Season 8 Episode 3 Apr 28, 2022

Elon Musk’s Twitter Takeover, Security Vulnerabilities in Web3, and Experimenting With the TikTok Algorithm

Pitch

Will Twitter users actually vote with their feet?

Description

In this episode, we talk about Elon Musk’s Twitter takeover and the Twitter storm it created, especially amongst Twitter employees. Then we speak with Dipanjan Das, system security researcher at UC Santa Barbara, about various large scale hacks in the blockchain space, and how companies and individuals can better protect themselves in the growing Web3 space. Finally, we speak with senior software engineer and popular Tiktoker feleciaforthewin, about how she experimented with the TikTok algorithm and ended up gaining over 300-thousand followers.

Hosts

Saron Yitbarek

Disco - Founder

Saron Yitbarek is the founder of Disco, host of the CodeNewbie podcast, and co-host of the base.cs podcast.

Josh Puetz

Forem - Principal Engineer

Josh Puetz is Principal Software Engineer at Forem.

Guests

Dipanjan Das

University of California, Santa Barbara - System Security Researcher

Dipanjan Das is a PhD student in the SecLab at University of California, Santa Barbara. His current research focuses on different aspects of cryptoeconomics, with an emphasis on the security of blockchain and smart contracts. He also has a strong passion to develop automated vulnerability analysis techniques for low-level systems like operating system kernel, IoT devices, and Android.

Felecia Dunmore (feleciaforthewin)

Capital One - Former Senior Software Engineer

Felecia Dunmore is a software engineer, designer, and content creator with keen interests in social constructionism, sociology, philosophy, and technology. The aim of her content is to deliver awe-inspiring stories that cause us to have a deeper understanding of the society we live in.

Show Notes

Audio file size

52927853

Duration

00:55:08

Transcript

[00:00:10] SY: Welcome to DevNews, the news show for developers by developers, where we cover the latest in the world of tech. I’m Saron Yitbarek, Founder of Disco.

 

[00:00:19] JP: And I’m Josh Puetz, Principal Engineer at Forem.

 

[00:00:21] SY: This week, we’re talking about Elon Musk’s Twitter takeover and the Twitter storm it created, especially amongst Twitter employees.

 

[00:00:29] JP: Then we speak with Dipanjan Das, System Security Researcher at UC Santa Barbara, about various large scale hacks in the blockchain space and how companies and individuals can better protect themselves in the growing Web3 space.

 

[00:00:42] DD: I think it’s a lot more complicated because their protocols are very complicated and it’s not always possible to have every single part of the protocol audited.

 

[00:00:54] SY: Finally, we speak with Senior Software Engineer and popular TikToker, Felecia For The Win, about how she’s experimented with the TikTok algorithm and ended up gaining over 300,000 followers in a matter of months.

 

[00:01:07] FC: Every day I would post these 10 videos. And then the day after that, I would look back on the videos from the previous day and I would see which videos get the best.

 

[00:01:22] SY: So here we are again, talking about Elon Musk.

 

[00:01:27] JP: Deep exhale everyone.

 

[00:01:29] SY: I got to say I thought we had more time. I really did.

 

[00:01:31] JP: Yeah.

 

[00:01:32] SY: Okay. So you might remember that we started this season with news that blew up on April 4th about Elon Musk buying a 9.2% stake in Twitter, becoming the company’s largest shareholder, and then flip-flopping on his decision to join Twitter’s board of directors. For more information about the chaos surrounding that, definitely listen to Episode 1 of the season if you haven’t already. We mentioned in that episode that Musk has reportedly agreed not to purchase 14.9% of shares or take over the company if he were to become a part of the board of directors. But once he decided not to join the board, that limitation was gone. Instead, on Monday, April 25th, he took over the entire company.

 

[00:02:19] JP: Twist!

 

[00:02:21] SY: For $44 billion. Shareholders will receive 54 dollars and 20 cents in cash per share and Twitter will become a privately held company. In a statement about the purchase, Musk said, “Free speech is the bedrock of a functioning democracy and Twitter is the digital town square where matters vital to the future of humanity are debated.” Okay. So I just want to pause.

 

[00:02:49] JP: It’s not the Algonquin Round Table, like, come on.

 

[00:02:55] SY: Okay. So I have loosely followed Musk’s journey. And I don’t know what your takeaway has been when you kind of put together his career over the years. But I kind of always felt like Musk had given up on earth. You know what I mean? You know the whole like theory of, “Oh, we need, the whole like hyper loop borrowing company,” of like, “Well, on Mars, we got to build tunnels. We got to get rocket ships to get to Mars.” My whole thing is like, “Musk really doesn’t care about humanity on earth.” Like, “He’s really into this whole Mars thing.” So for me, I was like, “Wait, you care about our functioning democracy of today?” I was very surprised. Is it a toy?

 

[00:03:45] JP: Is it a new toy? Exactly. Is it a new toy? Yeah. I do agree with you though. I was like, “I thought we’re going to Mars and now…” That is the ultimate tweet thing. Don’t actually go to Mars. Just talk about it.

