internet phenomena Archives - Elixis Technology

It’s Easier Than Ever to Accidentally Kill a Song Online

Elizabeth Technology March 14, 2023

Trying to Build Hype

It’s actually painfully easy to disappoint potential fans by teasing a sample of a song ahead of it’s full release. The latest to do this was Body Shop, by Sam Smith. The singer released a clip of the song’s drop, and it was bassy, scratchy, and sort of grungy, partially because it wasn’t the final mix, partially because Smith was playing the clip on his phone and the speakers were at their limit. People loved it! When the actual song came out, it felt more Dubstep-esque than it had in the clip, because they removed that scratch and re-balanced the bass before release. A lot of listeners, especially on TikTok, wondered why it didn’t sound as good. However, it still worked out for Smith: the initial stumble didn’t wreck the song’s impact like it had the potential to.

Releasing teasers like this is a semi-common way to build hype for a song, for artists both big and small. Artists will leak a little bit of the song they’re working on, usually the ‘drop’ if a song has one, or some other interesting tidbit of it, and hope it inspires their audience to listen to the full thing once it comes out as a way of building anticipation and excitement.

“Girlfriend” vs. “If We Ever Broke Up”

TikTok has changed the playing field, however. It seems pretty common on TikTok that one artist will manage to spin the app to their favor with a trend, but everyone after that will have great difficulty recreating that success, especially if it’s clear they’re trying to leach off that trend because they didn’t have their own idea. A song called ABCDEFU, for example, did really well (it hit the top 40!) because the app liked the artist singing it, and they liked that she was ‘one of them’. Copycats, including the singer for a song called Twinkle Twinkle Little B**** (yes, it uses that melody), did not have nearly as much success. The app was bored with them. It became clear that a number of artists trying to piggyback off of ABCDEFU thought it would be easy to get the people of TikTok to just stream anything mindlessly as long as it ‘belonged to TikTok’. Begging for listens feels… embarrassing, now. If a song is good, it would have blown up on the app organically, right? ABCDEFU came out before saying ‘let’s get together and make this song big!’ became uncool. It’s also not a bad song in its own right – the artist bothered to write it its own melody, at least.

So it seems to be fate that a songwriter who released a teaser specifically on TikTok, a song called Girlfriend by Hemlocke Springs, would shut the door for most of the songs behind it trying to use the same trick, at least for a bit. Hemlocke didn’t release an unfinished or differently mixed teaser for the song, they just took one of the most interesting parts of the bridge and published a number of videos under that sound clip. This trick works pretty consistently if the song is good, but it comes with risks: if the most interesting part of the song is also one that might get annoying pretty fast, the song’s not going to get a good footing when it comes out because listeners may have heard it too much to enjoy it. If the clip is of the most exciting part of the song, it’s not going to be so exciting in the finished track, because it won’t be new anymore, and that reduces re-listens. If the teaser is released too early, interested listeners might not be interested by the time the song comes out for real.

If We Ever Broke Up by Mae Stephens ran into multiple of these sample traps. The sample came out too far ahead of the song, and the fun part of the song was ran into the ground by the time it came out. For those unfamiliar with TikTok’s algorithm for it’s “For You” page, sounds, creators, and content that the viewer interacts with tends to show up more often on their For You page – if you like a video using a certain song, and you physically tap the like button to indicate that, you’re signalling that you want more of that content. You can get stuck in a loop of the same content over and over if you’re not careful with what you’re liking! The same happened to this song – it was new and interesting, and then the For You page kept pushing it forwards, and then it was overplayed for the people who liked it the most by the time the song was fully available for streaming.

To avoid short-changing a song with this trick, the best bet is to not alter the mixing for this particular sound clip, to release the song soon after the clip is released, and to mean it when you create things. ABCDEFU has something honest to it that Twinkle Twinkle Little B**** is lacking.

The Industry Plant Genre

There’s a whole other subsection of TikTok music written for people who may have connections with a real label and enough money to pay for professional production. It’s usually not very good, and it’s almost never the genre it claims to be (often they go for punk, for some reason, a genre that calls out posers like almost no other).

All of the issues that these previews of songs give to their full-length versions are also somehow worse for these songs. They clip the best snippet of their song and slap it onto TikTok in an attempt to create a viral moment with it. Even if they’re successful, ironically or not, it rarely translates well to streams or song purchases. By the nature of plants, the song itself is usually pretty simplistic with obvious rhymes and a bridge that doesn’t do anything for the song, if there even is one. Releasing a clip of an obviously crowd-sourced/committee-written song before the song is out is pure kryptonite for that song’s success. It doesn’t even have to have suitable-for-work lyrics anymore! Industry plants can use crass language that would bar it from being played at Target, and many do in hopes of appearing more organic. It doesn’t work.

Nobody likes being advertised to anymore, and if listeners are able to figure it out before the song’s got its rotation in their Spotify playlists, it may as well be dead on the launchpad.

Twitter: A Case Study of how Modern Websites Break Down

Elizabeth Technology March 7, 2023

Gutting is Not Always the Solution

Twitter’s meltdown should serve as a warning – while it’s possible to coast off of minimal support for a little bit, it’s not actually all that easy to keep things running on a skeleton crew. And even if Twitter still had all of its staff, would it still be standing after all those changes?

For those of you who don’t use Twitter, Musk’s purchase of the company has been a pretty huge mess for the people working under him. He fired a large percentage of the staff (more than half of the company was laid off) and encouraged those not laid off to leave by insisting Twitter was going to go ‘hardcore’ and they’d have to return to their physical offices for long hours if they valued their job. Many simply sent a salute emoji in the company’s big Slack town square and jumped ship. The people left behind are a mixed bag – engineers that like Musk a lot, people trapped under Twitter’s employment due to work visas, and everybody in between. They’re not the company’s second choice team, by any means, but there are less of them. A lot less. Some might even say it’s too few for the site to function with.

Broken New Features

The blue checkmark fiasco, where Twitter’s CEO promised that being able to simply buy verification would definitely not result in fraud, is one of a number of bad rollouts. A common mantra for startups is to ‘move fast and break things’, a strategy formulated when delaying choices or rollouts to make them not-broken could be the difference between receiving investor money (and customers count as investors here) or not. The iPhone, for example, famously did not work when Steve Jobs first demoed it. It crashed a lot, and it didn’t have great reception. But by demonstrating that everyone was super into the idea, he was able to rally and put out a better, more complete version of the device for customers to buy! Importantly, the iPhone wouldn’t crush the rest of Apple if it didn’t work, so they could afford to play fast with it.

However. Twitter is not a startup, is it? Nor is it releasing a fenced-in product totally unseen before – paid content tiers are new to Twitter, but pretty common everywhere else. (Had Twitter not downsized, it might have even still had the necessary expertise onboard to roll this feature out gracefully.) When a startup moves fast and breaks things, it’s forgivable, because the team might be creating something so groundbreaking that they can’t even keep up with the scope of their idea. When a big company does it, it looks… embarrassing. A team working out of a garage may not have multiple test environments for their app or product. What kind of billion-dollar company doesn’t have test environments?

