24 Hours Ago, I Died

I suddenly vanished from the digital world. 24 hours later, when my internet self awoke from death, I finally understood: under the guise of “risk control,” your digital identity never truly belongs to you.
By catme0w |

24 hours ago, I died.

For those 24 hours, as far as the internet was concerned, I was dead.

I

My QQ account was banned, and this happened during “兽界”.

This might be the most terrifying thing that could happen during a fur con.

[Fur con: Also called a furry convention. Similar to anime conventions, but with a furry theme.]

Well, let’s rewind 24 hours. Let me re-explain what actually happened.

II

July 22, 20:32

This was the night session of 兽界. At this moment, the band had just finished their performance.

As the night session’s main event, plus the fact that my friend was one of the band members, I was naturally full of anticipation for this performance.

Unfortunately, the inadequate venue combined with an inattentive sound engineer turned what could have been an electrifying performance into something like listening to music with one earbud in a sewer next to a busy street at noon.

The night before, I helped my band member friend move his equipment and caught their rehearsal. I’m certain of this. The formal performance didn’t showcase even half their abilities.

Randomly shot

Strictly speaking, a venue without proper acoustic design definitely bears the main responsibility for this terrible sound quality. But when I walked closer and saw the sound engineer absentmindedly playing with his phone, I still felt annoyed.

The sound engineer wasn’t one of our people.

Of course, this is just subjective perception. Maybe he did his best.


After the performance, facing this indescribable sound quality, I had no interest in watching the subsequent acts. Didn’t know them anyway. I left the venue, casually pulled out my phone, and posted on QZone, a Facebook-like social platform built into QQ:

“The sound engineer at 兽界’s night session should be dragged out and beheaded”


Posted, backed out, all in one smooth motion.

Before I could see the chat list, a popup appeared first.

“Your account login has expired, please log in again.”


Well, as long as it’s not banned, I’ll just log in again.

III

July 22, 21:55

I returned to the hotel and opened my laptop. Rather than typing on a phone’s small screen, I always prefer chatting on a computer.

I use “Icalingua++” as my third-party QQ client. There are many reasons for choosing it over the official version.

For example, I can access my own chat history - recent versions of QQ no longer display chat records from exited groups in the message manager, and the 2018 version I’d been using was recently affected by remote killswitches. Even if you could still log in, you couldn’t view any message history.

Of course, there are also privacy considerations. QQ’s disk scanning, browser history reporting, kernel driver trojans, and more are too numerous to list.


But Icalingua didn’t greet me with the chat interface today. Instead, it bounced back to the login window.

The sudden disconnection an hour and a half ago was targeting Icalingua.

Maybe it was related to my beheading post, maybe not. Tencent was already phasing out old QQ protocols anyway.

Icalingua is designed based on a QQ bot framework. The risks that exist for bots also exist for Icalingua.

Obviously, after my Icalingua’s old protocol version was phased out, I could no longer log in with this version.

Even though this version was released less than six months ago - “8.9.33” released this March.

For QQ bots, old protocols are always safer. New versions mandate cryptographic signatures. Without a signature you can’t log in, and if you carry an incorrect signature, the consequence is immediate account ban.

Icalingua’s high version signature implementation wasn’t yet perfected at this time, with considerable risk of account bans.

But I had no choice. No matter what, getting back online was urgent.

⚠Warning: As of 2023/06/30, the issue of high versions (8.9.58/8.9.63) being frozen about an hour after login has not been perfectly resolved

This was a line written in Icalingua’s repository README at the time.

[Repository: Icalingua is an open source project. The place where source code is stored is called a repository.]

[README: The project’s help documentation.]


Time to test the value of my years of QQ “VIP” subscriptions.


(“This account has been temporarily frozen due to suspected violation of business rules. Please tap Confirm and then re-enter your account and password to view the details. You may also manage the account’s funds.”)

(“Login Prohibited: Your account has been restricted from logging in on an unfamiliar device due to suspected violations. Please switch to a commonly used device and log in again, then follow the instructions to complete the unblocking process.”)

