Fake accounts that follow you so you'll follow them back. DMs from "profiles" of impossibly attractive people inviting you to view "private photos" through a sketchy link. Generic comments on every viral post. Made-up reviews, artificial trending threads, follower farms in Pakistan. Traditional social networks have become a theme park for bots — and every real user notices every day. KAIXO is built from the ground up to keep that from happening here.

The underlying problem: cheap accounts, expensive damage

The engine of digital manipulation is simple: creating accounts has to cost almost nothing to make it worth creating thousands. When a network allows sign-ups with any random email and no serious verification, anyone can:

  • Artificially inflate the follower count of a brand or a politician.
  • Send mass DMs with phishing links.
  • Manipulate trends with thousands of accounts shouting the same thing at the same time.
  • Coordinate harassment against a real user, making them feel "everyone" thinks the same.
  • Invent fake reviews to lift or sink a business.
  • Spread disinformation with the appearance of popular consensus.

All of this only works if creating a new account is cheap. Making that step more expensive — without making it elitist — is the first line of defense.

How KAIXO protects itself: five layers

1. Real phone verification

To register on KAIXO you need a real mobile number, validated with a code you receive by SMS. A throwaway email isn't enough; an anonymous identity isn't enough. Every account is tied to a number.

That changes the attacker's math. Creating 1,000 accounts requires 1,000 different SIMs or paying for an "SMS-per-line" service that costs real money. The economics of manipulation collapse when each account costs euros instead of cents.

And for honest users: your number is not shown publicly. Only the people you choose to add as contacts can see it, exactly like WhatsApp. Verification is for you, not against you.

2. Rate limits on every sensitive endpoint

Even if someone managed to bypass verification with many numbers, each account has speed limits on what it can do:

  • Login and registration: a limited number of attempts per minute and per IP. Without this, an attacker would try to brute-force passwords with thousands of combinations.
  • Message sending: per-minute limit. One account can't send 5,000 DMs in 10 seconds.
  • Channel creation, posting Latidos, mass invitations: daily cap.
  • New accounts: stricter limits during the first few days — call it "progressive trust". If you behave like a real person, the limits relax; if you look like a bot, they stay tight.

3. Product-level antibot layer

Every important request goes through an antibot middleware that checks for typical automation patterns:

  • Inhuman typing or tap speed.
  • Generic or suspicious HTTP headers typical of scripts.
  • Bulk behaviors (multiple accounts doing exactly the same thing within milliseconds of each other).
  • IP addresses from data centers known to host automated traffic.

When something smells like a bot, we don't slam the door shut — we slow it down, require additional verification, or flag it for human review. The idea is to make being a bot expensive and unprofitable, not to show off how clever we are.

Screen with code and monitoring charts in a cybersecurity environment
Pattern detection: bots leave fingerprints a person doesn't. Photo: Unsplash.

4. Business channel verification

For accounts that present themselves as a brand, a business or a professional, we offer a verification process that checks:

  • Legal existence of the business (tax ID or local equivalent).
  • Real control of the domain or professional email.
  • Activity coherence (a channel called "Restaurante La Concha" should post restaurant content, not crypto spam).

The verification badge on business profiles isn't decorative. It means that there's an identifiable legal entity on the other side, someone accountable. If that account does something abusive, we know who to turn to. That discourages ghost brands.

5. Human moderation + reports taken seriously

No automated system is perfect. That's why there's a human team reviewing the reports users send in. When you report a Latido, a message or a channel:

  • The report enters a queue that's visible internally.
  • A person evaluates it, not a script. We distinguish between "I don't like it" and "this breaks the rules".
  • If the violation is confirmed: a graded sanction is applied (warning, temporary mute, suspension, permanent ban depending on severity).
  • You get a response telling you what happened with your report.

Reporting on KAIXO isn't an empty gesture like on many big networks. Someone actually looks and decides.

What happens if someone tries to…

Create 100 accounts with a single number. The system only allows one active account per number at any given time. If you try to recycle the number, previous accounts are invalidated — you can't stack 100 personalities.

Send mass messages to strangers. An unverified or very new user can't message someone who hasn't accepted them first. The account needs to pass a "trust" phase — legitimate interactions, age on the platform — before it can write to strangers. And even then, with a daily cap.

Buy 10,000 followers on a shady website. Since accounts are phone-verified, those "farms" don't exist here in the quantities they do on Instagram. If you tried, the followers you'd pay for would be few and worthless — and once we detect mass accounts created from the same source, they get purged.

Create a channel called "El Corte Inglés" as a private individual. The channel can be created, but it won't be able to carry a verification badge without proving ownership. And if the real brand reports it, control can be transferred and the impostor sanctioned.

Flood comments with bots. Each account has an hourly comment cap. Even if you manage 50 accounts, commenting 1,000 times takes a while — during which pattern detection flags you. Suspicious comments are automatically hidden from the Latido's creator, who decides whether to approve them.

Why this matters to you as a user

When a social network filters bots out, three things happen:

  • Your followers are people. If you have 200 followers, they're 200 real people, not 50 real and 150 hollow accounts. The number means something.
  • Conversations are conversations. Commenting on a Latido isn't arguing with a script — it's talking to people who can disagree, contribute, join in. It makes sense.
  • Discovery is honest. What you see trending or recommended isn't manipulated by paid farms. It reflects the real interest of real people.

The side effect: your own mental health gets better. A big part of the exhaustion the big networks produce comes from the feeling of shouting into the void between thousands of shell accounts. KAIXO has fewer accounts, but they all speak, and they all listen.

What we do NOT do (and why)

We don't use mandatory facial recognition to register you. It would be more secure against bots, but the privacy cost feels excessive.

We don't use silent "shadowban" against political opinions. If an account is restricted, it's for breaking concrete rules (spam, harassment, impersonation), not for disagreeing.

We don't sell verification to anyone with cash. Verification responds to a real, verifiable identity, not to a premium subscriber paying 8€/month (looking at you, Twitter/X).

Privacy and data

All this protection has a data cost: to detect bots we need to know things like typing speed, source IP, usage patterns. That data:

  • Is processed internally — not sold or shared with third parties.
  • Is used exclusively for platform security.
  • Is kept for a limited time and then anonymized.
  • Complies with European GDPR.

Full detail in the privacy policy.

Get started

If you don't use KAIXO yet, download it and register your account. The phone-verification process will ask you for an SMS code — that small piece of friction is what keeps bots out and real people in.

If you're already in, keep reporting whatever looks off. Every real report helps keep the environment healthy for everyone.

FAQ

What if I legitimately have several numbers? You can have accounts tied to different numbers (personal, work, etc.) — the system allows separate accounts. What it doesn't allow is multiple active accounts sharing the same number.

What if I lose my phone? Recovery via SMS to the same number (if you've ported it to another handset) or via verified support process. There's no backdoor — but there are legitimate paths.

Can I stay anonymous on the feed? Your name and photo in the feed are whatever you choose to show. Internal verification doesn't expose your real identity to the public — it only confirms you exist.

How long does human moderation take? Urgent reports (active harassment, verifiable impersonation, mass spam) are reviewed within hours. Minor reports within 1–3 days. You get a notification with the outcome.

What if I get banned unfairly? There's an appeals channel. A different person from the one who applied the sanction reviews it. If it was a mistake, it gets reversed and we make it up to you with a free premium month.