos themselves of creating bot accounts.
1) it makes the cost of acquiring users artificially high, since its an expense that doesn't lead to a completed signup
2) you'd think the verification process would be monitored anyway, in case of deliverability issues or false negatives on checking the codes - even if not spikey because this was always happening, surely the high baseline 'code requested and never entered' would raise questions?
Those 360 Telcos are likely in emerging markets that have far more potential to grow than the USA market. If you ban 2FA SMS you will also limit your growth in those markets.
2022 stats indicate Twitter had 396.5 Million users. So for the full picture, it would be around 5 messages per user per year, which I don’t see as a large number. This might be why it wasn’t unnoticed.
Deleted Comment
Telco companies allow people to set up numbers which cost money to send an SMS to.
Then those people set up bot farms to register for Twitter repeatedly, triggering a verification text, which Twitter then has to pay.
The telcos aren't committing the fraud directly, but they are profiting from it.
In a sane system, no one should pay fees unless they're listed up front. Lacking that, a way to identify and avoid bad actors would be helpful.
Edit: Ironically, it seems that this can also be foot-gun: https://news.ycombinator.com/item?id=34847873
Deleted Comment