NZDSOS Stars

The other day I noticed that the medical misinformation site NZDSOS - where a few anti-vaccine doctors promote their “alternative” COVID ideas - had changed its look. This is an issue for me, as a few months ago I created a spoof site called NZD-SOS which I made to look like the original site. My site pointed out that there are more doctors called Sarah, Michael or Kate, for example, that have signed an open letter in support of COVID vaccination, than there are doctors who have signed the NZDSOS open letter warning against vaccination.

The original site has changed its look several times now, and each time I dutifully change my parody site to look the same. So, to this end, yesterday I started to update my site's HTML and CSS to match this new facelift. While I was working on this, I clicked on one of the articles on the NZDSOS site and noticed that at the bottom it had a voting system where you could give the article between 1 and 5 stars. Interesting, I thought, and then I gave the page a one star review - bringing it's overall score down from 4.4 to 4.3.

I then tried to give the page a second vote, just to see what would happen - nope, there was a system in place to ensure you could only vote once. Hmmmm, I wondered, what if I opened the article in an Incognito window? Could I vote again? Yes, I could! Once I'd voted a second time, both of my votes showed up and the page was now at a rating of 4.2. If I wanted to vote again I would need to close the Incognito window and open a new one, which seemed like a tiresome task.

Now, I'm an upstanding citizen and so I let this be and didn't take things any further. But, if I was more of a skeptical activist, and if I happened to have a background in developing software, what could I have done with this information? Well, maybe I would have started by using the Chrome Inspector to view the request made to the web server whenever a vote is cast. I'd imagine that might have looked something like this:

And maybe I'd have noticed that the only protection against someone voting multiple times was a nonce, a 10 character hexadecimal string that the site uses to fingerprint you, and check whether you've voted already. The kind of string that might be randomly generated with a Javascript function like:

_function nonce() {

return [...Array(10)].map(() => Math.floor(Math.random() * 16).toString(16)).join('');

}_

I guess if I wanted to write a script that would downvote all of the posts on the site, I would first need a list of post IDs. And given that the NZDSOS website appears to be a Wordpress site, I'd probably look to using the Wordpress API to request as many posts as possible, and then keep asking for pages until there were no more posts left. If I'd read the documentation properly, I'd imagine the URL for the first page would probably look a little like this:

https://nzdsos.com//wp-json/wp/v2/posts/?per_page=100&page=1

Of course, if I was trying to be shrewd about it, I'd probably want to randomise things a little and not just cycle through the list of posts, hammering the website with thousands of one star votes for each one. If I gave each post a set of totally random scores between 1 and 5 it would only bring the average score down to around 3, but maybe a weighted average, heavy at the one star end, would work well. Possibly from something like this formula:

min + round((max - min) / ((<random number between 0 and 1> * (max - min)) + 1)) - 1

I could then use this to not only randomise the vote score a little, but also randomise the time between casting votes. I'd do this not only because it's important to limit the rate at which you access an API so that you don't overload it or get blocked, but also so that your votes look organic - like they're coming from more than one person.

I'd also want to pick a random article each time, rather than running through the same list sequentially. And I'd probably then tell my script to print out its progress, so that I could see it working. Here's a mock-up of what I imagine that output might look like:

Finally, once a script like this had been running for a little while, I'd expect to see the voting pattern for an article start to show a weighting towards 1 star votes, with a few votes with more than one star. And, of course, any article that's already received a set of 5 star votes from people would also still have those votes as well.

As I said, this is all theoretical, but I reckon that given an hour or two I could probably throw all of that together into a small script, probably around 150 lines of code - a script that might end up looking a bit like this:

And, who knows, if someone ends up doing something like this and leaving the script to run over the course of several days, and if the site administrators aren't paying attention and/or have no way of recording and blocking IP addresses, maybe we'd slowly see the score for each and every article on this misinformation site receiving the one star ratings they so obviously deserve.