Mar 3, 2018

With so much news these days about Russian Interference in the US Elections, and in particular how the Internet Research Agency deployed trolls and bots across multiple social media sites to sew discord among Americans, I wanted to write a post about just that: bots. How hard is it to make a bot that will like other people’s pages for you, increasing your number of followers? Even worse – how hard would it be to make a group of bots that upvote everything you say online to bring your posts to the top of social media sites like Reddit and Instagram? Unfortunately, it’s really not that hard.

Robots Taking Over

To illustrate the basic idea of how a liking bot can work, I made the diagram below. You have a website like Instagram represented, but really it could be any site: Reddit, Facebook, Pinterest, etc. The basic idea is pretty simple and easily reproducible, just create a Python crawler with an API exposed and suddenly you can have a web app that automatically likes pages for you on Instagram. Containerize it and an SQL database with Docker and now you can deploy your bot to any server just by pulling the repo and running docker-compose up -d.

Emulating a Browser Isn’t Necessary

In a previous post I wrote about Business Process Automation with Python which in part described the use of Selenium to launch a browser as a test client and then perform automated actions on websites for you. Unfortunately, that really starts to break down on sites that have frequent UI upgrades, because element positions or names will change. However, because of the way that most modern websites are made, there is typically an API backend that is servicing the UI requests, so that only one basic API is required for creating both mobile and web experiences. What does that mean? Well, we can insert ourselves directly in the middle of that UI and API by just doing some reverse engineering.

Robot in the Middle

Put your python bot in the middle and suddenly you don’t have to even look at the web application, you can deal with straight http requests and JSON data. Login once and you can save your session for subsequent requests and like hundreds of photos without ever opening a web browser.

Not Just for the Tech Savvy

Even if you don’t know to write code or build a bot, it’s not that hard to look online and find them available. All that is needed is to expose the web crawler via an API and then create a front end web application using a modern library/framework like React or Angular. Then suddenly you have a web app where you can add any feature you can imagine for automation – store tags, check up on the oldest ones you haven’t visited recently, anything you want.

Marketing At All Times

What’s strange and unsettling when you realize how easy it is to make something like this is when you look at posts online and wonder – does someone just have 100 bots that voted this post up to the top so I would see it? It seems like 90% of the content online is either specially curated content marketing enticing me to buy something or propaganda from some unknown country pushing chaos and misinformation. It makes you wonder – with how many millions of dollars many companies have to devote to just marketing and PR, how much money does a government have to pay some developers to create sophisticated bots that not only like across multiple social media sites, but even post comments that are potentially polarizing just to drive chaos? It doesn’t take much to write software for social automation, and back that software up with the cloud and suddenly you can deploy thousands of bots with proxies in front of them that can drive the conversation wherever they want. Yikes.