What kind of billion-dollar company couldn’t see the potential for abuse, especially on a platform dedicated to discussion, either? People were tweeting about misusing this verification shortcut as soon as the announcement was made, and they still went through with it! This new, fast, broken feature shut down a valuable communication channel between big companies and their clients until moderation was put into place. The lack of moderation was supposed to be a feature, you see – Twitter’s previous verification system meant that verified accounts were actually verified by Twitter, not by money, and if they moderated it, it would be like Twitter was doing the verifying again. Again, this is an almost understandable mistake on a smaller platform with less people chomping at the bit to abuse it, but not for multi-billion dollar Twitter. It looked like official pharmaceutical companies were finally breaking good, and like the official channel for Nintendo USA had posted a picture of Mario flipping the bird. Customer support lines on Twitter were strangled by fakes. The response from some of those big companies was understandably angry. Musk attempted to smooth this over by bringing back the individually assigned verification checkmarks, but in gray, and then finally just dropped the idea.

Breaking Old Features

Twitter disabled the service that sent out the 2-Factor Authentication texts in an attempt to prune down microservices. Later, it broke the service that allowed users to tweet directly to their page, meaning only scheduled tweets would go through, when restricting API access. In theory, both actions were unfortunate side effects of trying to streamline user experience: by shutting down what Musk felt was bloatware, Twitter would run faster upon startup. That makes sense. However, Twitter runs on miles and miles of code. And they only have a quarter or so (maybe even less) of the team they had at the start of Musk’s takeover. The resultant ‘breaking’ of microservices like 2FA, and the over-restricting of Tweet permissions, is a direct result of losing the engineers who handled those features before deciding to tinker with them.

Musk’s choice to prune Twitter’s team down to the roots means that every update, every security hole patch, every choice affecting the infrastructure of the site, is now ten times more likely to result in bugs, and those bugs are going to take much longer to fix now.

But hey – at least there’s less overhead. That’s going to be important, because advertisers are not exactly pleased.

Making Simply Existing in the Space A Total Nightmare

The CEO’s promise to ‘stop stifling free speech’ on a platform that’s honestly pretty permissive (a side-effect of being an official channel of communication for a U.S. president, a role that comes with a huge number of responsibilities) certainly earned him brownie points with people who were decidedly not going to use this new, even looser set of rules kindly. People who’d been, say, banned over the use of certain words, in certain targeted circumstances. At the rate Musk was suggesting they loosen moderation, Twitter could have easily turned into 2 Kiwi 2 Farms, where the targets are actually on the same platform the harassment campaigns are planned.

Ultimately, what changes he actually made didn’t matter, because the mere promise of maybe loosening the rules a bit brought a ton of vitriol to the surface anyway, and the remaining moderators at Twitter after Musk’s big ultimatum were not equipped to handle it. Discourse on Twitter was already a horrible, rotten place where nuance goes to die, but people just existing on the site, promoting their wares or keeping up with their favorite singers and actors, were now experiencing a worse version of the site where slurs were now part of the discourse.

Every step of this is an absolute nightmare for advertisers who don’t want an ad for Sunny-D appearing next to a tweet telling someone to off themselves. Musk’s total reign over Twitter combined with his unpredictable behavior means that he can’t even promise he’ll change, because yeah, he might – and what if he makes it even more of a nightmare?

Musk Himself is Part of The Problem

Stephen King declaring that he wasn’t going to pay 20$ to hang around on Twitter as a verified user led to Musk very publicly changing the price point to 8$ – the price that stuck for rollout. How absolutely insane of a business choice! A single celebrity says ‘this costs too much’ (and because he’s a celebrity, you know it’s not because he’s incapable of paying it, the tech-sphere says) and then the price is actually changed. Can you imagine almost any other service just… going for it, like that? This is a perfect example of behavior that would have been funny if Musk had not burned away all his goodwill on stupid stuff, like getting the California high-speed rail canceled in favor of his hyperloop, or calling an account that uses publicly available info on jets a ‘stalker’, calling that cave diver who saved those kids a very mean name with no evidence, or subjecting his staff to inhumane work hours, or that thing with the horse, or the cybertruck delay, or threatening to shut off Ukraine’s new Starlink internet even though the US Government paid for it, the list goes on.

When Musk made a flamethrower available for sale, it was funny! He talks directly to the people! Look, he’s reinventing cars from the ground up! He named his son a bunch of letters and numbers! When Musk said “both sides are making good points”, it was scary. He has so much money that if he decided to fund an ad campaign for a candidate, that candidate could win. When he appeared behind Dave Chapelle to shout “I’m rich, bitch!” at a show, it was… bizarre. The CEO of Twitter has such an investment in looking cool that he appeared on Rick and Morty as a version of himself with tusks. To his remaining fans, he’s a maverick! To advertisers who’d normally buy Twitter adspace, he’s a nightmare. To car owners, his investment in linking his reputation to Tesla makes Teslas unattractive – a nice electric Ford doesn’t come with all the baggage, and the quality control is more consistent. He could appear anywhere, any time, and nobody can stop him from embarrassing himself and all of the people invested in his brands.

Musk himself is a huge problem for Twitter. A bad CEO can destroy a company as readily as any disaster. People within his other companies report that allegedly, orders from him get filtered a couple of times so they actually make sense when they get where they’re going. While that might be hearsay, comparing Twitter’s past few months to Musk’s more successful companies suggests it’s got some truth to it somewhere. Twitter is not filtering his requests – it wasn’t an organization built with impulsive leaders, so orders generally made sense as they left the head office. Tesla was built around Musk, so the buffers were there the whole time.

For Twitter to survive Musk, it has to essentially remove him from himself.

Moderator Bots: Do They Work?

Elizabeth Technology February 28, 2023

In a world of ever-growing conversations and large forums, moderating manpower is in high demand. Websites turn to bots. Is that really the best idea?

Children’s MMOs And Overzealous Bots

Poorly configured bots will spot curse words in other words, so bot configuration is especially important to prevent kids from reverse-discovering a curse word. Kid’s games with open chat are notorious for this issue, even though they should have more attention and care put into their bot moderation than anywhere else. That’s the problem: they’ll go to extreme lengths to protect these children! The people programming auto-moderator bots get overaggressive and say ‘no exceptions. None.’ to their bots. Context doesn’t matter, if it sees a combination of letters that add up to a curse word, then it has to be removed before other children see it. This, however, causes problems.

If someone tries to type ‘assess the situation’ they may end up with a message that says ‘***ess the situation’. They can confirm or deny words their friends told them were actually curse words by bouncing it off the chat filter. Children may be naïve, but they aren’t stupid!

Moderator bots were also trained to spot curse words separated by spaces ‘l i k e t h i s’ later on. This isn’t a bad idea – it just has to be more delicately configured. People will do their best to worm around content filters, and if spaces work, then they’ll use spaces to curse out other players. The problem is that such machines frequently doesn’t understand the context of the letters surrounding it, and you get “Ay* **mells weird” instead of “Aya Ssmells weird” from some little kid’s typo.

