171: Melody Fraud

We act like someone you want to be, until you become them. This sometimes comes with imposter syndrome.

“But I think the antidote to that is just more experience.”

But how do you go from being a total beginner to confidently doing something? I often turn to the bookstore to help me there.

But you know what books that's always bothered me?

It's those for dummies books, like the C programming for dummies. Or to complete idiots guide. Even if I don't have a clue where to start, I would never buy one of those books, because I don't consider myself a dummy or an idiot. Because I want to fake it till I make it.

And I don't want to fake being a dummy. I want to be a great programmer. So a dummy's guide to programming is not the direction I want to be going. I think what those books fail to do is they seem to target who you are now, not what you want to become.

And that was their failure, at least for me. I've bought tons of how to books.

“But I will never buy one of those books. To me, the key to success is in the aspiration.”

I would instantly buy books that were titled How to Be an Amazing See programmer.

Because that is what I want to become. And the book could contain the exact same words as the other book that's C programming for dummies. But it would have an entirely different impact on me. Every time I saw the title, I'd feel like I'm becoming more and more

like the person I want to be an amazing programmer. And that would give me that false sense of greatness, which is exactly what it's like to fake it till you make it. Because it's not about who you are today. It's about who you aspire to be tomorrow.

It's about embracing the journey of transformation and allowing your actions to shape your destiny. So go ahead and fake it. You can live yourself if you want.

“Because sometimes the greatest lies are the ones that propel us towards our trueest selves.”

These are true stories from the dark side of the internet. I'm Jack Recyter. This is Darknet Dyeries. This episode is sponsored by Threat Locker. ransomware supply chain attacks and zero day exploits can strike without warning

leaving your business's sensitive data and digital assets vulnerable. But imagine a world where your cybersecurity strategy could prevent these threats. And that's the power of Threat Locker's zero trust endpoint protection platform. Robust cybersecurity is a non-negotiable to safeguard organizations from cyber attacks. Threat Locker implements a proactive deny by default approach to cybersecurity,

blocking every action, process, and user unless specifically authorized by your team. This least privileged strategy mitigates the exploitation of trusted applications and ensures 24/7/365 protection for your organization. The core of Threat Locker is its protect suite, including application allow listing, ring infencing and network control, additional tools like the Threat Locker Detect EDR,

storage control, elevation control, and configuration manager enhance your cybersecurity posture and streamline internal IT and security operations. So learn more about how Threat Locker can help mitigate unknown threats in your digital environment and align your organization with respective compliance frameworks, visit ThreatLocker.com. That's ThreatLocker.com.

This episode is sponsored by Adaptive Security.

One of the first cybersecurity companies backed by OpenAI.

You've prepared your security teams to deal with DDoS attacks, to prevent SQL injections, to constantly be monitoring who has access to your systems, but AI has changed the game. Bad actors don't need to break into your system. They just need to break into your trust.

Deep fake voices on a Zoom call, AI written fishing emails that sound exactly like your CFO, synthetic job applicants walking through the front door. Adaptive is built to stop these attacks. They run real-time simulations, exposing your teams to what these attacks look like, to test and improve your defenses.

And now with their AI content creator, you can take breaking threats or compliance stocks and instantly turn them into interactive, multi-lingual training, no design team required. Trusted by Fortune 500s and backed by Andrewson Horowitz and OpenAI, Adaptive is building the defenses we need for the AI era. Learn more at AdaptiveSecurity.com, that's AdaptiveSecurity.com.

Today, I'm talking with Andrew. Yeah, I'm Andrew Bady. Andrew has a really unique job that I can't wait to ask him about, but first, we should learn about how he got there. So I started on Facebook when I was still EDU based and then I was one of the first 50

beta advertisers on Twitter and learning to kind of misuse their system.

He wondered if he could manipulate any of that to his benefit. Same thing with YouTube.

“He's filled with a break anything into the front page of YouTube.”

And I guess that quickly became the guy that you would go to. If you wanted to sort of like gray black hat, some stuff, gray hat, and black hat, white hat, let's talk about that. That's going to come up a lot in this episode. And we'll start with white hat.

White hat is doing something that's 100% legal and safe, such as hacking your own computer. Nobody is going to come arrest you for that. Black hat is doing something that's illegal, such as hacking your exes lawyer to see what they're plotting against you. Gray hat is somewhere in between.

It like maybe it's technically not legal, but you're hacking into something only for research, but not to cause harm, but these terms also apply to marketers. Someone who follows the rules, such as paying for ads and normal way. That's a white hat marketer. But someone who uses bots, for instance, to artificially create a bunch of five-star reviews

for something, that would be a black hat marketer in my opinion, because they are lying and cheating with their so-called marketing and run their risk of being thrown off to very platform that they're trying to grow on.

“At least, this is what I think these terms being going into this episode, but my”

definition might change as we go further. So, in my opinion, Andrew was a black hat marketer. He was trying to promote certain products or people by tricking people or systems to artificially inflate something's popularity. My favorite thing at the time was like jacking.

It was a weird time period because it was before fan pages.

So initially, when Facebook first launched, you could only friend request somebody and there was

a 5,000 person limit. And what you used to do is you would hide the request friend request button or when fan pages launched the fan, you know, follow button, but you would hide it in the pixels. I don't know if you've come across that. Yeah, I have. People who want to become popular in social media might do it, like an up-and-coming band who wants as many likes and follows as possible.

If others think you're good, then you're probably good. And so you might show up in more people's feeds because of that too. And Facebook made it so you could add a like button anywhere you wanted, like on your own webpage or blog. But if you were sneaky, you could trick people to clicking on that like button

“when they didn't know they were clicking it. And that's what click jacking is or like jacking.”

In our case, we ended up using a lot on video or photo sharing websites. So when people were clicking next or going through video or photo carousels, every time they were clicking, we sort of trained our users to double click. And we started buying these websites that were high volume websites. And then eventually we started doing web development for other sites and then putting these in there.

