Hi There,
This is just a rough draft of something I’ve been watching and taking notes on. (warning might be mistakes given down this line)
I have a security assessment on being an avid twitch.tv user since 2013, for my safety I will not be mentioning names or who I have conducted the research on. I follow over thousands of users and streamers and for security purposes I will not tell anyone who this applies to the guilty party will already know and such. But this isn’t about the guilty party, it is in general what I have found and picked up on and found one way maybe others to re-mediate this problem.
I Highly recommend that you listen to a podcast called “Darknet Diaries on eps 27” and a lot of this will make sense.
If you can exploit a service to help a user that is a potentially a podcaster or streamer, they will use it.
The question I have is, have you ever wondered on a few twitch streamers (normally big with 90+ viewers consistently). Sometimes you wonder out of no where they become partnered?
Well, I have been taking notes on various of streamers who I follow and watched them grow. I just don’t take notes of what they do on the front side, I also take notes of the darkside of a partnered streamer. Social engineering is a strong tool, if you can hack a lot of viewers or even a service to get you what you want you will do it because you want to cheat your way to the top and be that next ninja or something. Of course, me knowing this, has me questioning them as a streamer how honest are they? Because they are not honest at all from this standing point. To be honest, the theory I can think of when using this would be this judgment on their end with “Winning is winning, either by an inch or a mile” and I get it you quit your day job with 9 to 5 to make it and you needed an umph to get you launched.
I was recently on the front page of twitch.tv doing a charity thing because that is what I love to do is to help others. I was accused of view-botting, I for one have no interest in view-botting so why would I use a service? I have achieved my goal with twitch and that was to break a self-confidence wall now I am there for fun and my business is WRNET:SEC so I don’t need to relay on twitch for money.
What is View-Botting?
It is a bot that is proving a live view for the channel that isn’t a human and it is against twitch Terms of Service. If you google twitch bot service you will get links with both mix of against this and that and some actual services. This is where darknet diaries on eps 27 came into mind, if you provide the service people will use it.
So, with my assessment of this concept, you can’t tell if they are view-botting well not fully as they will not tell you their secrets (Remember it’s also against twitch ToS), it’s undetectable. But here is something of a bait and switch, I was there for a few streamers before they had any major growth. They where extremely into their community they built and was like the idol and stuff like you should be in a community, they would always pass on the love to other streamers. Then one day they decided to play a game totally off the records, game was cool and all it is also a pitfall type of game but somehow they got their viewer count to triple and the same original bunch who was chatters still chatted up a storm so that is giving the streamer something to hide with, it went from 15-20 per day, then 20-30 per day, then from there it went from 30 to 90+ and consistently. It’s kind of odd, this would be loaded with in 15 minutes of their starting up. But when they started this jump, they never raid again, they would host others who have 100+ already. And in quick time they became partner. At this point they have distance themselves from the community they built and pretty much what they where preaching before has changed a lot and you have to do a lot to cover up view-botting. You can’t raid others as your viewers will not follow (because viewers are viewing the channel programmed i.e. viewer-bot) You no longer need to be a community leader, just as long as you perform your social engineering magic on stream to cover your lies, they will believe anything. (Almost like they are drinking your kool-aide in a cult)
One gift my mom has taught me is a lot about reading in between the lies, having street smarts and knowing a lie being told.
So how do we fix this?
Solution: lets bring down the enforcement of a standard user and remove the old 10+ years old ways of signing up for an account and enforce 2FA (yes this is something I would allow 2FA for) this would be married to a phone number and since when you become an affiliate you have to do the whole 1099 anyways might as well do it now as this will secure and lock down the account. From here, I would change the algorithm to allow an aliased bot user for moderation but limit it like so. Now that every account is secure with socials, TaxID etc… and phone numbers, it would be hard. This would create a whole new department for auditing and audit findings to verifying the such id’s exist to keep customer database secure. With this in place a lot of bogus accounts will be forced to shut down, if they are not verified with in 30 days of implementation and this will make users be honest from here on out. You need to be 13+ anyways to be on twitch, this would ensure that kids are on the platform with a good reason and intention and this will require parental guidance to sign up.
fix this and you will fix 90% of all harassments towards users.
I am sure other streaming services are different, but still the same on bot services.
Another security issue with view-botting is that these could be used as a DDoS attacks on a user. (As something I have seen on youtube with a troll raiding twitch and still does it to day). Which makes it difficult even for an average twitch user to be discouraged and quit the platform all together.
TL;DR – There is alot of Viewbot services out there and it is both a cheater and away for Trolls to DDoS attack to twitch users.