Fraud Protection
Security measures, fraud detection mechanisms, penalty tiers, and the appeal process for the Data Bounty Board.
Overview
The Data Bounty Board employs multiple layers of fraud protection to ensure fair payouts for legitimate contributors and protect bounty creators from low-quality or fraudulent submissions.
Detection Mechanisms
Automated Detection
┌─────────────────────────────────────────────────────────────────┐
│ Fraud Detection Pipeline │
├─────────────────────────────────────────────────────────────────┤
│ │
│ Submission │
│ │ │
│ ▼ │
│ ┌─────────────────┐ │
│ │ Hash Check │ ← Detect exact duplicates │
│ └────────┬────────┘ │
│ │ │
│ ▼ │
│ ┌─────────────────┐ │
│ │ Perceptual │ ← Detect near-duplicates │
│ │ Hash Check │ (cropped, resized, filtered) │
│ └────────┬────────┘ │
│ │ │
│ ▼ │
│ ┌─────────────────┐ │
│ │ AI Detection │ ← Detect AI-generated content │
│ └────────┬────────┘ │
│ │ │
│ ▼ │
│ ┌─────────────────┐ │
│ │ Metadata │ ← Detect spoofed/fake metadata │
│ │ Analysis │ │
│ └────────┬────────┘ │
│ │ │
│ ▼ │
│ ┌─────────────────┐ │
│ │ Behavioral │ ← Detect suspicious submission patterns │
│ │ Analysis │ │
│ └────────┬────────┘ │
│ │ │
│ ▼ │
│ Pass / Flag / Block │
│ │
└─────────────────────────────────────────────────────────────────┘Hash-Based Detection
SHA-256 Exact Match
Every submission is hashed using SHA-256. Identical files are instantly detected:
// How files are hashed
async function hashFile(file: ArrayBuffer): Promise<string> {
const hashBuffer = await crypto.subtle.digest('SHA-256', file);
const hashArray = Array.from(new Uint8Array(hashBuffer));
return hashArray.map(b => b.toString(16).padStart(2, '0')).join('');
}Perceptual Hashing
For images and videos, perceptual hashes detect near-duplicates:
| Modification Detected | Example |
|---|---|
| Cropping | Trimming edges |
| Resizing | Upscaling/downscaling |
| Rotation | 90/180/270 degrees |
| Flipping | Mirror images |
| Color adjustments | Brightness, contrast |
| Minor filters | Instagram-style filters |
| Compression | Re-saving as lower quality |
AI Content Detection
Multiple AI detection systems analyze submissions:
| System | Detection Type |
|---|---|
| Statistical analysis | Pixel distribution patterns |
| Artifact detection | AI-specific generation artifacts |
| Model fingerprinting | Signatures of known AI models |
| Metadata analysis | Missing/fake EXIF data |
| Style analysis | Characteristic AI styles |
AI detection continues to improve. Content that passes today may be flagged in future scans.
