KaKao

Records that Kakao safeguarded its user security

 

Since the 1990s, when the Internet became popular, battles between those who attempted to break through networks and those who tried to stop them have continued in the PC environment. The battlefield that had lasted for around two decades moved to mobile. And Kakao services, most often accessed by most Koreans, became the most wanted target for those intruders.

 

Since its inception, KakaoTalk, Kakao's representative service, has expanded its scope of use from communicating between acquaintances to forming a community with non-acquaintances, making payments,  issuing certificates, consuming content, and enjoying shopping. But in the process, some problems unexpected before the mobile era appeared behind the burgeoning service. Spam messaging and 'abusing' by outside forces with malicious intentions are typical examples. Vicious replies corroding public debate on portals and communities, as well as harmful images and malicious URLs that have a different level of spreading power, cannot be left out.

 

To what extent people sense such problems depends on whether they encountered difficulties directly or indirectly or observed them closely. Despite the end of 2022 approaching, you can still witness similar reactions if you bring up this topic.

 

'Come to think of it, phishing attempts to impersonate acquaintances or family members on KakaoTalk have died out.'

'I don't recall reading vicious comments on the Daum news portal that cause eyebrows to raise just like old times.'

'Vicious comments are unrelenting in stock chatrooms or for spam and SMS promoting coins, but there seems to be little in KakaoTalk'

 

How have mobile services, taken for granted in our lives like water or air, maintained their cleanliness? We brought back up the story that Krews strived to secure user security behind the scene while coping with newly-arising problems or patterns of attack unprecedented in the PC era.

 

#Can you block spam messages without reading 'conversations'?

There was a time when we rated high that PC-based services gathered hundreds of thousands or millions of users. One of the most compelling reasons why KakaoTalk's growth attracted public attention is that KakaoTalk continually raised its implicit limit on the number of users.

 

As if predestined, large-scale illegal gambling spam messaging took place on KakaoTalk setting an unprecedented growth record. The attack was more blistering than ever. The service, however, was a communication tool between individual users, so the company could not even examine the messages in question. Hailey described the situation at that time.

 

"The first mobile messaging app where users could create a group chat room was KakaoTalk. That's why we were in a double bind while benchmarking the Report button adopted by many other global services. If the button stands out, it will probably derail conversations. On the other hand, if blended into the background, the button may not fulfill the intended function. At that very time, a Krew came up with the idea to have the Report button visible only to non-friends in a chat room. Some said this button could weigh users' minds, so we should decide whether to maintain it after a week of monitoring, such as adjusting the button area. Reported messages throughout the week validated that users were using the new feature better than expected. We witnessed various examples of propagating messages by pseudo-religion and advertising for gambling and pornography websites. Due to the real-time characteristics of messaging, subsequent remedial measures have limited effectiveness. The spam message has already spread and achieved its intended purpose, even if spammers are sanctioned. The Report button was only shown to non-acquaintances, which was the trigger to slash spam messages quickly sent in bulk, and Kakao could adhere to the principle of not looking into messages."

 

The pattern of encountering new ones right after warding off attacks continued for several years. Attacks often occurred in the early morning when it was challenging to respond to them, and response krews got used to a life that had their days and nights mixed up.

 

In early 2015, a new organization was established to root out the activities of spammers and abusers that was renewed almost daily. Freshly appeared the job of 'anti-abusing' that prevents spam messages from spreading by taking appropriate countermeasures based on data scientists' inferring and identifying users with the 'abusing' intention. And then, the 'TalkHello Part' was created, dedicated to presenting policy and planning elements and implementing them with technology so that KakaoTalk could be enjoyed pleasantly and safely. The center of gravity shifted from agile and accurate post-response to prevention based on artificial intelligence detection technology.

 

#People who cannot disclose where they belong and what they do

"I don't explain details of what I do to my family and friends. If I do,  at the most minor level, I may be asked to lift the sanctions or be drawn on involuntarily by those who do wrong."

 

To the words of Sarah, who is in charge of anti-abusing, Tito added, "I  am exactly in the same position as hers. Just 'Server Developer' on my business card? That's the why."

 

Abusing and spam occur in lucrative but illegal areas, such as illicit advisory investment, gambling, illegal sports betting, pseudo-cryptocurrency, or porn websites. Those who make much money in the dark persistently dig into users' mental states and behaviors and vigorously engage in technological investment (?). That's because KakaoTalk is an attractive platform allowing users to read and respond quickly compared to text messages or e-mails. Tito gave a few examples.