 

[00:03:59] SY: Yes. Just Mars thought leadership, that’s what we’re here for. So if Twitter employees weren’t already stressed and overwhelmed after the whole flip-flopping and joining the board and not joining the board, they certainly are stressed and overwhelmed now. Twitter blew up with the news on Monday with everyone throwing out their own take on what this means for the platform. And Twitter employees were kind of caught in the middle. Jennifer Wilson, Head of Curation Standards at Twitter tweeted, “I have no answers, but it’s a good time for a reminder that there are real people who work at Twitter and are navigating a lot of uncertainty right now.” Chloe Barnes, who’s also on the Curation Team, wrote, “Totally understand that this is entertainment for some, but please know that this is certainly not entertainment for me.” And then we have Ahmet Alp Balkan, Staff Software Engineer at Twitter, who tweeted, “I probably despise Elon way more than most of you here, yet I think it’ll be a good chance for the company to refresh itself. Users of this platform will vote with their feet in case he messes this up and his money will go down the drain. Y’all are still here. Counting on you.” With the… how do I explain that emoji? The hands up emoji?

 

[00:05:12] JP: The hands raise. It’s officially called the hands raised emoji.

 

[00:05:15] SY: Okay, cool. Some other tweets from various employees include the words, “I mean,” and a picture of the this is fine meme with the dog surrounded by fire, but with the Twitter logo plastered on instead. Another tweet said, “Can someone please tell me whether I’m rich or I’m fired?” Another one writes, “I am the joker now.” One employee tweeted, “Is it too early for wine?” Another one, “Thank goodness, it’s Derby Season and the bourbon is well-stocked.” And another one wrote, “How am I supposed to live, laugh, love under these conditions?”

 

[00:05:50] JP: And to be clear, these are all Twitter employees.

 

[00:05:52] SY: These are all Twitter employees.

 

[00:05:52] JP: That’s mind-blowing to me. Yes.

 

[00:05:55] SY: And I really appreciate that they’re taking it with a bit of humor. Sounds like a healthy coping mechanism. So kudos to them. So the big question is how might Musk’s Twitter takeover affect the platform? That’s the big question. And we can look at some of the past things he said to get a sense of where his mind might be. He talked about how people who pay and subscribe to Twitter Blue should all be verified and not have any ads claiming, “The power of corporations to dictate policy is greatly enhanced if Twitter depends on advertising money to survive.” So I find this focus on Twitter Blue to be interesting. What? I never actually used Twitter Blue. Like I kind of know about it. I kind of forget about it, frankly, like every once in a while.

 

[00:06:41] JP: I think everyone else did, too, right?

 

[00:06:43] SY: Definitely not something that I would ever think of as like the future of Twitter or the solution to Twitter’s problems. And it feels like Elon Musk has spent a good amount of time, just kind of focusing on Twitter Blue. What’s your take on Twitter Blue?

 

[00:06:56] JP: Okay. So my take on Twitter Blue is that I don’t know who pays for it. Why would you pay for it?

 

[00:07:01] SY: Yeah.

 

[00:07:02] JP: I think what’s really interesting about him talking about Twitter Blue is a desire to pivot Twitter away from advertising revenue to feature revenue. And I can do angel/devil. I could say the angel on Musk’s shoulders says like, “This is a great thing. Now we’re like developing features. We’re getting better revenue.” My devil take on This is, “Oh, man, as long as we had advertisers for our revenue, I got to be careful what I say.” I think his thought is that he doesn’t really care if the ads are a problem for you. He cares if the ads are a problem for him and his company. And think about advertiser boycotts of other companies. If Musk starts seeing things, would advertisers boycott Twitter? And if they did in mass, you got some real problems. I mean, having said that though, I'm totally down for better features in a way to pay for them outside of advertising. What do you think about the added button? I know there’s been a lot of criticism about what that could do to a journalist's ability to bring back problematic tweets or say, like, “You said this, you said that”?

 

[00:08:13] SY: Yeah. I’ve seen over the years, people have had their own ideas of different ways to implement the edit button and kind of to do that, to me, I feel like the edit button is mostly helpful when you have like a typo, right? Like you made a typo or you forgot to include the link you said you were going to include, like something like that. And usually those are mistakes you catch within like seconds of tweeting. Right?

 

[00:08:38] JP: But somehow five people have already favorited it. What the heck? What are the people doing? I don’t have that many followers. Like, “How are you favoriting this so fast?”

 

[00:08:46] SY: Yeah, exactly. And so I feel like the edit button, as long as there is a time limit restriction, is fine. I think even 15 seconds, 30 seconds tops, is really all you need to kind of fix most people’s gripes with not being able to edit, but I don’t think that you should be able to go back in time. If there’s a tweet that embarrassed you or that you don’t like from years ago, I don’t think you should be able to edit it. I think you can always delete it if it’s that big of a problem, of course. But I don’t believe in the whole rewriting history part of things.

 

[00:09:21] JP: Yeah, I agree with that. Maybe they could show that you change it. At this point, it’s such a legendary requested feature. Part of you just hope they never do it, that they’re just like, “You know what? No, we’re never going to give it to you.”

 

[00:09:36] SY: And then most importantly, we should look at his stance on free speech, which could be considered more along the lines that everyone should be able to openly say whatever they want, but that kind of just what it feels like he’s going for. He regularly throws out some really troll-y speech on the platform. One example that really stands out to me that you might remember Josh is with the diver. He was trying to rescue the children trapped in an underwater cave and how he called that guy a pedo guy because the guy criticized Musk’s idea that he could send a mini sub to save the children. And of course, many of Musk's followers, and he has many, many diehard fans, jumped on that and also harassed the poor diver on social media. One of his more high profile trolling moments, but I think the bigger concern and this to me was like the immediate question I had when this whole thing started was Donald Trump. Twitter very famously and very bravely I think banned Donald Trump after the January 6th attack on the Capitol for using the platform to incite a riot. And I remember that moment very well and I remember thinking, “Oh, wow! They did something That’s cool.” I didn’t know which way they were going to go. They were very, very resistant to doing anything for a long time. And I personally felt really good about that decision. And now the question is, well, what happens to that then under Musk or similar situations? Right?

