Unmasking Follow-for-Follow Schemes: How Bots and Follow Rings Are Gaming the System

If you’ve spent any time streaming or building an audience on platforms with live chats and follower counts, you’ve probably run into “follow for follow” offers. At first glance, it sounds harmless, a quick way to boost your numbers and maybe find some like-minded creators. But after digging into it myself, I’ve discovered that many of these schemes are straight-up bot operations running coordinated follow rings. And once you know what to look for, they’re surprisingly easy to spot.

How the Scheme Works

The basic idea is simple: accounts promise to follow you back if you follow them. But the real game is bigger than that. Behind the scenes, many of these creators (or the services they use) run automated bots that follow hundreds or thousands of accounts in a chain. One bot follows Account A, then Account B, then Account C, and so on, creating a closed loop of artificial engagement. The goal? Inflate follower counts, make the accounts look more popular than they really are, and trick the platform’s algorithm (or unsuspecting viewers) into thinking there’s real momentum.

What makes it especially sneaky is that these rings often overlap. The same bot network services multiple “creators,” so the follower activity looks organic at first… until you start investigating.

The Chat Test: My Simple Detection Method

Here’s the quickest way I’ve found to expose these schemes:

1. Check their channel chat when they’re NOT live.

If the chat is still popping off with messages even though the stream is offline, that’s a massive red flag. Real human communities usually go quiet when the streamer isn’t there. Bots don’t sleep.

2. Look at the same chatters across multiple accounts.

I tested this myself. I picked three accounts that were all pushing follow-for-follow. I opened their channels and checked the chat history. Same usernames kept showing up, word-for-word repetitive messages, identical timing patterns, and the exact same people were active in every single one. Some of those accounts were even live at the time, yet the chatters were identical to the offline ones. That’s not an organic community. That’s a bot ring.

3. Watch the following behavior.

If an account is live and aggressively following other accounts (especially right after you follow them, or they follow you), there’s a good chance they’re part of the automated cycle. Real streamers don’t usually have a bot hammering the follow button the second someone new shows up.

4. Timed follows

They will follow 3 times an hour, 1 every 15 minutes. This is what you call a cron job. They are attempting to look organic.

5. How streamers react

Typical "leaders" of these bot rings will be live, and yet their account follows someone not live, and that channel follows back. If you point this out, they will try to defend by naming metrics, by saying their follows are up and dowm, even when the evidence points to follow-for-follow. If they are live playing a game they should not be following other channels mid-game.

I’ve spotted this pattern more than once now. The follow-for-follow scene I investigated turned out to be one big interconnected web. The “chatters” weren’t real fans; they were scripts keeping the illusion alive 24/7.

Why This Matters

These rings don’t just waste your time. They pollute the ecosystem:

They make it harder for genuine creators to stand out.
They trick new viewers into thinking an account is bigger or more engaged than it actually is.
They can get innocent streamers caught up in the mess when the platform eventually cracks down.

And let’s be honest, platforms are getting better at detecting this stuff. When the ban hammer drops, the accounts in these rings often get wiped out together.

How to Protect Yourself

Never auto-follow back just because someone followed you.
If someone chats a "follow for follow" offer, check their channel using the method above.
Focus on real engagement: meaningful conversations, consistent content, and viewers who actually stick around when you’re offline.
If you see the same suspicious chatters bouncing between accounts, steer clear.

I’m not here to shame anyone trying to grow; we all want to build an audience. But there’s a huge difference between organic growth and gaming the system with bots. Once you know what a follow ring looks like, you’ll start seeing them everywhere… and you’ll know exactly why to avoid them.

Have you run into these schemes yourself? Drop your own detection stories in the comments. The more we share what to watch for, the harder it gets for these rings to operate.

Griffin Linux — Official Position Statement

Age Verification, Linux, and Why Griffin Won’t Comply

Griffin Linux is a solo project built to make Linux accessible to everyday Windows users. It is still alive, still growing, and will not bend to age-verification mandates for reasons that are both technical and principled.

Bobby Comet — Griffin LinuxApril 2026Final Position Statement

First: the project lives on

Griffin Linux is not going anywhere. This is a solo project built and maintained by me, Bobby Comet, and it continues to be developed, refined, and will be distributed as a free and open Linux distribution based on Kubuntu later this year. Griffin’s goal has always been to lower the barrier for people making the switch from Windows: familiar workflows, a polished desktop experience, and tools that just work, all without giving up the freedoms that make Linux what it is. That mission has not changed.

What I want to address here is a question that has been weighing on me as age verification laws continue to spread: what do they mean for Griffin, and where does this project stand? The answer is detailed below, and it is final.

What Griffin is, and how it is distributed

Griffin is Kubuntu at its core, with a layer of tools, configurations, and design choices on top that make the Linux desktop feel more immediately familiar to someone coming from Windows. It ships as an ISO image, a single file you download, write to a USB drive, and boot. That’s it. No account. No subscription. No server handshake.

The ISO will be hosted wherever I determine gives the best options for distribution and, if necessary, geo-blocking. That could be a dedicated website, a specific page, or another platform. I will make that call based on what gives me the most control over access if a legal situation ever demands action. Torrent downloads and source code will remain available through their existing channels regardless, as those are decentralized by nature and outside the scope of any regional compliance demand.

Additionally, all Griffin tools will be made available for other distributions in the Ubuntu family. Some tools are more distro-agnostic than others, but the goal is that users on Ubuntu, Linux Mint, Pop!_OS, and similar systems can access the Griffin experience and toolset even if they are not running Griffin itself. Linux is Linux; the desktop should be for everyone.

