I'm thrilled to announce that @shieldy_bot is now in better hands that are more suitable to grow it past the 20 000 000 users point. I believe that the new owner of Shieldy has better chances of supporting this open-source solution in the long run and bringing more value to the users. After all, I'm just a single guy standing in front of my computer writing code. 1inch has way more resources than I.
In the previous article, I've described how I calculated an estimated value of Shieldy and how I got three acquisition offers ranging from $100 000 to $150 000, which I rejected. In this article, I'm going to tell you the story of Shieldy. Starting from the beginning and up to the point when I sold it to 1inch for $329 000. How and why I built it, how it became popular, how I could find a better future maintainer and why I picked 1inch to succeed me in owning Shieldy (yes, I was fortunate enough to choose my successor). Keep reading!
Note for the Russian-speaking readers: I have a Telegram channel where I post all the smart things I encounter, research and do. Feel free to subscribe.
How is my story different?
First of all, I'd like to point out that what follows is my personal story of creating, popularizing and selling Shieldy. Also, it is the best recollection of what I remember. Keep in mind that I've got over 20 products used by over 45 000 000 people at the moment of writing.
It's hard to keep track of everything. I can be wrong in remembering the actual events and their sequence. I warn you of accidental "do what I say, not what I do" moments.
My story also might not be reproducible by anyone else. I and everybody else are unique in our life circumstances. It would be best to consider other examples of how other people (including me in a few other projects) failed before trying to replicate what I did. Forgive me if I make a survivor's mistake.
By the time I launched Shieldy, I already had Voicy — another one of my bots that transcribes audio messages to text — with over 1 500 000 users. I also wasn't burdened by having to earn money due to my previous successes.
I'd also like to point out that all my wealth was accumulated solely by my work and not by other means like inheritance, lottery winnings or passed from more fortunate people close to me (e.g. parents, mentors, wealthy friends and connections).
Moreover, I didn't have any investors in Shieldy, so I owned 100% of it. Considering that server costs were laughable for 20 000 000 users (~$80/month), I could run it virtually forever.
Now when we got this out of the way, let's get to the central part of the story.
Why did I create Shieldy?
Everything started with pain. My Telegram community groups got large enough to start suffering from constant spam attacks. Moderators were too tired of removing unsolicited ads, and I decided to take action. Coincidentally, a popular Russian magazine asked me to write an article as a guest writer, so I quickly developed a tutorial about creating an anti-spam bot for Telegram.
A day after Shieldy was born. I installed it in my groups, and we started to test it. As all of my products do, Shieldy started with just one function. When users joined a group protected by Shieldy, they would have to press a button to verify they were humans. Until they pressed the button, they wouldn't be able to send anything to the group.
Stupid? For sure, but it worked. For the next couple of months, Shieldy was unbeatable. Whoever added it to a group forgot about spammers forever. At least that was how it seemed to be until spammers got smarter.
Quick note: Shieldy was extremely simple when I launched it. Some even said that it would never work and that no one would ever use it. But it worked, and it got users. There are two types of people in this world: those who look for thousands of ways an idea could fail and others who look for one way an idea could work. I'm too lazy to think of thousands of ways, so I'm the latter type.
Infinite warfare with spammers
I'll be straight with you: spammers are lazy and stupid. It's one of the reasons Shieldy still works well. Every time I added a new measure against spammers, it took them 6-9 months to build a counter-measure. Never underestimate the stupidity of your opponents prematurely.
When fighting spam, one of the most important weapons is the speed of new weapons deployment. The CI/CD speed in all of my products is lightning fast. Why is that? Do I use a fancy CI/CD tool with a lot of functions and a fancy config? Hell no. I use GitHub Hooks with a tool developed by me called ci-ninja. It's a lightweight, simple Node.js server that listens to an endpoint and runs bash scripts. It's too simple to fail with dependencies that are too few to affect anything. Perfect for my needs.
Whenever I push to the
main branch, the code gets almost instantly deployed to the production server. Yes, I broke things one or two times because of it, but most of the time, it's a headache-free solution that always works. Like mechanical tools, the fewer moving parts there are, the more robust it is.
Every time a new weapon appeared in the arsenal of spammers (presumably costing them a fortune in money and time), I came up with a counter-weapon within hours. Yes, mere hours after users reported that something fishy was happening, a fix would already be deployed.
In the beginning, there were two types of captcha: the simple one and the button one. The simple type prevented users from sending any media, links and forwarded messages to chats until they sent at least one text message. It is the least intrusive captcha type, yet it was pretty powerful. The button captcha required users to press a button before they could send any messages.
I quickly added my Telegram handle — @borodutch — to the bot description so that anyone could report instances of spammers bypassing Shieldy's captcha.