 

[00:11:02] JP: Yeah. I agree. I think a lot of people have mentioned that Trump being given his account back would be kind of a red line for them. It would cause them to leave the platform.

 

[00:11:12] SY: Yeah.

 

[00:11:13] JP: It’s troubling. I think the decisions the company made were sound. I can also see how people would disagree with them. And what I’m more concerned about is does Musk get free reign to change those? I can’t imagine working at a company where I had spent a lot of time working in one of these trust teams and to have a new owner come in and just say, “Nope, it’s not all going to happen.” I mean, I would imagine huge parts of Twitter would leave. I imagined it would be even harder to hire than it probably has been this week. They said they were on a hiring freeze, but it’s like, “Okay, come on.”

 

[00:11:48] SY: Was that a choice?

 

[00:11:50] JP: I think those will have really big ripple effects on Twitter and its use in society. And I don’t trust that the person that would make those decisions has thought about those implications.

 

[00:12:04] SY: Yeah. His latest comment on what he means by free speech came as a tweet that read, “By free speech, I simply mean that which matches the law. I am against censorship that goes far beyond the law. If people want less free speech, they will ask the government to pass laws to that effect.” Therefore, going beyond the law is contrary to the will of people.” This is the worst tweet I’ve ever read.

 

[00:12:28] JP: What? I'm sorry, but here in sixth grade, social studies class, this essay answer gets an app. This is ridiculous. What is this?

 

[00:12:43] SY: This is such a stupid…

 

[00:12:43] JP: This is a tweet. This is not like a PR statement.

 

[00:12:48] SY: There’s so many issues. First of all, it’s the classic issue of people in general just not understanding what free speech actually needs. Free speech is meant to protect you from the government. It has nothing to do with private corporations, public corporations. It has nothing to do with platforms.

 

[00:13:05] JP: Twitter is not the government, thankfulness.

 

[00:13:07] SY: Twitter is not the government.

 

[00:13:09] JP: Also, does he understand how laws are made? We don’t call into like a reality show and ask the government to pass a law.

 

[00:13:18] SY: Yeah. Yeah. I was like, “That’s not how that works.”

 

[00:13:21] JP: I mean Elon gets to ring up a senator to ask about a law being passed.

 

[00:13:25] SY: You know what? He forgot what it’s like to be a little person. This is a billionaire problem. That’s what it is. He’s just like, “I can call the SEC and just tell them how I feel today.” So I think he just assumes that we can all do that.

 

[00:13:40] JP: So this is nutballs, but the problem I think is going to be like when Twitter’s trust and safety team comes and says, “Well, we have all these things in place. Is the boss going to be like, ‘Okay, that’s cool,’ or is he going to be like, ‘No, free speech,’ and like lay them all off?” What will happen to those policies? What will happen to that team? Does that all just get blown out of the water? I guess in Musk’s mind, that would be a positive for “free speech” as he’s defining it. But I think we could all agree that would be a net negative for people’s feeling of safety and everyone feeling like they can contribute in a safe manner.

 

[00:14:19] SY: A hundred percent. Absolutely. I think that what worries me about this is if we get to a point where Elon Musk has to pick between this concept of free censorship lists speech versus the safety of community members, especially when it comes to vulnerable groups, I think he’s going to pick free speech. I don’t know if someone like him, frankly, given that he’s the richest man in the world amongst many other privileges, I don’t know if he can really appreciate the need for safety online. I don’t know if he can really appreciate or connect with or empathize with that problem. And so I feel like him being who he is, it feels like he’s just so disconnected from the reality of the average Twitter user and what a lot of people have to deal with. I do agree with Ahmet who said that users of this platform will vote with their feet. I think that there is a possibility that that might happen, but it’s kind of like how much damage needs to happen first before that happens. Right? Is it like we have multiple insurrections? And then finally, people are like, “Screw this platform.” Is that the tipping point? What is the tipping point of damage that has to happen to our democracy, to our nation, to different communities before we all get fed up and decide we’re not going to use this platform anymore, we’re going to go away? That’s really the concern to me.

 

[00:15:56] JP: Here’s a question and I’ve been thinking about the last couple of days, when people say vote with their feet, I feel like they mean you go to an alternative service.

 

[00:16:07] SY: Where’s that?

 

[00:16:09] JP: Listeners, you don’t have to write it and tell us about Mastodon. We all know about Mastodon. So let’s talk about Mastodon. Mastodon is a very distributed Twitter-ish service. It’s different in a lot of ways, the biggest way it’s different in that there are multiple Mastodon servers. It’s decentralized. You could just pick whatever one you want, sign up for it, and you could sort of talk between the instances sort of not. Do you think it’s an actual alternative?