The irony of all of this is that it creates a reverse censor effect – clean words seem dirty because the bot’s censored them, words like ‘Assassinate’, or “Scattered”, things kids might use in a game. Typos under this system turn into a fount of forbidden knowledge. People will worm around bot moderators, but – especially on children’s forums – it’s important that the bot understands context, at least a little. If it can’t do that, a human teammate is necessary to whitelist weird word combinations as they appear.

Paleontology and Oversized Profanity Libraries

There are many bones. And if you were going to single out a specific bone (in the context of paleontology) just to cause problems, which bone would you pick? The censor library picked the pubic bone, alongside a host of other totally normal words like ‘stream’ and ‘crack’. There were curse words in the library too, but, of course, like most normal, professional conferences, the curse words did not appear nearly as much as the other words used in completely scientific contexts.

As in the children’s MMO example, it wasn’t an innuendo to say ‘the bone was found in a stream’ until the censor library did the equivalent of adding the flirty wink emoji to the end of the statement. Since tone can’t be conveyed over text except by word choice, the computer choosing to single out a definition for ‘stream’ and apply it to all uses is what made it a dirty word. Besides the words with no connection to actual profanity, pubic bones do come up quite a lot when talking about fossils, because it provides information about how fossilized animals would walk. The pubic bone is the ‘front’ bone in the pelvis: two-legged animals have a differently shaped one than four-legged ones, and animals that walk totally upright like humans have differently shaped ones than animals that ‘lean forwards’, like birds.

Why make a moderation bot too strict to have conversations around? They didn’t make the bot! The conference organizers were using a pre-made program that included its own profanity library. Buying a software that includes censorship already baked-in sounds like a great idea! If applied correctly, it can save everyone time and prevent profanity from appearing where it shouldn’t, even anonymously. However, ask two people what profanity is, and you’ll get two different answers. Everyone has a different threshold for professional language, so it’s better to build a library of the ‘obvious’ ones and go from there based on the event. The best censoring software is the kind you don’t have to use. Professional events are better off stating their expectations, before frustrating their attendees with a software that causes more harm than good.

Weaponizing Profanity Filters

Twitter had a bit of a kerfuffle involving the city of Memphis. People using the word Memphis in a tweet got a temporary ban. Then, a rash of baiting other Twitter users into using Memphis hit once word got around. Memphis getting users banned was the result of a bug, but the incident itself highlights issues with profanity filters. It’s possible to bait people into using banned words, especially if they aren’t inherently a profane word when used out of context.

For example, some online games will filter out the very real countries of Niger and Nigeria, to prevent misspellings of a racial slur from evading a deserved ban. Why would North Americans ever be discussing African countries over a game set in Russia, after all? But, by including them, they’ve created a way to troll other players without saying anything profane (in context). Baiting another user into answering questions about the countries will result in them getting banned, not the question-asker. The person who answered now has to contact the human support line to get unbanned, or wait for their timeout to end, which is annoying and inconvenient for them. The anti-profanity filter has been weaponized!

Building a positive culture around a game takes a lot of effort, and profanity filters are an integral part of keeping arsonists and trolls out. Nobody should feel targeted in game chat for reasons outside the game. However, just like with every example mentioned here, humans should be on call to un-ban and un-block users who were genuinely attempting to answer a question. Err on the side of caution, both with the software and customer support.

Are Bots a Cure?

Short answer: no. Most good moderation teams have at least one human on them in case the bot screws up. Preferably, they’ll be able to respond to ‘deleted comment’ or ‘banned user’ complaints right away. Even better, if the bots are configured well enough, they’re not going to be jumping the gun often enough to take a team!

It’s just very difficult to make a bot that understands people well enough to understand every instance of bad language.

If you’re running a forum and you don’t want people using profanity, you will censor the profane words. A bot could do that. But then there’s things like LeetSpeek, where users will spell the colloquial name for a donkey with two fives in place of the ‘s’s. Do you ban that too? Sure, you could add that to the bot’s library. But then they change the A to a 4. Do you censor that too? If you do, people will push to figure out what is and isn’t acceptable to your bots, and they will. Not. Stop.

And then there’s things like homophones! TikTok, a popular video app, has a fairly robust profanity filter for text. Videos with curse words and sensitive topics in them are noticeably less popular than ones without those words, due to TikTok’s algorithm. However, people making videos on sensitive topics use phrases like ‘Sewer Slide’ and ‘Home of Phobia’ to evade the bots. The bots, then, have not stopped anything. These conversations will happen no matter what TikTok’s moderators want, and banning the word ‘sewer’ is only displacing the problem. If you don’t want users discussing these things on your site, you’ll have to have human moderators at some point.

Language is dynamic, and bots simply can’t keep up. It takes real people to study languages – why wouldn’t it take real people to moderate it online?

Sources:

https://www.theguardian.com/science/2020/oct/16/profanity-filter-bones-paleontologists-conference

https://www.brennancenter.org/sites/default/files/2019-08/Report_Internet-Filters-2nd-edition.pdf

https://blog.twitter.com/en_us/topics/company/2019/hatefulconductupdate.html

https://www.engadget.com/twitter-bug-memphis-ban-133327641.html

https://www.theguardian.com/technology/2021/mar/15/twitter-accidentally-blocks-users-who-post-the-word-memphis

Can a Metaverse Manage to Be Engaging?

Elizabeth Technology February 2, 2023

Cryptocurrency and NFT communities have long tried to provide some benefit for investment. Everything from cartoons to video games to virtual parks and chatrooms are thrown up in the air as rewards for reaching investment goals, and sometimes they do actually manage to make something.

However, just because there’s a lot of money behind any one project doesn’t mean the project is going to come out well.

Metaverses

The company formerly known as Facebook is not the only ‘Metaverse’. Taking that name for itself was sort of like a car company calling itself “The Sedan Maker”, or a Call of Duty game calling itself “First Person Shooter Game”.

Decentraland, for example, has a metaverse of it’s own. It actually recently had an article pop up on Byte discussing the metaverse it had created – 38 individual Decentraland members had interacted with the site over the course of 24 hours. Decentraland was quick to clarify that the number the website Futurism had seen was just the number of users who’d interacted using their crypto wallets – the actual number of people who’d logged on to chat or look around was a much more respectable 8,000 or so.

Still, it showcases an opacity problem: nobody except the people in the project can really tell what’s going on. Open-multiplayer style games and places are much more fun when other people are hanging out in the game, so if potential users see that report and not the 8,000 number, they may be less likely to join. Facebook has not done a great job of advertising what you can actually do in the metaverse outside of walking around. In fact, walking around is such a big part of the virtual world that Facebook’s Metaverse has now added feet to the mix.

It Will Look Good Eventually

The metaverse that Facebook is putting together just doesn’t look very good. To be fair, a number of VR games look ‘weird’ in one way or another, if only because the technology is so new that nobody knows how to make assets for games intended to be shown entirely on curved screens. Facebook’s metaverse is very sterile and plasticky. Decentraland’s looks much the same.

Animations made for trailers for either of these things don’t tend to look very good either, Decentraland because it looks like they used in-house talent to make something with Blender and Facebook’s Metaverse because the avatars that make up most of the virtual world’s draw look like Nintendo Miis, which themselves are a reminder of the late 2000s for a number of Gen-Z, Millenials, and inbetweeners.

