Everything Wrong In One Story: Data Silos, Privacy, And Algorithmic Blocking
from the nerding-harder-won't-solve-complex-problems dept
Facebook is probably not having a very good week concerning its privacy practices. Just days after it came out that -- contrary to previous statements -- the company was using phone numbers that were submitted to Facebook for two-factor-authentication as keys for advertising, earlier this morning the company admitted a pretty massive data breach in which its "view as" tool was allowing users to grab tokens of other users and effectively take over their accounts (even if those users had two factor authentication enabled).
This is, as they say, "really, really bad." It turned the "view as" feature -- which lets you see how your own page looks to other users -- into a "take over someone else's account" feature. That's a pretty big mistake to make for a product used by approximately half of the entire population of the planet. I'm sure there will be much more on this, but a few hours after the announcement, Facebook had another headache to deal with: numerous reports said that people trying to post articles about this new security mess from either the Guardian or the AP, were getting that action blocked, with Facebook's systems saying that the action looked like spam:
If you can't read that, it says:
Action Blocked
Our security systems have detected that a lot of people are posting the same content, which could mean that it's spam. Please try a different post.
If you think this doesn't go against our Community Standards let us know.
It's not hard to see how this happened of course. Many times, when a ton of people all start linking to the exact same story, there's a decent chance that it might just be a spam attack. I think even our own spam filter for the Techdirt comments takes something similar into account. Thus, with so many people all posting that link to Facebook, it tripped an algorithmic alarm, leading it to block the posting as possible spam. It appears this practice only lasted for a little while, as currently both articles can be posted to Facebook again.
Obviously, given that the content was about a big Facebook security breach, this looks fishy, even if there's a perfectly "logical" explanation for how it happened. But this also gives us yet another opportunity to highlight how ridiculous it is for people to argue that algorithmic content moderation is a reasonable solution. It's always going to mess up, especially when used at scale, and sometimes will do so in incredibly embarrassing ways, such as here.
And, of course, it provides yet another opportunity to highlight the problems of having just a few giant silos collecting and keeping so much data about people. Even if they are very good at security -- and despite arguments to the contrary, Facebook has a strong security team -- there are always going to be vulnerabilities like this, and companies like Facebook are always going to represent huge targets. This seems like yet another reminder that we need to be looking for more solutions to decentralize the web, and move away from giant silos holding onto all of our data.
Tragically, the powers that be are often looking at this the other way: trying to magically "force" big companies to "lock down" data, which actually only increases the value and demands on the silo, while expecting magic algorithms to protect the data. If we're serious about protecting privacy, we need to start looking at very different solutions that don't mean letting the giant internet companies control all this data all the time. Move it out to the ends of the network, let individuals control their own data stores (or partner with smaller third parties who can help with security) and then let those users choose when, how and where to allow the large platforms access to that data (if at all). There are better solutions, but there seems to be little interest in actually making them work.
Filed Under: algorithms, blocking, centralization, content moderation, data breach, decentralization, privacy, silos, spam, tokens
Companies: facebook