It turned out that there were actual low-paid humans passing captcha manually on some occasions. It was unsettling but easily preventable. I added a way to restrict sending any links, forwards and media for people who spent less than 24 hours in a group. Why 24 hours? Because judging by my data, spam accounts did not live longer than 24 hours then. It was safe to assume that other places would report these spammers elsewhere, and Telegram would ban them within 24 hours of the accounts' lives. Just limiting their ability to send malicious content for 24 hours was enough.
Then spammers got smarter again. They started bypassing these captcha types by simply sending the first message in plain text or using Telegram Client API to press buttons. Coincidentally, at about the same time, way more popular group management bots also added button captchas. I guess spammers had to adapt.
I had to develop something more powerful, so I've built a simple math question like "what's 2+2?". Until users sent a correct solution to a math problem, they wouldn't send anything to the group. As simple as that. For a whole year, no spammers were able to break this stupidly simple defence.
Then spammers finished their long-lasting research and added a script to solve a math problem and bypass captcha! I imagine whole industrial factories of some evil state working around the clock to come up with something that would solve math problems automatically. At least, I'd like to imagine how ridiculous it could be.
I was devastated, depressed, broken after I learnt the news about the new spammers' weapon... not. I added an image captcha then. So that users had to type numbers from a generated captcha image. Yes, this captcha still holds, decades after it got broken by almost every open source captcha breaker. Remember how I said that spammers were lazy and stupid?
A year after that and 15 000 000 more users, this captcha is still the best solution against spam on Telegram. Of course, there were minor outbreaks of spammers bypassing captchas. They either DDOS'ed Shieldy with millions of messages or tried to send messages faster than Shieldy could get it, but I quickly solved all these issues.
Most of the time, I just did "hm" with my nose and built a solution that prevented spammers from using loopholes in Shieldy's logic. All these thanks to a direct communication line in Shieldy that allowed users to report loopholes as fast as they could.
I'm passing this fight to 1inch. I'm glad that even though spammers get smarter, an entity way cleverer than me can continue defending Telegram.
How did it get popular?
When I launched Shieldy on November 8, 2018, I created a Product Hunt post about it right away. It got to be the #3 product of that day. Shieldy did not become popular right away. No one even noticed it and started using it then. Contrary to popular belief, top positions at Product Hunt do not guarantee you high-quality traffic. My community was alone in benefiting from a spam-free environment. It was going to change soon.
Every time I launch anything new, I post about it on my Telegram channel. Shieldy wasn't an exception. I created a post that caused the very first peak of new chats influx. It is rather long because subscribers usually read my posts for a few days after the posts go live. From what I can see, years after, 6354 people have seen that post. Nice.
After I had deemed Shieldy "stable", I decided to run a send-out to all the chats that used Voicy in March 2019. Interestingly enough, alongside a few "negative" messages about Voicy sending "spam", I got praise and thankful comments. People told me how Voicy had improved UX in Telegram for many users.
You can see the results of the Voicy send out in the second peak. The peak is longer than one day because I only sent ~30 messages per second when sending them out in my bots. For 600 000 chats, the send-out would take ~5.5 hours. I was approaching this rather slowly (this was my first send-out), and I did it in 2-3 sittings across 2-3 days.
It probably started the snowball effect, the exponential growth — even though you don't see it until March 2020, a whole year later. The more groups added Shieldy, the more users saw it, the more users added Shieldy to other groups. Everybody wants their Telegram to be free of spam. And after a while, Shieldy became the default anti-spam tool that all the admins on Telegram added to new groups the very first thing.
I've seen quite literally the same thing with Voicy. The curves are almost identical if you compare them. The only difference is that I knew that exponential growth for Shieldy started in March 2019, even though I only confirmed this in March 2020.
I spent $0 on marketing. Shieldy marketing still costs $0 to run. It's just word of mouth and viral effect now. People tell other people to use Shieldy, and people persuade other people to use Shieldy. It's honestly amazing to see such a thing happening to something you built.
I contribute the popularity of Shieldy to the following factors:
- Bringing actual value (no more spam)
- Ease of integration (add to the group and make it an admin)
- Simple means of getting support (contact me at @borodutch)
- Almost no downtime (except 2-3 times when it got down for a day or so)
It would be best if you never underestimated luck in any success story. I had all the prerequisites: previous popular projects with the relevant audience, technical experience to launch and maintain a well-scalable solution, many Telegram followers to test products on, ability to spend whole days building stuff that I feel like building — and probably something else I forgot. The point is: all stars aligned. I just needed to take action.
If Shieldy weren't so effective and simple to integrate, it wouldn't be more popular than other solutions. You quite literally add it to a group, make it an admin, and that's it—no more spam. Not a single spam message goes through. What about the competition? All of the competitors require you to follow a lengthy setup to start working.
