Preventing Typosquatting

Algolia and other search engines default to giving preference for exact matches. In some use cases, this can be used to take advantage of people’s typing mistakes and get ranked high on a popular search query.

For example, imagine we want to index Twitter users. A good example of typosquatting is the account @BarakObama, who has 15.8k followers, but isn’t @BarackObama (Barack Obama’s official account). Because Algolia prioritizes exact matches, typing “BarakObama” would return the “BarakObama” record first, regardless of custom ranking.

Not all use cases need to prevent typosquatting. However, if this is your case, which often happens when you have to deal with user-generated content, you may need to put a strategy in place.

Dataset Example

Back to our Twitter example. Let’s say we have an index called twitter_accounts that looks like this:

1
2
3
4
5
6
7
8
9
10
[
  {
    "twitter_handle": "BarackObama",
    "nb_followers": 103500000
  },
  {
    "twitter_handle": "BarakObama",
    "nb_followers": 15800
  }
]

Even if we set descending custom ranking on nb_followers, because Algolia prioritizes exact results, the @BarakObama account would benefit from traffic coming from users making a typo when searching for the official Barack Obama account.

We can short-circuit this issue by leveraging Algolia’s sort-by feature.

Updating the dataset

The recommended solution is to add a boolean attributes that separates popular records from the rest. For example, you could add something like is_verified_account = true, or is_popular = true, and sort on that attribute.

For this approach to work well, the number of records with is_popular or is_verified_account set to true should be a small subset of the dataset (around 1% of the dataset maximum).

We have a popularity metric (nb_followers), so we can use it to define a rule that determines if a record is popular or not. In this example, we could say that a user is popular if they have more than a million followers.

We can use the browse method to update the index:

1
2
3
4
5
6
7
8
$records = [];

foreach ($index->browse('') as $hit) {
  $hit['is_popular'] = ($hit['nb_followers'] > 1000000);
  $records[] = $hit;
}

$index->saveObjects($records);

Once updated, our dataset would look like this:

1
2
3
4
5
6
7
8
9
10
11
12
[
  {
    "twitter_handle": "BarackObama",
    "nb_followers": 103500000,
    "is_popular": true
  },
  {
    "twitter_handle": "BarakObama",
    "nb_followers": 15800,
    "is_popular": false
  }
]

By default, the first rule in Algolia’s ranking formula is typo (which, for the vast majority of use cases, is a sane default value). To prevent typosquatting, you need to add another ranking signal that’s higher than the typo rule. This is what Algolia commonly refers to as a sort-by attribute.

When it’s done, searching for “BarakObama” will first return the “BarackObama” record.

Using the API

To set a sort-by attribute, you need to use the ranking with the setSettings method.

1
2
3
4
5
6
7
8
9
10
11
12
13
$index->setSettings([
  'ranking' => [
    "desc(is_popular)",
    "typo",
    "geo",
    "words",
    "filters",
    "proximity",
    "attribute",
    "exact",
    "custom"
  ]
]);

Using the Dashboard

You can also set a sort-by attribute in your Algolia dashboard.

  • Go to your dashboard and select your index.
  • Click the Ranking tab.
  • In the Ranking Formula & Custom Ranking section, click the Add sort-by attribute button and select is_popular.
  • Don’t forget to save your changes.

Did you find this page helpful?