And this time, luck wasn’t on my side.

For most people, using high version bots usually only results in one freeze, and this freeze is just a relatively mild warning that can be immediately unlocked through facial recognition.

But my main device required me to “change common device” to unban.

My god, what are you doing?


I never travel with just one phone.

My Android phone also has QQ logged in, and it’s also the 8.9.xx version from the past six months. Using it should be fine.

But I immediately hit a wall. I did make it to the facial recognition step, but even after pressing my face against the brightest light in the room, QQ kept prompting “current lighting is too dark.”

After repeating this many times, QQ completely welded the door shut on me.

(“You have reached the maximum number of failed attempts for today. Please try again tomorrow.”)

Fuck off!


The more I thought about it, the more something seemed wrong. If the lighting really was too dark, it shouldn’t let me go through the facial recognition process at all, just like the old Health Code facial recognition login. If it was really too dark, you couldn’t even see the color-changing flash step.

Discussions from others on GitHub somewhat confirmed my suspicion - it’s not about lighting being too dark at all, but detecting Root/Xposed.

[Root: Allows users to obtain superuser privileges for the Android operating system.]

[Xposed: A code injection framework for the Android system, commonly used to modify the functionality of Android systems and applications.]


Absolutely disturbing.

IV

But the problem is, what now?

People come to fur cons from all over. I think most people don’t come for that “members-only farmers market” at the venue. Meeting friends and touching fursuits are the focus.


So how do you contact friends and tell them you’re also here? Of course, through QQ.

Now, my connection to the world was severed.

My world went blind in an instant. Against this backdrop, fur cons - events that almost completely rely on online relationships - suddenly became purely offline activities.

A strange feeling, but I definitely don’t want to experience it again.


Fortunately, I still had Telegram. I could still contact a few friends and bridge to the “overworld” through them.

But some earlier memories about Telegram, combined with today’s experience, suddenly made me feel chilled.

V

Telegram, this chat app with unlimited cloud storage and freedom to come and go, had actually replaced QQ and WeChat as my main communication tool long ago.

I’d always been a “ground promotion expert” for Telegram. It’s just that starting from the past year, I could no longer recommend Telegram to anyone.


In late 2021, Telegram announced the launch of an advertising platform that would place non-personalized ads at the bottom of large channels. But the advertising platform’s threshold was unrealistically high. People’s doubts at the time were: who would invest such high entry costs to choose this advertising platform?

At the end of that year, the advertising platform’s first batch of ads went live. We were surprised to discover that the so-called advertising platform was completely just a front for TON, the virtual currency that Telegram had abandoned years ago due to regulatory issues.

But this was harmless. At least Telegram now had a source of income and didn’t have to worry about going bankrupt.

That’s how we all consoled ourselves at the time.


In mid-2022, Telegram Premium launched.

During the same period, Telegram, without any warning, reclaimed usernames from all channels that non-Premium users hadn’t been active in for over a year, and used these seized usernames for their own “NFT sales” profit.

Channels created by people who had already left Telegram, or channels that simply didn’t need frequent updates - if you hadn’t joined them before, you could never see them again.

And if you wanted to redeem your former name, you needed to pay Telegram at least several thousand RMB, and that’s the minimum - of course, settled in TON. As for those who left Telegram, the traces they left behind vanished without a trace.

One of the earliest Chinese fan channels for Apex Legends on Telegram. Its username was reclaimed and a year later bought by a cheat seller.


At the end of 2022, a wave of bans swept through Telegram’s Chinese user community.

Maybe you woke up one morning to find that a friend you were chatting with just last night had become “deleted account.”

…Yes, this really happened to me. Though I wasn’t the one who got banned.


This friend of mine almost only had private chats with a few fixed people. Before the incident, they hadn’t joined any new groups or even spoken in any group chats.

We couldn’t find any reasonable explanation, but just like that, they along with all their data evaporated overnight.

For this situation, contacting Telegram’s help team as soon as possible is the most effective method. Years ago, such unwarned deletions had also occurred, but usually could be recovered within 48 hours.

