Slashdot Mirror
Microsoft Researchers Slash Skype Fraud By 68%
mask.of.sanity writes "Life could become more difficult for fraudsters on Skype thanks to new research by Microsoft boffins that promises to cut down on fake accounts across the platform. The research (PDF) combined information from diverse sources including a user's profile, activities, and social connections into a supervised machine learning environment that could automate the presently manual tasks of fraud detection. The results show the framework boosted fraud detection rates for particular account types by 68 per cent with a 5 per cent false positive rate."
So, I don't use ANY so called "social networks". I often create new email accounts. I wonder if that means that I'm suddenly considered a fraudster just because I don't like to be tracked and logged everywhere.
So the arms race may be tilted in favor of Skype for now, but in 6 months we'll have an article "Fake profiles up 200% on Skype".
Seriously, that's elementary level abuse fighting. I was doing something similar 6 years ago to fight abuse on my small website.
I guess everyone at MS with any talent left long ago to work at Google.
The headline implies that the fraud has already been slashed.
But the story says it's just a research project where they were looking into techniques to combat fraud.
No fraud has been slashed yet.
* Stolen money from the accounts (you didnt use it before expiration) * Centralize the traffic (no more P2P) * Screwed client for Linux * Removed "Now Llstening to..." status ...Go go Power Rangers, this year will be the year of Jabber on the desktop
....Microsoft Researchers Slash Skype Users By 68%
Oh, but Microsoft is "evil", so there must be some "evil" down-side here. Are they charging for this "reduction"?
Five percent false positive? What happens to them? Can they get their shit back by going through the proper channels?
And Microsoft considers that a success? I guess that's why their activation for Windows and Office is so horrific and loses its activation so damn often. They have a very low quality bar.
Of course, I'm just bitter since I'm having to call Microsoft to reactivate 35 Windows 7 desktops tonight that lost their activation again. The last time I did this, it took me about twenty hours on the phone.
So let me get this straight...
Your new filter works better than today's filter...against today's spam
But today's spam is designed to circumvent today's filter, and spammers will change their techniques as soon as you switch to the new filter.
This is the classic Antivirus problem, where new and unusual AV programs get great ratings until they become popular and virus developers start coding with them in mind.
And now you've also published how your new filter works, to make it even easier for spammers to circumvent your new filter. Great.
How can I believe you when you tell me what I don't want to hear?
Improving detection by 68% != Reducing fraud by 68%
Imagine that previous methods caught 10% of the fraudulent accounts. New tech improves that to 16.8%. It's a 68% improvement in the fraud detection rate, but only a 6.8% "slashing" of the fraudulent accounts.
(And 5% false positives is pretty horrific)
Now how about fixing the IP exploit where you can find someone's IP just by knowing their username?
This makes DDoS very easy to do and ruins many livestreams where the livestreamer doesn't even know what is going on, thinking it's his ISP shitting out on him.
Hopefully their research concluded that they should validate email addresses. I have about a dozen Skype accounts (though I never use the service) because of fraudulent account sign ups. The simple act of validating email addresses prior to issuing an account would fix this. Hell, even a product targeted at the lowest common denominator (Facebook) has managed to figure that out.
Wow, I've never had Windows 7 suddenly lose its activation, and I pirated it. Perhaps I have something you don't? Something like a... genuine advantage!
90% of my online accounts are fake, even this one. I create new accounts with new names to preserve my privacy, I have multiple hotmail, gmail and Facebook accounts specifically for this purpose. Sure the NSA types might see through this, but the average marketing agency won't. In real life, you can separate your worlds. My wife's circle of friends know me, but they don't know my friends, same goes for work 'mates', extended family etc. I have the power to keep things separate. It seems this choice is being slowly removed in online life as every web service demands you use your real name. Who wants to live in a world where everyone knows everything? We need a right to anonymity online.
It's impossible to make a Skype profile that has all fields hidden.
99% of the fraud perpetrated by Skype is due to their allowing of ads for scam sites.
Conclusion: They are 68% full of bullshit and still selling minor's details to advertisers.
What happens if you get caught in 5% fake positive? An e-mail asking for confirmation or a SWAT RAID?