Why age verification cannot work on Linux

Linux is not a product with a managed distribution pipeline. It is not an app store, a walled garden, or a platform with a central authentication layer. Griffin is an ISO image, a static file. Anyone with an internet connection can download it, verify its integrity with a checksum, and run it. There is no account creation, no runtime connection back to my servers, and no gatekeeper that could realistically demand proof of age.

Why enforcement is structurally impossible on a Linux distribution

No central gatekeeper. An ISO can be mirrored anywhere in the world. Blocking one download source does nothing when torrents and mirrors exist independently.

No user accounts at download. Linux requires no registration to obtain or install. There is no checkpoint at which to request identification.

Open source means forkable. Any verification gate added to Linux and, by proxy, Griffin could be removed by any developer and the project re-released under the same open license within hours.

ISOs have no runtime server connection. Once installed, Linux has no mandatory connection back to any server. There is nothing to “check in” with for ongoing compliance.

✓

This is by design. The open architecture of Linux is what makes it trustworthy, auditable, and free. Griffin is Linux at heart, and will stay that way.

Age verification for a Linux distribution is not a policy question with a technical solution. It is a technical impossibility. The architecture does not accommodate it, and attempting to bolt one on would undermine the entire value proposition of open-source software.

Why demanding government IDs is dangerous — with evidence

Even setting aside Linux entirely, the mechanism these laws mandate, submitting government-issued identification to access online content, creates massive, centralized databases of the most sensitive personal data imaginable. This is not a theoretical risk. It has already happened multiple times, and the pattern is consistent: collect IDs, get breached, expose everyone.

⚠ Breach: Discord, October 2025

Hackers compromised a third-party support provider used by Discord, stealing approximately 70,000 images of government-issued IDs along with names, email addresses, IP addresses, and billing metadata. Discord had collected this data to comply with the UK’s Online Safety Act age verification requirements. The company had explicitly stated it did not permanently store identity documents. The breach showed those assurances meant nothing once the data was in a third party’s hands.

Sources: Proton.me, Electronic Frontier Foundation — Oct–Dec 2025

⚠ Breach: AU10TIX identity verification, 2024

AU10TIX, a major identity verification company used by platforms including Uber and TikTok, left login credentials exposed online for more than a year. A researcher gained access to data, including users’ names, dates of birth, nationalities, ID numbers, and images of identity documents, the exact records users had uploaded to prove their ages.

Source: Electronic Frontier Foundation / 404 Media, 2024

⚠ Systemic risk: Persona, 2026

After the Discord breach, Discord contracted Persona as its new age verification provider. Security researchers subsequently found Persona’s systems accessible via a U.S. government-authorized server. The pattern is clear: the age verification industry creates new attack surfaces faster than it secures old ones.

Source: Techdirt, February 2026

The Electronic Frontier Foundation has stated that online age verification is incompatible with privacy, and that data breaches in this space will expose not just personal data but also information about which sites a user visits. Texas’s own law prohibits retaining verification data after the process is complete, but as the Discord breach demonstrated, regulators have no real power to enforce deletion once data exists in a third party’s system.

When the Supreme Court upheld Texas HB 1181 in a 6–3 ruling in June 2025, Justice Kagan’s dissent specifically raised the chilling effect of forcing users to self-identify to access legal content, and the real-world privacy risks that follow. The majority compared submitting a government ID online to showing a driver’s license at a liquor store. The difference is that the liquor store does not store your ID in a database accessible to hackers operating from the other side of the world.

What the data breach actually means for you

A leaked government ID is not like a leaked password that you can reset. It enables identity theft, financial fraud, synthetic identity creation, and, when combined with AI tools, sophisticated impersonation and sextortion attacks. Users have no choice but to submit their data to multiple platforms under these laws, so the risk compounds with every mandate that passes and every site that complies. The criminals who benefit most from age verification laws are the ones who build markets supplying stolen or fake IDs to get around them.

Griffin’s position: final and not subject to negotiation

Griffin Linux will not implement age verification. It cannot, for the technical reasons above. It should not, for the privacy and security reasons above. And as a solo developer, I am not willing to compromise the open nature of this project or put my users’ data at risk to satisfy a mandate that does not translate to how Linux works.

If specific regions attempt to legally compel compliance, my response is straightforward: those regions will be geo-blocked from accessing Griffin’s official download. I will retain the ability to implement this at the hosting level, which is one of the factors that will guide where the ISO is ultimately hosted. I will not collect identification. I will not hand data to third-party verifiers. I will not build a database of user identities that can be stolen, sold, or subpoenaed.

Torrent downloads and source code remain unaffected by any regional block, as they are decentralized by nature. Users in blocked regions who wish to run Griffin can obtain it through those channels or via VPN, both of which are entirely legal to use and entirely outside my control, as they should be. This is how open-source software has always navigated political barriers.

The bottom line

Griffin Linux is alive and being actively developed by me, Bobby Comet. The goal, making Linux accessible to people switching from Windows, while keeping it Linux at heart, has not changed.

Age verification on a Linux distribution is architecturally impossible and ethically indefensible given the demonstrated pattern of breaches that follow these mandates everywhere they are imposed.

Griffin tools will remain available for the broader Ubuntu family, so anyone can get the Griffin experience regardless of which distro they run. The ISO will be hosted where it gives me the best control. Torrents and source code stay decentralized and open.

Regions that try to force compliance will be geo-blocked from the official servers. I will not be collecting your ID. That is not negotiable, and it is not changing.

— Bobby Comet, Griffin Linux

Tech Thrust

Labels

Tuesday, April 7, 2026

The Kick bot problem is worse than you think