And what would happen was our hypothesis was that people did not log out of their Facebook. It's cast in their browser. So what we would do is just hide that pixel inside of other websites. And so we could drive millions of fans to things. And how clever they bought a popular video and photo sharing site. And as the users clicked next or play, it wasn't the next button. It was the Facebook like button. And the users had to

click twice because the first one was just liking the photo. And then the second one was going

to the next photo. And so what Andrew would do is he'd advertise that he can get your Facebook page five thousand followers and thousands of likes. And people would buy his service to promote their bands. And he'd artificially grow someone's Facebook account. And so that's kind of where we started a lot. Another thing we did in the early days was kind of an ad arbitrage. At the time, for example, when you when you charge an advertiser, they cared about time on site and sort of

CPMs. But they didn't care that much about the actual click through or engagement with the ads. They just weren't aware. I know this seems obvious now. But back in the in the two thousands, like no one really knew that those are metrics to look at traditional advertisers. So what we would do is we had these high traffic volume websites. And we would, for example, have a five dollar CPM, let's say. But we could buy traffic for like a dollar. And so we would blend enough garbage

traffic in that we didn't really ruin our overall sort of time on site or user stats. But we would be able to sort of print money. Oh, so he'd sell ads on his website. But then pay fake visitors to click it, making it look like a lot of people clicked that ad. And then he would just collect the money for it. But really it was just paid traffic. And another one that we did that was up really interesting at the time was, was around YouTube. So we, we figured out that you could

basically, there were these pop under ads back then. And you could, um, yeah, most people recognize

them from the sort of like penis enlargement ads. And they like that you click out of a website and there'd be like the annoying little open browser underneath it. We would load it with YouTube

video quickly. And if we could get three to 400,000 views quietly in the background, we could basically

break into the algorithm on a front page. And back then people would go to the front page of YouTube to see what was trending. So we would be able to break a bunch of different content pieces onto the front page of YouTube. And at that point, they had a single swim. You basically had to have good content that people liked or not. But like pretty quickly it was evident. You either went viral or you were trash and you're removed quite quickly. So we could get you there. But the question was

whether or not you would stick. Jeez. Now, see to me, this is all black hat marketing. You aren't bringing real customers to your site or video page. Instead, it's all fake. It's not quite bots. It's real people clicking things. But they're tricked into clicking things. And they don't know

who they're clicking it. The stuff they're viewing is invisible to them. But it's playing in the background.

And so I called this black hat marketing because if YouTube found out that you manipulated your weights to the front page, they probably ban you. But I also think if you have a bunch of fake followers, then that's not real marketing either. That's cheating and lying and manipulating. Now you say, we, what was this, where's we? I had a couple partners that we did that was this like a black hat marketing firm. You know, that term wasn't really a thing then. I would say we all considered it

“marketing. But we didn't, I mean, yes, it's black hat. But I wouldn't say that that's what we”

visualized it as at the time. At the time, we really felt like we were just a marketing firm using all the possible channels we could to give a brand an opportunity to take off. Like the what I got known for at the time was, you know, we launched an artist on Facebook. And he had no label, no no major label, like nothing. Like, you know, he was founded a bonfire and then tuck it. So it was kind of like an interesting thing. Like, when we went to the labels back then and tried to convince

them that you could use Facebook for launching artists, everyone laughed at us and said, you know, Facebook's for kids. We have a website. We do email lists. We do paid marketing. This isn't part of our mix. No one believed it was possible until we did it. And then after we did it, everyone wanted to pay us to do it. And the hardest thing was trying to like, continue to perform because then, you know, everyone that finds a vein that works. Everyone starts copying you. And

“then you have to find a new way. It's like you're constantly on a treadmill for finding new”

innovative ways that you can break an artist or that you can just get attention. And I think from our view that's the, that's the art of marketing. It's less, it doesn't, I think for a lot of us, it doesn't feel like black hat because we're just using a technique or a tool that might only last for two months or three months until we have to find something else. And we all safeguard it. When we learned something, we don't tell people. So like, when we learned about like Jacking,

which was the hypothesis we had, we definitely didn't tell anybody because we didn't want anyone

copying us. We didn't want people to know how we could drive a million fans to something and

they were all real fans. So it was just kind of a, I think in that view, it's just a different era, you know, and I would also say that no one even called it social media, at the time there was digital marketing, like new media was a term, like there wasn't even a term for growth hacking wasn't even a term. Like no one even used the word growth hacking, but this was not a thing at that moment. So it is interesting to see how the whole things evolved. I do think that if you

asked us to point blank, is what you're doing, violating terms and services, for sure, we would have lied and told you, we would have told you, no, but we all knew, like we weren't drinking the Kool-Aid, like everyone in the company knew we were violating terms and services. I think the thing we thought was, who cares? Like if a real user likes what we have to do, like what we're presenting them, we're not like faking the genuine product market fit. We're just

trying to get in front of those, those eyeballs and see if we are product market fit. Like I don't want to stretch as well, but I agree with you that I think a good marketing campaign is one that actually, because I think most people are like, I hate marketers, I hate ads, I hate all this stuff, but would do you when when a product lands in front of you, and it's the perfect thing, it's your new favorite song, and you're like holy cow, I can't believe I just found this,

then you don't hate it, right? And so if you can, if you can match that person who needs this product with this thing, and that is a marketing move that you've done, then that is a, that

“is fantastic marketing. And I think that I wish that's how all marketing was, is to actually find”

the person who who needs it, and then folks on them, unfortunately marketing has a lot of wasted eyeballs looking at it, and sure. I mean, even back then, I remember seeing this thing in probably like 2011,

only 8% of people who saw an ad online were real. Like it was just technically a machine connecting with another machine presenting the ad, but like there wasn't a real person on the other end, and that was 15 years ago. Like, I can only imagine how much force it's gotten. Yeah. When you were doing this blackhead stuff, what did you, did you have any success stories of people that you made, or products that you launched well, and just like huge success

with these techniques? Yeah, I don't want to throw them under the bus, so we definitely did win a lot.

We, we took a brand and action sports that was like 17th in their spot, moved into like third

in the market. We, and what was crazy is, at the time, you start doing these big activations. So when you start winning all the big brands pile in, all of a sudden, they all want to do a collaboration or some deal with you. So you end up doing really big brand partnerships or brand collaborations with really established companies. Once they all perceive you as the winner, and so the snowball sort of takes off, and then it becomes less blackhead and more traditional

sort of project management and release schedules and just creative, less like hacky. Yeah. So one sports brand went from 17th to third. What else? Yeah. We had a musician that we launched that went number one iTunes, number seven billboard with no label. Okay. Number one iTunes, number seven is that is that fake numbers? Is that fake numbers? That's the crazy part.

“That's what I'm saying. I don't feel like it was blackhead because we got in front of all the”

future point. We got in front of people who decided they really loved this artist. And because they really loved that artist, and we started out in 18 months plan. So as we were building this artist with all these techniques, we were providing them with content to get them more and more hooked and engaged with the artist. And when we released that artist, EP that artist went number one, over, ever, everybody. Like, I remember we'd be DJ Khaled as an example, like we did everybody.