Hangouts is doing wonders for me now so I dont mind if my skype account is shut down
People once told me 68K ram was all we needed,
Microsoft has made it possible to now record 100% of all conversations and store them indefinitely for the nsa
Hmmm I seem to recall a complaint that the NSA (and others) couldn't break Skypes' encryption and wanted help.
https://www.schneier.com/blog/...
It was popular with the crooks.
http://www.theregister.co.uk/2...
Then an investment group Silver Lake Partners gained controlling interest.
http://en.wikipedia.org/wiki/S... (interesting crew there)
Then no more complaints or request for help by the NSA.
A couple years later Skype was acquired by Microsoft,
http://www.microsoft.com/en-us...
It's a fascinating coincidence.
Innit.
"If any question why we died, Tell them because our fathers lied."
Don't use British slang. TIA
In my entire professional career, spanning to well before software required activation, I have never, ever had a legitimate copy of Windows "lose" its activation. Ever. Over literally tens of thousands of desktops in various organizations. What's more, a Google search does not show this happening to anyone else either. The only results for lost activations are a result of a system restore, WGA crack or something other obvious activity.
I would suggest you stop pirating your software or stop making up bullshit lies. They're both pretty sad.
Skype charged my credit card $60 a year after I cancelled my phone number. It somehow got un-cancelled. They gave no warning and just charged it, and won't respond to any of my requests for a refund. I've cancelled it again, but who's to say they won't do it again next year? I never agreed to recurring charges. (I never do for any service.)
HAHAHA! I pirated Windows too, but I still get to have Genuine... funny how cracks don't have to play by the rules and all. :) Windows Update thinks I bought Windows 7.
Lovin' my free updates too
Oh, and for OP, remember: it isn't illegal to run a crack on software that you legitimately bought. Unless you are doing it to get more copies running than you paid for. (not that I give a shit but you might)
One in twenty legitimate accounts are going to get closed?
That's going to hurt the bottom line.
I've only used skype a few times. What is skype fraud?
My understanding of skype is it's basically a video phone using your general purpose computer.
I read some of TFA looking for what types of fraud they are talking about, but didn't see any detail. They mention credit card fraud, but that's not a feature of skype. I mean, if some stranger knocks on your door, and when you answer, asks for your credit card number, and you give your credit card number, that's not a weakness in your door or lock, that's a weakness in you.
What I do with my landline is never answer if I don't recognize the number or name in the caller ID. Couldn't I do the same with skype, never answer if I don't know who is calling? There you go, 100% fraud prevention.
Oh . . . wait . . .
...so tell me why again people feel Skype is suddenly more important than every other service on the internet today that is also infested with fake accounts?
And Skype of all things? You're looking at the damn caller on the screen. If you're stupid enough to be fooled by video and not know who you're communicating with, you should just box up that computer now...if you can figure that out.
Jesus, talk about making something out of nothing. Are we sure this story isn't fake...
In my entire career, I've never seen an ECC RAM parity error.
Therefore anyone talking about this and its possible advantages and disadvantages is just making stuff up.
Right?
90% of my online accounts are fake, even this one.
That's exactly what all parents should teach kids to do: Don't talk to strangers (whether online or in the real world. And especially don't give them true real-life information. And remember - to your kids, Zuckerberg and the Google kids giving out "free" internet services are just as much strangers as a guy in an unmarked van handing out free candy to kids. I thought that's just basic parenting skills; and one of the first rules anyone teaches kids.
The 5% figure makes me suspect that they are modeling behavior with a gaussian distribution, and looking for values in their metrics that deviate more than 2 standard deviations from the mean: the classic "95% confidence interval." With this criterion, one would expect, by chance, that 5% of all non-fraud situations to be caught in the net.
I don't think it's uncommon for fraud-detection businesses to live with a moderate false-positive rate like this. Increasing the confidence interval to, say, 99% (3 standard deviations) results in fewer false positives but also more false negatives. The "sweet spot" balances losses from missing the false negatives against the cost of the false positives. Of course that's not very comforting if you're in the false positives, but I don't think that's a reason to discard probability-modeling for fraud-detection.
