HackerTrans
TopNewTrendsCommentsPastAskShowJobs

simul007

no profile record

Submissions

[untitled]

1 points·by simul007·hace 2 meses·0 comments

[untitled]

1 points·by simul007·hace 8 meses·0 comments

[untitled]

1 points·by simul007·hace 8 meses·0 comments

[untitled]

1 points·by simul007·hace 9 meses·0 comments

[untitled]

1 points·by simul007·hace 9 meses·0 comments

[untitled]

1 points·by simul007·hace 9 meses·0 comments

Third-party cookies and why they failed

joindatacops.com
4 points·by simul007·hace 9 meses·0 comments

Found out why your conversion rate was 0.1%. It's somehow worse than you thought

old.reddit.com
3 points·by simul007·hace 9 meses·2 comments

Bots are getting good at mimicking engagement

joindatacops.com
415 points·by simul007·hace 9 meses·304 comments

comments

simul007
·hace 10 días·discuss
lol, they want to be old school
simul007
·hace 9 meses·discuss
Posting this because it's a genuinely fascinating look at industrial scale account fraud infrastructure. The €5M in direct losses is notable, but what really caught my attention is how polished and accessible they made the whole operation.

The FaaS angle is what gets me. They weren't just running a SIMbox farm in a basement they had public websites, API documentation, and were essentially selling "bypass SMS verification as a service" to other criminals globally. That's a business model. That's engineering.

The scale is where it gets sobering. 1,200 SIMbox devices, 40,000 simultaneous SIM cards, 50 million fake accounts. That's not amateur hour. That's logistics, infrastructure, customer support. They'd solved the hard problems: How do you manage hardware at scale? How do you keep 40,000 SIMs operational? How do you make it easy enough that non-technical actors can integrate it into their fraud workflows?

And yeah, the systemic stuff is the real problem. We're all operating under the assumption that "phone verified" means something. It doesn't anymore, apparently. All those metrics everyone relies on user growth, engagement, review scores there's just... noise in there. A lot of noise.

Makes you wonder: for every verification layer we add, is there already a service like this being built to defeat it?
simul007
·hace 9 meses·discuss
This is exactly what we've been seeing across the board. The data gap isn't just a tracking problem it's a cascading failure in the systems we depend on to grow.

A 30% data loss doesn't translate to a 30% revenue hit because ad platforms can't optimize blind. Your conversion API gets starved of signals. Meta's algorithm can't exit the learning phase. Google stops allocating budget effectively. Your retargeting pools shrink. Your LTV calculations become fiction. Bad decisions compound from there.

What gets me is how invisible it all is. The dashboards look fine. The numbers are there. But they're incomplete in exactly the ways that matter the conversions that train your optimization models are missing.

I've talked to agency owners and in-house teams about this. Everyone feels it: the growing disconnect between what they're doing and what the data shows. It's become a quiet frustration across the industry.

The browser wars and privacy laws were inevitable. But the cost of this transition is being borne entirely by businesses operating in the dark. The question now is whether server-side solutions buy us enough time before the blocking arms race catches up.
simul007
·hace 9 meses·discuss
After posting about 73% bot traffic statistics, I kept getting the same question: "What does this actually look like?"

So here's the answer. Actual click farm footage. Hundreds of phones running 24/7 automation scripts.

Each device simulates 10-20 "real users" with unique IPs (residential proxies), different device fingerprints, and varied behavior patterns. Your analytics can't tell the difference. Neither can Google or Facebook's fraud detection.

The scary part? This is probably a SMALL operation. Some farms run 50,000+ devices.

At DataCops we're researching network-level detection because traditional methods are failing. When you see 500 "different" residential IPs with identical TCP patterns and synchronized timing signatures, that's not 500 people it's orchestrated fraud routing through compromised residential connections.

The real damage isn't just wasted ad spend. It's business owners making terrible decisions based on corrupted data. They see traffic but no conversions, so they conclude their product sucks, their pricing is wrong, their website needs redesigning. They change everything trying to "fix" their conversion rate when 70% of their traffic was never human to begin with.

How many businesses have failed because they were making strategic decisions based on fundamentally fake data?
simul007
·hace 9 meses·discuss
Hi HN, I posted yesterday thinking nobody would care and was ready to just leave it alone. Waking up today to see all these comments absolutely shocked me.

Here are answers to the main questions I'm seeing:

Regarding the writing style: Look, I used AI to edit the article for clarity and professionalism only for the blog. This is a business website, not a personal blog. If you want the raw, unedited version, check this Reddit link:

https://www.reddit.com/r/DataCops/s/vieMBQO8Lg

I find it ironic that some people are more focused on criticizing the writing style than addressing the actual problem I'm documenting.

About sharing the script: Sophisticated bot detection can't rely on Microsoft Clarity or traditional analytics alone. It requires multiple data points:

Modern bots use specific behavioral patterns at scale with customized browser configurations (not just basic headless browsers). You need to understand frameworks like Puppeteer, Playwright, and Selenium very well to detect them.

You need access to live global datacenter IP databases.

Even when click farms use real phones with real browsers, IP intelligence helps distinguish human from automated behavior. Each device needs a unique IP, when it runs its target activity to avoid fraud detection.

Detection involves analyzing dozens of factors simultaneously.

The data in this article is real. I stand by the findings.
simul007
·hace 9 meses·discuss
Hi HN. I run a marketing agency and fell down this rabbit hole after a client's analytics made no sense (50k visitors, 47 sales). I ended up building a simple script to track user behavior and analyzed 200+ small e-commerce sites. The average was 73% bot traffic that standard analytics counts as real.

The bots are getting creepily good at mimicking engagement. I wrote up my findings, including some of the bizarre patterns I saw and the off-the-record conversations I had with ad tech insiders. It seems like a massive, open secret that nobody wants to talk about because the whole system is propped up by it.

I'm curious if other developers, founders, or marketers here have seen similar discrepancies in their own data.