 

[00:16:38] SY: I don’t think that what makes something a true alternative to Twitter is the future set. Right? It’s the people, it’s the network, it’s the trust. And I can’t remember how long it took them to establish that level of credibility, but I think it was the fact that back then so many people thought the idea of tweeting out your status is like the stupidest thing ever. Right? And it took a little bit of time to kind of establish itself as a true new source, as a true legitimate place for information. That took a little bit of time. And I think that trying to recreate that now, I’m not going to say it’s impossible, but it just sounds so hard. I don’t even know where to begin because cloning the tool is easy, right? I mean, that’s like a bootcamp project. It’s one of the common beginner kind of starting learning to code projects, it’s like make a Twitter clone.

 

[00:17:30] JP: Oh, startups are doing it right now as we speak. I'm sure.

 

[00:17:34] SY: So it’s not the feature set, it’s not the fact that it’s 280 characters. It is the network and the credibility and the people. I don’t know if you can buy that. I don’t know how you build that up again, but that takes a lot and I don’t see Mastodon is really competing on that front, at least not today.

 

[00:17:55] JP: Well, so this whole thing should be wrapped up in about a day or two, right?

 

[00:18:03] SY: Oh my goodness!

 

[00:18:04] JP: I’m totally kidding. I have read this will take six months-ish for the deal to close. I cannot imagine that Musk’s good friends at the Securities and Exchange Commission would have some things to say about this. I’ve read things about like now that there’s an official offer from Musk to purchase Twitter, there might be a reason for the SEC to block the sale if he starts saying disparaging things about the company he’s about to buy. There’s still plenty of legal shenanigans that could happen.

 

[00:18:34] SY: Yes, but we haven’t even touched on that part. He’s trolled Twitter so much over the years.

 

[00:18:42] JP: Oh my God! Can you imagine?

 

[00:18:43] SY: He kind of says whatever he wants. He doesn’t really seem to take it seriously as a user of Twitter. And so part of me is like, “How seriously should I take you when you’re kind of trashing the platform that you just became majority shareholder of?” It’s going to be emotional. It’s going to continue to be an emotional roller coaster.

 

[00:19:05] JP: Yes, it will be.

 

[00:19:07] SY: Coming up next, we talk about various hacks that have penetrated the blockchain space and how we might protect ourselves from web free security vulnerabilities in the future after this.

 

[MUSIC BREAK]

 

[00:19:36] SY: Here with us is Dipanjan Das, System Security Researcher at UC Santa Barbara. Thank you so much for joining us.

 

[00:19:43] DD: Thanks.

 

[00:19:44] JP: So you were the lead author on a peer reviewed article this year entitled “Understanding Security Issues in the NFT Ecosystem”. What were some of your major findings about security issues in the NFT ecosystem?

 

[00:19:58] DD: I can pinpoint a few of the ones that I think that could be risky. The first one is wash trading. This is a very common phenomenon in a few marketplaces. When someone launches a collection, then the collection gives zero visibility because there are already other players in the market. And then as a seller, what do you do? You have to have eyes looking on your NFT collection that you’ve just launched. And what you can do is you can start wash trading.

 

[00:20:27] JP: Can you explain quickly what that is?

 

[00:20:30] DD: So wash trading is basically a fake trade. So when you launch a collection, you do not have any trades on it, right? Because you are new in the market, your collection is new in the market. So you need to attract people. And how would you do that? Because there are a lot more players. There are a lot more NFTs, a lot of RFTs, and a lot of collections. So wash trading is a way to inflate the sales volume with fake trades.

 

[00:20:58] SY: Interesting.

 

[00:20:58] DD: So, you collude with like 10 other fake accounts, which are either under your control or maybe your friends and stuff. Then you ask them to, “This is my NFT and let’s just do fake trades.” I buy your stuff and you buy mine.

 

[00:21:14] JP: Ah, it’s a wash. I get it.

 

[00:21:16] DD: It’s a wash. Yes.

 

[00:21:18] SY: That makes sense.

 

[00:21:18] DD: So that’s how you will find a lot of these fake trades, which are not really trades. Maybe from your friends and peers or relatives and whatnot. But unsuspectingly, the user will think, “Oh, these are real ones.” So things like 50 people are trading on this collection, there must be something in it. So let’s buy that. So that’s how you attract users. And also there is an interesting aspect here. These NFT marketplaces have something called “Collection Verification”. So what is collection verification? There are a lot of these collections. And this verification is like a badge, a form of authenticity that your collection is legitimate. It’s not really identity verification. It is just a badge, but the way that badge helps is when you see that verified badge in collections as a buyer, you have a lot more trust because you know this collection is verified by the marketplace. So for many of the marketplaces to have your collection verified, it is necessary to have your collection go beyond a certain number of trading volumes, but you cannot generate that amount of volume as a new seller. How do you do that? Washer is the answer. I think most of them were not very popular because they were trying to be popular and most of the wash trades are being observed out of eight marketplaces, but mostly from OpenSea and Rarible, if I remember correctly. So washer is one phenomenon. Also, another thing that might be interesting is that when these NFTs are created, they are basically a hybrid entity, a part of the NFT, the record that lives on the blockchain, but a part of the NFT, the resource, the image or audio or video or whatever lives off chain. So they are really mutable. So they only generally in some web domain or they can live in something called IPFS, which is kind of persistent storage, but it’s really not. So we have found that a lot of these NFTs disappeared things that were created because either the web domain went down or simply the resource was deleted. So basically whoever purchased that NFT, basically that NFT is now pointless. There is no point of having that NFT because the resource it points out, that doesn’t exist anymore. And another thing is we found NFTs for which the resources were cached in the NFT marketplaces. What is caching here? Say you are designing a web app. To make it more responsive, you do caching. You do not solve the actual resource all the time. You scale it down and you serve a lower resolution version. That’s what many web apps do. And NFTMs or NFT marketplaces are just like any other web apps. So they do all sorts of optimizations. So there is this caching layer, which basically serves a lower resolution version of the actual NFTs. So we found NFTs for which the actual resource doesn’t exist anymore because they were living either on some big domain for which it was deleted, but the past version was still there. So basically as a benign buyer, when you do not know much about the ecosystem, you just look at the NFT marketplaces. You just see the NFT listed. You like the picture or whatever. You buy the NFT, but you do not really check whether the off chain part of the NFT exists anymore. So we found NFTs which are still in circulation, but for each, the resource part is dead. So those NFTs are pointless. And one last thing that I want to mention is the regulation part. So I think this crypto domain is very unregulated, but still, if you look at other crypto exchanges, like listed as top ones, like Coinbase, Binance, you will have some form of identity verification. So you have to submit your details to have an account on their platform, but anything marketplaces are nowhere near there. They’re completely unregulated. You just create Ethereum wallet on your computer and you can just login and buy in some NFTs. So basically that opens up a lot more opportunity for money laundering and that sort of malicious behavior.

