Slashdot Mirror
DDoS-Style YouTube Dislikes For Sale
An anonymous reader writes: Dell's Joe Stewart chronicles the tale of the YouTube channel that came under attack in the form of an avalanche of 'dislikes' for any videos that touched upon a certain company or even which examined themes around the company's product without mentioning it. The number of dislikes was so disproportionate to the casual number of viewers for the channel, and so concentrated as to constitute a particular type of net-attack — one that appeared to originate in Vietnam. Stewart eschews the notion of a "cottage industry" of Vietnamese YouTube "dislikers" in favor of the fact that any network exploits are eminently reproducible in a country which has only five ISPs among nearly ninety million people — and a widely distributed vulnerable router.
or dislikes?
Dave Jones from EEVblog noticed this after debunking some myths about a kickstarter project (the infamous batteriser) Here's his video about it : https://www.youtube.com/watch?...
This quote from second linked article:
Stewart notes the Vietnamese provenance of the ‘dislike attacks’, and concedes that the original actors involved could simply be proxying their requests through Vietnam. So one can’t blame Vietnam, for sure.
Well, yeah actually you could. The Vietnamese Communist Party's Head of Propaganda admitted the Vietnam government employs it citizens as "internet polemicists" - its a real thing. So its not really a stretch to believe that the Vietnamese government is looking to pick up some revenue by being a for-hire vote or comment brigade.
Sure, Stewart could be right about the attack coming from a botnet consisting of Vietnamese systems, but I don't think that that automatically rules out the Vietnamese government's involvement.
They're going to have to whittle that down to 1 or 2 if they want to compete with western monopoly tactics.
The video is a 38 minutes rant against a product that allegedly extends the life of disposable batteries. The author doesn't disagree with the technology or the fact that it can extend battery life, he just loses his shit about the 8x claim and some other minor things.
38 minutes of outraged, sneering engineering babble with an extremely annoying voice, bad infographics and lots of screenshots. Whoever rented a Vietnamese hacker (or whatever) to add 5,000 dislike on that video should be thanked by Youtube viewers as a whole.
Long story short, I disliked that video.
lucm, indeed.
Years ago I had a steady 8,000+ dislike brigade from Norway. This is not new.
Now that might explain some recent strange network problems that I've been having here in Vietnam. About 3 weeks ago, Google started denying my searches saying that due to the large number of attacks coming from your network they would refusing traffic (or something like that). I immediately checked my home network (a fiber optic TOTOlink router) and changed the password but the messages persisted. (They're gone now.)
I thought that perhaps I had a (lot of) neighbors who had been compromised/involved in attacks and perhaps Google was casting a wide net (blocking a large subnet of the ISP or even the entire ISP) and that I was just caught up in it. That may be the case, like the summary says there are few ISPs and presumably few different routers being used so it would be easy for a hacker to exploit a vulnerability and command a botnet of thousands of routers. On the other hand, I looked up TOTOlink router vulnerabilities and it said that there is an unpatched backdoor to my model so it is vulnerable. I assume this is true even if I changed my passwords.
So (since I'm obviously not an expert) my question is: is it likely that my router has been hacked? Will it allow the hacker to use it as a "bot"? Is my (unencrypted) traffic vulnerable to interception/change/man-in-the-middle attacks? Or is it more likely that Google isn't blocking my little network (that is attached to the internet by a single dynamic IP address) specifically but is blocking a large portion or even the entire ISP (in my case Viettel?).
I hope whoever can answer my questions is rewarded Karmically! Thanks! :)
Nice seeing Dave's EEVlog getting some Slashdot attention.
You're just a shill for that company, aren't you? He showed people making similar comments in reply to his story.
This is one of the problems with a rating system which allows dislikes. To quote from my earliesr posts on the topic: The average ranking is not rank = (up - down) like you'd think.. It's rank = p1*up - p2*down. Where p1 is the size of the population which would rank it up, and p2 is the size of the population which would rank it down. Unfortunately, p1 and p2 aren't perfect, and a certain percentage of them will vote stuff up/down just because it makes them comfortable/uncomfortable. If they canceled each other out, there would be no problem. But if the size of p2 is >> p1, then that small percentage of p2 can be larger than all of p1. A minority viewpoint consequently gets a disproportionate number of unfair downvotes simply because it's a minority viewpoint, and thus has to garner a lot more upvotes just to obtain an equal ranking to a majority viewpoint.
For an apolitical, non-religious example, consider Windows vs. Linux. Say Windows users outnumber Linux users 50:1. Now imagine if a search engine let you rate search results based on whether they were useful or not useful, which is then used to prioritize subsequent search results. In every population, there's going to be an idiot segment who votes stuff down simply because the search result was irrelevant it was to their query, not because they thought it was wrong. Consequently, if a search for hard disk repartitioning brings up four Windows sites and one Linux site as the top results, the Linux site is going to have 50x as many downvotes from those idiot users who never specified Windows in their search but were upset that an "irrelevant" Linux site was included in the search results. If the idiot segment of the Windows population exceeds 2% (numerically equivalent to 100% of the Linux population), that Linux site will end up with a negative rating regardless of how useful or informative it is.
