Fighting sock puppets – A cat and mouse game

The Urban Dictionary defines Sock Puppet as “An account made on an internet message board, by a person who already has an account, for the purpose of posting more-or-less anonymously.” If you manage or participate in a community you’re bound to see accounts that seem like sock puppets – they sign up one day and automatically start replying to discussions with knowledge that can only be based on long-term participation in the community – appearing to be new while channeling veteran participants’ opinions.

Sock puppets can serve to channel opinions that are hard to express under your own name and many times help communities deal with complex situations in a more subtle manner. But sock puppeting has a malicious side: trolling, harassment and general disturbance of a social network involve sock puppeting when done by active users. Lately, we have also learned that the government might be looking at creating an “army” of sock puppets – for completely different reasons. Unable to track and identify sock puppets, publishers are usually forced to use community flagging and manual detection of similar “styles” of communication, a rather soft indicator that causes a lot of controversy.

While developing our product we took specific interest in detecting sock puppets. Beyond the basic matching of assets, we’ve discovered that there are behavioral and technical “cues” that can be used to signal that two accounts (or more) are actually managed by the same entity (and we’re being careful here – sometimes this is more than just one person, but all accounts share the same goal). We’ve also discovered that while many publishers are worried about anonymization (and indeed, one of the first questions we get asked is about the use of proxies), the indicators we were able to extract do not require that we specifically identify who is behind a sock puppet – only that we recognize that it is one. And while currently our detection rate is pretty high, we know we’re going to face more and more sophisticated behavior mechanisms.

What does the future hold for sock puppet detection? Like a cat and mouse game, malicious users are improving. Sock puppets that communicate and initiate their engagement with a social network through a different site (such as Mechanical Turk) create a different level of complexity and require specific treatment. Bot-operated accounts in MMOs are a class of their own. And, as always, detection is only half of the question – prevention and enforcement are two other issues that are top of mind for our customers and us.

Knowing that a detection solution for sock puppets is available is something publishers need to be aware of. Come tell us what worries you about them, and what other malicious and problematic behaviors you are seeing.