If it weren't for deadlines, nothing would be late.
Comprehension fail The anecdote was only part of the post. The total lack of anyone else sharing the same problem was the rest. I can find countless examples of people having trouble with ECC RAM. I could not find a single example in the first few pages of results of anyone "losing" activation without an underlying cause. That paucity of results leads me to believe that if it happens, it is an incredibly rare event.
I heard Mon Mothma is Microsoft's new CEO.
Careful, mate. Don' wanna end up in the boot of some bloke's lorry, now do yer?...
Yeah, I've seen the request for re-authorization pop up after expanding ram too.
The first time, I groaned, because it meant a trip through the closet of despair looking for the original Cert Tag.
And further, I go through this every time I increase the memory on one of my virtual windows machines.
But you know what? Nothing needed entering. It found everything by itself. It was literally a "click through."
Me thinks thou doth protest too much.
Sig Battery depleted. Reverting to safe mode.
In my entire professional career, spanning to well before software required activation, I have never, ever had a legitimate copy of Windows "lose" its activation. Ever.
Oh, really? lucky you..
In the past week I've had a copy of 64bit Win7 professional suddenly go 'counterfeit'. Which was somewhat weird as I'm sitting looking at the damned install disks with their product key stickers as I type this. Yes, I finally got it reactivated, but it was a bit embarrassing when this sort of thing happens in front of a consultant we're paying silly money per day to debug some software-talking-to-hardware issues we were having..
(In this case, no hardware changes had been made to the machine since the OS install, but a package was installed which required a hardware key, once the software for that was installed, all the fun apparently began..)
Let's not forget the old XP 'hey, I see you've just changed a {insert-some-random-bit-of-hardware-here}, let's reactivate!' tango, where, for some reason, not every time, not in a predictable manner (that would be too frigging easy), legitimate XP becomes counterfeit. even though you've all the relevant license documentation in front of you,
In fact, I got so fucking pissed off dealing with that one I regularly pre-hack the 'product activation' on our legitimate XP machines that I know I'll be doing a lot of hardware changes on, and, for the record, I'm sitting here with a surplus of 15 unused XP pro licenses (c/w install DVDs, all nicely shrink wrapped).
Maybe in a nice environment where your machines are all running with the same hardware they''re supplied with, you've no issues with product activation, but, alas, yes, we regularly change the hardware config of our machines (nature of the beast, apropos their role), so we run into machines losing their 'activation' on a fairly regular basis.
The last phone call to the Microsoft product activation phone line was early December, went through the procedure, plonked in the numbers given, still no joy..again, even though I've got the damn original install disk and product sticker prominently displayed on the PC sitting in front of me, so guess what I ended up doing on that machine?.
Again, I stress, these are all legitimate copies of the OS, some supplied by Dell, some by HP, some OEM.
yes, we regularly change the hardware config of our machines (nature of the beast, apropos their role), so we run into machines losing their 'activation' on a fairly regular basis.
Well no fucking shit if you change the hardware it's going to need to be reactivated. That's not "losing activation". That's how the fucking system works. Maybe it's an irritating system, but you DO know how it works up front.
I seriously doubt the competency and/or honesty of people who claim Windows just mysteriously "loses activation" then when you ask a few basic questions it turns out that it's their own damn doing. If you need to change hardware a lot, use a VLK or get an in house KMS. This isn't rocket science, this is a basic level of competence at your job.
Yep, I'm sure everyone who a machine deems to be undesirable is just going to sit quietly on the sidelines and take no further action like any self respecting fraudster/scammer/spammer always does.
Unless algorithms are smarter than humans and you have a monopoly on such algorithms expect humans to adopt and continue with their bullshit only now they will be much harder to systematically "classify". All the while during this unwinnable evolution of war real people continue to be flagged and collateral damage accrues... but don't take my word for it ... try to send an email and have any assurance if it being delivered and not silently ignored by a "machine learning" algorithm answerable to nobody.
Are all shady and/or flaky... it's like the cornhole of the internet that isn't even fun to play with or look at.