Foundationally, the products could be considered in ‘beta’ development. An equivalent in construction would be the stage where the outer walls are up, the floors are installed, but insulation still needs to be blown in and the roof put on. It’s a structure, and people can be inside it, but it’s not really done. If any company doing this stops developing their product right now, nobody would be especially happy with the end result. Facebook’s metaverse is aware of this, and continues to add features – Decentraland and a handful of other crypto projects seem to be pushing the line on what ‘done’ means.

The same goes for a number of projects outside the blockchain, but still tied to a final product. Video games, cartoons, art prints, and more are all in the works and in beta testing, and will eventually look good or be finished, but right now they simply serve as a placeholder for something better… in theory.

Or Maybe It Will Just Be Like That Forever

The first episode of the Bored Apes cartoon swaps between still images of the character’s faces instead of actually animating them. There is a difference – animation usually features a transition between expressions using in-between frames of each face the character makes, so it looks smooth. The Bored Apes cartoon simply went from one still to another without any interstitial frames. It’s an interesting-looking effect, but it is quite jarring – the cartoon’s creators even acknowledged how weird it ended up looking in the second episode of the cartoon, in a moment of meta-awareness. The thing is, though… they’re not going to redo that first episode. It is one of the better cartoon projects created by an NFT (this is not a recommendation to watch it) which is a low bar to cross because other cartoons in that same family end up coming across as edutainment videos for crypto currencies. The trailer for the Decentraland project is not all that different from the cartoon made as a project reward. This is because those groups said they’d produce a cartoon before they had any ideas for a story to tell, and we get these weird half-baked creations instead of something somebody wanted to make.

They have the potential to make something good, but they can’t make something good, cheap, and fast to produce, so they settled for fast and cheap. In the crypto industry, with it’s many rugpull schemes and thefts, projects cannot leave their customers waiting for too long before they start to get antsy about getting their money back. Constant insecurity means constant vigilance for the first hint the project’s creators are abandoning ship. The cartoon better be done before people stop buying!

The Inherent Desire To Save The Money

These websites only being measurable by client wallet interaction is a more perfect metaphor than one I could ever create. The wallet is the only measure other people see because the wallet is ultimately what determines ‘success’ in these rings. It’s the ultimate pay-to-win game. Token holders are expected to shell out on virtual real estate and funny pictures of animals as a matter of clout.

There is a concept in ‘free market’ enthusiasts – if you just let companies and customers wheedle away, eventually, they will make the best possible product that they can for the lowest possible price they can. Ignoring things like inelastic demand, the problem with that concept is that ‘the best product’ is sort of meaningless when it’s A) something artistic, like cartoons and NFTs themselves, or B) something so breathtakingly new on the market that nobody else is there to provide competition yet. These projects get away with producing ugly or bad cartoons and poorly made video games because they have, essentially, a monopoly on the product.

And why would an NFT project want to spend money to make something of quality? When an NFT project offers up a cartoon for hitting participation goals, what is entailed in that? They never said they’d hire writers. They never said the animation was going to be smooth. They haven’t deceived anyone, but they’re monetarily motivated to cut corners and push something cheap and easy out the door. Other crypto products have somewhat tainted the reputation of such technology, and so they have to produce something to avoid looking like a scam, as well.

Essentially, the market is incentivizing guaranteed poor rewards over potentially good rewards, because the timeframe to produce something good can make it look like nothing is coming. Customers are getting burned over and over again.

What is a DOS Attack, Really?

Elizabeth Technology January 26, 2023

DoS stands for ‘Denial of Service’. What this means is that someone plans to deny service to and from a website by crashing it, or making it run so poorly that it may as well be offline. As for ‘why’, there are many reasons – someone could be ‘disagreeing’ with the content of the website or it’s discussions, they may be attempting to drive viewers elsewhere, it may be political, it may be simple trolling, the list goes on.

So, how is it done?

The How

Denial of Service is just that: a denial of service. Any means may be used to get to that point. If it’s a poorly secured website, getting in via hacking or password stuffing and changing the contents on-site could be a DoS. If it’s a poorly balanced website, and if it’s one that allows for posting of pictures and memes, sending an image that’s too large for the website to handle could do it. Similarly, sending too much text, animate gifs, or other content that the website wasn’t prepared for could shut it down. Requesting too much data and opening several tabs at once of a big image that did load could simulate an http attack, although that may be equally hard on the computer that’s doing the requesting. It’s possible to DOS a site accidentally!

Inputting code into poorly made text entry spots can also crash the website, if the owner didn’t know how to prevent SQL injections. Dinging the website too many times in one go can crash some websites, although that usually requires things like bot nets, which turns it from a DoS to a DDoS.

In that same family, SYN flood attacks can also deny service by requesting information over and over until the website is so overloaded that it can’t respond. In a SYN flood, the computer sends requests to connect to the server repeatedly, but never actually completes them. If it’s done right, the server runs out of ports to take the requests, and legitimate requests mixed in with the faulty ones now have to wait much longer.

Preventing it

Many of these are simple issues of preventing out-of-format content and slowing down users requesting to visit. If a posting box has a hard limit of 10,000 characters, the DoSer could whip up a bot to post over and over, but the website owner would be able to tell that something was going on before it crashes the website. Many picture-printing places won’t allow photos over a certain size or resolution to be sent over the web, because it can clog the intake – especially places like drugstores that aren’t set up for large high-quality images. If the network isn’t prepared, it’s entirely possible for photographers to DoS them (at least in the photo station) by accident! Instead, it’s much easier to keep these incidents out at the gate: configuring comment sections and image requirements for size is a bare minimum.

As far as SQL injections go, we have a whole article on sanitizing inputs (here) – the essence of prevention is keeping data inputs and the command to get it to the database separate from each other. This prevents a number of issues by itself, but is good advice to avoid DoSing via SQL as well.

For SYN floods and other brute-force attacks, configuring the firewall and installing an IPS (Intrusion Prevention Software) are what security vendor PurpleSec recommends. In the olden days, attacks like these may not have crashed the site, but they could still drive the hosting costs through the roof – the owner is then incentivized to pull the plug themselves so they don’t drown in fees from their server company.

To prevent breaches, use two-factor authentication when building your site. Please. Microsoft reports that it stops 99.9% of fraudulent login attempts. It is one of the easiest ways to improve your security.

How is it different from DDoSing?

DDoSing relies on multiple computers to get the desired effect; DoSing takes much fewer. This has many benefits for the person trying to wreck a website. Firstly, DoSing doesn’t involve gathering other computers to attack with – you already have all your resources at your fingertips! However, that’s a double-edged sword, as you can’t attack with more than you have.

DoSing is also easier to coordinate as other people are (usually) only minimally involved. Getting other people to DDoS a site organically is difficult because it requires organizing strangers, and doing it with a botnet requires buying a virus or making one yourself and then distributing it. DoSing with a SYN flood or with SQL injections is hard – but it might be easier than trying to get ever-more-wary strangers to click a suspicious link. Outsourcing to a hacker group, of course, is easier than both unless the malicious party lacks the funds to do so.

