Chat Bot

Am I right to be concerned about the possibility of Chat Bots on this site?

There are a few concerning posts and, as I don't know much about these things, I'm not sure if I'm worrying over nothing here? Can they cause harm to individuals in any way on this type of chat site? 

If I'm being ridiculous, someone please tell me so! (I will be more relieved than offended.)

Parents Reply Children
  • Concerning that last Post with the four quotes, there...

    Thanks, DongFeng5 for the reply. I tried about 5 times to edit this Post, to erase the Quotes to shorten it... but I cannot! Another thing to note, maybe: always leave spaces between multiple Quotes...?

    :-/

  • Never mind, it wouldn't work for long anyway. All the bot author has to do is add an extra space between two of the words in the pasted content, and the hash value will be something different, defeating the check. The NAS would have to look at this class of software instead:

    https://en.wikipedia.org/wiki/Plagiarism_detection

    That's a better fit for the problem at hand, and should give a score on how similar a new thread submission or reply is to an existing one that could have been automatically mined by some executable code.

  • 1. The NAS create their own daemon to peruse each thread OP and subsequent reply on the site, generating hashes of the bits which are NOT a quote of other users' content, then they store them in a SEPARATE database.
    2. When a new thread or reply is created, it initially goes into a holding area where the NAS automated tools can scrutinise it but the rest of us can't yet see it.
    3. An automated tool calculates a hash of the new content, then compares it against the existing database of hashes, resolving collisions as required.
    4. Any content where a duplicate is being submitted will be flagged for human moderator approval, alongside a copy of the original content which hashed to the same value.

    ...The "Quote"function does not always work correctly, and so I had to quote four times in order to re-quote all of that. I do so in the hope (...) that NAS (WebPM, probably) notices it and reads it.

  • Glad Tidings... I am still looking, and I see this. (I am not good at chat, though). Thanks... I am a bit calmer, now!

  • Suggested title: Potential security risks of using the NAS forum at home or one's place of employment.

  • Mr.Missile/CarCompany (!)... 

    I was going to type some replies to this Thread... but then you come here and fairly explode a grand amount of perspicacity. 

    I do not not know what to say...! But do you recall the ASCII Thread which I began  a while back? All of what you and Cassandro (and "Ellie") say... is fairly screaming out for this New Thread!! WebPM even once joined your good self in conversation, yet I interrupted it, suggesting a new Thread there as well - do you recall that?

    THIS THREAD IS LONG! NEW THREAD! NEW THREAD, PUHLEEEESE!

    (If I have to start it, then suggest titles, please...?)

  • In this sense, one may perhaps view an online autistic community as a fertile plain in which to grow a botnet capable of subsequent DoS attacks on multiple third parties.

    Large corporates are now more wary of phishing attacks and have trained their staff better accordingly, but -- oh hang on a minute -- none of you actually use this site from your place of work (or on the machine you use for work at home or banking), do you?!?!?

    If any of you answered, "Erm... yes...?", that's probably the explanation. Persons unknown have twigged that autistic folk may be at times vulnerable and naïve. That makes us easier pickings for phishing and -- worst of all -- a very "social-engineer-able way-in" to many companies which happen to employ autistic staff. Far easier to get someone autistic to click this harmless link when they are relying on these forums for support, rather than hope that unsolicited emails offering n0rp videos might still be successful despite the multi-level email filtering that is employed by most companies.

    Luckily -- so far, at least -- the fact that several of us (Disallowed Cynosure, Cassandro and others) have near-photographic memories is probably getting the better of many of the most ham-fisted attempts. Unfortunately, the authors will learn empirically from their failed attempts and evolve their unwelcome creations. And at least some of us may well have already been unwittingly pwned by the better attempts.

    Somehow, we shall need to collectively tilt the playing-field for them so that they leave us alone and go after softer targets instead...

    How about this lousy idea which won't work for long:

    1. The NAS create their own daemon to peruse each thread OP and subsequent reply on the site, generating hashes of the bits which are NOT a quote of other users' content, then they store them in a SEPARATE database.

    2. When a new thread or reply is created, it initially goes into a holding area where the NAS automated tools can scrutinise it but the rest of us can't yet see it.

    3. An automated tool calculates a hash of the new content, then compares it against the existing database of hashes, resolving collisions as required.

