High 99% feedback, large numbers marked as sold.
Ok contacting the seller saying I got refurbished drive with the reported drive stats I got abusive phone calls saying they have my address, they don’t sell fakes, they are going to come to my house and teach me a lesson calling the drive fakes. Turned out the registered address was 2000 km away at some random suburban residential address, the person on the phone had broken English phoning from a Thai phone number so I wasn’t to worried about that and laughed it off and said good luck.
I contacted eBay, left a poor review saying received fake goods, got threats of violence from the seller. eBay refunded my money and a week later my review was removed for the seller to continue scamming customers which must be many by the items sold and number of reviews.
I ignore positive reviews now. They are curated so not worth any substance if bad reviews get removed.
So it's not that surprising that they allow it on their platform.
This is also a reminder it's good that I don't give my phone number to anyone on ebay.
Next day delivery.. you pay, it ships, then delivery estimate gets an "oops you're delivery had a problem and has been rescheduled for 6 weeks in the future".
Can't refund as it has been shipped, and the original listing disappears after a couple of days "listing not found", so no feedback possible either.
You'd think that a consistent customer would be worth more than $30, but apparently not to Amazon. They wouldn't make it right so I shop elsewhere now.
If you have prime, talk to customer support until you get the answer you want to hear. In general, they have been extremely supportive of all the various issues I've run across, but then again, I buy a lot of stuff from there.
I had found someone else scammed by the same seller and I was annoyed enough to go to the police. The police called it a civil matter and refused to do anything. Obviously I didn’t have the seller’s real name so I couldn’t pursue that angle. I saw from another Facebook account that the seller is still hawking counterfeit goods. So, I guess that’s effectively legal.
You're a "little guy". You're not "business", "landlord", or government".. So your actual rights don't matter.
Put it differently, the very pigs who are hired to do "law and order" explicitly told you that your rights don't matter.
After exchanging several emails with the seller, it was clear that he believed that as long as he gave refunds when people sent everything back to him in mint condition, he had done nothing wrong and did not deserve to have his reputation damaged. The problem with that, obviously, is that he wasted the time of dozens/hundreds of people, and defrauded people who did not notice the item was counterfeit. (People only got refunds if they noticed and requested; they were not automatically told they could get one, as an honest seller would have done.)
Under the current system, sellers face little incentive to make sure they aren't unwittingly acting as a fence for stolen/counterfeit good. Without reputational hits, they only have to reimburse buyers for the purchase price, not for the time wasted, and many/most buyers won't bother to return it anyways.
In the end, you end up with similar spam filter methods as we also have for mails and probably as other social networks have as well. But this is far from simple. I don't think having a huge number of hand-crafted heuristics is really a good solution. I think it should be machine learning model which you train and it does it all automatically without too much false positives (and also not too much false negatives).
I'm not saying that we should give up on the idea of anonymity on the internet, at least not completely. But real humans have to put something at stake when they use space on any part of the internet that other humans should care about.
I can't help but note that neither of us attach our real identity to our participation here.
I think a better solution might be structural. In this GitHub example, why can someone tag people who they're not collaborating with to begin with? Why are identities so easily discoverable and contactable? The value seems to far outweigh the risk.
I think this is attacking the problem from the wrong end. This is just increasing the penalty for spamming. (Real reputational damage.)
Why not shift the other end—increase the difficulty of spamming in the first place.
Could be as simple as charging for account creation (even if just a deposit that’s refunded after some amount of non-spam activity).
But without getting into all the baggage payments bring—don’t allow people to ping others until they’ve reached a certain “reputation” by hitting some threshold of non-spam activity? Rate limit how many people you can ping based on reputation? Limit to only users associated with the repo you’re making the MR on? Rate limit how quickly you can create MRs and comments based on reputation?
Seems like there are a lot of levers to pull here that could curtail the problem without jumping straight to tying accounts to real life IDs.
There was a time when abuse@<isp-domain.tld> emails were honored and administrators actually took notice of what came in, but these days are long since gone - ISPs simply don't want to spend the money, and so the cost of abuse is externalized to society at large.
