Recently I was pleasantly surprised when one of my posts seemed to be gathering quite a bit of attention. Within an hour, it had received several hundred votes, and within several hours it finally topped out at ~900 votes. Clearly this was suspicious, considering the expected payout settled around $30, and the post had zero flags. Obviously I was being spammed with upvotes by hundreds of low Steem Power accounts.
Creative Commons: Source
At this point you are probably saying, "Why are you complaining? I would love to get hundreds of upvotes."
I consider this type of spam a form of Sybil attack. A Sybil attack is one in which an attacker spams some type of reputation system with forged accounts. For example, suppose payouts were calculated simply based on number of upvotes. Clearly this would become a race to create as many fake accounts as possible to upvote your own posts and grab as much payout as possible. This is one of the main reasons why rewards are calculated based upon the Steem Power held by voting accounts and not simply the number of voting accounts. Similarly, your reputation score is based upon both the reputation and Steem Power of those that upvote or flag your posts. This prevents a malicious actor from spamming their own accounts with many upvotes in order to improve their own reputation score.
However, Steemit is still vulnerable to Sybil attacks.
After receiving several hundred votes, my post was sitting at the top of the 'hot' news feed for nearly an hour, with the vast majority of it's upvotes being pure spam. This should not be the case. It has been at least two months since the ability to game the 'hot' algorithm was mentioned by @lafona. As long as the raw number of votes and/or comments are used for any type of calculation to identify 'hot' or 'trending' content, Steemit will be vulnerable to these types of attacks.
You might say, "Can this really be considered an attack or vulnerability? Nothing can be stolen, so the spammers are just wasting their time."
But that is not true, this spam voting put my post at the top of the 'hot' news feed for nearly an hour. The exposure of my post was artificially increased at the expense of the exposure of other, potentially more valuable content. That is a serious cost. This type of 'noise' provides false information to the community and makes it slightly harder to identify valuable content by affecting users' perceptions.
Psychological Sybil Attacks
Even if Steemit solves the Sybil attack vulnerability in the 'hot' algorithm to more accurately rank content, there are still potential negative consequences from these types of attacks as long as the raw numbers of votes are shown on posts. Even with the existing reputation system, we all still naturally form our own opinions of other users' trustworthiness and reputation. If someone repeatedly spams my posts with upvotes, people may begin to perceive me as a spammer trying to game the system for myself. Although that does not directly affect my reputation score on Steemit, it nonetheless has the potential to damage my perceived reputation on the platform, which in my opinion is even more important than any Steemit-calculated reputation score.
The clear solution is to filter votes and comments when displaying the total numbers of votes and comments on any post.
Raw numbers of votes and comments should never be used in any calculation, nor should they be displayed to any user. That information is far to subject to noise and far too easy to spam with Sybil-type attacks. Especially now that the @steemitmarket account is repeatedly offering hundreds of votes for sale. You can see them offering votes for sale here:
You can see them testing out their vote bot army here:
Filtering votes makes buying and selling spam votes irrelevant.
In order to buy all 800 votes at @steemitmarket's current price, it would cost $8. The ~2400 Steem Power behind those posts could potentially impact a post's rewards by a couple of cents. There is no financial incentive to purchase those votes. The only potential reason for buying votes like this is to either game the news feed algorithms, trick real voters into thinking a post is going viral such that they will vote it up, or to damage someone's reputation by giving the impression that they are a scam artist. All of these issues are solved by simply filtering votes before showing the totals. No one would even know without looking at the blockchain that hundreds of accounts are voting on a given post, except that perhaps the rewards would change by a few cents.
Make no mistake, a market for buying and selling votes will certainly develop.
These could either be malicious or provide a service. Imagine an advertising firm, for example, that purchases a large amount of Steem Power and then sells their votes in order to boost the exposure of certain posts in the news feeds. This could develop into a legitimate ad revenue structure on Steemit. I can also imagine, for example, rival news agencies that purchase valuable down votes against their competitors. Anything is possible. I'm sure these issues will arise. For now, low Steem Power spam accounts are a present situation which will probably continue to escalate unless a simple fix is implemented.