On the other hand, hacking into a website that’s only password-protected with a password stuffer (or doing it semi-manually by guessing passwords yourself) is probably easier than any other method. While this carries some risk (if they can tell where the login came from, they may be able to find the attacker), it also has a lot of potential for damage if the website owner hasn’t backed up the website. The problem with this method is that the website has to be poorly secured for it to work – 2FA stops the vast majority of these attacks, and being smart with who gets admin permissions can limit the effectiveness of the attack.

Sources: https://purplesec.us/prevent-syn-flood-attack/

Only Confidence

Elizabeth Technology January 19, 2023

Theranos

At this point, you’ve probably heard of Theranos, a company whose wondrous technology could have made blood testing less of an expensive nightmare for the average patient. Essentially, it would take a fraction of the amount of blood typically needed for a full panel, dilute it a bit, and then test that for all of the things it needed.

The dilution isn’t actually the suspicious part, at least not on its face. A lot of tests can handle dilution, so it made sense to professionals advising investors at the beginning. The suspicious part was that Theranos was only taking a few drops to run that full panel, and also running that panel in an absurdly quick time frame. At the ratio Theranos would have had to dilute, some of the tests would have become impossible because blood is more than just liquid, it’s also platelets, proteins, sugars, and cells. When you add saline to that, you’re not increasing any of those, just the liquid. This methodology increases bad results on a number of the tests using the traditional methods, but Theranos seemed to have decreased the margin of error somehow and promised it would get even better with time. Anybody buying the machine would have had to have some disclaimer that it has a higher failure rate than the original methods, but hey – it’s new. It can get better with time and money.

Obviously, all of this was later revealed to be a fraud. They never could get the error down enough for the machine to be a better alternative to standard methods, and reducing expectations to ‘it only tests some things’ or ‘it takes more blood than we promised, but less than the original tests would have’ didn’t come soon enough to prevent a lawsuit.

The issue here I think is not in trying to make the machine. It’s in trying to make the machine work miracles right out of the gate. It’s possible to make life easier for the patient without promising Star Trek level technology. A lot of the expense and difficulty that comes with running these tests is coming out of inefficiencies that are held in place by the hospital taking the blood and the insurance paying for it. If it were possible to streamline this and make it take fewer steps, it would naturally be cheaper and easier for the patient because there’d be less arguing between all parties at every step.

Look at the Instapot, for a much simpler example that isn’t tied to insurance profits: it was a simple pressure cooker with few features that could cook on the countertop instead of the stove. It reduces the risk of the customer hurting themselves because it pressurizes itself and monitors the temperature internally. That’s a cool thing! And at first it was all that it did. But then it also added a yogurt setting! And it can cook rice now, too! The newer models keep getting better and better, and it didn’t have to start off with the promise of being able to make whatever you want right off the bat to be worthwhile.

Perhaps the blood machine could have taken the same amount of blood as traditional tests do, but done all the tests within the machine. Perhaps it could have narrowed its scope to use less blood in the first place, and left the specialist tests to specialist labs. Maybe it could have even built its own pipelines to those places. Now we’ll probably never know. Investors have had their feelings hurt, and the next Theranos may have to crowdfund.

No Man’s Sky

Investors can really screw up a development path no matter what the product is. To go completely digital and talk about the same phenomenon elsewhere, there’s video games. Look across the gaming news headlines for games that came out waaay before they were ready: there seems to be more than ever. Everything from Pokemon to DOOM Eternal comes with bugs that must be patched out in updates after release.

The problem happening here is that the game designer has good ideas, the development team is skilled, but the people funding the game want it now. They want it yesterday. They’re paying for these people to pursue a career that many people only dream of, and by golly do they expect those teams to be grateful to work 80-120 hours a week based on a completely arbitrary release date. Pokemon Scarlet and Violet is fun but buggy; Overwatch 2 has poorly optimized features that the original game did really well. They are not rare exceptions anymore. Triple-A games are being strangled by a need to get investors and their owning company a lot of money really fast.

Worse, sometimes it’s not even the investors – sometimes it’s the fans themselves. No Man’s Sky is a good game now. But during the press circuit run up to the game, the head developer and manager of the project was being pressured not only to increase the scope of the game, but also keep the same strict timeline they’d had when they initially announced launch. It’s not unusual for games like that to be delayed a bit or longer – it was putting a lot of pressure on the team, who ultimately ended up releasing a project a little bit worse than what they’d set out to make (with quite few bugs making it feel worse than it really was even at that point in time – it needed polishing) but way worse than everyone was expecting. No Man’s Sky was supposed to be a magnum opus of indie gaming – it only lived up to that years down the road after a lot of hard work and patches made by the original producers.

The Horizon: Prince of Persia

In a rare example of refunding money for an as of yet incomplete project, Ubisoft has announced that people who paid for the Prince of Persia pre-order will be getting a refund. The game isn’t ready, yet, and they don’t know when it really will be.

This is a fantastic step towards slowing the self-destructive cycle of shoving incomplete games out the door. It turns out the product doesn’t need to be exaggerated to get it to sell, and it doesn’t have to ship incomplete. Those are choices, usually choices not made by the people assembling the game, or the blood testing machine, or any number of products that have come out and promptly flopped.

https://www.ign.com/articles/prince-of-persia-remake-isnt-canceled-but-ubisoft-is-refunding-preorders

Social Engineering as a Hacking Tool

Elizabeth Technology January 17, 2023

You may have heard by now that LastPass suffered a pretty big breach, although thankfully no user passwords were outright compromised (you should still enable 2FA on anything LastPass touched though – the URLs of the websites were lost in the breach so hackers could attempt to brute-force into an account they know you’ve visited).

The attack in question wasn’t a hack in the traditional sense, but a social engineering attack. The hacker(s) created a fake account in order to fool a developer into sharing credentials, at which point they stole data from the development environment to use later in a large-scale attack.

Change your passwords and enable 2FA wherever you can – if you’ve been using LastPass’s recommended 8 character long passwords, or anything that’s not truly random, you should upgrade your password to a longer one. 8-character passwords are no longer an impenetrable wall like they used to be, so longer, more random passwords or even passphrases that are multiple words long are better!

Remember: don’t listen to accounts claiming to be people you know if you don’t recognize the email address, and always check the address carefully for spelling mistakes. It does not matter if they know your name or if their email tag says ‘mom’ – both of these things are easy to make happen. Social engineering attacks include phishing attacks, so following the protocols for phishing can help avoid social engineering breaches as well. If someone calls you and demands you take immediate action, either by threatening or promising a gift that will disappear if you don’t respond ASAP, remember to pause a minute to really think about what they’re asking for, and verify thoroughly.

Similarly, if your work uses badges to control who enters the building, you shouldn’t hold the door open for people you don’t recognize as coworkers – this is known as ‘piggybacking’ and it takes advantage of the fact that most people want to be polite and will hold the door.

This is far from a comprehensive list, so always keep your eyes peeled – identity theft and social engineering can come from any direction!