You are incredibly lucky. A cursory Google search returns pages upon PAGES of IT admins, college students, and help desks randomly losing their activation. One of my best friends runs a strictly Microsoft only shop, and he has yet to have a client that hasn't had some hiccup with licensing (they fasttrack him through desktops, it's still a pain for Exchange and SBS apparently).
If you log into Skype today, the gambler's fallacy predicts you have a very good chance of losing your account.
They say this, but someone signed up for Skype on my email account. They just put my email in, (they were Arabic) and for the next 2 weeks I got Skype spam, so I reset this persons account, logged in then I emailed their support, they said sorry, but I asked how they allowed it without verifying it, "just the way it is and it'll probably take 2 weeks for the batch processes to delete your info"
"fraud fraud fraud fraud fraud"
it keeps talking about fraud and stopping it, but what KIND of fraud? I don't get it. Are we talking about Skype users tricking other Skype users to deposit money in Nigerian prince bank accounts? What? Or are they saying they don't want non-real Skype users? In which case this is an anti-privacy measure yes?
So, you admit it does happen, possibly even often, it's just that you refuse to consider it a failing of Microsoft, because Microsoft is perfect, and no matter how broken by design their products are, their products must be perfect, because they are made by Microsoft.
You sound like the guy who claimed that he had never seen a Windows machine crash, because he doesn't consider anything that can be fixed with a reboot a crash.
I've seen a bunch of reports that Skype is asploding ten minutes into a call since the last update. Perhaps they fixed the problem of fraud by making it impossible to successfully complete a call. It's the Microsoft way!
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
or get an in house KMS.
Yeah, that works great for us - intermittent messages "Microsoft Office cannot verify the license for this product" followed by shut-down. What's that you say? Our lousy slow network connection to the KMS is to blame?
Yes, of course, obviously it's totally unreasonable to expect that MS Office should work properly when there's a bit of network congestion (literally a few seconds delay). Or that it should work like it did in previous versions where this never happened.
BTW we are an MS "partner".
The numbers seem poor as far as detection rate vs false alarms.
From paper results:
200k users : original data set had 50%-50% labeling of normal vs fraudulent
Data set down-selected to 34000 users where 1 in 6 now labeled as fraudulent --> that is 5666 fraudulent users, and 28334 non-fraudulent
For this down-selected data set, the TP is 68% as fraudulent (0.68*5666 = 3853 people correctly detected)
BUT, the FP rate is 5% (0.05*28334 non-fradulent) = 1416 id as fraudulent when in fact they are not.
So, in terms of relative numbers, the system has a 27% error rate (1416/(3853+1416) and a miss rate of (5666-3853)/5666 = 32%
Basically 1 in 3 people are miss-id'ed as being fraudulent, 2 in 3 are correctly id'ed as being fraudulent. Not very stellar numbers.
Now, try to apply it to real-world, larger data sets where fraudulent rates might be much lower than 1:6 and the result will be even more problematic. You will incorrectly ID more people as being fraudulent than you correctly ID as be fraudulent, which might prove to be costly in terms of lost revenue. Still, as I do not know the cost function that they are trying to minimize, this algorithm might prove to be cost effective after all. Or it could be used as part of a hierarchical system: for instance, it could be that the detected users can be fed to humans for final labeling to reduce the FP rate.
A cursory Google search returns pages upon PAGES of IT admins, college students, and help desks randomly losing their activation.
I just checked before my OP. It does not. It returns pages and pages of people who have broken their activations through their own actions and don't realize it (or admit it) until they are corrected in the thread. I couldn't find a single result of someone saying "it was just unactivated one day" and no other cause being found. Could it have happened? I'm sure it must have to someone, somewhere. But is it a widespread issue? Not by a long shot. It's an isolated edge case, at best.
Me thinks thou doth protest too much.
You're using the phrase incorrectly. That phrase doesn't mean "You're whining too much". Rather, it is an argument for attributing guilt. An archaic form of the more recent "He who denied it, supplied it".
Sure I sold you robot insurance. But you were attacked by a cyborg. Not covered.
Me think thou doth pedant too much.
Sig Battery depleted. Reverting to safe mode.
why would i pay for skype when google talk/video is free?