And no one could believe it. I mean, we were called out. People thought we fake numbers. We didn't fake anything. Like it was all a real. We just sort of met a consumer at the point. We were in front of the consumer at the right moment when they weren't going to go to discovered this artist, and then thought they really liked it. And so again, the techniques allowed us to engage and have a real product market fit. But the, the techniques we used were definitely not approved. Yeah, I mean, I'm,

I, when I first started this podcast, I was like, all right, let's market it. And you, you start noticing

some of these black hat marketing techniques. And I had to really sit and look at myself in the mirror and be like, am I a guy who is going to cheat my way to success? Like fake it till you make it. And I had a long debate about it. And I'm like, no, I'm a hacker. Of course, I'm going to use every chicken the book, right? This is great. Let's try it off. And then I was like, no, this is not honest. This is an ethical and all that sort of stuff. So I landed, this is, this is funny. I landed on

no black hat marketing, but I'm totally for gorilla marketing, which is, which is unsanctioned marketing, right? So if I go to a conference and there's an empty booth where vendor didn't show up, I might sit down at that booth, put like a little banner up. That says, I, this is our inventories. And I didn't pay $10,000 for that booth until the people come and say, hey, is this, did you pay for this booth? No, okay, we'll get out. All right, cool. And, and so I'll put stickers on

places that aren't supposed to be stickers and all kinds of stuff like that. So that to me

“is gorilla marketing. No, I agree. I think that's definitely, and I have some examples that like,”

we launched an app in 2013 called Hate A Rap. It was Instagram for everything you hate. And our,

our logo was a giant thumbs down. And we went, I never, we went to South by Southwest. And we just

started putting stickers on people's backs as they were walking. And there were thousands of people walking around with these stickers. And it went, we got like, so many downloads. The downside was we built this thing totally crappy, just to see if it would work as an MVP. And it went, like, we had hundreds of thousands of downloads, like overnight. And the app was not functional. It was a complete mess. But it was like such an interesting moment where I remember doing interviews with like the

Walt, we did interviews with like Wall Street Journal and everyone. And it was like the huge story at the time. Because we basically did this gorilla approach and it kind of worked. And I guess to your point, I always viewed the stuff I did online. I mean, maybe I'm just justifying it now,

“you know, like hindsight, you know, I revision this history. But I remember you really feeling like”

the things we were doing online was the gorilla version of what we did in person, you know, for like these types of techniques. Something I noticed on the podcast world is that people can fake the way to the top on Apple podcast charts. But most of them fall off a cliff as soon as they

who I want through under the bus, who was a major artist now. They were up for a Grammy, bunch of, bunch of things. Their entire first album was fake. Okay. I know, I know who you're talking about. Check this out. I saw this article last week, Spotify accuses Drake of forging billions of fraudulent streams. That's not who I was talking about. That's, that's also interesting.

“Okay. So that's what Andrew was busy doing for a while. He was living in Los Angeles. And he”

wasn't just doing blackhead marketing, launching people's careers, but also building websites and tech companies and buying and selling them. He was solidly tuned into the internet and saw it in a way that not many did. And one of his friends is Morgan. And they like to go into football games together. Back in the day, we had tickets to the LA rounds. So we would go to the games every week, every, you know, eight times a year or whatever. We'd go to the games all together. We

had 10 seats together. So it was Morgan, me and a bunch of music. Exactly. Guys that we know and just randomly together. So we were there all the time. And around, I was everyone's a weird crypto friend. I started mining in 2011 and sort of I've been really interested in the certain technology and how it could be used. But I, anyone who goes back to that day will understand and when it was in this baby, you were in that back then. But like, it was weird because

if you were to talk people, really didn't like blockchain people. Like, there was this weird. If you were like a crypto guy, you kind of got like the Scarlet letter of put on you when it came to tech. And it was like, it was, it really did feel like at the moment if people found out you were the crypto guy that you would just get pigeonholed and lose opportunities. So I was very careful to keep building tech and keep the blockchain crypto stuff entirely separate. And around 2017,

that sort of whole world merged together. All of a sudden, people in suits started showing up to crypto events. And like next thing, you know, bankers are around and everyone's talking about how it could be used for enterprise and it really felt like the industry collided. And the music people came to us and said, hey, could you use blockchain to track the number of times songs are played? And the reason is, until today, even, the streaming services give the labels

a CSV that says Snoop Dogg 100 million plays. No one actually, there's no receipts by now. It's literally just a cell, like, the artist's name and the next cell over a number of plays for the month.

“Like, there's no receipts for usage. Usages the number one driver to how much money you should be”

making every month. So it's really weird. There's no receipts there. So the way that it typically

worked when streaming took off, the music industry just adopted what they'd always done for physical.

And that was always an audit period after three years. So every three years, they go and audit the partner. They, to do a usage audit, though, forensic audit, not where I'm tracking the contract, not where I'm tracking revenue coming in. But how many times as long as actually played, that could take them up to two years to complete. So you're talking about five years later, figuring out that five years ago, you should have been paid a million more dollars for this artist

and two million for that artist. And that adds up to a lot. But all that money's been paid out. So you don't have this ability to sort of recapture that money from the streaming services because it's gone. So they came to us and said, we believe blockchain could be a solution. You're a weird crypto friend that also understands music and we trust your whole team here. Morgan, my co-founder, had been a lobbyist on behalf of a lot of the majors for copyright protection

extending copyright law. And Portia was a really gifted, a sheen learning AI engineer. But at the time, we were doing a lot of crypto stuff together. And so they said, we believe your team can solve this. Will you build a real-time tracking tool? The question we were trying to answer at the time was how many times does every song actually played? Because you can't rely on the CSE is to just

that they hand over. They're always wrong. What we learned from the offline audits for they pulled

the use of slugs and like 50 different audits was on average anywhere between 20 and 31 percent discrepancy, always undercounted. So imagine you're perpetually being paid 20 to 30% less than

“each thought you should have. That is where we started. And we built one of the fastest blockchains”

of the world at the time. We did 10 million transactions per second per region in a private permission chain. We have over 40 patents in seven countries filed. Probably 30 something issued. And we built this technology. And when we went live is when we accidentally discovered fraud. This discovery would ultimately make him a band in this very blockchain company that he just built and take his life in a whole new direction. We're going to take a quick ad break here but stay

with us because you'll never believe the fraud he discovered.

This episode is sponsored by Meeter. The company building networks from the ground up.

do their job well. What your business needs is performance, reliable, secure networking infrastructure.

“But what you get is IT resource constraints on predictable pricing and fragmented tools.”

With you and your engineers need as a modern platform, you can all trust to support your business, enter Meeter. Meeter delivers a complete networking stack. Wired, wireless, and cellular, in one solution that's built for performance and scale. Alongside their partners, Meeter designs the hardware, writes the firmware, builds the software, manages deployment, and runs support. That means less time your employees spend writing to multiple vendors,

and more time working and improving your IT systems. Meeter's full stack solution covers everything

from first site survey to ongoing support, giving you a single partner for all your connectivity needs.