Games Suffering For Patches

Elizabeth Technology January 10, 2023

I Can Finish it Later

Kangaroos are famous for keeping their children, known as joeys, in the big pouch on their belly. This adaptation means that the joeys can come out really early and then spend a significant portion of time finishing development in their mother’s pouch. By most comparisons, the kangaroo joeys come out woefully underbaked. They are only about an inch long. They can’t see or make noise, and they don’t have any fur. The pouch allows the mother to kick them out of the womb very early and then keep them with her always so she can go do kangaroo stuff without the joey losing out on milk or heat.

Compare this to, say, puppies, which are born without sight but not without smell and can crawl, or horses, which come out practically already running and with full vision. The joey pouch is truly a bizarre adaptation. But it works for the kangaroos – it means the adults, which are bipedal like us, don’t have so much downtime after giving birth, unlike us.

The long and the short of it is that the kangaroo has, over a very long time scale, learned what game developers have figured out in the past decade or two: you can release a product and then continue to work on it once it’s left the studio and as long as it works eventually everything will work out.

The Internet Will Let Me

It didn’t start this way.

Games used to be release-and-let-go, totally unmodifiable once they’d left the factory assembling the floppy discs. They were like horses – they were ready to go straight out of their plastic case and able to run from day one with no serious and very few minor flaws. Skyrim may have had funny character models that got stringy or stretched out when they died in a corner or near a door, but the game never had any problems with actually running and playing. Big studios had reliable quality, and customers were happy. Games could be patched after the fact, but they usually just didn’t need it. It was more of a hassle than it was worth most of the time.

However, once the internet started getting really good, and games came as downloads more and more often, the games themselves tended to get worse. If it’s a download from an online game platform, that means the user had internet when they downloaded it. They probably still have internet a few weeks later, when it’s discovered that a bug where you kick a baton off the edge of the map causes the game to freeze (real example from Fallout 76 initial launch) so you can probably push an update that fixes that issue without alienating your fanbase. Fans will be a little miffed at first but happier overall once they’ve got a more functional product.

Pseudo-Beta

This was horrible news for gaming developers. Fans will tolerate updates. Fans will tolerate bugs as long as an update is promised to fix them. The people making the game and the people controlling it’s release date are often not the same people at larger companies, the same way the person screwing in the bolts at a Ford factory is no longer friends with the owner of the company. The industry has expanded; games got bigger; there’s just no way for a distant manager who’s also watching the finance and advertising teams to be there on the ground floor with the developers themselves. The problems plaguing the game industry are plaguing many industries, but it becomes so easily visible in places where consumers are expecting a fun, fair experience.

Games that needed larger sets of playtesters in different computers and internet bandwidths used to go through a long period of beta testing, where the reward for the players was getting to play the game early, in a less complete state, sometimes for a reduced price or a limited-time prize. Beta testing is still around, of course, but when you read reviews of games like Halo: Infinity, you wonder why they even bothered if they were still going to release something that’s broken a year later despite several rounds of updates.

Deadlines were not helping. You can smooth out some codes with a little time to optimize it, but you have to do that carefully so that you don’t accidentally break anything that interconnects. As gamers get bigger and better computers, bigger gaming companies got more comfortable with releasing absurdly large games that they haven’t combed over to optimize. Sometimes, the release date actually prevents them from both using all the data crammed into the game or removing it, giving gamers the worst possible experience. For example: a game in the Five Nights at Freddy’s franchise, Security Breach, is rumored to have been pushed out to be ready for Christmas. As a result, tons of areas in the game are underutilized but still present. The game has a comedy bot with a five minute routine and a whole stage and theater to itself, a bowling alley that has no bowling minigames in it, an intricately laid out arcade that may as well just be a maze of rectangular wall blocks, a brewery tank setup that’s in the files of the game but not currently in use, the list goes on. It was a wreck of a game for framerate and loading issues when it first came out, and probably a quarter of the map could have been removed without changing the gamer’s final experience. Maybe a third, including some cosmetic and simple map changes. The game’s file was massive when it didn’t need to be, and it’s final required size actually shrank quite a bit in the next couple of updates to the game as the developers took out stuff.

What sucks in particular is that it was supposed to have a bowling alley with games. The theater was supposed to be cool. The player was supposed to be able to have fun with all these places that ended up being decoration! Given another several months, they could have packed enough stuff into this game to make it a 20-hour game… but they didn’t. And they couldn’t cut it in time, either. The upper management wanted it done by Christmas, and so the game was ‘done’ by Christmas, with all this extra stuff that bloated an already mid game. Updates made it more playable, but it’s still not great. And this is pretty emblematic of all the problems that huge studios are having even though this specific game had it worse.

Patches and Pouches

Security Breach has been updated a number of times to become a more playable game. They never did add games to the bowling alley, but a number of quality-of-life problems have finally been fixed. Maybe in a DLC, they’ll finally release the features that the designers meant to include in the main game. Coincidentally this may also cost the players money, but as of writing this article they haven’t said either way.

The same goes for Cyberpunk 2077 – it didn’t come out right, and it was delayed, but they fixed it. No Man’s Sky – delayed, released broken, fixed. The pattern is becoming alarming: gaming studios are trying so hard to meet release dates that the games are coming out incomplete or weirdly buggy. They keep making money, though, so why stop?

In theory, the studio can always patch those issues out after launch – first day patches are now normal, when it used to be assumed the game was ready when you could buy it. If the developers had a poor launch, the sentiment was to go easy on them because they had no control over it. Unfortunately, the studio pushing these games out began hiding behind their developers to stave off hate and criticism. Now they don’t have to bother. Consumers are used to patches. Consumers are used to having to wait for the game to get good. Consumers are used to delays that aren’t long enough for the people who needed the delay to fix the game on top of that. We’ve gone from foal to puppy to joey, and the worst part is that the benefits of releasing a ‘joey’, a low recovery time, are no longer applicable: burnout is common because 80 hour crunch-weeks are common. The developers suffer for an art they can never finish in time for their patron to display to the public. Patching got easier with the rise of constant internet access, and as a result, games come out juuust playable enough that the consumer won’t ask for a refund before it gets polished and completed.

Stop Putting Stuff into AI Apps, Especially If It Wasn’t Yours In The First Place

Elizabeth Technology January 3, 2023

Lensa AI is an app that uses AI combined with data scraped from pictures posted online to turn a user’s picture into a new, whimsical creation.

However, you should consider what you’re giving the app before you upload that selfie or pet pic – the app demands the rights to the photos you give it, meaning that once you upload that picture, Lensa can use it however it wants, wherever it wants. That’s actually pretty unusual as far as art-related apps go!

With other websites reliant on user photos, like Deviantart or Instagram, the hosting company only needs permission to redistribute and host the image – as in, it needs to be able to upload your photo to your page and then show it to other people if they click on it. It doesn’t get permission itself to alter the picture or create things out of it.

