for a long long time now, I think about strategies for building a Twitter botnet (just4fun).
Not only the setup and management of such a botnet are interesting but also the different ways to “hide” the fact that there is a botnet.
Now, one could argue that it’s not that nice to create yet another fleet of fake Twitter accounts and let them do random stuff, but it’s still a very nice project suited for Elixir and to be honest, no one would even notice yet another botnet there
There are also some nice things you could do like querying the Twitter API and bypass the ridiculous small rate limit by balancing the requests over all accounts.
So, my question is, if people are interested in reading about my ideas. Most things can also be used outside of the Twitter scope I guess.
It sounds interesting and fun idea. With regard to writing a book, you may want to think about widening the scope. So could your book cover cooperating bots and the notion of agency more generally? One reason for encouraging you is that Elixir/Erlang/OTP ecosystem provides an excellent foundation for this kind of work (happy to discuss that further and support the argument).
Yeah, I would implement some functionality like “let 40% of my bots retweet this tweet” and many other things. There are a ton of things you can do. Beside the botnet features itself, one could build a whole web control panel where you can control each bot individually etc.
Another big topic is obscurity. There are researchers out there who analyse social networks and try to find bots and botnets. And on the other side, there is Twitter who tries to identify bot accounts.
And there are some ways to make these things harder.
With regards to it being a book it should definitely be self-published because IMO no publisher will agree to sign their name under such a topic with a potential for service abuse.
I would prefer such a material to be slightly skewed towards a more general solution, namely how can a fleet of bots be managed efficiently and with minimal effort while it provides certain benefits out of the box? Example: not hitting API limits, as you pointed out. Or even having some of the bots do more requests (but still not hit limits) because they are in a faster network compared to another part of the group – so I mean a distributed code that can dynamically readjust where it runs more work depending on conditions like network speed, CPU speed, available memory. Almost like a true AI.
IMO most Twitter botnets are used to game the advertising and marketing game which is immoral but I will admit I am not very much into marketing anyway so my point of view might not be objective.
I would definitely go with Leanpub.com, the best platform for self publisher.
Functionality wise, I will focus on Twitter, BUT all of it can be used for other things too. The concepts are pretty much the same, just different API calls and slightly different behavior for other platforms.
The real interesting part is everything around. A botnet is fine, but it shouldn’t look like one.
Yeah, there are many single bot accounts who just tweet links to random pages where the victim is supposed to get spammed by advertisement. And of course, the normal “retweet” bots.
Well, I would read it. Curious how would you recommend running it from a multitude of IP addresses especially if you target hobbyist programmers (proxy services that can utilize millions of IPs aren’t very cheap).
Truthfully, computing as a whole – not only in BEAM VM land – desperately needs the next step in bulletproof distributed consensus and self-adjusting / adaptive fleets of machines. It really is about time some of us to actually move this forward. It’s complex, yes, but the IT world needs it badly, with all the Kubernetes and Docker hype and everybody wanting to have a nuclear-strike-resistant app infrastructure.
Someone pointed me at those last week already but I am not that familar with those. But as I said somewhere above, everything (or most) I gonna cover would also work for these things.
The funny thing that comes to my mind with GNUsocial is, that since you can build your own service and connect it to the network, you can easily fake everything. I mean, that would be a nice social experiment. A service with only bot accounts that trick people into believing that they are real users.
First you would have to get some entry point, have a critical mass or just influencers of people who open up for federation with you. Since there’s an unwritten(?) netiquette for bots there, it would be really interesting to manage to pull this off. See how long it lasts until it gets exposed.
Right now, I am waiting to be approved by Twitter for my developer account and then I have to start building a simple botnet to find out whats still possible. The new requirements and verification process is quite annoying.
I’ve been developing a bot framework (in tandem with a bot at work) to help develop and manage multiple bots across platforms (fb_messenger atm but twitter is next up). I think the architecture we’ve developed is superior to simple command <> response architectures and am speaking about it at ElixirConf this year.