Or maybe all other competitors do a thousand other things like group management, and fighting spam was just one function out of many others. Contrary to this, Shieldy is not a group management tool. It fights spam. That's all it does. Get it? You add it — and no more spam. That's it, not a feature more. That's why it's so bloody incredible at fighting spam.
And I have no idea why other bot developers are sitting in the dark. Do they not have like 10 minutes a day to talk to their users? I undoubtedly do, so I allow users to have my direct contact — which they use. Oh, boy (or girl), they use it. I help every single one of the users that ask me for help. Maybe that's why users like Shieldy more as well? Because I, as a bot developer, look like a human, not a faceless Telegram bot?
And, yes, serving 20 000 000 users is not easy. However, I've optimized the hell out of Shieldy. It's amazing. It can handle huge loads with no downtime whatsoever. Every time it went down in the last six months, it happened because Telegram could not take so many updates and returned 504 errors. Yes, Telegram scales worse than Shieldy (at least because the load there is substantially higher for obvious reasons).
See? I checked all five things, and then I just had to give Shieldy an initial boost with the Voicy send-out. That's probably the reason Shieldy got so popular.
Note on Telegram
The telegram team has not been helpful until I wrote a public article. I expressed my outrage about how the Telegram team abandoned bot developers who increased the value of Telegram for free. I then got a direct line of communication with the Telegram Bot API developers from a colleague. It helped me resolve any issues with the Bot API (some of them not being caused by problems in my bots but by matters in the Bot API).
Also, the Telegram Bot Prize. Remember when Pavel Durov announced giving away $1 000 000 to bot developers? It seems like he gave away $250 000 and called it a day. I have submitted all of my popular bots to this "contest". Even though my bots are some of the most popular ones on Telegram, I've seen no correspondence since then. No one even tried to contact me. Not even a "thank you".
Whenever I have an issue, find a bug or suggest a feature, I get a cold-hearted response. At some point, I ran out of slots to build new Telegram bots (Telegram only allows 20 bots per account). I asked the Telegram Bot API team to increase this limit for me. No, not possible to change a number in the code. Not even a chance Telegram could help a bot developer to keep building helpful solutions for Telegram.
It feels like they don't care — and it demotivates every time I want to create something new and valuable for Telegram.
Overall, I'm supporting all of my bots and building new ones to please users who will benefit from them. I'm not building bots to win some contest or to be noticed by the Telegram team. But at least a small token of appreciation could be nice.
After I published the article about how I turned down all the offers to buy Shieldy, I got approached by more parties. They were interested in acquiring Shieldy for the price I mentioned there ($250 000). After careful negotiation and consideration, I built a sheet with all the bidders, their offers, all pros and cons. Most of the offers increased as Shieldy's userbase has already doubled after I published the first article.
For instance, there was an offer substantially higher than $329 000. But when I asked that bidder about the purpose of the acquisition, they just said that they just wanted to squeeze the investment back with whatever means they had. Ads, paid functions, basically treating Shieldy as a business. Another example was a bidder who offered strictly $250 000. When I asked them what they were buying Shieldy for, they couldn't answer — non-technical people quite literally don't know what to do with such a thing. I didn't want non-specialized money to drive Shieldy forward.
There were a few offers that stood out, though. Good technical teams, noble goals, enough resources to not abandon the project (probably ever), and similar bid amounts. I decided to go with 1inch because of a few reasons:
- Their bid was considerable.
- The reasons they bought the bot were noble enough. They wanted to keep Shieldy in its current form (as it works well already), maintain it. Then integrate their platform services and experiment with soft monetization.
- Their technical team is large enough to have someone fix any significant issue with the bot (if anything goes wrong).
- They have enough resources to keep supporting the bot in the long term (i.e. they won't disappear in 5+ years).
- I knew one of the founders for long enough to trust them (I did not want to pass the bot to the wrong hands).
Overall, I like the spirit of this company. I'm happy with my decision to pass the control to 1inch. I hope you now understand why I think this was the correct choice.
So what's next for Shieldy? At least it will be as excellent as it is now. But I think it will become better over time, just like when I was driving this ship.
What's next for me? I'll take a short break from all this Internet stuff sometime soon to relax. Then I'll concentrate on a few other projects I have running and in mind. Even though this deal hasn't substantially increased my overall wealth, I like to celebrate all the wins, no matter how small.
One can call this validation that whatever I do, I do for the right reasons and in the right way.
I hope you enjoyed my long (and maybe occasionally dull) story about Shieldy. I wish you (and myself as well) good luck in future endeavours. Everything is going to work out in the end. Trust the process and do the work.