Thanks to Meeter for sponsoring this show. Go to meter.com/darknet to book a demo now. That's spelled METER. com/darknet. Go book a demo. So Andrew and his co-founders Morgan and Porya built a tool to track how many times the song is played. Since the music labels wanted him to do it, they were also helping him get in touch with these music streaming services to try to work out a way for Andrew to see the real-time streaming

data they have. So they made deals with these streaming platforms that they were able to see the play counts for the few music labels that they were dealing with. And their goal was simply to count the plays and make sure the artist got paid for what was played. But little did they know

counting plays was not accurate at all. We started seeing these weird clusters of users like

8,000 users playing the exact same sequence of songs 63 times on a Sunday or users suddenly getting play counts in 17 different countries in the same week. Like how is that even possible? So we started noticing these discrepancies and we went back to the labels and the streaming servers and said we think you have a fraud problem. And if we're supposed to be the leader or the sort of trusted source of truth of how many times the song is played and we're just telling you a

song was played. We're not actually telling you the intent behind the play and if it's still be counted. Like you can't actually pay this out because there's a bunch of fraud happening here that should be removed. And so until we can solve the fraud problem, we don't think we can solve audit. Like that was the summary we came to after two and a half years and it was a real challenging moment for the company because it's like you've been building this entire tool

believing this is the one problem and then you get there and realize someone said hold my beer

“and you have a totally different problem you have to solve with a completely different skill set.”

I'm still shocked at the point that the streaming services didn't have this capability to detect a sort of thing. In podcast world we have the IAB which is a, it's actually a certifiable way of measuring metrics for podcast lessons and they have a whole list. They're like, okay, you know, if a user starts on their phone and then switches to their computer is that considered two listens or one is if they have to download for over a minute before they can actually be considered a

a listen, you know, if it's, if it's streaming on the watch, the watch does things to grab MP3 is very differently than how a computer might and so it looks like 500 listens when you come in from a watch so you have to adjust for that sort of thing and there's, and you can look it up on how to measure podcasts which is very complex and complicated downloads and I just can't imagine these bigger streaming services not wanting to have accurate download numbers especially

with paying before that they must have had a whole team of people trying to figure this out and you're saying, no, they didn't, it was you that figured it out. They didn't like at the time major streaming services, enter your streaming service, had less than half a person dealing with this. Like, it was probably some data scientists and they were mostly using rules based anomaly detection so like did a song get played more times than literally possible. Like did someone

play a song 10,000 times this week? Well, that's really eye-opening or fascinating. It's hard to

“believe because when you're dealing with money you have to pay accurately and it's crazy. And”

like I said, I AB is a certifiable thing. You can actually pay them to come audit your monitoring your statistics and they'll confirm it and then the sponsors will be more likely to pay those numbers because you can say, no, it's been confirmed that where I be certified. 100% because when

I've done podcasts advertising I always ask for the certs because I don't trust any of the numbers

to be real. So I understand 100 because especially in the early days in podcasting, I feel like it was just like reading TV's like nothing seemed to make sense. So this became Andrew's pivot. He was able to go to the music streaming services and convince them, look, you have some major fraud happening. Here's proof and they didn't believe that first. We had to really show them how

that you're supposed to, do you mind looking at all our stream music and see what else you can

discover? And that just snowballed. One streaming provider turned into two and he kept getting full unfettered down the data for many online streaming platforms. Yeah, we're a jaffer on the leader. We're the market. You are such a unique position. I don't imagine they're being even two companies that have this access compared to you. We have more data access than anyone in the music industry. No, I mean, I mean, there's no other person like you who's measuring like that. They don't

they don't say, oh yeah, let's let's open this up to 500 companies to come want to watch our stats and make sure that we're accurate. You're probably the only one for these companies.

We are the only one. Yeah, we're the competition here in zero for you. Yeah, totally 100%.

And a lot of ways you felt like we made the market. You know, because at the time, I've

“remember going back to the labels and streaming service and saying, I think he had a fraud problem. And”

literally they laughed at us. They thought, especially the major labels thought it was less than one percent because keep in mind they're artists aren't cheating. So what they see is only their data and they're like, there's no anomalies here. But to them, it just looked like the independent market was growing. I would actually argue that most of the independent music growth has been from fraud, not from true independent market share increasing. Okay. Yeah, you gave me taste of a few of

these things that you were noticing, right? People playing things that are humanly impossible to play that much and a group of people playing in different regions all at the same time. This suddenly sounds to me because I come from cybersecurity world. This suddenly sounds to me like not exactly threat intelligence, but yeah. It sounds like you're looking at a security incident tool and trying to

“build signatures to detect when there's a security incident. And just the one that comes to mind for me”

is if I had 50 connections from some office all go to the same IP address somewhere from different computers internally, why did that happen? There might be a bot net in our company that suddenly said, oh, all phone home at the same time, you know, get new instructions. And so I would immediately flag those 50 computers to be like, can someone do an antivirus on those to see what's going on there? And I was right. There was a bot net on that computer. And so I was like, okay,

we've got a way to detect when a bot net happens just by how in the world did this, how it happened in the same millisecond, right? And so I imagine that's kind of the tools or the signatures. How do you look at this? 100% we're building, you know, we have probably close to 700 models looking for different things and it's constantly changing. So to give you examples, we found

“one where somebody had hacked a major artist's delivery feed. So imagine, it's very common to have”

multiple registration numbers for the same song because it may be in part of an album, a single, a luxe version. It could have been done multiple times of different people in the supply chain. So what ends up happening a lot of times is a streaming service will concatenate that pick one parent and a bunch of child sort of numbers, but that way they're all grouped together. So in this case, someone had hacked the feed, put their version in, but the metadata for that,

the pay was different than the actual label. So in this case, it looks like the same song. It sounds like the same song has the same artwork as the same song, but who the finance team pays is different and they were able to promote their version as the parent and then manipulate those, you know, the pay out. So in that case, they stole millions of dollars from that artist over an eight month period. And when we found it, we found it by some of the ways

that they manipulated the streams like, how do you become the parent to your flesh like, why you just happened right at the beginning? We found them manipulation early and then it stopped and we were able to identify that there was something wrong in their data because of their manipulation. And then when we found that we then built a model to find other artists that happened to, we found 1700 other artists that had been hijacked the same way over a course of a couple

years. And so again, they're constantly being creative. Another one we found, like a little over

a year and a half ago, was a device we'd never seen. So while the sudden is this very specific device

running up a bunch of streams, like we would normally see what, you know, for example, the Android system you're on, like what the operating system, what the devices, et cetera. This is a device we'd never seen. And it turned out it was owned by the department of corrections. And someone had hacked the prison system and turned all the prison tablets into a streaming farm. Wow. Tell me

they had turned, I think it was like 400,000 devices into a streaming farm where they were manipulating streams from streaming players. And so I guess I didn't even know to be honest that

“prisoners had devices. But in a lot of states, they have, you sort of pay, I think by the minute,”

or whatever you pay for these devices. And there's a handful of applications that are approved, it turns out most of them are runs or slash owned by a private equity company, or a couple private equity companies. And someone had just simply hacked the devices. And we're able to use them all in sort of a bot network. We had an expected other time. And how do you spot that?

Because in the device type was something new and different. Like we'd never because we get all these

different. So why all of a sudden, in context, it seems small. But we have all these types of community cluster in techniques that are looking for different parameters and features. So let's say that we get, I don't know, 500 fields. Like we'll get gyros, at this point now from streaming services, we get all kinds of stuff. Gyros still battery life, orientation of phone, everything you've done in app. Like we're catching a lot of different data anonymized, but individual like,

but hash, the streaming service app is collecting that and then you're seeing that as well. We're seeing an anonymized version, generally hash data so that we don't have any PII ever. But that's, yes, we're seeing all of the stuff and then triangulating it and saying,

“"Why are all these exactly the same?" And we've never seen this unique device. So what's happening here?”