Behavioral Analysis
The system monitors submission patterns:
| Pattern | Suspicion Level |
|---|---|
| Submissions faster than humanly possible | High |
| Identical timestamps across submissions | High |
| Same IP with multiple accounts | High |
| Unusual geographic patterns | Medium |
| Consistent quality across unrelated topics | Medium |
| Batch submissions with sequential filenames | Low-Medium |
Cross-Platform Checks
Reverse image/video searches detect:
- Stock photos
- Previously published content
- Content from other data platforms
- Stolen social media content
Penalty Tiers
Tier Overview
| Tier | Reputation Loss | Cooldown | Earnings Impact | Review Required |
|---|---|---|---|---|
| Warning | 0 | None | None | No |
| Minor | -5 | 1 day | None | No |
| Moderate | -20 | 7 days | Forfeited | No |
| Severe | -50 | 30 days | Forfeited | Yes |
| Permanent Ban | -100 | Forever | Forfeited | Yes |
Warning
Trigger: First minor quality issue
Consequences:
- Submission rejected
- No reputation penalty
- Educational notification sent
Example violations:
- Slightly below quality threshold
- Missing optional metadata
- Minor format issues
Minor Penalty
Trigger: Repeated quality issues, minor rule violations
Consequences:
- -5 reputation points
- 24-hour cooldown from submissions
- Submission rejected
Example violations:
- Multiple quality rejections
- Incorrect metadata (unintentional)
- Submitting to wrong category
Moderate Penalty
Trigger: Significant violations, pattern of issues
Consequences:
- -20 reputation points
- 7-day cooldown
- Pending earnings forfeited
- Account flagged for monitoring
Example violations:
- PII in submission
- Misrepresenting content
- Attempting duplicate submissions
- Minor consent violations
Severe Penalty
Trigger: Serious rule violations, fraud attempts
Consequences:
- -50 reputation points
- 30-day suspension
- All pending earnings forfeited
- Manual review required to return
Example violations:
- AI content with deception
- Stolen content
- Multiple accounts
- Hate speech or explicit content
- Serious consent violations
Permanent Ban
Trigger: Critical violations, repeated severe violations
Consequences:
- Account terminated
- All earnings forfeited
- Wallet address blacklisted
- Cannot create new accounts
Example violations:
- CSAM (reported to authorities)
- Organized fraud
- Identity theft
- Threats or harassment
- 2+ severe violations
Wallet Blacklist
How It Works
Wallets associated with banned accounts are permanently blocked:
Banned Account
│
├── Primary wallet → Blacklisted
│
├── Associated wallets → Blacklisted
│ (from same IP, linked transactions)
│
└── Future attempts → Blocked on connectWhat Gets Blacklisted
| Wallet Relationship | Blacklisted |
|---|---|
| Primary connected wallet | Yes |
| Wallets used from same IP | Yes |
| Wallets with direct transfers to/from primary | Flagged for review |
| ENS names pointing to blacklisted addresses | Yes |
Blacklist Persistence
- Blacklist is permanent
- Cannot be removed through appeal (for permanent bans)
- Shared across all PRIV Protocol services
- Used by partner platforms (optional data sharing)
IP Tracking
What We Track
| Data Point | Purpose | Retention |
|---|---|---|
| IP address (hashed) | Fraud prevention | 90 days |
| Geolocation (country only) | Geographic restrictions | 90 days |
| Connection timestamps | Pattern analysis | 30 days |
| Device fingerprint | Multi-account detection | 30 days |
Privacy Safeguards
IP addresses are immediately hashed. We cannot and do not see your actual IP address, only a one-way hash used for fraud detection.
How IP hashing works:
// IP is hashed with a secret salt
const ipHash = await hashWithSalt(ipAddress, IP_HASH_SALT);
// Only the hash is stored
// Original IP cannot be recovered from hash
database.store({ ipHash, timestamp });What we DON'T do:
- Store raw IP addresses
- Share IP data with bounty creators
- Track your browsing outside PRIV
- Sell location data
Appeal Process
When You Can Appeal
| Violation | Appealable |
|---|---|
| Warning | No (no penalty to appeal) |
| Minor penalty | Yes |
| Moderate penalty | Yes |
| Severe penalty | Yes |
| Permanent ban | Limited cases only |
| CSAM violations | No (reported to authorities) |
How to Appeal
Step 1: Review the Violation
Check your notification for:
- Specific violation cited
- Evidence provided
- Deadline for appeal (7 days)
Step 2: Gather Evidence
Collect supporting documentation:
- Original files (RAW, source files)