 

[00:26:01] SY: So there have been a slew of hacks recently in the blockchain Web3 space. There was the Ethereum-based stablecoin protocol, Beanstalk exploit, where they lost around $182 million. There was the Axie Infinity NFT game hack where North Korean hackers reportedly stole $600 million. And then just the week of this recording, the Bored Ape Yacht Club, the Instagram account, one of the most famous NFT communities, was hacked and 91 NFTs worth a total of around $2.8 million were stolen. So your paper went into NFTs, but obviously there’s security vulnerabilities across the blockchain space in general. Can you go into some of the ways this space as a whole has security flaws? Is there something inherent about it that just makes it automatically less secure?

 

[00:26:57] DD: First of all, this ecosystem is evolving. And what I found is, as a researcher, while I was like diving deep in this way for ecosystem, that many of the tools and techniques that we use for traditional security analysis are not yet there. There are two links, which are not available, and there are established automated but finding techniques, which are not yet measured. So I think that is one of the reasons you see a lot of these and these days. But also these specific ads that you mentioned, some of them are like protocol specific because before the Beanstalk hack, this was related to someone taking a flash loan who bought a lot of Bean tokens, which is the governance token, then they voted a proposal, which basically transferred the money out of their wallet. So this is a protocol hack. But Axie Infinity one very surprisingly is not that complicated. It was just a private key compromise. So as a user, you interact with this ecosystem, you have to be technically very knowledgeable, I would say, because your security mostly depends on the private key you're holding. And once you have the private key compromised, it’s basically done. Game over. The hackers can steal your NFTs or whatever coins you have in your wallet. So that is an easy way to get hacked for users. But for the websites, I think it’s a lot more complicated because their protocols are very complicated and it’s not always possible to have every single part of the protocol audited. Bigger protocols are very serious about it. They get their contracts audited or verified by multiple ordering forms. But now these ordering forms will give you a guarantee that if I ordered your stuff and say that it’s correct, it’s indeed correct because it’s always a best effort approach. And many of these are like manual analysis. So they do not really scale well to the larger contracts, because if you have an automated technique, that’s easy to audit. But when you have to have people involved, then the ordering process becomes very subjective. So that is one of the issues. And initially, I would say some of the protocols were not designed with credibility in mind, but I think the reason protocols are. What I mean by operability, so this blockchain is, by design, immutable. So once you have something on it, you can’t really change it. It’s there forever. So these protocols are backed by something called smart contracts. Smart contracts are programs. So programs are written by a human and they’re likely to contain bugs. But what if a program is immutable? So basically, human, at a later date, if you discover a bug in a program, you cannot really fix it. So that was the problem in a few of these ordering protocols, but now there are ways around it. There’s something called proxy, which is basically pointed to the actual contract and you redeploy the contract and just update the process. So that’s how the fixing is done. But I think in general, if you ask what’s wrong with the ecosystem, I think for users, it’s very complicated because traditional banking and stuff, I think it’s still has someone supporting you. If you get stuck doing online banking, you have people, you can call the customer care and they can help you out. But here, you are on your own. So this is technologically involved and there’s no one there to help you out. That’s the problem for many of the users. And for protocols and websites, I think the modern day, the protocols are very complicated and they do not really lend themselves well for automated analysis. So that’s their problem.

 

[00:31:03] JP: Is there anything companies can do to better increase their security when they’re operating in this space?

 

[00:31:09] DD: Oh, yeah. There are like a lot of blockchain ordering forms and verification companies. They try to do some automated analysis. So these protocols, this Axie install and pretty much any big protocol in this space, they get their contracts audited by many of these auditing firms, possibly multiple of them. I have seen, I think, probably one of the big protocols, they have like four to five audit reports. All of them are available online. So yeah, people are trying, but I guess we are not yet there.

 

[00:31:47] SY: So when it comes to developers or even non-technical people who are interested in getting in the Web3 space or are already in this world, what can we do to better protect ourselves, especially given the ever increasing interest in Web3 technologies?