ETA: Also, a fix would be to have a human with more than ten seconds time take a look at even 1% of spam reports. Spammers are lazy, they always use the same template, so if you have a human actually looking into the template and then routing every match to /dev/null, it's far more effective. Like... I can do this on Twitter for every new variation of some scam, why can't Twitter do it on its own?!
Deciding what is or isn't a "scam" is really a job for the independent judiciary. But getting a ruling is difficult and time-consuming, and also largely pointless because a new website can be created almost instantly, and there are many foreign ISPs where you can't get a ruling at all.
I don't really disagree with your basic premise that "disconnecting the bad actors' ISPs from the Internet" is the ideal solution, but this is far more difficult than your comment implies – almost impossible with how the internet currently works.
Or we build those tools ourselves and let the platforms be dumb pipes which we selectively slurp from.
The days of trusted-by-default banned-selectively are ending. It's dark forest time.
On the other hand, I don't think posting the same spam nearly 1k times in 24 hours shouldn't raise some sort of alarm. 1 manual take down of a spam by a human should trigger a search (or have an option) to trigger a search through recent comments to see ones that are close. If I can search their whole site in 3 seconds they should have some sort of system that looks for 95% simular comments.
Seems simple but I am sure it's actually much much harder and has caveats and gotchas along the way as it scales.
Maybe think harder and don't avoid a certain tech that is in a bubble and may soon be sued out of existence.
I do agree, github and other places that allow user generated content need to do a better job. I have more bots than humans following on twitter (and I have thousands of followers), for example, however trying to say "AI CAN FIX IT" won't win you any favors.
FYI I have a suggestion, maybe spin up said AI model on AWS and try scanning all the comments/issues github receives in a day. When even Microsoft can't pay your bill, you'll see why they do not yet use AI for that...though I'm sure they will try eventually.
The other issue I have with this particular GitHub spam is the notifications persist even after the spam has been removed. You get notified and subscribed to some random thread because you were previously tagged in it.
After GH removes the spam (which is currently too slow) they should also retract any notifications or subscriptions that were made as a result of the spam comment.
You can disable email notifications, you cannot disable the notifications model .
Google ( and most others) has been able to keep spam classifed long before transformers were even introduced with mostly Bayesian filters.
Not saying it can or can’t be solved with transformers, just that could do it with lower cost(computational) older methods just as easily .
As someone flagged me, I'd like to know how well current filters catch LLM-generated spam? By hypothesis, not well, especially given that you can always run a LLM output through f(g(h(...))).
Most spam is advertisement for something to make you click, In the 90s and 00's in the early days of email, it was things like Viagra etc, today it is "coin drops" and crypto related things.
Naive Bayesian filtering is a just a matter of training on the probability of such words in regular issue/PR/discussion comment threads and assigning a probability for the post and flagging it when crossing a threshold
In the case of Github, they would probably refine and improve this by adjusting the weights for different topics.
There is a good chance they already do this, and it just that the sensitivity for crypto scam words is set too low in crypto related projects as they would be probably used more by real people as well, and that is why OP noticed this as issue and rest of us rarely see much spam in Github.
You could add reputation for the user globally and with respect to the project (akin to ESP reputation) and many other refinements in addition to Bayesian filtering.
[1] Nigerian prince emails are written in poor English for a reason for example. You could bypass a filter yes, but people are far less likely fall for such evolved language defeating the purpose of sending spam in the first place.
Though you will need to post-process the response because it says the usual blah blah blah ${number} blah blah reason blah.
But btw now you can enforce function calling and json responses
Using OpenAI GPT-4, sure. On the other hand, running a small, fine-tuned LLM shouldn't be that resource intensive.
It may not be any better than the current generation of spam detection, but it will not require rule updates, at least not that frequently.
I have a different problems - Github's notification settings are far too coarse, and if you're either subscribed to lot of repos, or have a lot of actions happening on those repos the flood of email messages you get on every comment or action a person or a CI process takes is just unmanageable.
All I want is "If someone (ie, not a bot) specifically tags me on a PR where the CI is passing, send email once". This granularity unfortunately doesn't seem to be possible - that said, I would love to be wrong about this.