And then it just turned out that that one device is specifically made for the department

correction that no one else buys it. So it leads you to sort of one vendor which then allows you to sort of like unravel the rest. So that was like a very interesting case. And then what do you do with that? You'd say, okay, streaming service, here's a device type that we should just not? We demonetize it all. Yeah. So we don't pay any of the streaming stuff. But you block that, I mean, not block, but you demonetize that device type. You can see, you can

do it that granular or. Yeah, for sure. We can say these don't get paid. I mean, at the end of every month, what happened is we have three sort of primary checks. We check daily to see what fiber catching so that it gets removed out of product level stuff. So recommendation engines, algorithms, etc. We sort of downweight anything we see that's fraudulent so we don't make the

“problem worse. The second thing we do is we do weekly updates for charts. So if we see anything”

on the charting side, we will, you're allowed to update the charts weekly. So we'll update the charting information. That's way less common because again, most big artists aren't cheating, at least on the streaming side. But again, we sort of just safeguard that. And then the last one, which is the real one is the money payouts. So at the end of every month, we do the check for the entire month. And because there's stuff we'll catch right like the really obvious fraud we'll catch day one.

But there's some fraud that takes us along, like you need more of a longitudinal view to see how they're interacting over the course of a week, two weeks, through weeks. There's all kinds of cases

for example that when we first started, we would catch it no longer happens anymore. So in the early days,

I'm guessing his engineers were lazy or it's just easy. How do you deal with, how do you do it checking for anomaly detections for months where they have different days of the month? So what we often, you know, the 29 days, 28 days, 30 days, 31 days. So a lot of times what they would do at the end of the month is pull the first 28 days. And I don't know how fraudsters figured this out. But starting in day 29, they would jam all their frauds. So you see massive numbers, 29, 30, 31. And so they

would end up getting a large percentage of the, uh, pro-ratapool, but they only ran their fraud at the end. To sort of like get away from whatever was being checked, because a lot of the sort of anomaly detection checks initially in the early days were the first 28 days, just to just to simplify it. So again, we find all these weird sort of techniques that they would use and we which shut them down or demonetize them. In some cases, the streaming services when we return the data back,

they take action. So sometimes the streaming service will decide to completely remove all the content. Just say, this is all fraudulent. So in this case, for example, really obvious stuff. So less than 100 real users have streamed this. 99.99% of all of their streams historically are from fake accounts. Like, uh, you know, maybe they have less than a total of 2,000 streams total. Like whatever it is, like they're going to have these sort of rulesets we have in place to make sure

it's only the worst of the worst fraud. And then we'll that this streaming service will just straight remove that content. We'll take it off the platform entirely. That seems to be incredibly effective because the fraudsters realize their caught and they just stop on that or go to different

always stop fraud. I think historically you could look at all fraud and say that's never the case.

There's always going to be smart people and they're going to try different techniques. But I think we can make it so difficult that they just go to other industries. It's so interesting for me to listen to them talk because this isn't a cybersecurity story. Yet everything he's saying is exactly what happens in cybersecurity land. You set up monitoring tools. You build rules to detect problems. And then you make it harder for people to exploit those things again. And they did it all from scratch.

We all know in cybersecurity, you can never stop hackers. But what you want to do is make it so hard for them that they move on to an easier target. That's something I've heard again and again.

“Yet that's what he's doing in this world. And some people always reach out to me and complain”

that when I do an episode that's not cybersecurity related that they get upset. But listen, this show is about the dark side of the internet. And to me that encapsulates way more than just

cybersecurity. It's about all the hidden stuff that you never see or experience. I want to shine

a light on that shady dark, gritty, underground aspect of our digital life, the fraud and the manipulation of algorithms, the websites and technology, the people who abuse it. And of course, hacking and cybersecurity too. I was trying to find a link I had a long time ago. There was a many, I've actually seen many Reddit posts where people are saying, "Hey, what's up with my Spotify account?" It suddenly shows that I've played a whole bunch of these artists that I've never

ever even heard of, much less played. I don't understand why my Spotify is showing that I've played these and it's recommending all this other stuff. Holy, I can't sleep over. That's a huge percentage of what we've seen out. If you think about, I mean, you're in cyber. So imagine it's a giant arrow back to you. If all of your bots look the same, it's easy to cluster them. If they're behaving the same way,

it's easy to cluster them. If they are all streaming one artist specifically, it's like a giant arrow back to that artist. If they're all streaming from one distributor is a giant arrow back to

“the distributor. So you need to hide the needle in the haystack and the easiest way to day to do that,”

or like what we've served, I'd say for the last three years, put a lot of R&D into catch, is a count take over. So they'll log in as you play a song five or six times and then leave. Then all of this stuff you do naturally just hides whatever they did. So they don't have to create that. They don't need to make differences. Like you don't need to sort of program

in artificial changes in your bots. Like that you just basically log in as somebody play

five strings and hope they don't notice. And I'll say that that's like really common these days. That's the number one growth area for fraud that we catch is a count take over in general, or adding devices to family plans. So we'll see a device that's an iOS that's legit, a Tesla that's legit, and then an Android that's all all fraud. Wow. Okay. So what I don't understand is how they're taken over the accounts. You say it's one of the biggest things you're seeing. How are they getting

so many Spotify accounts or whatever streaming service? So there's a couple of ways. The simplistic ways are like 90% of internet logins are just people trying different data breach passwords and user names. And I would say that most streaming services are not high on people's priority list for protecting. So you know, and there's a sort of product question about how much friction do you add into a service to make it difficult for users? Because your henders growth, right? So I think there's an

interesting friction point there between like how secured you make a streaming service on the user end and how much do they actually care and do they really care if their account was used to play a song 10 or 20 times. I don't think they're realizing how much damage it doesn't aggregate. So there's that issue, I would say. I mean, you've been on the for your whole, you know, series is called Darknet Diaries like, and download these accounts quite easily. I think at one point

to prove a point, you know, we went on and downloaded and showed people some executives that I could get 100,000 accounts on every streaming service immediately. It gives you the infection date and the last login date. You can even get, if they have nowhere on the actual device,

“you can even get sort of all of the browsing history too. So if you want to like warm up the”

IP before you use it, you can kind of mimic their behavior before you log in. There's lots of the stuff existing. There's also an API that we found in the Darknet or they own like tens of millions of these accounts and they will spin them up for you. So you basically tell them the parameters of the types of plays you need and they make sure that no single account is overused or indexed too hard and they actually create the fraud for you. So they like, it is a fully

professionalized industrialized supply chain for fraud at this point.

on their platform instantly because after a data breach, there's communities or people who are

