Furthermore, as all messages pass through it, the bot can
eavesdrop on the communication, and it can inﬂuence the
conversation by dropping, inserting, or modifying mes-sages. We assert that if links (or questions) are inserted
into such a conversation, they will seem to originate from
a human user. Hence, the click (or response) probability
will be higher than in artiﬁcial conversation approaches.
Our prototype, Honeybot, implements the attack out-lined above. In the following, we examine each compo-
nent of Honeybot in more detail.
To initiate a new conversation, Honeybot contacts userswhen they join the channel by sending a message suchas
hello, wanna chat?
. Replies to this
message are forwarded to a second user chosen at random
from the entire channel population
ceived from that correspondent user after 180s, Honeybotmarks this user as unresponsive and contacts another user
with a new
During the conversation, Honeybot normally forwards allmessages between the users. It replaces nicknames in the
messages as given in the example:Alice
Hi, I’m Alice
Hi, I’m bot
Honeybot is capable of modifying the perceived gender
of the users talking to each other. This feature is usefulto form more matching pairs on channels with an unbal-
anced gender distribution. The algorithm replaces words
, and various body parts with thecorresponding word of the opposite sex using a transla-tion dictionary that contains the 60 most essential words
observed during our test conversations:Emil
I’m a gentleman, you know.
I’m a lady, you know.
The algorithm does not replace names, and we haveimplemented it for English text only. Modiﬁcation of
languages such as French or Italian requires a deeper un-derstanding of the grammatical structure of the sentence.
To determine whether the gender change algorithmshall be applied, Honeybot attempts to infer the gender
from each user’s nickname: We observed that many nick-names have the structure
bot ﬁrst splits the nickname into its components:
. Then each component is com-
pared with a list of male and female ﬁrst names and with
Excluded are users marked as unresponsive, as blacklisted, or users
with administrative priviledges.
a list of typical male or female words such as
. A limitation of this algorithm is that it will incorrectly
, and it cannot infer a gender from
terms that have connotations, such as
To carry out the actual attack, Honeybot can send a link or a question to one of the two users. Link attacks are
triggered in three different ways:
Honeybot can automatically reply to
keywords found in messages. For instance, conversations
on dating channels often begin with the
(which stands for
age, sex, location
Alternatively, Honeybot can randomlyinsert a new message with a link into the conversation.To make this look more natural, Honeybot requires both
users to have exchanged a minimum number of real mes-sages before inserting artiﬁcial messages. The text in the
inserted message is generic as Honeybot has no knowl-
edge of the current topic.
If one of the users sends a messagecontaining a link, Honeybot can replace that link with its
own one. This method looks the most natural, because
the message has been written by a human for the current
context, and the recipient may be expecting a link.
To make the users talk about a certain topic, Honeybot
can insert probing
into the conversation. Asfor the random link messages, we require both users to
have exchanged a certain number of messages beforehand.Honeybot also uses this facility to incite users to exchangelinks:
can u send me a pic?
what is your favorite youtube
During our tests, we observed a varying degree of spamon all channels. Honeybot must not forward spam be-
cause we do not want Honeybot to be wrongly accused of spamming (and be banned). As an anti-spambot heuristic,
Honeybot permanently blacklists a user if the ﬁrst threeprivate messages sent by that user contain links, emailaddresses or channel advertisements, or if that user is
kicked out of the channel.
Additionally, Honeybot sanitises the messages ex-changed between the users based on keyword matching.
Honeybot does not forward messages that might contain
email addresses or IM contact data (keywords include
@, h0t, mail, msn
). Honeybot also generally ﬁlters mes-sages that contain a link (
) if that link is notreplaced with a bot-generated link. The goal of the lat-ter is twofold: Firstly, we would like to avoid spreadingmalware links or spam. Secondly, we prefer users not to