All great questions. I have been told by persons with expertise in the computer security area that there is little to no risk from these bots. In other words your account information, including credit card info etc. if you are a member of Medium, are safe. That said I do still worry that maybe we (as in they, the computer security “experts”) are missing or overlooking something. If I liken it to a war it feels a lot like the troops (bots) are massing for an attack. They are certainly taking their time but there has been a continuous build up with an every increasing pace of infiltration of the site. Not everyone is effected equally for sure and I no doubt am one of the worst. I gain approximately 1–40 followers every 1–2hours, of these I estimate 90%+ are bots. If I look at my notifications right now I see that I gained 40 followers 1h ago. This is pretty much the standard. I went from around 100 followers to 2.4k in approximately a month. Honestly I could care less about the stat, it is the principle of the thing, and the lingering security concern. Reporting the accounts would be a herculean effort as there are so many. I gave up trying to engage medium support or management long ago.
There are three factors contributing to the lack of concern/action on this.
- There seems to be no negative impacts (other than follower stat distortion) to any individual user accounts.
- The one impact (follower stat distortion) is seen as a net positive by many Medium users. It is an ego booster even though it is not real. Many are not aware these accounts are bots, others are aware but choose to ignore that fact.
- Medium the business gets a massive bump in traffic (also not real) that looks good to Wall Street, new potential users and members, etc.
Until one or more of these change the situation will remain as it is or continue to worsen. I do find it interesting that when a similar situation started at facebook they moved actively and aggresively to squash it as soon as technically feasible. Item 1 above also seemed to be true at facebook but there was great concern about fishing for user information via chatbot having “conversations” with actual users than reporting back the contents somehow which someone could then use to do something nefarious with. None of this was ever proven.