魔族是無法溝通的猛獸 Demons Are Beasts Incapable of Communication

芙莉蓮：「魔族只會模仿人類的聲音，實際上卻是無法溝通的猛獸，跟魔族對話根本沒有用，你有想過他們為什麼會使用跟人類相同的語言嗎？對他們而言語言只是拿來欺騙人類的工具」 你是否對這段話感到異常的熟悉感呢？你是否覺得芙莉蓮說的，像極了網路上的某種氛圍？你有意識到網路上有很多像是人類、卻不確定他們是不是人類的魔族呢？魔族到底是什麼呢？

Frieren: “Demons only imitate human speech. In reality, they are beasts incapable of communication. Talking to them is pointless. Have you ever wondered why they use the same language as humans? To them, language is merely a tool to deceive.” Does this quote feel strangely familiar to you? Does it seem like Frieren is actually talking about the atmosphere of the internet? Have you noticed many entities online that appear human, but you’re not sure if they really are? What exactly are these “demons”?

 

社群平台上的機器人 Bots on Social Networks

社交網路上有很多的機器人存在，有些到處抓取網路資料，有些經營自己的頁面，像是蒐集城市中的餐廳照片、評比，建立觀眾，抓取眼球，販賣廣告等．這類機器人通常不會與真人互動，而公開使用機器人的企業也不會刻意欺騙群眾，因此這些機器人角色本來就不需要與人對話；另外那些用程式大量控制的機器人，在還沒有人介入之前無法有效的回應群眾，但這些機器人的獲利模式本來就不是與群眾互動．

以這個定義來看，你覺得機器人是魔族嗎？

There are many bots on social media. Some crawl data everywhere; some run their own pages—grabbing city restaurant photos, ratings, building audiences, capturing attention, and selling ads. Generally, bots don’t interact much with real people. Companies that publicly use bots don’t deceive the public, so these bots usually don’t need to engage with users. Bots that are heavily code-driven and not yet operated by humans cannot interact effectively with users. But interaction isn’t their business model anyway.

By this definition, would you consider bots “demons”?

 

操控社群的背後人為力量 Controllers of Social Network Bots

另一種類型是較難識別的「假帳號」，在論文裡有比較傳神的名稱「傀儡帳號」，傀儡帳號通常由組織操控，並用於各種目的，呈現出的行為是模仿大量群眾對某事件的反應，包括：

• 為某人或活動的受歡迎程度灌水、市場營銷
• 影響輿論、政治與選舉
• 影響金融市場
• 嘗試掩蓋他人的聲音或是故意製造對立
• 洪水式的散播垃圾訊息和宣傳

魁儡帳號有些特徵，例如帳號本身幾乎無內容，成立不久卻大量追蹤他人或被追蹤、大量使用某些標籤(tag)等等，隨著 AI 生成技術的進步，這些假帳號的識別變得越來越困難。許多帳號的大頭照不再只是盜圖，而是直接生成的虛構人物。他們使用AI針對情境生成的文字也越來越難辨識

所以我們不得不擴大定義為：「只要無法證明自己是誰，卻積極參與社交互動的帳號，都可以視為傀儡帳號。」

那麼你覺得，這些傀儡帳號是魔族嗎？

A second category on social networks is harder to identify: fake accounts. The paper more vividly calls them—sock puppet accounts. These are usually operated by organized groups and used for various purposes. Their behavior mimics the reactions of large groups to specific events, including:

• Faking popularity for people or events (e.g., marketing)
• Influencing public opinion, politics, or elections
• Manipulating financial markets
• Drowning out other voices or deliberately creating conflict
• Spamming and propaganda at scale

Some typical traits of sock puppet accounts include: hiding their own content, following or gaining followers rapidly, or overusing certain tags. Since these accounts are operated by real people with specific intentions, they continue to evolve. And with AI-generated images, even profile photos can be artificially created, not just stolen—making it harder than ever to detect them.

So, let’s extend the definition a bit: any account that interacts online without being able to prove it’s really “you” is a sock puppet. By this definition, would you consider sock puppet accounts “demons”?

 

惡意詐騙帳號 Fraudulent Accounts

第三種類型是充滿惡意的詐騙帳號，詐騙帳號也控制了很多的假帳號，這裡用假帳號去描述較為精確一些，是因為這些帳號的惡意並不是為了傀儡帳號的那些目的，——它們的目的是假冒、釣魚與滲透，假扮為騙你入甕的某些角色，他們會認真地與你對談．除了你看不到他的真實身份外，他們的專業背景可能讓你欽佩，他的溫柔可能會讓你傾心，惡意的目標是錢，沒有其他；

也因為有錢能使鬼推磨，詐騙集團的技術與手段進步得更快、更加專業；

依這個定義來說，你覺得詐騙帳號是魔族嗎？

The third kind of account on the internet is malicious and fraudulent. These are also fake accounts but with a different motive than sock puppets. Their intent is impersonation, phishing, or infiltration. They’ll impersonate roles to lure you in and engage in deep conversation. Their identity may be fake, but their professionalism can impress you, and their charm may win you over. Their sole goal is money—nothing else. Because money drives progress, this area evolves rapidly and professionally.

By this definition, do you consider scam accounts “demons”?

 

那我們該怎麼辦 So What Can We Do?

要處理這個問題，第一步就是要能分辨出誰是人、誰不是。

機器人不是人——所以我們如果可以簡單的證明自己是人，就可以反向推出「我不是機器人」；最簡單的方式是透過手機內建的生物辨識來驗證自己是人。若一個帳號連這種驗證都做不到，那它就缺乏最基本的信任門檻，你不該相信他講的任何話．
這是真人帳號憑證

生物辨識雖能提高創建帳號的門檻，但資源充足的組織仍有能力突破。這時候就需要進一步引入「護照」：一本護照只能對應一個帳號，進一步提高帳號的可信度。能夠持有護照驗證持續綁定的帳號，就可以反向推出「我不是傀儡帳號」，能夠進到這個階段的帳號，可信度會比只通過生物辨識的帳號來的高
這是唯一帳號憑證

詐騙帳號因為有金錢誘因，背後集團更有可能花費資源取得護照使用權，然後創造護照綁定的帳號。因此，在與陌生帳號進行金錢或商業交易時，對方根據護照揭露身份的憑證 就是一個重要的信任門檻。是金錢交易保障上的一塊拼圖．願意揭露身分的商家帳號就是反向聲明「我不是詐騙帳號」，可信度會比護照綁定再來得高
這是實名制帳號憑證

To address this issue, the first step is to distinguish who is human and who is not. A bot is not human—so if we can easily prove that we are human, we can indirectly conclude that “I am not a bot.” The simplest way is to use the phone’s built-in biometric verification to prove one’s humanity. If an account cannot even pass this basic verification, it lacks the minimum threshold of trust, and you should not believe anything it says.
This is the humanity credential.

While biometric verification raises the barrier for creating accounts, well-resourced organizations can still bypass it. This is where the passport comes in: one passport can only be linked to one account, further increasing its credibility. An account that can continuously maintain a verified passport binding can indirectly claim, “I am not a puppet account,” making it more trustworthy than an account verified only by biometrics.
This is the uniqueness credential.

Scam accounts, driven by financial incentives, are more likely to invest resources to gain access to a passport and create passport-bound accounts. Therefore, when engaging in financial or business transactions with unknown accounts, a credential proving identity based on a passport becomes an important trust factor—an essential piece of the puzzle for transaction security. A business account willing to reveal its identity is effectively stating, “I am not a scam account,” and is more credible than one merely bound to a passport.
This is the identity credential.