“parsed through those user names in the data breach and pluck out all the streaming service accounts”

or even try to use those user names and passwords on a streaming service to see if they reuse passwords and from that, they build these giant lists of users for each streaming service and that list is valuable because if you can manipulate the streams, then you can get paid by these streaming

services. I'm just astonished because when I hear how bad the problem is like this and how easy it is

for people to get access to our stuff, it's like a cold wet slap in my face. I kind of go through this process again and again when making the show. At the beginning of this episode, I'm like, "Oh, these are so interesting techniques. They will try what are these on my show." But by this point of the story, I'm so mad that these companies aren't protecting our data and it's just exposed on the dark web only for fraudsters to use to make money for themselves off my account because it's

“our data. It's not something seamless victim out there. It's yours and mine that these people”

are gaining from. And I've done this show long enough to know that there is no way from keeping our data from getting leaked. Which makes me blackpiled, right? And like, okay, I'm giving up. Oh, well, my data's out there. I might as well just assume I have no privacy anymore because it's out there like all that will over the place. And I just totally get about protecting myself. But I don't like feeling hopeless. I'm not someone who gives up forever. I'm an optimist.

I'm a fighter. And I don't mind hard work. So then I get this surge of ideas and it makes me white-pilled because then I realize, wait a minute, who's the ding-dong who told them my address and gave them my password and username and telephone number and all that stuff. I, yeah, hell no, no more am I telling these companies my real name or phone number? I'm not going to reuse passwords or even reuse email addresses anymore. It's a war out there. And I've got a

ticket of my own data since no one else will. Okay, anyway. The the name of the company that Andrew Co-founded was called Beat Dap in order to analyze music streams to detect fraud. And he abandoned the original idea of using the blockchain to help these labels get paid properly. And he focuses on this now pretty much entirely working for streaming services now. Yeah, well, I guess what I'm wondering is you almost need a black hat a person who knows that the cheating industry who's been

“there to actually sit down and look for these suit look for things you haven't found yet, right?”

To find new signatures. Folia, great. I think I'm that guy. Bravo. Yeah. Yeah, like, you know, the music industry will often said I'm their hacker now. You know, like, I've switched sides. And I think the side switching is mostly industries. I would say for me, the difference is that users no longer have to actually engage with the content for that artist to get paid. What I did back in the day, I really believe was in service of the artist. If the artist is good, the people will

listen, consume and adopt it. If the artist is not, they will let me know right away that it's trash. And I think that is changed in a sense that you can be a trash artist that manipulates lots of stream and gets paid without actually being good or having real users or being able to sell 10 tickets to an event. So I just think I'm dealing from other artists. Yeah, so you're saying it's now a more of a financially driven thing and not so much a let's try to market this person and

get them to break out. But I pushed back at you because you did that ad arbitrage where you're like, hey, we could print money by, you know, charging this much CPM and then actually just paying for somebody to come here. So you were money, you were financially driven in some aspects as well.

It wasn't always, let's just market someone. I regret that and thank God that that's actually

a limitation says past because it was definitely not my proudest moment of for sure. What I didn't realize is that musicians don't get paid per stream on these platforms instead they get paid a percentage of what advertising revenue came in for that month, which means fraudsters are stealing money from real artists. Okay, so the way them music industry works is that there's one, I'm going to simplify this because it's a little more nuanced but generally speaking there's one whole of capital.

Every month a streaming service makes money from advertising revenue and subscription fees. Now this money goes into one pot and it's paid out every month based on play count. So if you're a artist

and you make, you just, this is a 100,000 streams and that streaming service did a million total

entire, the whole entire streaming ecosystem you're in of the revenue. So it's a performance

“per rata. What happens is you could release a song in November and do a million streams and get”

paid $3,000 and that's correct. You could release the same song and do a million streams in February

and get paid, I don't know, $500 and that could also be correct. The reason the numbers could be different is that month the advertising might be smaller because they'd spent like especially the February of January. They'd spent a bunch of money for black Friday and holidays and advertisers weren't spending as much in January February. You could have less subscribers. You could also have a major release, like say a Taylor Swift released a track or an album and all of a sudden the

majority of streams are going to Taylor Swift and your pro-rata goes down. So you could actually have wildly different amounts of money you make for the same general performance because it's a performance-based relative to the entire industry. So if you do want to attend streams, you get 10

percent. If you do want to 20 streams, you get 5 percent and so on. So why that matters and how you steal

is that fraudsters will load millions of songs on the streaming services. As if they're independent artists, they'll create different independent artists names, different independent artists, labels, they'll put them in different parts of the world. So it just looks like they're from different people, different regions, different companies. They will load those to wreck, do it yourself, like DIY, two streaming services through distributors. So the distributor is an aggregator who, you know,

if you're an independent artist, you upload to like a district kid or a tune core or some fun or whatever. And they basically do put all the data together and all the pieces together and upload it to the streaming services for you so they do it in one's shop for you. So instead of you going and uploading to 100 different streaming services, you go to this one provider and they aggregated and put it on to all the stores for you. So these fraudsters will create fake artists, fake labels,

they'll use 15 or 20 different distributors so there's not one's point of failure. So upload

“if they'll go get millions of songs on the streaming services and then here's the key.”

They will play a bunch of these songs small amounts of times. They do not want to get noticed. You don't want an artist that charts, that's not real. You want to generate, you know, 1,000, 3,000, 4,000 streams. But you don't actually like, no one notices the song with 3,000 plays. So if you create small number of streams across a large number of artists, then your aggregate, prorata, like the amount that you actually have of all of the pools for that month,

can dramatically increase because you're stealing pennies. It's basically like, you know, office space. You're stealing pennies from all of these different artists, they just don't realize it, but in aggregate it's a large amount of money. And so the way that it works today is about three billion dollars worth is stolen from real artists because it's going to people that are not real artists. Wow, $3 billion is going to fraudsters who are manipulating these streaming platforms.

That's incredible. It's apparently very profitable to go through all these process of making tons of songs and getting someone else to play those songs across hundreds of thousands of accounts. It seems like a lot of work, but man, it's really paying off for them. And if it's paying off, then that means it's only going to grow. So a few times, you've made the hair on my next stand-up when, because I'm a big privacy advocate, right? And

I'm like crazy into it. Like, I'm free about it. And so you've talked about like some of the metrics you're getting from some of these apps, such as gyroscope and battery life. And as a privacy

“person, I don't understand why I need you need to get my gyroscope information in order to just”

let me play a song. But on the other side, when I went to actually take ads out on some of these platforms to say, "Hey, market, you know, a legitimate ad on the platform." They'll ask you, "Hey, you know, when do you want someone to listen to this ad?" Do you want it to then listen while they're working out while they're having sex when they're making dinner? I'm like, "How the heck do you know when someone is making dinner?" What is going on here?

