Courtland Allen on AI spam bots and the future of social platforms like IH

The future of social websites/communities hangs in the balance as their founders try to respond to increasingly advanced AI spam bots.

I caught up with Indie Hackers’ founder, Courtland Allen, to better understand the issue and what can be done about it.

What are you seeing in the space that makes you so sure of the problem?

Bot activity has always been a huge problem. That cheap powerful LLMs will exacerbate the problem is more of a prediction than an observation. It’s still early days. The GPT-4 API only just became publicly available this month.

But I’m already seeing it on Indie Hackers. The vast majority of spam in the past was of the egregious kind. Links to buy Viagra or hacked bank accounts, that sort of thing. But in just the last few months, that’s all been replaced by what people are calling GPT spam. Soulless, impersonal comments that are written by LLMs, not humans.

Why do people do this? What’s in it for them?

It’s a lot of work to set up a bot, connect it to a platform’s API, and try to configure it to seem authentic.

So most people taking the time to do this are financially motivated. They’re testing out an idea, or trying to grow a following, or promoting a product of theirs. Maybe all three.

Makes sense. Is this a post-GPT-4 problem?

It’s nothing new. There’s been an arms race here for years.

Amazon and Yelp are flooded with fake reviews. Twitter is flooded with bots. Email is flooded with spam, as are Reddit and most internet forums.

How do you feel about humans who use GPT to write responses (as opposed bots)?

People who are smart, clever, and careful about using LLMs to write for them will reap rewards in a variety of domains. People who make lazy and careless use of LLMs will come off as inauthentic and lose trust.

Sadly, I fear more people will do the latter than the former.

I've seen you mention verification, payments, and invites as solutions. Tell me more about verification.

Identity verification is what it sounds like. Users have to prove they’re a real person.

Of course, this doesn’t prevent them from subsequently using AI to post spam. But it does dramatically cut down on the number of fake accounts that can be created and deployed, which is a huge win because the primary advantages of automated spam are efficiency and scale.

It also disincentivizes bad behavior, since having one’s account banned is a much harsher punishment when it’s the only account one can create.

Sure. What about payments?

Fighting spammers is akin to playing whack-a-mole, and the moles become a lot more reluctant to show back up after being whacked if they have to pay for the privilege to do so.

We’ve seen Twitter experimenting with this a bit in their efforts to change the meaning of a verified account from “VIP” to “paid to prove they’re real.”

And invites?

Social vouching means requiring users to vouch for each other’s reputation via invite codes.

It’s simple enough for builders to create a tree showing who was invited by who. It’s likely that the vast majority of the spammers will be invited by a tiny minority of users, so they’re easy to find and root out.

Cool, so why not do them all?

The biggest downside to all of these solutions is that they add friction to the signup process and thus slow down growth.

In the real world, we don’t mind this. For example, we ID people to make sure they belong in our schools, our nightclubs, etc. We don’t care if this adds entry friction and slows down “growth,” because we have limited physical space and don’t care about unlimited growth.

On the internet, however, many companies want their apps to grow to billions of users. So ID’ing people at the door isn’t something they like to do.

What about IH? Do you want billions of users? Is IDing people at the door an option for IH?

I want IH to grow, but new user signups isn’t our bottleneck right now. Great content is.

What we need more than anything is people who are writing good stuff, and people who are starting inspiring companies. That’s a small enough group of people that we wouldn’t be hindered by adding friction to our signup process.

If anything, that would help us.

What about fighting fire (AI) with fire (AI)?

All these new advances in AI give builders more power to fight traditional spam than ever before.

The reason is that humans are excellent spam detectors. So the closer AI gets to matching human levels of of discernment, the better it will be at detecting spam.

The base GPT-4 model is already great at doing this. I’ve been using it on Indie Hackers, and it catches traditional spam almost 100% of the time.

Nice. Problem solved?

Well, for the same reason AI is great at catching traditional spam, it’s terrible at catching GPT spam. To the extent that LLMs can tell what human writing looks like, they can also emulate human writing.

So I think the real long-term solutions for platforms will come in the form of identity verification, payment, or social vouching.

So friction is unavoidable. Ok, so which of those three have you tried?

We’ve done invite codes in the past with IH. I think we had them for most of 2022. They did an amazing job cutting down on spam. There was pretty much zero spam.

We should probably go back to requiring them.

Why’d you stop requiring invite codes if they were working so well?

We were at Stripe, and our goal was to grow. Now we’re no longer at Stripe, and our goal is to generate enough revenue to keep Indie Hackers alive.

What will happen to platforms that don’t respond?

At worst, failing to fight GPT spam will cause platforms to enter a death spiral and collapse.

Pretty doom-and-gloom. Why?

On the surface, GPT spam seems better than normal spam, because it often includes helpful content and is rarely offensive. But it’s actually quite dangerous.

At least traditional automated spam can easily be differentiated from authentic content. GPT spam is close enough to human that readers find themselves questioning whether it really is human. Which causes them to begin questioning how much other seemingly-legitimate content posted on a platform is human.

When users begin questioning an entire platform, they lose trust and stop participating. Since the value of a social network is proportional to the amount of engagement, this can easily create a death spiral if it’s not addressed.

Man, I’d be so frustrated by this if I were you.

No, I think it’s inevitable that new technological advances will cause problems.

When you invent the ship, you invent the shipwreck. But the world likes ships, and it doesn’t like shipwrecks, so it will adapt in a positive direction over time. And the people fixing the shipwrecks will probably create businesses to do so, and make a lot of money in the process.

Problems always create opportunities.

Quite the optimist. So can you actually resolve this or will you just end up making the bots smarter?

The bots are going to get smarter whether I do anything or not.

Subscribe for more founder interviews, roundtables, case studies, and tips from people who are in the thick of it. 🪤

The Boot's Trap 🪤

Learn from indie hackers who are in the thick of it

Subscribe