Lensa, on the other hand, is actively consuming the pictures it’s given. It needs those rights to be able to train itself. If you give a picture of your pet to Lensa, for example, your pet picture is now part of it’s training database and you can’t extract it. If you go on to make sellable prints of that pet image, Lensa could recreate it by mistake for someone else hoping to sell the pictures Lensa creates, and there’s not much you could do to stop it. It’s up to the person asking to catch accidental copyright infringement, and they may not realize they have your pet. It won’t be a 1 for 1 duplicate, anyway – once filtered, it becomes fair use, for better or worse, and your pet with their own special patches of color and freckles and sparkly eyes or whiskers may become just another stock image for some guy on Redbubble. You can complain they stole the image of your pet – to Redbubble. Nothing fed to the machine may come back out of it unscathed!

Worse still, it seems like Lensa is not actually asking permission to use huge swathes of it’s training database. It asks users of the app, yes… everyone else is sort of a mixed bag, where they can get permission from the hosting platform to bypass asking individual artists.

If someone has a very unique, quirky, or recognizable art style, and they are cursed with a large fanbase, enough of that fanbase asking the AI to recreate that style may very well drive the artist out of art. After all, if a machine can do whatever the requestor wants, why bother going to the source for a commission? Just keep slapping the button to get art for free. Never mind what it was fed on; the machine created a new piece of art legally distinct from the original, and so it doesn’t owe the artist anything for training it. It has scalped the work of the artist and is reselling it, yeah… but… free. And there’s a chance some of the work of other artists is in there too, so no single artist has the right to be outraged. As a bonus, the AI will gladly spin in ideas that the original artist wouldn’t have painted, either for moral or legal reasons. Would that artist ever have made art of Andy Dick depicted as Saint Anthony? Well, with the power of AI, now they would!

Disrespect of Humans in the Craft

Why would you continue to produce art under those circumstances? Even if it’s ‘for the love of the craft’, the way people behave when given a machine that recreates years of skill in a few keystrokes can very easily make you fall out of love with the craft.

I watched as a Twitch Streamer in the middle of creating an artwork was sent an AI’s iteration of her work, something a viewer made with of a screenshot of her rough draft. The viewer had asked an AI to finish it, and then they sent that picture to the artist while they were still making the art. The sentiment contained in that action was “You can stop drawing now. The AI can take it from here.” Was this what they meant? If it wasn’t, we can’t tell! Another Twitter thread I witnessed was of a cute, stylized bat drawing, one the artist posted with an affectionate caption. This was her creation. But then a follower threw that picture into an AI program so they could send her back remixed images of the bat she drew. The artist was understandably insulted. They weren’t another artist standing on equal footing with her and trading art – they had no art to trade. She literally couldn’t do the same back to that Twitter user because the Twitter user didn’t have any original works. They saw an idea and asked a machine to recreate it. Even a bad pencil sketch done by hand would have been leagues less weird and significantly better-received.

The way people are using the AI, it’s like trying to finish a sentence only for someone else to keep interrupting with the word you’re most likely to say next. They think they’re being helpful, but the message that sends subliminally is “I want you to be done talking now”. Complaining about it, for some reason, leads to the AI’s fans saying it’s better if it talks over the people it’s learning from because it makes better sentence sounds and words good.

Pause a Minute

Aside from the failings of the machine (it still doesn’t understand hands or tangent lines), the lack of awareness it takes to pull a concept out of an artist’s hands so that a third party (the AI) can do what they want with it is really bizarre. It’s also a fantastic recipe for unearned bitterness.

To go on a bit of a tangent, writers on TV shows can’t read fan-fiction (free fiction online that fans write about pre-existing shows) because they may accidentally incorporate something from a story they read. Admitting they read fanfiction at all is sometimes enough to cause legal trouble. If the fanfiction author can prove the show writer read their story, or if they can prove that the show writer reads fan fiction and might have read their work, and the real show has an idea too similar to the fan-fiction’s idea, it can end in a lawsuit and a lot of hurt feelings in the fan community. The show writers must completely abstain from that side of fan culture to avoid this happening. That way, nobody can say they found the idea instead of coming up with it themselves.

Back to the art, an artist just trying to finish a painting on a livestream now has to fend off people sending them “completed” versions because the people sending may try to claim some credit if it’s too similar to the actual finished product. This is a natural conclusion of treating AI art like it’s just like human-made art. Of course, the machine should be the one insulted if the final result is too similar, but the machine doesn’t speak or create for itself.

It’s one thing for a human to create fanart, or share art of another creator’s creation, like the bat. It’s another to get a machine to finish a piece the artist was still drawing, or use a machine to draw someone’s character instead of making their own art of it. The skill is not the issue, the sentiment is.

The End Goal

Assuming such a chaotic industry has an end goal in and of itself is giving too much agency to a mindless machine in an ocean of mindless machines, both real and metaphorical. AI creators want to make money. People want to make money off of the art the machine can make for them. Others want custom artwork without paying for it, others still want to preserve the creativity of artists who are long dead. But should they? If the artist is dead, do we need more of their art? Every good use is a double-edged sword; many of the bad uses are infringing on human artists’ good times. The entire thing is confusing and upsetting, and the people who are pro-machine are more often than not coming across as anti-human artist, even though the beast would not exist if it hadn’t been fed their work.

Look at the Artstation boycott: the anti-AI image was so common on the website that machine generated images were coming back with red crossbars where faces should have been, an artifact that could have only come from the machine scooping up pictures of the protest. At least, that’s what people thought – it turns out some of that was actually a trolling campaign made by pro-AI Art accounts, a joke. In theory, it takes a couple of weeks to incorporate taken art into the final pictures, although the AI does accept and reproduce art from artists who have just recently started trending, so that timeline may not be 100% accurate. How that campaign was supposed to help their case, I have no idea, because it seemed to just confirm the worst suspicions of anti-AI users and nobody caught on to the ‘trolling’ during the phenomenon’s 5 seconds of online fame. It is still snatching art right off the front page no matter how long it takes the AI to use it, and somehow the AI creators and websites expect the artists who fuel them to not be so upset about it.

There is no end goal. These machines were initially made with the goal of dreaming – teaching a machine to appreciate art or identify a dog in an image was a message of hope for the computers we could one day build. Much like Blockchain, something that could have been great is instead being used to print money and win competitions that were intended for humans.

The Copyright Debate

The only things it can spit out are by definition recycled. Still, most of it qualifies as fair use… given the machine avoids taking too much from one particular image, which it very well might.

The music industry has been on this precipice for a while now, and yet it never crossed over into music AI trying to make a new album in an artist’s style all by itself. This is because music copyright is much more tightly regulated than image copyright – the databases that music AIs are allowed to listen to and learn from are all free and public. The music AI creators are very aware of the copying issue (which should tell you that the art AI creators realistically should be too): the AI has a tendency to lift whole riffs and chunks of songs and put them wherever. They’ll tell you this themselves because they know what they’re controlling. If the requestor doesn’t recognize the riff, they could be stumbling into copyright nightmare territory by publishing whatever the machine spit out, and it’s just not worth the risk. Why is visual art not getting this treatment?