 

[00:32:03] DD: The answer to this question very much depends on the protocol itself. So for users, there is at least one easy fix. So use hardware wallet. Hardware wallets are like hardware devices, which store your private key. So normally most of the users use wave wallets like MetaMask, which are browser-based wallets. So your private key, which is the most essential part for you to interact with the ecosystem that is stored on your computer. So if your computer is compromised, you have a virus or malware on your system that can suck it out of your hard disc and at that point you are compromised. But with hardware wallets, you have your private key stored on a separate piece of hardware and it never leaves that piece of hardware, which is the crypto key like freezer or ledger, that sort of stuff. So that is a good way of increasing your security. And if you ask about the protocols, I think all they can do is they can have their contract audited. They can make their contract open source because other people can lower it. So one thing as a researcher that I have noticed is that these bigger protocols, they have their contract audited by multiple forms. That’s good. They have their contract open sourced. That’s good, but what’s not good they do not have a really detailed documentation most of the time. There may be exceptions, but that’s my general feeling. So the thing is even if you have your contracts source opened, no one can really make any sense out of it. Like the amount of knowledge and technical know-how involved in making sense out of those contracts are insane, which is, I would say, beyond the level of a normal user. And there’s a better documentation on how the protocol works or if open source is well-documented and if there is a link available between the documentation and the contract so that novice people have at least have a feeling how the protocol operates. Right now, I think the bigger investment protocols, the way they operate is very complicated and people who invest there, a lot of them do not really know how the protocol works. They only know that if I invest like 100 ethers, I will get 110 ethers back after let’s say six days or something, but they do not really know how they’re making money and how long they can make money like this. Because a common phenomenon is you make more money in the beginning and instinctively goes down with time. So there’s a complex economic aspect also involved here. So I think better documentation, more audit, setting up automated analysis techniques, that’s where these Web3 forms can do to improve the security.

 

[00:35:13] JP: Well, thank you so much for joining us.

 

[00:35:15] SY: Thank you.

 

[00:35:16] DD: Thank you.

 

[00:35:26] SY: Coming up next, we speak with a software engineer about how she experimented with TikTok’s algorithm to gain more followers after this.

 

[MUSIC BREAK]

 

[00:35:50] SY: Here with us is Senior Software Engineer and popular TikToker, Felecia For The Win. Thank you so much for joining us.

 

[00:35:57] FC: Thank you so much for having me. Happy to be here.

 

[00:36:00] SY: So tell us about your developer background.

 

[00:36:02] FC: I have been coding for about eight years now. I got started somewhere close to around maybe like 2014 and I am completely “self-taught”. Anytime that I talk about being self-taught, it’s definitely hard to say that with a straight face because as I’m sure, you know and the audience knows, being a developer means grabbing knowledge from all over the internet, YouTube, Udemy, Udacity, everywhere. Right? So technically, I am a product of the village of developers. And yeah, I landed my very first professional gig three years ago at capital one, and I stayed there for a while. That’s pretty much been my journey thus far.

 

[00:36:49] JP: So you set out on a project to try and experiment doing different things to see if you could figure out and manipulate the TikTok algorithm. I’m really curious. Why did you pick this as a project? What got you started down this path?

 

[00:37:07] FC: So like I said, I started learning to code back in 2014. I spent years coding and taking different courses and just brushing up my chops. I finally started actually applying for different companies. And the third interview that I ever had is the place where I got hired. And so I kind of had this experience of really relentlessly pursuing something for a long period of time, like multiple years. And here I was, I finally gotten it. I applied to be a junior developer, but they bumped me up to seniors. So I’m here. Right? In many ways, I had totally felt like I had succeeded.

 

[00:37:48] JP: Right.

 

[00:37:49] FC: Like I feel like I won my 20s. Like I had that feeling. And so I’m here, I’m working at this company for a few years. I started to feel like, “Wow! I put so much energy trying to obtain this goal and here I have it, but it’s not fulfilling me in the way that I thought.” And I just started getting this kind of like overwhelming feeling of feeling like there was something else that I needed to offer into the world. There was more that I needed to bring. And so the feeling essentially got so strong that I said, “Okay, I’m going to save up, I’m going to quit my job, and I’m going to tell my story and I’m going to try social media as a storytelling platform and I’m going to talk about the things that I am interested in and the things that I would like to see more in society.” And so in November of 2021, I downloaded TikTok. And I said, “All right, this is it.” And so being an engineer and having to focus on engineering things for multiple years, of course, it’s kind of like you can’t take the engineer out of me. So anything that I do, whether it’s TikTok or making breakfast or reading a book or setting up a workout plan, it’s always going to be having a systematic element. And so I started TikTok. And from day one, I treated it like an experiment. And so yeah, part of that experiment is reverse engineering the algorithms to get what I want out of it. Right?

 

[00:39:18] SY: So tell me a little bit more about the process of experimentation. What were the steps?

 

[00:39:24] FC: There’s like a few different elements, right? So we have the creator, is an element of the experiment, but we also have the TikTok algorithm, which is more of a black box. And we have the audience and the users who would consume the content and we have a bunch of different factors, right? And so whenever we’re reverse engineering or whenever we are formulating an experiment, we want to make sure that we are able to test and we’re able to kind of deduce what is actually giving us impact. And so I had come across one day from another creator. And they said, “Hey, if you want to grow your account, all you have to do is post 10 videos a day.” And I looked at my husband and I said, “That sounds right because 10 videos a day is hard enough to where it would explain why everyone isn’t able to have a blowout success, but it is still obtainable enough to where it can explain why anyone can kind of do it regardless of the video subject matter. It will kind of explain.” Right? And so I said, “Okay, I’m going to do 10 videos a day for a month.” So that was the basis of the experiment. And the idea is every day I would post these 10 videos. And then the day after that, I would look back on the videos from the previous day and I would see which videos did the best. I would compare the views to the likes, the views to the comments, and whatever videos had over 10 to 20 percent used to like ratios I would double down on, on the following day. And so that was kind of the iterative process that I followed for an entire month. And by the end of that month, I had over 40,000 followers.