I ended up turning off Github's email notifications for this reason, as the signal to noise is horrible.
There was a thread about six months ago mentioned that they get @'ed constantly by mistake. They had a funny attitude towards it, though. They said they always enjoy getting to see what everyone else is working on and didn't mind the notifications.
If anyone remembers what I'm talking about, let me know because now I'm so curious about this username I can't remember.
I work for a fairly large org with lots of Github repos which I occasionally contribute to and there seems to be no way to configure emails alerts in a manageable way – I must either get an email for everything or ignore everything. And ignoring everything is obviously preferable when the signal to noise is this bad.
There's also not a bulk method anywhere (that I can find) in Github that can deal with unsubscribing or changing settings on many repos at the same time.
Binance is in legal trouble with the SEC right now.[1] Send this to the SEC lawyers going after Binance. You can find out who they are from SEC litigation announcements. If Binance can identify someone else to blame, they have a big incentive to do the work.
[1] https://www.reuters.com/legal/binance-heads-court-seeking-di...
However, crypto has become such a menace to society that it's time that governments do something about it, if they even can at this point.
One person's menace is another person's salvation :)
There's the legal concept of an implicit or implied conspiracy. Usually comes up in antitrust law, where sellers raise prices at about the same time without actually getting together to talk about it.[1][2] It's a difficult area of law.
[1] https://scholarship.law.wm.edu/cgi/viewcontent.cgi?article=2...
[2] https://scholarship.law.duke.edu/cgi/viewcontent.cgi?article...
Another thing, men, please, PLEASE, stop falling for these scams. No, beautiful women will not message you at random and show interest in you. Even unattractive ones won't. Please stop falling for these scams. Tell everyone you know to stop falling for these. If a random woman messages you to meet for sex, it's a scam. Do not fall for it, it will seem real and authentic, it's not. If you send nudes they will extort you out of money.
definitely not always a scam haha
Women like sex, just as much as men (if not more so). Sure not every popup about “hot singles in your area” is legit, but women on dating sites messaging you with the goal of a quick night is definitely a thing. And I’m certainly not exceptionally attractive.
Some of these are even able to fake the target URL - the Tweet Card shows them going to "starknet [.] io", but hover over the link and it will actually point to "reward - zksync [.] club". I wonder what the fuck is going on at Twitter that they're unable to spot and hammer down on this.
I mean I think fully a quarter of the community notes I see directly on things in my timeline (not people sharing screenshots of particularly funny/interesting community notes) are people putting community notes on overpriced drop shipping scammers.
The advertising situation seems completely doomed and when the CEO was picked to remedy that and the owner is in a nebulous executive role as “product owner” and simultaneously a hyper emotionally invested product user (based on credible reports and the publicly verifiable behaviour)… what can she really do besides do a good enough job for long enough that it won’t seem weird when she quits/takes another position.
Thanks to LLMs, the spam issue will get even worse on Github.
I think we'll quickly develop NLP/LLM filters for this. And while that may lead to an arms race, we'll likely simultaneously develop distributed systems for credibility attestation.
We already rely on professional networks. We'll just grow all the more robust and capable along these lines.
I'm actually extremely excited for automated systems that increase the signal. We've been in a noise trough for a while, and now we have means of filtering it.
Edit: I don't necessarily refer to anything cryptocurrency related. We can build distributed networks of trust like the semantic web tried with PGP and FOAF, though I'm sure there are valuable tools and lessons we can borrow from the crypto folks' algorithms and research.
Thought I would get creative and add comments to one of my existing reports of the other 10 or so spam accounts. The tickets were closed and only the main account was deleted - not the others mentioned in the ticket.
So I gave up.
For example, every legitimate user of my open source project is probably fine with paying $1 to file an issue report. So I'd like to have a user setting that says "don't let anyone contact me unless they pay for it".
But they are involved in cryptocurrency stuff. I guess that's why they were tagged in these threads.
I think this says more about crypto grift than anything else. It's not "GitHub spam" so much as "cryptocurrency spam".
Or: "cryptocurrency and associated grift and scams makes everything worse, part 151"