In this case, if a % of p2 is a government-directed smear campaign in control of millions of voters, it can be sufficient to overwhelm p1 and bury a YouTube video with dislikes. (For similar reasons, it's folly to allow non-democratic nations to participate in democratic votes like in the UN. You end up with things the Commission on Human Rights controlled by a bunch of countries who don't respect human rights simply because they have the majority of votes.)
I suspect rating systems fall under similar limitations as Arrow's Impossibility Theorem, and there's no way to develop a perfect rating system. So you need to dispense with the notion that there is one "best" rating system. One is not better than another, they simply tell you different things about what the population is thinking.
To its credit, YouTube still allows you to see the raw number of likes and dislikes, so you can simply ignore the dislike count if you wish. It would be good though if they let you customize their search algorithm per individual account, so you could give more or less weight to certain things like number of likes or dislikes. That would dilute the impact of (purported) smear campaigns like this, as well as drive the SEO people nuts.
For an apolitical, non-religious example, consider Windows vs. Linux.
Haha. You consider Windows vs Linux 'non-religious' and 'apolitical'?
The downside of not having dislikes is that in practice this means everything is disliked by default. It tends to become very hard to distinguish minority viewpoints, niche interests and simply new material from the genuinely bad stuff. And because as a rule only things which are already near the top gather new likes, that means the problem gets worse and worse over time. It's already a bit of a problem on sites with both, but I've been on sites without dislikes and they grow stagnant really fast. Then there is the problem that instead of burying a specific set of videos, evildoers might want to promote videos also. Let's remove likes as well.
It's trying to find a technical solution to a non-technical problem. I cannot see it working. It requires human judgement.
It was, until Lennart Poettering started programming software for GNU/Linux
In a recent court decision, the FTC's power to levy fines against a company with poor cybersecurity has been affirmed: http://it.slashdot.org/story/1...
With car manufacturers, sell a car with defective brakes and the FTC can order the manufacturer to recall the vehicles and fix the brakes, regardless of the model year. If the manufacturer fails to implement the recall, the FTC can fine the manufacturer up to $16,000 for each vehicle in the field. With [say] 100,000,000 vehicles in the field, this is a $1.6 trillion fine.
The FTC recently fined Fiat/Chrysler over failing to implement a recall http://tech.slashdot.org/story... They tempered the amount of the fine to be enough to generate some pain but not so much as to bankrupt the company.
It's not much of a stretch to extend this to router vendors. Fix security problems and issue a patch [the recall] or face a fine. The fine would far exceed the relatively small NRE cost of fixing the problem in the first place.
As a side note, this would get security fixes issued for older Android versions (e.g. even 2.0.x) as the FTC could fine any vendor that thumbed its nose at such support: Google, phone manufacturer, and/or telco that was the "obstinate" link in the chain.
No more of this WONTFIX nonsense [except on latest flagship gear] that leaves consumers that paid good money and got hung out to dry.
Like a good neighbor, fsck is there
Vietnam dislikes were only on the first day of dislike flood. Second day saw Venezuela/Czech/Latvia dislikes with no corresponding video views = load page, hit dislike, close page.
You could argue Vietnamese ISP infrastructure is purely secured. But what about Venezuela/Czech/Latvia? What is a simpler more likely explanation, that they all use insecure routers, or maybe that they are all very poor countries with people willing to work as mechanical turks?
As for the Indiegogo Batteriser SCAM itself, it has been thoroughly debunked in this Video:
https://www.youtube.com/watch?...
Batterscam claims this very model of GPS eats Duracell AA batteries in 2hours, and they can extend this up to 10 hours. Too bad every review of this GPS unit tested battery life already and reached ~15 hours.
SCAM claims below 2 hours normal usage and 10 hours with their miracle snake oil applied, independent test gets 17 hours straight from factory. Cant get any clearer than that.
Who logs in to gdm? Not I, said the duck.
Likes and dislikes on youtube dont' fucking matter. All that matters is interaction. If your video gets a shit-ton of dislikes, youtube counts that as activity... which is GOOD. It promotes your video, just as if it received a ton of *LIKES* instead.
Charlie don't like.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
It works both ways of course. Many people have been trained to "like" everything they see on social media platforms like YouTube.
There is also the obligatory XKCD problem. A large number of up-votes is just as useless as a large number of down-votes in many cases.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
I suspect rating systems fall under similar limitations as Arrow's Impossibility Theorem [wikipedia.org], and there's no way to develop a perfect rating system. So you need to dispense with the notion that there is one "best" rating system. One is not better than another, they simply tell you different things about what the population is thinking.
It's possible to build perfect rating system based on ratings if final rating is based on personal preferences. I.e. if you upvote this page and downvote that page then all similar pages get similar up/down calculations and all search results are altered accordingly -- only for you. But it's very resource-intensive compared with today systems.