 

[00:41:09] SY: So when you say that you have 10 pieces of content and then you’re doubling down, I think to me, what I always wonder is how do you know what it is about the video? What is it that you’re doubling down on? Is it the content, the fact that maybe the theme serious versus humorous? Is it style of video editing? You know what I mean? Like there’s so many kind of different variables and different factors that go into what makes the video the video and what makes it work. So when you’re analyzing and you said like, “Okay, these two videos seem to be doing significantly better than the other eight,” how do you know what it is about the video that is the thing to double down on?

 

[00:41:53] FC: Absolutely. And that is an excellent question. Like I said, I downloaded a TikTok in November. And for two months, I was posting one video a day and I was posting what I want it to do. I was posting in my apartment. I was posting my outfits and I thought like, “This is what I want to do on TikTok. I definitely don’t want to talk. Definitely don’t want to give my opinion and put myself in a vulnerable position to be scrutinized for my ideas.” This is what I wanted to do. Right? But I am actually a talkative person in real life. And so every now and then I might be having a rant with my husband and I’ll record it. And so one day in January, I was doing that. But this time, the rant that I recorded, I said, “You know what? I’m going to try to put that on TikTok because I’m genuinely interested to see what other people have to say about it.” And when I did that, that was the first video where I experienced success. For all of November and all of December, all of my videos were getting 200, 300 views. When I posted that rant, that was the first time I had ever experienced getting over 2000 views. And so that was the beginning of the experiment. Like as you guys know, it’s kind of about going from zero to one. Once you go from zero to one, you have something to work with. And so after that video, I said, “Okay, I’m going to have to talk.” What am I going to talk about? Right? That’s the hypothesis for the next day. And so when I initially started, that rant was about work culture. And so I spent the next week or so talking about work culture. It wasn’t until week three, week four that I started venturing out and then trying different subject matters. And now I feel like I’ve kind of found my “niche” or I found my little nook of the app where I live in and I feel nice and unique in this space, but I even had to arrive here. It’s not like I started on TikTok posting about effects and theories and social experiments. I even had to inch towards that through an iterative experimentation style process.

 

[00:44:07] JP: You mentioned at the beginning posting one type of content and kind of pivoting as you went along as a result of your experiments, what content did you find does the best? And I know you arrived at that through experimentation, but I’m kind of curious. Can you talk through just a little bit more through the evolution of the content you’re producing?

 

[00:44:29] FC: So when we’re saying like what content does best, I have actually begun to realize that it’s not a one-size-fits-all. Okay, let’s say this, right? The idea is that when we start, we have to understand that we don’t know. Right? We have to come from a humble place of saying, “I have no idea what good content is.” I have no idea. So I have to figure out how I’m going to figure out is by posting 10 videos a day and tracking my results over time, but that process is different for everyone. I am a talkative person. So posting 10 videos a day of me talking is the lowest hanging fruit for me to reach that number 10, but someone who isn’t talkative, someone who might not have a particularly nuanced opinion, posting 10 videos of them talking would be a lot more difficult. They probably would not be able to sustain 10 videos a day for a substantial period of time. Right? So I have evolved in my thinking to understand that it’s kind of all about what is the lowest hanging fruit for the individual. I just happen to be a talkative person. But if someone else is truly into fashion and they already spend most of their day, either consuming fashion, figuring out different outfits for themselves, researching different outfits that celebrities are wearing, then that is their lowest hanging fruit. And so I would say that the content that does best is whichever type of content is most authentic to you because that is the only way that you’re going to be able to produce volume at scale.

 

[00:46:08] JP: Did you find that the subject matter of your content had as much of an impact as the amount of contact you’re producing?

 

[00:46:19] FC: So the first video that I posted, I got over 2000 views was one about work culture. And so I thought that, “Okay, I have to talk about work culture.” It wasn’t until a week in that I started to test the hypothesis that maybe it’s not necessarily about work culture. Maybe it’s just about calling out, observing and talking about the absurdities in society. So I started testing a little bit with that. Right? And that’s the great thing about posting 10 a day is there’s 10 videos. So if you want to have kind of like, “Well, let’s just throw spaghetti on the wall and see what sticks,” type of post, you can do that. Right? So I started kind of testing with these different ideas and I can like vividly remember the video that kind of led me more towards the direction that I’m in right now. And that is someone had asked a question about money. And my video response was one in which I was saying, “Does anyone ever think about how money isn’t real?” And the comments on that video, that was like my next video that got a lot of views. I think that one ended up getting like 20,000 views or something like that. And I remember being so excited because I was like, “Wow! If they want me to talk about just general absurdities, I would love nothing more.” And so I started talking about general absurdities. And so that’s kind of the idea. It’s like inching towards, “Okay, I’m going to test this out. It’s only one out of ten. I’m going to test that out, test that out.” And every now and then a video will be a blowout success. And that is the compass to say, “Hey, if you leaned more in on this, you can be on the next level.” So that’s actually what I see a lot of people not doing enough of, and that is listening, trying different things and then just listening.

