On November 3rd, hundreds of people working to defend their companies from spam and abuse met at Facebook HQ for the second Spam Fighting @Scale conference. Once again, it was clear that this community was happy to connect with one another, meet people doing similar work, and hear more about what other companies do to solve common spam and abuse problems.
The event featured talks from experts representing Airbnb, Facebook, LinkedIn, Netflix, Snapchat, UC San Diego, and WhatsApp. Across the talks, a number of key points emerged:
- Effective measurement is critical to making progress and reducing the impact of spam on online services. User feedback is a relatively straightforward way to measure spam, and more elaborate solutions like weighted sampling can provide better estimates.
- Spam fighting is primarily seen as an engineering problem by technology companies, but going through the payment providers used by spammers can also be a productive strategy.
- The security field often emphasizes perfect, academic solutions. In the world of spam fighting, though, defenses that aren't perfect can still be acceptable, as long as they raise the costs for spammers enough to deter abuse.
- Fake accounts are a common vector of abuse across multiple platforms.
- Clustering is a powerful tool to detect abuse, whether it appears in the form of accounts, images, or text.
- Aligning incentives between anti-spam teams and surrounding functions at a company can yield more powerful results.
- It is possible to fight spam effectively without having access to content, making it possible to support end-to-end encrypted platforms and still combat abuse.
Videos of the talks that were recorded during the event are available below.
Welcome to Spam Fighting @Scale
Vlad Gorelik, an engineering manager at Facebook, kicked off the event describing his work supporting teams that work on fighting spam and related issues. He discussed how spam-fighting techniques and approaches are similar across different products and technologies, and pointed out that anti-spam teams face a difficult challenge that is adversarial and asymmetric. Finally, he reiterated Facebook's commitment to sharing spam-fighting technology, and called all companies present to find new ways to collaborate and share information that can help everyone get rid of spam more systematically.
How to Utilize User-Generated Feedback to Fight Spam
Wendy Roberts and Josh Krivoshein are data scientists on Facebook's Protect and Care team and focus on better understanding spam and abuse on Facebook. They started this first talk by describing what spam can look like on Facebook. Then, they introduced different ways user feedback can be useful in helping to measure spam, including answering the question, “How much spam is there?”
Defending Netflix and its Members from Abuse
In his talk, Jason Chan, who works on Netflix's security team, presented the unique challenges Netflix faces around account takeover and payments fraud. He also covered techniques for understanding and disrupting the financial motivations and methods bad actors use to monetize abuse.
Using Weighted Sampling to Understand the Prevalence of Spam
David Radburn-Smith, a data scientist on Facebook's Protect and Care team, and Emanuel Strauss, a software engineer on the Business Integrity team, presented their work on weighted sampling and how they used this technique to deepen the understanding of Facebook's measurements of spam.
The Economics of Modern Spam
Kirill Levchenko, a researcher at UC San Diego, presented his work on how spammers monetize and alternatives to engineering solutions for fighting spam. Specifically, he pointed out that payments providers are the weakest link in the chain of services used by spammers to make their operations profitable, and he explained how they could be disrupted. Indeed, technology companies often treat spam detection as an engineering problem, while Kirill said it was possible to achieve great impact by “following the money.”
Measuring Performance of Fake Account Detection and Remediation
H. Kerem Cevahir, a software engineer on Facebook's Site Integrity team, shared his extensive experience on keeping fake accounts off of Facebook. He explained ways to measure abuse related to fake accounts, and introduced a hierarchy of priorities to keep in mind when working on fake accounts: Focus on precision, then remediation, and then detection.
Finding Clusters of Fake Accounts at Scale
In this talk, Jenelle Bray and David Freeman, from the security data science team at LinkedIn, presented their work on detecting fake accounts through clustering. They explained how to make clusters of related accounts and how to classify these clusters. They also explained tradeoffs between online and offline clustering.
How WhatsApp Reduced Spam while Launching End-to-End Encryption
WhatsApp went through two major projects recently as a company: Completing end-to-end encryption, while also ramping up anti-spam efforts. Observers familiar with spam fighting might worry that end-to-end encryption – by making content inaccessible to spam fighters – would make the task a lot harder. Matt Jones, a software engineer at WhatsApp, proved otherwise by explaining how it is possible to fight spam successfully without ever accessing content shared on the platform.
Detecting Fake Inventory on Airbnb
Airbnb is built on trust, according to Dmitry Alexeenko, engineering manager, and Angie Huang, software engineer, but bad actors can break this trust. Dmitry and Angie went over the measures Airbnb took to detect fake inventory on their platform and touched on several techniques, from machine learning to image similarity.
Anti-Spam by Design: Building a Company of Spam-Fighters
Guy Mordecai, a product manager for spam at Facebook, closed the event by explaining how spam-fighting efforts at technology companies can be connected to a company's larger goals. He shared both technical and organizational solutions to help make this happen and better align incentives between product teams and anti-spam teams for greater impact.