from Digital and Cyberspace Policy Program and Net Politics

Forget Saving the Post Office—I Just Need to Save My Job

A U.S. Postal Inspection Service facility is pictured near Miami International Airport REUTERS/Zach Fagenson

It is easy for people to obfuscate their identity online and even falsify metrics, like page views. The U.S. government needs to develop a system to verify that people online are who they claim to be.

January 23, 2020

A U.S. Postal Inspection Service facility is pictured near Miami International Airport REUTERS/Zach Fagenson
Blog Post
Blog posts represent the views of CFR fellows and staff and not those of CFR, which takes no institutional positions.
Tweet promoting the report

Nobody read the innovation memorandum I wrote last June on Solving the Identity-Protection Problem by Bringing the Post Office Into the Digital Age. Maybe it was the timing, right before the Fourth of July. Maybe it was the content. Maybe I didn’t do enough to promote it on social media. No matter the cause, I owed the powers that be an impact report, and my numbers did not look good.

As of December, the piece had only generated 1,421 page views. Of these, a quarter came from Google searches (most of these were likely from me trying to find the URL to send to people to beg them to read it). Only about two hundred page views came from organic sharing on Twitter, the gold standard for engagement at the dawning of a new decade.

More on:

Digital Policy

With my performance review coming up, I did the only thing I could think to do and re-tweeted the report out. I then bought hundreds of bots to read it.

The online identity problem, the problem that the memorandum in question was written to address, is as old as the internet itself. Peter Steiner’s “On the Internet, nobody knows you’re a dog” cartoon was published in 1993. As the Washington Post noted on the twentieth anniversary of publication in 2013, the joke rang as true then as it did two decades before. Yet, almost a further decade on we appear to be forgetting this adage and are building much of the modern economy on the belief that there are real people out there reading these words, engaging with content, and, of course, clicking on ads.

In my case, I nearly tripled my “readership” for $29. I didn’t need to go on the dark web. I didn’t need to build my own botnet. I just picked one out of the hundreds of service offerings from Buy Traffic Guide.

Through a slick user interface, I selected the options I wanted from a series of adjustable bars. I wanted a lot of the traffic to come through Twitter, but I wanted a natural mix of Google searches and other avenues to the page as well. Since I’m trying to influence policy, not entertain, I wanted the bots to really interact with the material, scrolling down at a medium pace and lingering on the page for a few minutes. For bonus points, I thought it would be nice if the bots then got intrigued enough that they clicked through to other Council on Foreign Relations content.

Of course, you may have guessed that I disclosed what I was doing to CFR before I did it. (Note to finance: what is the appropriate account code for reimbursement? Also, there is no currency choice for bitcoin.) Together, we watched as my numbers shot up.

More on:

Digital Policy

Over four days, I doubled the number of page views. The bots didn’t DDoS the page. They slipped quietly past CFR’s gauntlet of security tools and then did everything the traffic supplier had promised to do.

What should be the takeaways from this fun little experiment? First, don’t put too much weight into online engagement metrics. The advertising world has already made this mistake, with $108 billion annually being spent on online ads on the premise that the users viewing and clicking on ads are real people. A good portion of them aren’t. The rest of us, including publishers of content and investors who rely on website and app engagement for making investment decisions, shouldn’t assume that these numbers are real.

Second, the tools for engaging in this form of fraud have been democratized. If a policy wonk like me can up his numbers, anyone can. My job (probably) does not actually depend on the number of page views I get, but a lot of people’s jobs and a lot of companies’ contracts do. If you’ve hired someone based on these metrics, there is a good chance that the organic engagement you paid them to generate is just a bunch of bots. Even if you aren’t placing ads on your site, you probably need to have the same kind of fraud prevention that ad publishers do.

Finally, it should be clear that the U.S. government needs to develop a system where Americans can trust that people online are authentic for some purposes and anonymous for others. I believe I wrote an innovation memorandum about that...

Creative Commons
Creative Commons: Some rights reserved.
This work is licensed under Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0) License.
View License Detail