 

[00:48:16] SY: One thing I’m wondering is how the algorithm responds to or values variety.

 

[00:48:25] FC: So I’m going to take a stab at it. Like I said, I’ve only been on TikTok for a few months now. So technically, I do not know how it will all work out long-term, but I can definitely tell you what I’ve been hypothesizing.

 

[00:48:37] SY: Sure. Yeah. Let’s do it.

 

[00:48:38] FC: So what I have observed from the TikTok algorithm is that it has this really effective quality about it where you’ll follow a creator and then you’ll be kind of like inundated with their content for a few days, maybe even a few weeks. But then over time, they don’t show up on your “For You Page” as much anymore. And I feel like I’ve seen that happening consistently to the point where I’ll randomly remember a creator that I followed like months ago and I’ll be like, “Hey! How come they have it?” And so then I have to go search for them. And then I’m like, “What’s up with this?” But I think the algorithm factors that in, right? I think the algorithm factors in the fact that people might be getting tired of each other’s niches, like I’ll say the affinity for a particular niche might not be sustainable. And so I think that the algorithm tries to factor that in and it tries to make sure that people don’t get tired of any particular creator. So I think that long-term what could happen or at least what I’m hypothesizing will happen is I’ve been on TikTok for a few months. So I know that there are some of my followers who are literally not seeing my video because it’s not coming up on their “For You Page”, but I’m hypothesizing that maybe sometime in the summer, maybe in the fall, the algorithm kind of starts showing my stuff to them again, because it’s like, “Hey, you shouldn’t be tired of them anymore. You had a nice break. So here you go.” So that’s what I’m expecting. I’m expecting it to be in waves from the user’s perspective. And I think that if that is how the algorithm works, then that should be reflected in like consistency on my end. If I’m consistently reaching only 20% of my audience, then the audience itself can oscillate, the 20% would be consistent on my end though.

 

[00:50:32] JP: So I’m curious, were there things that you thought might have worked in terms of manipulating the algorithm that didn’t just seem to? I want to hear your failed experiments.

 

[00:50:45] FC: Oh, that’s such a good one. No one ever asked me about this. Okay, let me think.

 

[00:50:50] SY: That’s why we’re better than all the other podcasters. I mean, just in case you didn’t know.

 

[00:50:54] JP: Like I want to know what you’ve taken down. Did you have a phase where you were doing viral dances? Like what didn’t work?

 

[00:51:01] FC: I never tried. Trust me, the world is better for it. So like I said before, my very first experience on TikTok was a failure. I was on TikTok for two months, posting one video a day, trying to show my cool apartment, trying to show my outfits, and I think that I have a nice sense of style, apparently not. Or something about that was not working out and that’s fine. So that was a two-month failure. And then there’s actually this other element to it where I want to say as a creator, understanding that we can put out a particular style of content and understanding that particular content is more likely to attract trolls. And so I’ve had a bunch of failed experiences of trying to navigate that situation where I’ll say something, but then it gets like a response that I’m not comfortable with. And so I have had to nuke the comment section, which is not a good experience for the other people. I have maybe two videos where I had to mute the comments for those reasons. And then I have other people who love my content and they’re commenting on other videos saying, “Hey, I want it to leave a comment on this video.” And so I’ve even had to kind of reverse engineer that so that it’s like how do I create a video that minimizes the likelihood of trolls? And so there’s all different types of thought experiments. For a while, I was trying to experiment with doing special effects type videos. There are some cool TikToks. Will Smith has like this really cool video where he’s like running towards the camera and then there’s a hand that plucks him, like that’s like the simulation. That it plucks him backwards and he hits a tree and then he runs towards the camera again. Right? And it’s like a perfect loop. And he’s not saying anything, it’s just special effects and purely cool to watch. And I’ve experimented with doing that, all failures, and eventually I said, “This isn’t working.” So yeah, a bunch of failures for sure.

 

[00:53:17] SY: When you try those things and it didn’t work, did you ever get a sense or have the data to conclude why it didn’t work?

 

[00:53:25] FC: I guess not. So when I say didn’t work, I anchor myself based on the ratios. Right? So if I have a particular amount of views, then the idea is you want at least 10% of the views to translate into likes. And then for me, I always want at least 2% of the likes to translate into engagement, like in the comments. And so I kind of have this 10%, 2% kind of system going. And if I am over 10% when it comes to like the views to likes, or if I’m over 2% when it comes to the comments to likes ratio, then I say that is a good video. So when I say the videos weren’t good, they were getting less than that. Right?

 

[00:54:14] SY: Got you. Got you.

 

[00:54:15] FC: That’s pretty much how I determine whether or not something is a good video or not.

 

[00:54:19] SY: Cool! Wonderful! Well, thank you so much for joining us.

 

[00:54:21] FC: Thank you so much for having me. This was a lot of fun.

 

[00:54:34] SY: Thank you for listening to DevNews. This show is produced and mixed by Levi Sharpe. Editorial oversight is provided by Peter Frank, Ben Halpern, and Jess Lee. Our theme music is by Dan Powell. If you have any questions or comments, dial into our Google Voice at +1 (929) 500-1513 or email us at [email protected] Please rate and subscribe to this show wherever you get your podcasts.