And so the amount of information that these streaming platforms have on us is crazy. I don't know what question I have, but it just like I said, it makes my hair stand up. I agree, but I would say

for us just know that in most cases, they treat that data, like it is the most important

day. Like I mean, they treat it, having come from healthcare in the previous somebody, they treat it at a level way higher than healthcare. Like crazy. Like a hip-hop compliant, time 10. Like they are insane with this data. They hash everything. They're very particular about how it gets to us, how it gets back. We get security audited. We have an entire internal security team. Like it is like it's partitioning lots of ways, so even if you get to one piece, you can't

end of the choreo, it's just streaming data. But people are feeling three billion dollars a year. So that's a massive amount of money that is going sometimes to people like terrorist organizations

“and organized crime, not some kid in a basement. So the argument also is I think that there's”

some large level implications for where this money goes and what happens. But I will say that the streaming service side treats that data, whether or not you want them to have it. They treat it

like it's very, very important. I've never come across the streaming service that casually allows

data. And even then when we decide exactly what fields we need from different streaming services, we then reject to the rest of the fields. Like we take the least amount that we need to do our job once we build the models. And then if we build a new model or find a new thing that we need to do, we re-enjust that data and build again. But we don't typically just like sit on all this stuff, even if it's anonymized because we just don't want it. And so again, my point is, I feel they've

been very responsible with it. If that makes you feel any better, even though they have it. You said terrorist organizations.

“Yeah, like it's like I imagine that you could move money through a streaming platform without”

anyone noticing. So what you do is you take dollars, you turn it into crypto at crypto ATM, you pay the streaming farm operators in cryptocurrency to stream a certain amount of songs. Those songs are owned by different entities globally. So quite literally you could move money from Columbia to Doha through the streaming service. It'll all be washed and clean through the streaming services themselves directly funding terrorist activity.

So the artists that they're playing is an artist that they're controlling because they're getting paid. They're making fake artists. They're putting fake artists names up. They're taking music that's not there. So they might hack, for example, draw locks accounts. And because you figure one out of every hundred songs, typically an artist releases. So there's a huge, like,

back catalog of artists songs that have never actually been distributed. And when their

distributed is when they're fingerprinted. So a lot of these don't have fingerprint. So if you upload them and there's no fingerprint, the streaming service and the distributor feels that you are the rightful owner of that song because they've never seen it before. So now you can take old songs that have never been digitized, make them your own, and then manipulate the stream. So the first step is just getting to music. The second step is manipulating the stream so you get paid.

If you're the terrorist organization that you build all this infrastructure, you might have literally, let's say 30 different music label entities around the world. All using different distributors with, I don't know, a hundred, quote unquote, "independent artists" and each. And then you're going to just run small numbers of streams to those on 100 different streaming services and slowly get paid. But that money will be clean and end up from one location to another without

you ever having to actually transport cash. And you think that's, I mean, looking at those numbers, how much cash do you think that they're transporting 80, it under the millions of dollars?

Well, I was going to guess a percentage here, right? So like, if I have a hundred million dollars

and I say I need a transfer this, 80% of it makes it. Oh, percentage wise of the dollar? Like, well, 40 to 50%. Yeah, because it's not very, see, this is, they're losing a ton of money on

“in the transfer then. But it's better than leaving it in cash. And like honestly, that's what typically,”

how do you move this much cash? There's they're going to pay someone to watch their money regardless, sometimes 20%, 25%, they're going to have a large amount of money anyway. Then they still need to move that money and sort of pay taxes and that money would end the other way. You end up losing a lot anyway. So your other approaches is just to hide it somewhere or keep it as cash and find other fronts to move it through. It actually ends up that over the last 10 years, the music industry as

it was a growing so fast was a really, like, opportunistic place to hide or wash money because no one was watching it. Now I think of come full circle on you saying you were great hat because I was saying to myself, if you're breaking the terms of service, it's black hat. And now I'm like, wait a minute, if you're breaking the law, then it's black hat. This is different than terms of service. Yeah, that's how I feel. Like, you know, like, I didn't break the laws. I just definitely

didn't agree that I wasn't allowed to do something. Yeah, and now it's getting crazy. We're hundreds of millions of dollars are being sent from, uh, from who's who's involved in this? Well, imagine any kind of elicid activity you can move the money to your partners. You can send, you know, how we how we potentially caught one, for example, is like you'd see the exact same percentage. Like, let's say that you have a million users all playing music. I'm just going to

use Columbia as an example. But they're the beneficial, if you think about who the artists are that's

I'll give you, I don't know many exact numbers. I'm going to give you examples here, like 12%

“always in a Hong Kong entity, and 30% in a Canadian entity, and 40% in a Middle Eastern entity,”

and like, you know, maybe another 10% somewhere else. And so, if all the numbers of streams are changing every month, but the beneficial owner percentage is exactly the same, it looks as if someone's moving money from one location to another location. Through these other entities. So the moving part is that they're paying, um, bots, or listening to the streaming farms to create the streams. Whether they're doing it through a

count takeover or bots or whatever, but the end result is they've uploaded as owners under these different entities, all of these fake artists that have songs on the streaming services.

There's roughly 100 streaming services globally, so they're uploading it on all these streaming

services, and they're telling these streaming farms to go play those songs across all the services. And then the person owns that account is getting paid for their streams, and then the money is arriving to where they need to send it. Yeah, exactly, because now the streaming service thinks, oh, XYZ label and Hong Kong had x percentage of the total streams. We have to pay them out, so it gets paid through distributor and paid to them. And they just get paid.

This is one of the stories that I feel like the floor has dropped out in my head of like, oh, yeah, we have a good understanding of how money laundering happens and how things get sent here and there and how you clean money. But then when you see, when you hear about stories like this,

where, oh, yeah, they're using a streaming service to launder money and sent it across the globe.

Suddenly, my head's like, well, you could do that with buying and selling things on the steam market place, or Roblox account, or any other marketplace that has money-shifted here and there. And this isn't even like a straightforward, like, here. I'm buying something from another user. This is, they'll pay us for streams if we can get the streams then we can get paid. It's such a roundabout way of convoluted way to blunder money that it's blowing my mind and it just makes me

think that every single place that has money going in and out is probably getting hit with something

“like this. A hundred percent agreed and I think the more convoluted the better for them because it's”

so much harder for the average person to understand how the money moves. Because I mean, even even something like Twitter is you get paid for how much engagement you have, right? And so you could totally, oh yeah, any of these engagement-based activities, like, especially in Web3, anything at the time that a couple years ago there was like this big push for treasury tokens. So you'd get paid every time people interact with you on, on, you know, social five platforms or any

of these game-fi stuff like you could manipulate all of this stuff and then get tokens to take it to market and sell it. It's crazy to me that there's a dark web API that has access to millions of online streaming accounts. And if you feed it money, you can get all your songs played a bunch and I bet whoever runs that hates Andrew. I mean, if I had a couple of them do crazy stuff, like reaching out or say things, but I would say that generally, you know, we were talking once

our lawyer for the company is this guy named Jim Trusty. He was the former chief of organized clients with the DOJ and he told me once that the good news is they don't typically shoot the boarder guards. It's kind of a gentleman's sport. So I would say that most of them just change their tactics and change the way they behave. I also think the industry's progressed in the early days. There were some real trepidation or fear around like what happens because where there's a

handful of people that know what's going on here. And I would say now every single streaming service has a trust and ZAD department. Every single stream, you know, label has a fraud trust and ZAD person. So the industry has changed over the last three years in a way that I would say I feel less scared about like if you did something to me or my co-founders, like this is not going away at this point, the cats out of the bag. But I would say there was a real moment in the early, you know, 2021, 2021,