 

"If you blog, you may have received direct messages enticing you to sell or transfer your account. Once you get used to the situation, you don't react to them. When targeted, blog IDs are randomly scraped and added to KakaoTalk and become unwilling recipients of bulk messages. That is a typical abusing case by reading the behavior patterns of users who use the same ID for multiple services. And that stepped on a rake, damaging our credibility ― Many users misunderstood that Kakao leaked personal information.

 

It is seemingly an open chat room about cats, where, however, illegal investment advice is sought and provided. The operators of such chat rooms infiltrate competing chat rooms, play havoc, and attempt to steal users there. They also show off their influence by placing dummies. So our main task is to develop solutions to weed out those abusers so that various attack patterns can not occur."

 

Kakao has become a platform used by almost all citizens in Korea, and user patterns have increased exponentially. That's why we can find and give a quick penalty to people who are highly likely to commit harmful acts based on statistics or machine learning without looking into incoming and outgoing messages. If general users and spammers add multiple friends simultaneously, KakaoTalk's anti-abusing technology accurately distinguishes them. There are more than 40 technologies that prevent suspicious users from engaging in harmful activities without imposing sanctions. This hidden power makes users take it for granted to receive 'bonafide talks'  at ease from a person they just made friends with and continue their conversations.

#The value of protecting another self

People engaging in for-profit activities in the dark world are often referred to as a 'good brain in the wrong direction.' Sarah is wary of such an expression, warning, "It may belie the nature of their activities, making them look just and cool no matter how small it is." "Their activities are, in nature, crimes and fraudulent practices. They dig into weak links and cause damage to others. Teenagers or senior citizens with low awareness of personal account security are often targeted. You can stay away from crimes only when you assume your account to be yourself, not separate from you."

 

Tito took over the story. "This is an era where ordinary people study development contents and try a variety of new things. Current and aspiring developers get curious about reverse engineering only to cross the line. Tracing back the IPs often ends up with encountering university computer rooms or clubs. Mere curiosity would turn into illegal acts entangled with money, which mostly doesn't end well. "

 

One creates service and other attacks. Even after repeated quality assurance (QA), gaps are still found. The interviewees laughed, saying that being attacked relentlessly was "a case where abusers do some of the QAs we couldn't finish."

 

Phone books, which used to be stored only in notebooks or mobile phones, have long been uploaded to the servers of various services, including KakaoTalk. The intertwined relationship between accounts acquires the value of trust when secured. It is hard to imagine the chaos and social loss when 'another self,' most frequently used by most Koreans, loses trust. These Krews' tenacity to root out the crime of impersonating acquaintances that used to be rampant 2-3 years ago, at least in KakaoTalk, led to the creation of Talk Siren. Since this service allowed the orange Talk Siren mark to appear only when attention was needed, the number of related reports has decreased to extinction. It also means impersonating criminals can no longer set foot on KakaoTalk. Even today, those who cannot explain what they really do to their families are spreading safety nets out of sight.

#Make all Kakao service users safeguarded

Besides KakaoTalk, various Kakao services adopt the 'Safe System' to protect their users. Analyzing displeasing comments with AI technology and automatically hiding them from the Daum Comment window, filtering images to cope with harmful images, and blocking malicious URLs and texts in real time. 'Safe Bot' containing all these functions has been on a steep learning curve to boost performance.

 

 Safe Bot started to perform an active role in December 2020 against comments with insulting or vulgar words or spammy texts. Since its beta version was launched, abusive comments have plummeted. Compared to the second half of 2020,  the number of words replacing profanity notes decreased by 53.7%p and 63.8%p in 2021 and 2022, respectively. That means the number of user reports has become 1/3rd since the Bot service was first active. The proportion of abusive comments reported by users among all comments also decreased from 4.2% in the second half of 2020 to 2.4% in 2022. Compared to the second half of 2020, the monthly average nosedived by 73.6%p in 2021 and by 91.7%p in 2022, respectively. It is reduced to 1/12th level.

 

These figures suggest malicious commenters increasingly developed a sense of helplessness due to the intelligent Safe Bot. Relatively, online comment as a forum for public discussion has become sound.

 

Behind the scene where unidentifiable URLs or frowning images almost vanished from various Kakao services, Safe Bot existed.

 

Leeno, the head of the Clean Platform Development Team, talked about  Kakao Krews' mental attitude regarding user protection.

 

"Since Daum flung the history of Korean portals open, some people have worked hard in a hidden place to ensure safe and comfortable Internet life for various users. After the inception of the mobile era, the amount of time and immersion spent on the Internet has further increased. A sense of duty to protect an important axis of our society in an invisible place keeps us alive."

Records that Kakao safeguarded its user security