Skip to main content

A massive phone farm manipulates online metrics

‘’A phone farm is a collection of multiple smartphones used simultaneously to generate income through various apps and services, such as watching ads, completing surveys, or mining cryptocurrency.’’
Back in October, word started making the rounds of an AI startup called Doublespeed. Backed by venture capital firm Andreessen Horowitz, Doublespeed offers customers a unique service: access to a massive phone farm that could be used to operate hundreds of AI-generated social media accounts.
Now, 404 Media reports in an explosive scoop that Doublespeed has been hacked. This wasn’t just one account associated with the startup, but the entire backend used to manage its phone farm — so it provides an extraordinary glimpse at how the service is actually being used to manipulate social media at scale.
Speaking to 404 on condition of anonymity, the hacker said they can “see the phones in use, which manager [computers controlling the phones] they had, which TikTok accounts they were assigned, proxies in use (and their passwords), and pending tasks. As well as the link to control devices for each manager.”
The hacker also shared a list of over 400 TikTok accounts operated by Doublespeed’s phone farm, about half of which were actively promoting products. Most of them, the publication reports, did so without disclosing that the posts were ads  a direct violation of TikTok’s terms of use, not to mention the Federal Trade Commission’s digital advertising regulations.
While undisclosed ads might seem like small potatoes in the grand scheme of things, the speak to a bleak trend. Not only is Doublespeed a possible breeding ground for disinformation campaigns or financial scams, but they seem to be getting away with their phone farm operation without any pushback from TikTok.
Doublespeed’s TikTok accounts ran a gamut of different cons, promoting language learning apps, supplements, massage products, dating apps and more. One account, operating under the unambiguously human-sounding name of Chloe Davis, had uploaded some 200 posts featuring an AI-generated woman hawking a massage roller for a company called Vibit, 404 reported.
Though the hacker says he reported the vulnerability to Doublespeed on October 31, he notes that he still had access to the company’s back end as recently as today.
So far, Doublespeed is only active on TikTok, though it has plans to expand to Instagram, Reddit, and X-formerly-Twitter. When it does, it seems all bets are off with social media engagement, and all the influence it entails, being relegated to the highest bidder.

Labels:

Popular posts from this blog

ChatGPT-5 Is Powerful and Fast, But It Can’t Replace Software Engineers!

  As someone who’s been following tech closely for over a decade, I’ve seen countless innovations come and go but few have stirred as much excitement and debate as ChatGPT. ChatGPT has developed, and launch ChatGPT 5, it genuinely seems that the enhancements have significantly slowed down. Previous iterations led to significant advancements in AI capabilities, particularly in assisting with coding. However, the enhancements now seem minor and somewhat gradual. It feels as though we’re experiencing diminishing returns in the extent to which these models improve at truly substituting real coding tasks. The vast majority of people say that AI is going to replace software engineers very soon. Yes, AI can perform simple activities and support routine activities, but where there are intricate things like planning the system, tackling more challenging problems, grasping actual business needs, and collaboration with others, it hasn't been able to catch up yet. T hese require creativity...
Read more

Instagram Security Risk

Recently, attackers took over high-profile Instagram accounts, including the official Obama’s White House account and a United States Space Force chief officer. The attacker didn't break any Instagram code or crack passwords. They convinced Meta's own AI support chatbot to hand over the accounts. Meta uses an AI-powered support chatbot to help users recover locked accounts, change recovery emails, and handle account issues. The chatbot is trained to verify identity through questions and decide whether a request looks legitimate. Attackers figured out how to manipulate that decision making process. Video Credit-  x.com/chetaslua The attack consists of four main steps. Step 1: The attacker contacts Meta's AI support chatbot claiming to be the legitimate owner of a target account. They simply use Instagram's help interface and start an account recovery conversation. For high-profile targets, attackers use publicly available information such as display names, profile bios, ...
Read more

A Simple PDF Tool Outpaced Giants by doing the basics faster, cleaner, and better than anyone else.

  I am going to break down the story of a tool that I'm willing to bet you've used, but whose incredible business journey you probably know nothing about. Honestly, this is a master class for any founder looking to build something valuable from scratch. I am calling it the Bootstrapper’s Playbook. A Wild Reality Check Let’s just start with a wild fact. There's a website out there, a deceptively simple one, that in places like India pulls in more traffic than Amazon. I'm serious. Millions and millions of people rely on it every single day. Any guesses? It's iLovePDF. If you've ever needed to quickly merge, split, or compress a PDF file, you've almost definitely landed on this site. But what most people have no idea about is how this massive global platform was built. And that is where the real story begins. Born from Frustration So, let's go all the way back to the beginning. Because this whole thing wasn't born from some grand business plan or a fanc...
Read more