Proving that an image is stolen when it’s part of a massive collage of millions of different images (also stolen with few exceptions) is really, really hard. For music, identifying a rhythm that’s too close to another one is pretty easy, as there are not infinitely many ways to recreate a riff. A face can come out identical to one an artist created for their ArtStation account, but the rest of the image not fitting combined with an opaque generating process means that nobody can definitively prove anything belongs to them no matter how similar it looks. The machine really might pull a face or a set of wings directly from training images to put into a generated picture, and nobody – not even the creators of the machine – could tell you that it did that or that it didn’t just happen to generate wings that looked exactly like something posted back in 2019. Without being able to interrogate it, without being able to see inside, nobody on the human artist side can do much but shout this information to the heavens.

The fight can’t even start until someone huge like Disney starts questioning why the machine can respond to phrases like ‘dog, pixar style’ and come out with something that looks like Doug from the movie ‘Up’.

This is such an obvious weak point that recently, a judge denied someone copyright protection for the AI-generated art they used to make a comic. The story, which was made by a human, was eligible, but the art behind it, not made by a human, was not. This is a step in the right direction, because all that theft will ultimately come to nothing if corporations can’t squeeze money out of it or protect what they make from being transfigured into something they don’t want to be associated with. It will be reduced to a cottage industry run by people hoping to make a quick buck and then bail.

What’s Up With Those Specific T-Shirts?

Elizabeth Technology December 29, 2022

You’ve probably seen some variation of the shirt.

You’re wondering how it’s so wildly specific. You click it, and scroll down, and somehow… somehow the company seems to have made shirts specifically for you, the boyfriend of a Registered Nurse who was born in June, who’s a little crazy with a heart of gold.

And then you notice on other channels, people are getting shirts that say ‘Never mess with a Union Welder born in November with Blue Eyes’. ‘My Boyfriend is a Crazy Libra who loves Fishing and Mountain Biking”. Okay… it’s specific… but no harm, right?

What’s happening?

The Ads

First, some context. Facebook takes information like birth date, gender, likes and dislikes, etc. to hyper-tailor ads directly to specific individuals. On the advertiser’s side, Facebook allows their advertising customers to modify ads depending on group – companies can make multiple ads for their product to better build a brand image for any one customer’s specific demographic profile.

Picture that a company makes hair gel for adolescents as well as young adults, for example. The adult is looking to impress their coworkers, but the kid just wants to prevent helmet hair. The gel does both, but the ad will change the target customer’s view of the product – is it for skateboarders, or is it for professionals? Only a super generic ad could appeal to both, and generic ads do much worse than targeted ones. Luckily, Facebook’s fine-tuned ad program can determine which set of ads the viewer should be seeing, and the company can make two ads, one for skateboarders, and one for young professionals.

However, that’s time consuming, so many ad vendors allow mix-n-match campaigns, where lines are taken from one ad and put in another. An adolescent’s ad would work for most teens if the wording was a little different – see Axe’s body spray ads. Sometimes the company doesn’t even have to make the new lines themselves, they just include a modifiable blank field in the ad space and they’re good to go.

That’s where things go sideways! A blank line in an insurance ad can tell the user that they’ll be eligible for a rate as low as X$ based on their age and gender. A blank line in a kennel ad knows they’re looking for a medium dog over a small cat based on their search history. A blank line in a T-shirt ad tells them that Facebook knows they’re a Gemini, an accountant, of Swedish descent, a regular fisher, an occasional beer-drinker, and more.

Art and More

Even worse, bots that work on similar mechanisms have been caught scraping art from artists and slapping it on cheap T-shirts. Since copyright enforcement is dependent on the copyright owner filing for takedown, shirts with that artwork might get sold before the artist even knows something’s amiss. The shirts are frequently poor-quality rips directly from the artist’s social media account, triggered by comments requesting wearable merch or complimenting the work – the bot determines demand and then harvests it, without human intervention, just like the ad T-shirts.

Sure, the artist can request a takedown each and every time the bots snag their art, but it’s a slog, and the company itself never seems to actually do anything meaningful about the violations. It’s also bad for the artist’s reputation: fans complaining to them about the quality of a shirt they bought may be the first time the artist hears about the art theft, and then explaining to someone that they’ve been scammed is only going to make them angrier. It becomes “How could you let this happen” instead of “I’m sorry, I didn’t realize” – everyone loses except for the ad bot’s shirt company.

The ‘Why’

Before companies like ZapTee and CustomInk, getting a custom shirt meant going to a print shop and paying a hefty price for the final product. As such, shirt companies just didn’t make shirts like these ad bots do. It was unfeasible. If it didn’t sell, it was a waste of production. The closest you could get was “I’m a Proud Mom!” or “Rather be Fishin’”. If you were an artist, and your work was too fringe for major manufacturers to work with, you might have had to buy the screen-printing supplies yourself, build your own website or storefront, source blank shirts, and do things the hard way.

Now, all of that is easily outsourced to these printing companies that specialize in customizable products. The tech has improved so much that they can make money on single shirt sales, where before orders had to be in bulk. It’s honestly incredible. However, customers don’t necessarily understand the mechanisms behind these shirts. The specifics on the shirt are just blank space fill-ins, based on information Facebook gives to the ad. They think they’re seeing a unicorn out in the wild when they see something that relates to them. They’re thinking back to the times where companies couldn’t do this, where everything was geared towards two or three consumer profiles. “Wow, a shirt for Peruvians!” instead of “Oh, Facebook knows I’m Peruvian”.

Or in the case of the art-rippers, they see merch from an artist they really like and respect, and buy it without wondering if it’s official because – once again – they’re thinking back to a time when companies didn’t steal art (not officially, anyway) for shirts. Independent artists had to beg, barter, and network their way onto the front of a T-shirt, there wasn’t any other way to sell art-shirts en masse before silk-screen tech got cheap. Therefore, there’s no way unofficial or stolen art merch exists, it just doesn’t happen!

The Marketing

A company named Signal decided to take out ads mocking Facebook’s hyper-specific targeting by simply filling in a MadLib with demographic spots.

The result is, shockingly, just like the T-shirts! Facebook already knows you pretty well. A trend of ‘hyper-targeting’ took over once social media websites realized that people guard their info from companies but share it willingly with friends, publicly. As a result, it can pinpoint things like your favorite movie, your favorite color, what items you’ve bought online (and post about), your perfect vacation, and how dark you like your coffee, to name a few, all harvested from comments and posts you share with your friends. Ads then generate shirts out of what the site gathers. You can turn off targeted advertising in Google, but that doesn’t mean they’re not gathering information. It just means you’re not seeing the direct results of that. The only way to fight the hyper-targeting is to be vague and lie to the platforms, or stay off of them altogether.

If you or an artist you know gets their work ripped by bots, combating it is unfortunately pretty difficult. The best you can do is sometimes just cave and make your own branded products via something like RedBubble or FanJoy. Give customers an official way to support their favorite artist, and most of the time, they’ll take it! Making your social media work obnoxiously and obviously watermarked helps, as does making the preview pic low-quality. Fans need to know that you have official channels, and if they buy from anywhere else, they’re not supporting you. If they like it so much that they want to wear it, they should want the artist to keep making more of it! Make that link between your official purchasing channels and their support of your work clear.