There has been much confusion about the various lists available on Hive. This post is meant to answer some of your questions to that regard. Please feel free to ask more questions as you see fit.
Decentralized blacklists and mutelists
These are on-chain lists based on the 'follow' function, which allows you to interact by either choosing to view in prominence or to hide from view the posts of another account.
Any user can create a list or subscribe to an existing list that someone else created. When subscribed or created, the list will govern which accounts the user will not see. This is currently widely used for phishing accounts.
- List is for limiting interaction with accounts on it
- Users and projects are able to create a coherent list of undesirable accounts (in their opinion)
- Subscribers can limit what they themselves can see and keep their experienced focused
- Lists mainly affect the frontend user experience
- Lists do not have any effect on reward distribution
Spaminator blacklist
The Spaminator blacklist is for accounts that are involved in exploitation on Hive. This is usually directly related to the exploitation of the reward pool. The Spaminator bot works off a ledger of account names, the on-chain interactions of which it logs into its database as it streams the blockchain.
- A hands-off bot written in Python
- 76955 accounts on it right now
- 1012 different account groups (grouped for classification purposes) of which many are different botnets
- Very, very few users on it are unique individuals; most are exploitation accounts
- No appeal timer, prompt removal is possible
- No maximum amount of strikes for unique individuals
Only active accounts are logged and are given a warning downvote. Where they are a unique individual, they will come and reply in some way. The unique individuals are usually victims of hacking/phishing or of other scams against them. They are warned through the bot and are helped to recover.
Hivewatchers Banlist
What is commonly referred to as the 'Hivewatchers blacklist' is actually a 'banlist'. We are not sure on how this name originally came about as we inherited the project and it's list but that's its official name.
Hivewatchers is focused on fraud. Fraud can be defined as ID theft/deception, plagiarism (of all types), and generally fraudulent activities of various types.
- Not part of Spaminator
- Used to educate users and give them a chance to be removed
- Only for unique individual accounts
- Not used for botnets unless the botnet is based on deception
- Has a timer that gets activated for removal after an appeal starts
- A maximum two strikes and no more appeals are possible for unique individuals
Mutelist vs Spaminator vs Hivewatchers
Because of the words 'list' and 'blacklist' there are many points of confusion around their differences and similarities.
Stored centrally | Mutelist | Spaminator | Hivewatchers |
---|---|---|---|
Stored centrally in database | No | Yes | Yes |
Created by specific entity | Yes | Yes | Yes |
Limits interaction | Yes | No | No |
Frontend-focused | Yes | No | Yes |
Mandatory for users | No | No | No |
Automatically restores rewards | No | Yes | No |
Downvotes to warn | No | Yes | Yes |
Upvotes to warn | No | No | No |
Scope is set by default | No | Yes | Yes |
Hides post | Yes | No | No |
Is a hands-off bot | No | Yes | Both |
Is a feature | Yes | No | No |
On-chain controls | Yes | No | Yes |
Outdated Terminology: 'Spam'
The word 'Spam' is being phased out because of several issues:
- Too overused, vague and unclear
- Commonly used to mislabel and thus downgrade major threats such as phishing that require urgency
- Is often found attributed to everything irrespective of scope by users
- Is used to label low-effort content, shorter content, content that is disliked by the user, content in languages that don't always properly display, etc.
The most predominant issue is phishing. When phishing becomes mislabeled as spam, the person being warned to either seek help recovering their account or to not click on a malicious link does not understand the severity of the matter. All phishing should always be referred to as 'phishing'.
The word 'spam' is actively being removed from Hivewatchers comments and we are currently in transition to that regard.
Hive.Blog Mutelist
This list is used for phishing/hacked accounts predominantly, with a few accounts spreading malware thrown in. It is a great list to follow by default and is also replicated in the Plenty of Phish repository, on Spaminator and several other places. Once an account is recovered and is safe, it is removed from the list.
This is one example of a Mutelist being used effectively and for a concrete purpose that warrants subscription and benefits all users irrespective of their beliefs, outlook, or anything else. It is strongly recommended that everyone takes all possible measures to prevent supporting hackers or falling prey to them.
FAQ
So why can't Spaminator just use a decentralized list? I still don't understand.
Spaminator is a bot and needs its data in a local ledger (on its servers) to function. It was made to purely read the chain (it streams the blocks) and constantly querying on-chain lists would put a huge load on the endpoints quite unnecessarily. Additionally, it has about 76k account on it, many of which are massive botnets and not individual users. They are listed in their respective categories and managed through our servers. Adding them to one massive on-chain list is just not practical.
Will there be a Hivewatchers decentralized on-chain Mutelist or Blacklist?
Yes. The Hivewatchers list is quite short in comparison to Spaminator and is meant to focus on fraud, as we already discussed. We'll have an announcement to that regard. We will likely end up with two lists on Hivewatchers; one for accounts that are permanently on and one for those that have a chance to appeal or are appealing.
Do you recommend I follow the Hivewatchers list and set my account to automatically downvote everything on it?
We ask that you keep yourself safe. Some of the accounts we deal with belong to individuals who are extremely dangerous, are known for targeted harassment, death threats, stalking, doxxing, and other similar activities. Use your personal discretion.
Are all accounts granted appeals?
No. ID thieves, exploitation ring operators, hackers/phishers, or systemic repeat fraudsters are not granted further consideration. There is a limit to our 'revolving door'. Repeatedly having the same accounts mislead the community in their appeals is damaging to Hive.
My account is both on Hivewatchers and Spaminator. Why?
In cases where there is fraud coupled with exploitation of the blockchain and its reward mechanism, the account may fit both scopes. If the account is part of a botnet or an organized ring, then it will likely be on both.
Is short-form content allowed on Hive?
All content is treated the same way: It should be at least 50% original to have some value and anything taken from the internet should be clearly cited. Short-form content doesn't mean that suddenly there is free reign to copy/paste other people's work and make money off it. It is never acceptable to steal from others for personal profit.
I tried to use the on-chain Mutelist/Blacklist feature and I discovered bugs or issues. What do I do?
The decentralized list feature is still being developed. Please submit your bugs/issues to https://gitlab.syncad.com/hive/condenser
Should I report hacking/phishing, even if it's not on chain but still related to the Hive ecosystem in general?
Yes. Please contact @guiltyparties and outline what happened. Even if your dapp got hacked please advise.
I hate Hivewatchers and Spaminator and want to disrupt all activities, so I'm upvoting everything Spaminator downvotes.
If you've decided that scammers should be rewarded, we ask you to still please ensure that you are not supporting those who hack and phish other people's accounts. Just reach out to @guiltyparties on Openhive.chat or Discord and I'll set you up with the appropriate lists to exclude from your 'curation'. It's not an all or nothing deal. If you are supporting phishing you will be treated the same as the hackers themselves.