They and I jointly sent over a hundred emails and Twitter DMs within half a year, but to this day, they haven’t read even a single one.

“Sent” means unread. Read would be “Seen.”

It wasn’t until half a year later that they accidentally discovered that this banned phone number could log into Telegram again.

But what appeared after logging in was a completely new empty account.

Their original account had been completely wiped from Telegram’s servers.


Later, through inquiries, I discovered this happened far, far more frequently than I imagined.

In a group of 180 people, nearly one-tenth had been unwarned-deleted like this in the past year, with no survivors.

I admit this is a bit “anecdotal statistics,” but… if even someone like me who doesn’t pay attention to outside affairs and is just a private chat warrior can easily find over a dozen cases, it probably can’t be considered low probability.

In this batch of cases, unwarned deletions all met the following two conditions:

  1. The bound phone number is a Chinese +86 phone number, or VoIP virtual number (like Google Voice or TextNow)
  2. Never subscribed to Telegram Premium

Actually, Telegram has always had a risk control system that prevents suspicious users from initiating new private chats, and this system is notorious for its “universal discrimination” against +86 phone numbers.

This risk control requires appealing to an official bot to remove. In this bot’s help documentation, it even explicitly states “subscribing to Premium grants immunity from death.”

VI

In today’s so-called “big data era” and “AI era,” companies use “risk control” as an excuse to give all major internet products a malware-like quality, using technical or non-technical but mostly boundary-crossing methods to conduct opaque risk control scoring.

And the price is either handing over all your personal information to reduce “risk control,” or losing all your hard work - of course, the more common situation is both - you handed over your identity information, but still can’t unlock those restrictions.

Facebook and Instagram users should be very familiar with this. After being risk-controlled, they require you to hold up some paper with something written on it and take a selfie to submit an appeal, like a nude loan.


Or - let’s return to the original topic. QQ is the king in this regard.

“Why is Tencent’s QQ unban commitment letter still not working after writing it?” https://www.zhihu.com/question/472537203

Credits: Tencent QQ official help document

(Translation of the above image)


Of course, it can be worse. Telegram is probably even more extreme than QQ. This software without any customer service or support team doesn’t even give you the qualification to write a self-criticism. Want to reduce the probability of being banned? Show me your money, kiddo!

Big companies don’t care about your data, your hard work.

VII

Maybe you’ll say, we can go to the Fediverse, we can go to Matrix.

But the fact is, even though Elon Musk has turned Twitter into X, its Fediverse alternative Mastodon remains sluggish, half-dead.

Even if you’re already a loyal Mastodon user, you have to admit that most of your companions aren’t on Mastodon. If you want to know the latest current events, you often still have to hold your nose and go back to Twitter to find them.


However, today we’re not talking about monopoly, only about “risk control.”

Admittedly, there’s no “risk control” in the Fediverse, but the same consequences exist in a different form - Is the probability that your Fediverse instance administrator will delete your data because of bribery or simply because of an argument with you really lower than being banned by Tencent?

Consider your experiences of being kicked out of online groups for annoying moderators, and you’ll know this absolutely can’t be a low-probability event.

The Fediverse is not the answer.


The end-to-end encryption technology I’ve always held sacred is completely powerless against “risk control.”

Tech giants can decide to ban accounts and delete data without decrypting your chat content, simply because “your messaging intervals are very regular, like automated program operation.”

Fediverse instance administrators can decide to ban accounts and delete data without decrypting your chat content, simply because you made them unhappy.


Is the probability that your Fediverse instance administrator will delete your data because of bribery or simply because of an argument with you really lower than being banned by Tencent?

I don’t know, I really don’t know, and I’m pessimistic about this. I believe it will eventually come.

This slippery slope is hidden, slow, continuous, and cunning.

VIII

About time. It should have been 24 hours since that damn “daily failure limit reached” on my QQ.

I’d already returned to my own home, using an IP address more familiar to Tencent.

Next, disable Xposed, hide Root, then restart facial recognition.

In my room’s dim lighting, it passed on the first try.

