Fraud and prevention

Fraud includes synthetic wait-state farming, bot sessions, scripted activity, background machines pretending to be active developers, fake account rings, manipulated attention windows, falsified attribution, campaign destination abuse, stolen payment methods, and attempts to bypass TrustRank.

BackSpin can reject attention, reverse rewards, pause campaigns, hold balances, block accounts, or remove advertisers when exchange integrity is at risk.

These are the lines that, if crossed, make activity non-billable and can get an account blocked:

One account per person. Creating or operating multiple earning accounts, alone or in coordination with others, is prohibited.

Real usage only. No automated clicking, scripted prompts, bots, click farms, paid-to-act schemes, or any setup whose purpose is to manufacture attention windows or impressions.

No collusion or account networks. Pooling devices, machines, or identities to aggregate earnings is prohibited.

No tampering. Do not modify, spoof, replay, or otherwise falsify the telemetry the CLI wrapper or extension reports.

No circumvention. Do not try to evade caps, account limits, or other controls, including by rotating networks or devices.

These rules are part of your agreement with us. Under the Terms of Service, BackSpin may withhold or void earnings, and suspend, restrict, or permanently bar any account, for violating these ground rules or otherwise breaching the Terms, including forfeiture of unpaid earnings tied to the abuse.

Fraud risk is computed for every attention window as it is scored, it is the fraud_risk term subtracted in AttentionScore, not a separate batch job. Today that catches superhuman input rates, samples timestamped outside the window, and durations implausibly longer than the real AI wait (a surface left open to farm). A window at or above the reject threshold earns nothing.

On top of per-window checks, a cross-account farm engine runs on the scoring path. The install origin is recorded as a one-way keyed hash of the IP (the raw IP is never stored) plus an optional client fingerprint, so BackSpin can group accounts that share an origin without surveilling anyone. When too many accounts sit behind one origin the cohort is flagged, and past a higher threshold it is blocked; sharing an origin with already-condemned accounts adds risk, while a genuine earned history pulls it back down.

We deliberately do not publish the exact thresholds, the windows they are measured over, or the other signals involved (timing patterns, device fan-out, account-creation bursts, and more). Honest use stays comfortably inside every limit: a real developer coding normally, even from a laptop, a desktop, and the occasional coffee-shop Wi-Fi, will never trip them. Established, long-standing accounts are given the benefit of the doubt and routed to a human rather than auto-actioned. Network rotation across many origins to dodge per-origin rules is a known attack we continue to harden against.

TrustRank is a quality score for attention and participation, and a live term in AttentionScore. Today it is computed from a user's verified history, the ratio of eligible (human-verified) windows to total windows, so a consistently real developer scores above the neutral baseline, a bot-like history erodes it, and a brand-new account starts exactly at neutral (so new users are never penalized).

Over time TrustRank can also weigh account age, session continuity, active editor or CLI focus, input signals, normal usage patterns, device reputation, campaign ratings, dismissal rates, and later saves. TrustRank does not expose raw fraud signatures: the public methodology is visible while the exact abuse-detection recipes stay protected so attackers cannot game them.

Depending on confidence, our systems either flag an account for human review or block it automatically. A blocked account stops earning immediately, and credit accrued from the abusive activity is voided.

Where credits have already been withdrawn on fraudulent activity, BackSpin reserves the right to recover them. Withdrawals are admin-reviewed before payout precisely so abuse can be caught before money leaves the system. You will see a clear account-status indicator if this happens.

Advertisers may not submit phishing, malware, fake grants, misleading claims, impersonation, dark patterns, illegal offers, malicious MCP servers, credential collection, or destinations that harm developers.

BackSpin can require manual review for sponsored MCPs, developer tools, browser extensions, CLI install commands, jobs, grants, and product demos before delivery. Campaigns start pending and only enter discovery once an admin approves them.

BackSpin does not pay for empty machines, inactive tabs, repeated fake prompts, automation loops, or CLI wrappers modified to emit fake attention windows. Background sub-agent waits and non-foreground activity do not accrue.

Eligibility can be reduced or denied when attention quality is low, session behavior is abnormal, or the same person attempts to multiply rewards through fake identities. Per-user spacing and caps mean ordinary genuine coding is always covered and artificial bursts are not; exact cap values are not published and move with abuse patterns.

The public ledger shows aggregate totals such as market price, verified attention seconds, campaign reputation, payouts, and active bids, so advertisers and users can audit whether the exchange is healthy, without exposing any individual's private activity.

When data is corrected after fraud review, BackSpin can update aggregate stats, campaign reports, reward balances, and open market figures. This open-trust split, public principles and aggregates, private thresholds and signatures, is deliberate.