    4. Any content where a duplicate is being submitted will be flagged for human moderator approval, alongside a copy of the original content which hashed to the same value.

  • I suppose a CopyBot might have been deployed in the hope that it will manage to interactively regurgitate a formulaic "autistic journey"-type thread sufficiently well that it manages to earn enough trust from us to fall for it hook-line-and-sinker when it subsequently says click this harmless link...?

  • I agree. I was thinking that it was like people on the forum had collectively formed an 'immune system' against spam and abuse. Although of course, as a mild hayfever sufferer, I know immune systems can overreact sometimes.

    Yours, TriviaBot

  • I am an “up vote bot”!

    Or like bot!

    I read, I agree, I respond, then I go hide waiting for the next awesome piece of kindness given or shown. 

    One thing we were all guilty of during the R debacle was,,,,,,,caring about each other, ok not always spot on, some panicked and did all they could to try and deal with it within thier abilities, others just warned others by saying it must be avaoided, some even tried to understand R and allow time to see if indeed it was a new user very much struggling to communicate, maybe a first time web user, unsure of social etiquette.

    regardless everyone was trying to do thier best to protect everyone else, 

    I like to think no one deliberately set out to be horrible, just try and protect.

    Wishing all a good day  , and much respect for our most enlightening new members, stick around I for one enjoy what you do and constantly learn new ideas and many new ways of thinking a thing through. You are awesome.

     Loving this community so much.

    x()x

  • Maybe you're a ThankBot?

    ...I am a SocioPhobic-Winged-Cat -- partly Cyborg, maybe...

    A-a-anyway...(!) when I said "New Thread", I meant a new one about COPYBOTS... There are indeed so very very many types of SPAM, even here, but NAS is good at getting rid of them if they know about it (or if they pay attention)...

    WebPM asks for specific Threads to be begun about specific problems. That is what we are/were told, anyway, which is why I suggested it. WebPM is the one to pay best attention to, with regards to technical matters.

    Good Fortune to Yourself (and Thanks again!)  anyway...     :-) 

  • I am Thanking a lot just at this point

    Maybe you're a ThankBot? Grinning

    Beside's DongFeng's ideas, I think 'Copybot' is somehow related to posting more obvious spam. Either it's trying to confuse anti-spam systems (by posting non-spammy text using a spammy method and spammy addresses that it wants 'cleanlisted'); or it's simply trying to increase number of incoming links to some spam sites (which it could add at a later point to its profile, or could edit the text people have replied to and replace it with spam links).  It's not clever enough to generate its own questions, so it parses some old ones out of existing pages.

    (New Thread, maybe...)

    We've some spam threads, and some threads about spam. Maybe even one or two threads about autism, if we're lucky.

    I suppose the thread we're in at the moment is partly about R*, but also chat bots generally.
    Here's the other about various spam postings and 'Copybot':
    community.autism.org.uk/.../mods-please-make-the-spam-stop

  • Greetings to DongFeng5 (Missile/CarCompany!)...

    I am Thanking a lot just at this point, and you are one of them...

    Not everyone knows about ALL of this sort of thing, and so Thank You for Posting all of that --- ALL of it.

    (New Thread, maybe...)

  • Not stupid. All of us can sometimes be taken for a ride, even NTs. 

    What possible motivation could there be for copying an existing thread? Then, ask why again to the answer you've just come up with...

    * someone is testing some code which posts new threads to the forums

    * someone is fishing for some kind of response

        * they want to find out which accounts are active

        * they want to find the ids of users who may be drawn into conversation

            * they want to engage a user, either at random or a specific target, such that the user creates a session that may subsequently be hijacked by stealing session credentials

            * they hope to steal a large number of password hashes which will statistically yield some which can be brute-forced. They could then hope that users of this site have unwisely used the same password on other sites where money is involved.

            * they want to stimulate a response from users (even indignation), then use CSRF to identify a person's corresponding social media account(s), or trigger something like a "one-click buy" request on an entirely different website..?

            * they want to entice some of those users into 1:1 chat

                * so they can subsequently be sold a sob-story and pressured to give money. 

                * so they can lure someone into uploading pictures of their genitals, which they can then use as a lever for blackmail. 

    As you can see, you can go on like this for hours...