Following up on my post from last week about mysterious accounts with clearly auto-generated profiles trying to friend me:
The Dreamwidth Anti-spam team (thanks to watersword for pointing me in the right direction), in their reply to me, indicated that they think it's SEO -- Search Engine Optimization -- spam. That makes sense, and I'm kicking myself for not thinking of it.
SEO is all about gaming Google and other search engines, by creating interconnected networks of web pages that look real, which point to some webpage that you're trying to promote. Modern search engines rank pages based on, essentially, a web of trust -- the more pages that, directly or indirectly, point to this one, the more important this one is considered. So SEO companies (and it's a fairly big business) try to build up networks of pages, and get them linked from lots of real pages, in order to raise the ranking of their paid clients. They mostly do this by injecting bogus links anywhere that they can manage it.
These fake DW accounts don't have any content yet, but they're probably playing a long game, building up cross-links. And just the act of following me creates a useful cross-link for them, because it means that my very-real profile has their fake account listed under my "Other Subscribers" section.
So that's a plausible answer to my question of, "What do they get from this?" They are building up plausible-looking networks via those Other Subscribers linkbacks -- even though no sensible person would friend them back, they don't actually care, since they are getting a link anyway. Presumably, once the network is well-established, the 'bot accounts will begin posting spam articles that link to the webpages that are paying them. Google will see that my clearly-real page is linking to my profile, which links to the 'bot, which links to the external pages, and will tend to score those external pages higher since they are part of a real-looking network. That's just a guess (Google's actual algorithms are a well-kept secret, and there is an entire industry devoted to sussing it and gaming it), but it seems reasonably likely.
The moral of the story is, when somebody friends you on DW, always look at their profile -- if it looks bizarre and computer-generated, report it to the anti-spam team. Vigilance on the part of the community is the only way to keep this game from paying off, and if we let them profit from it, they'll start to play this game in more force. We want to nip this stupidity in the bud, and the 'bots are counting on nobody actually trying to deal with it. (This is why they don't want to have any obvious spam content when they friend you: they want you to just leave it alone until it's too late.)
Thinking about it a little more, a tiny DW enhancement is probably in order. This problem is precisely why external links from Querki are automatically marked nofollow
, and you can't turn that off -- that is the signal to search engines to disregard this link in terms of figuring out a page's importance. This makes Querki useless for most SEO, even the relatively benign sorts; I made the conscious decision that that's not a use case we support.
Any online site (especially any free site) that allows end users to contribute data should use nofollow
where possible: otherwise the spammers will find you and overrun you. I learned this the hard way many years ago, when The Rolls Ethereal -- the SCA's online phone book, which I ran in the early days of the Internet -- was destroyed by web spammers.
I believe that DW ought to mark "Other Subscribers" links as nofollow
, in order to break the network linkages that make this scam particularly useful. They'd still be able to create SEO accounts, but without those backlinks from clearly-real accounts, Google is probably significantly less likely to score them well. It wouldn't entirely break that game, but it would reduce the economic incentive, without impacting DW in any serious way. In particular, it is correct to mark these links as nofollow
, because I can't control those backlinks -- they are forced upon me, so my account shouldn't be considered as linking to them.
Oh, and your bonus for reading to the end: today's bit of spambot improvisation, which friended me last night:
Prior to my current job I was analyzing shaving cream in Nigeria. Spent college summers lecturing about mantra to get husband back after separation in Jacksonville, FL. Spent college summers supervising the production of pond scum in Salisbury, MD. Spent 2002-2010 analyzing velcro in Phoenix, AZ. Spent 2002-2009 selling pond scum for the government. Managed a small team researching childrens books in Naples, FL.
There is something singularly appropriate about these SEO scammers supporting the pond scum industry...