- Proof of creation (timestamps, project files)
- Receipts/licenses (if using licensed content)
- Context for misunderstandings
Step 3: Submit Appeal
# API: Submit appeal
curl -X POST https://api.privlabs.io/v1/b2b/appeals \
-H "Authorization: Bearer your_token" \
-H "Content-Type: application/json" \
-d '{
"violationId": "vio_x1y2z3",
"reason": "False positive - content is original",
"explanation": "This photo was taken by me on January 15, 2026...",
"evidenceUrls": [
"https://example.com/raw_file.arw",
"https://example.com/metadata_screenshot.png"
]
}'Step 4: Wait for Review
| Appeal Type | Review Time |
|---|---|
| Minor penalty | 24-48 hours |
| Moderate penalty | 3-5 business days |
| Severe penalty | 5-10 business days |
| Permanent ban | 10-14 business days |
Appeal Outcomes
| Outcome | Result |
|---|---|
| Upheld | Original penalty stands |
| Reduced | Penalty lowered (e.g., severe -> moderate) |
| Overturned | Penalty removed, reputation restored |
| Escalated | Requires additional review |
What Helps Appeals
- Clear evidence of original creation
- Timestamps that predate submission
- RAW or source files
- Logical explanation for misunderstanding
- Clean account history
What Hurts Appeals
- No supporting evidence
- Contradictory claims
- History of violations
- Hostile or threatening language
- Lies or fabrications (makes it worse)
Reporting Fraud
How to Report
If you suspect fraud by another user:
# API: Flag submission
curl -X POST https://api.privlabs.io/v1/b2b/submissions/sub_x1y2z3/flag \
-H "Authorization: Bearer your_token" \
-H "Content-Type: application/json" \
-d '{
"reason": "duplicate_content",
"explanation": "This image appears to be from stock photo site XYZ...",
"evidenceUrls": ["https://stockphoto.com/original-image-123"],
"originalHash": "a1b2c3..."
}'Report Reasons
| Reason | Use When |
|---|---|
duplicate_content | Content copied from elsewhere |
inappropriate_content | Rule violations |
low_quality | Doesn't meet requirements |
wrong_format | Mismatched content type |
consent_violation | Includes non-consenting parties |
copyright_violation | Stolen/copyrighted content |
fraud_suspected | General fraud suspicion |
other | Other issues |
Whistleblower Rewards
Accurate fraud reports may earn rewards:
| Report Outcome | Reward |
|---|---|
| Minor fraud confirmed | 1 PRIV |
| Moderate fraud confirmed | 5 PRIV |
| Major fraud ring uncovered | 50+ PRIV |
| False report | Warning to reporter |
Abusing the report system with false or malicious reports will result in penalties.
Security Best Practices
For Contributors
- Use your own content - Never submit others' work
- Keep originals - Store RAW/source files for proof
- Document creation - Screenshots of creation process help
- One account only - Multiple accounts will be detected
- Honest metadata - Don't fake timestamps or locations
For Bounty Creators
- Enable approver voting - Worth the premium for quality
- Set appropriate requirements - Clear specs reduce fraud
- Monitor submissions - Review samples regularly
- Report issues quickly - Faster detection means less loss
- Use test bounties - Verify system before large budgets
FAQ
Why was I flagged when my content is original?
False positives happen. Common reasons:
- Similar content exists elsewhere
- AI detection isn't perfect
- Metadata appeared suspicious
Submit an appeal with your original files.
How long does a cooldown last?
| Penalty | Cooldown |
|---|---|
| Minor | 24 hours |
| Moderate | 7 days |
| Severe | 30 days |
Cooldowns start when the penalty is applied, not when you see it.
Can I create a new account after a ban?
Permanent bans include wallet blacklisting. New accounts with the same wallet, IP pattern, or device fingerprint will be detected and banned.
What happens to my pending earnings?
| Penalty Level | Earnings Status |
|---|---|
| Warning/Minor | Retained |
| Moderate+ | Forfeited |
Are false reports penalized?
Intentionally false reports result in warnings, then penalties. Honest mistakes are not penalized.
Next Steps
- Content Rules - Avoid violations
- Approver Voting - Help fight fraud as a staked approver
- Pricing - Understand fee structure
Approver Guide
How to become a staked approver, review submissions via game-theory voting, and earn rewards for quality assurance on the Data Bounty Board.
Fee Structure and Pricing
Complete breakdown of Data Bounty Board fees, contributor payouts, approver voting premiums, and comparison with alternatives.