I finally returned to the overworld.

IX

Two weeks later, Shanghai.

I went to another fur con “极兽聚”.

Sigh, what an expense. The increasing number of conventions hasn’t brought everyone together. Instead, people prefer going to ones near them, causing dispersion.

But since I came, might as well have fun. I met friends who didn’t come to 兽界, and also met my friends’ friends.

Two new buddies added my QQ one after another. Very smooth, I wasn’t flagged as any abnormal account either.

But only about 30 seconds later…

(“This account has been temporarily frozen due to suspected violation of business rules. Please tap Confirm and then re-enter your account and password to view the details. You may also manage the account’s funds.”)

(“Login Prohibited: Your account has been restricted from logging in on an unfamiliar device due to suspected violations. Please switch to a commonly used device and log in again, then follow the instructions to complete the unblocking process.”)


Well, here we go again.

Appendix: Translation of the Letter of Commitment

Transcription

承诺书

本人姓名(已隐去)QQ号(已隐去)身份证号码(已隐去)在某国有证券公司负责客户服务工作,日常需要在qq中回复客户的在线股票和基金合同(已考证券从业资格证)今年4月5日,本人QQ出现暂停使用的情况,收到平台提醒不要推荐股票等行为,当时自己找了几个好友协助解封了,也就没有在意,后面因公司活动需要人气,自己又开始频繁发布一些股票信息,当时想冲业绩,确实操作发送得很频繁,平台很多客户也跟我表示发这么多信息对他们太强求了,经常上班时手机都一直在震动,影响了他们的正常工作,听完之后确实发现自己的行为很不应该。

这次被永久封号了,我真的意识到事态严重,起初我真的以为是有误封,因为我认为这是我工作的一部分,而且确实也是与公司客户进行服务。因为证券协会是有规定不能随意传播的,没有想到会再次触犯平台规则,本人已致电客服希望将(无法辨认)并认真了解学习了《QQ号码规则》。同时提交了相关证书资料等信息,在这里对平台和被骚扰的客户造成了麻烦,深表歉意。

本人承诺,后续会规范使用QQ账号,对封号原因认可,不再频繁发布营销广告信息,不再骚扰其他QQ使用用户,遵守平台规则。

承诺人:(已隐去)
时间:(已隐去)

Translation

Letter of Commitment

My name: (redacted)
QQ number: (redacted)
ID number: (redacted)

I work in customer service at a state-owned securities company, and in my daily work I need to reply to clients on QQ regarding online stock and fund agreements (I have obtained the securities industry qualification). On April 5 this year, my QQ account was suspended. I received a platform reminder not to recommend stocks or similar behavior. At that time, I asked a few friends to help me lift the suspension, so I did not pay much attention to it. Later, due to a company event that needed popularity, I again began frequently posting some stock information. I wanted to improve my performance, and I indeed sent messages very frequently. Many clients on the platform also told me that sending so many messages made them feel pressured. Their phones kept vibrating during work, which affected their normal work. After hearing this, I indeed realized my behavior was inappropriate.

This time my account was permanently banned, and I truly realized the seriousness of the situation. At first, I really thought it was a mistaken ban, because I believed this was part of my job, and indeed it was service for company clients. The Securities Association does have rules prohibiting casual dissemination, but I did not expect to violate the platform rules again. I have called customer service hoping to (illegible), and I carefully studied the “QQ Number Rules”. I have also submitted relevant certificates and materials and other information. Here, I sincerely apologize to the platform and to the clients who were disturbed.

I hereby commit that I will regulate my use of my QQ account going forward, accept the reason for the account ban, no longer frequently post marketing and advertising information, no longer disturb other QQ users, and comply with platform rules.

Committer: (redacted)
Date: (redacted)

Note beneath the image

“A promise letter must include your real name, ID number, and QQ number, and must show deep reflection explaining your violation. If your violation was caused by other circumstances, you must describe your identity and account usage in detail. The letter must contain your promise to follow QQ-related rules in the future and never violate them again, and must be signed. The example picture is not a real case and is for reference only.”