2022 where we were actually very concerned about like what happens. Yeah, I mean, especially, especially if you've got cartels that are moving money in big ways and they're like, okay,

“let's put a stop to these guys. I think it's even being upset with you. I mean, that was my concern,”

but again, I think we sort of like whether or not it was naive at the time. It was more like, oh, well, they don't normally shoot the border guards. They just find a different way to move the money. Yeah. And do you ever, do you ever point the feds to someone and be like, hey, these guys are breaking a lot of laws. Like, I don't know, dark web API or, you know, cartels moving money and be like, okay, we've got to report this to someone more than just the streaming service.

Yeah. In some cases, when we find things that are outside the data that are is given to us in privacy, then, um, then sure we might, we might tell people, but generally speaking, we report the results

and the collection societies, right? They determine then who to who they want to work with on the

“government side to prosecute, because that's typically a, you know, long road three to five years,”

they sometimes, especially in multiple countries, you know, you'll dinner bowl and all kinds of different activities. And so I think, um, I would say that's an area that's emerging, but we provide all the evidence that they need and then they and help them package it to whoever agency they're going to, but typically they are the ones that are the ones actually determining whether or not they're going to pursue it. Okay. I'm now changing my mind. What Andrew did when he was younger,

I used to say was black hat marketing, but now I'm going to say he was doing gray hat marketing. Aside from the ad arbitrage stuff, all he did was violate the terms of use on websites like Facebook and YouTube by artificially inflating the numbers. Coming into this, I would have said, that's black hat, but not now. Now, I think these cartels or terrorist organizations that are moving hundreds of millions of dollars through these streaming platforms, that's black hat

marketing. That's some real dark stuff. Anytime these streaming services have to call the authorities

“on someone, that's what I think is black hat marketing at this point. And I suppose because”

now that I've seen such an extreme side of this marketing, I'm no longer so judgmental about somebody having a bunch of fake followers on their account to help them break out. Because really the fake followers and algorithm manipulation can only go so far. If they're a bad musician or

whatever it is they're creating, they'll never take off no matter how many fake streams they get.

But if they are great and people really love them, then that was just a growth hacking technique to kickstart their journey. And after they break out, there's no longer a need for all the fake followers. You do run the risk of getting banned off those platforms, so I don't recommend doing it. But now they think about it. Bending users is really tricky. Because supposed Twitter has a way to detect when there are fake followers, right? And they automatically banned

someone if they have like 60% of their followers or fake. Well then imagine someone gets millions of fake followers to follow Elon. And he gets kicked off for having a majority of fake followers following him. You see, you can use these bands as a weapon to get someone else banned that you don't like. So banning users for having a bunch of bots following them is really, really tricky. And maybe you can't even do it. With all this information you have, you've got to have probably

some sort of restriction on what you're allowed to say. Because if there is, I mean you can see who the top artist of the day is. You have so much data. You can see how many streams are getting you know, and all this sort of stuff. And you know, magazines like pitchfork, you know, whoever is the music industry magazines would love to know who is the top, you know, streamer of the day or a week or month or something like that. And a lot of the stuff is kept quiet. I mean we

get to see some statistics of what so how many how many downloads a song has. But we don't see very much of, you know, that. And you could have such an outstanding blog of like, here's how

here's what's going on today. And people would just flock to it. It would be huge. But you're

probably not allowed to share that kind of information. It's our core promise to all of our vendors. Like, you give us your data. We do not monetize it in that way. So we we provide you results back as a true financial tool and trust and safety tool. We do not monetize it in any kind of marketing, any type of market reports. Like, we will not monetize the data they provide us. They pay us an annual service fee so that we aren't incentivized to find more fraud than there is. If there's not a

lot of fraud, we tell them if there's a lot of fraud, we tell them like we are just the trusted source of truth. But we do not. We don't monetize that data anyway. Yes, we could probably build a

“massive company. But I'm not sure they would trust us in the same way. And I think that's the while”

a lot of these marketing level companies that do aggregate data. They get very limited data sets because they, you know, the biggest fear for these services is the state of being public or going other places. So we are, we are, we are, we are privileged enough to handle it because we've

built of large and strong level of trust with all of our partners. And they know that we would never

violate that trust. Yeah, and at first I was thinking as well of like, oh, you're saving all these streaming companies money by, you know, saying they don't pay these people because they're not doing it. But now, but at the beginning you told me, no, there's, there's a big pool and a percentage goes out to whoever gets the streams. And so I don't think you're saving these streaming companies any money at all because they have to pay out 100% every month or whatever. And whether it goes to

the price for doing business for them. Yeah, okay. We're a cost of doing business for them. I would say in some cases they save money. So this is where it gets nuanced. Like what I've been talking a lot about is what's called interactive streams where people get to choose what's on us

pay a set rate out. There's a rate card that's in. So when you remove the fraud from those,

“they actually do save money. So in some cases, in some areas, they'll save money. But I was”

saying, generally across the board, they're probably not not making money off of us if they're

interactive. So if they offer a service where you get to choose what you listen to, they're probably

not making money off of us. But they also, if I'm being honest, don't want to be the executive

“who's per blocked for funding terrorism. So there is an existential risk and also you figure”

the major labels are huge victims here. Keep in mind, if you're a major label, you own and distribute

probably over 80% of all revenue generating content. Not just all revenue generating content, like royalties are coming primarily from the major labels or the independent labels they distribute

“as a major. So when you look at it as a whole, if you're a streaming service and 80% of the”

things people are listening to are controlled by these three parties and they're saying, we're tired of being victims. If you do not have a service like this, you cannot have our content, it moves a lot of needles. Wow. Well, this was so much of this was so illuminating to me. I did not know about this world much at all. I mean, I told you what I do know and there was a few things here and there. But man, there's so much of learned here. Thanks so much for coming into

and telling me all this. Yeah, thanks for having me on. It's been really fun. Again, I appreciate you making it time for me. This show is created by me, The Hashed Brown Jackery Cider. Our editor is our friendly Cisadman, Tristan Ledger, mixing done by proximity sound and our intro music is by the mysterious breakmaster cylinder. Well, I don't know about you, but the next time someone makes fun of me for the music I listen to, I have the perfect excuse. No, no, my account's

been hijacked. It please random stuff. I swear, I can't stand this band. You kid me? This is Darknet Dyeries.