[Plura-list] Scammers sell griefers social media banning services; Facebook's official disinformation research portal is a bad joke

Cory Doctorow doctorow at craphound.com
Fri Aug 6 12:48:18 EDT 2021


_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_

I'm giving the keynote for the (free) virtual track at Defcon 29 (Aug 5-8), with a talk called "Privacy Without Monopoly: Paternalism Works Well, But Fails Badly."

https://defcon.org/html/defcon-29/dc-29-speakers.html#doctorow

It's based on the white paper Bennett Cyphers and I co-wrote for EFF:

https://www.eff.org/wp/interoperability-and-privacy


_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_


Today's links

* Scammers sell griefers social media banning services: And charge their victims 100x more to get un-banned.

* Facebook's official disinformation research portal is a bad joke: Especially compared with the independent Ad Obervatory, which the company wants to destroy.

* This day in history: 2001, 2011, 2016, 2020

* Colophon: Recent publications, upcoming/recent appearances, current writing projects, current reading

_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_

🧈 Scammers sell griefers social media banning services

The Big Tech platforms can be horrible places. Harassers, abusers and griefers have figured out how to use them to meet one another, form vicious assault squads, and drive their targets off the service and make life miserable for those who stay.

https://www.themarysue.com/phd-in-gamergate/

What's more, the platforms have so little competition - and are so siloed from one another - that leaving a platform comes with a heavy price, separating those who depart from their families, communities and customers. 

https://www.eff.org/deeplinks/2021/07/right-or-left-you-should-be-worried-about-big-tech-censorship

With such high stakes and so many terrible actors, it's natural that the platforms all have account suspension and account termination policies so they can kick the worst offenders off their services. 

But these policies have an obvious weakness: they can be abused by harassers to trump up cases against their victims and get them terminated, or get their content removed. 

The platforms' natural solution to this has been to add safeguards to their policies, making them harder to invoke, creating ever-more-specific criteria and procedures for takedown, suspension and termination.

Likewise, the platforms armored their put-back and account restoration policies, lest harassers figure out how to game them, returning to revictimize their targets. So takedown and put-back and termination and restoration have grown more complex and esoteric over time.

This sounds like common sense, but it's a Red Queen's race, where you have to run faster and faster to stay in the same place. The thing is, harassers are dedicated to understanding these rules - that's their whole thing. Their victims just want to use the service.

So harassers become rules-lawyers. They know exactly which phrases *not* to use to avoid a ban, and they know which phrases to invoke to get their accounts back. They have sprawling forums dedicated to developing and refining tactics to game platforms' policies.

If you know where the tripwires are, you can avoid them - but you can also use them to trip your opponents. You can tiptoe up to the line and goad your victims into crossing it, then nark them out, with the exact phrases that get them sanctioned.

https://pluralistic.net/2020/09/18/the-americanskis/#algorithm-lawyers

This kind of abuse is present in every mass-scale removal and termination system. Think of the blackmailers who figured out how to use Youtube's copyright termination policies to extort creators' wages from them with threats of copyright complaints.

https://www.techdirt.com/articles/20200115/17362843740/as-we-get-closer-closer-to-eu-requiring-contentid-everywhere-more-abuses-contentid-exposed.shtml

And the companies' response to each abuse scandal is to make the policies more complex, adding new procedures to paper over the holes in the old ones. Those new procedures have their own holes, and so more patches are applied. 

We all know that if you swallow a spider to catch a fly, you'll have to swallow a bird to catch the spider, and so on. You can't fix a complex system's defects by adding more complexity. 

Online services create a monoculture, where a single set of policies control all our outcomes. As we know from agriculture and forestry, monocultures attract rich, parasitic ecosystems of specialized attackers, each with its own niche.

So it is with account termination. Termination systems aren't just abused by griefers - they're also abused by professionals who establish account termination as a service businesses that sell Instagram bans for as little as $7.

https://www.vice.com/en/article/k78kmv/instagram-ban-restore-service-scam

These services have a pretty straightforward methodology: they create an account that matches all the personally identifying information of the victim, then claim that the victim is an identity thief.

Because these are professionals, it's literally their job to know how to present and defend an identity theft case - while the victims are just everyday Instagram users, mired in the complex systems created to fend off scammers.

The ban-as-a-service market is specialized. There's bottom-feeders who'll do the job for 6 euros; others sell to blackmailers who extort social media influencers by taking down accounts with millions of followers, with a sliding scale based on follower count.

Given that sophistication, it's not surprising that Joseph Cox was able to link some of these ban-vendors to services that charge thousands of dollars to expedite ban-reversals, capitalizing on their esoteric mastery of platform policies to get your account restored.

The fact that account restoration costs hundreds of times more than banning teaches us a few things about the political economy of platform warfare, starting with the Kafkaesque nightmare that is account restoration.

It's so bad that Facebook users who lost their accounts started buying $300 Oculus VR headsets in the (seemingly mistaken) belief that this would get them human attention, bypassing the unnavigable automated appeal system.

https://www.npr.org/2021/08/02/1023801277/your-facebook-account-was-hacked-getting-help-may-take-weeks-or-299

But the disparity also tells us that users value their accounts *far* more than attackers prize the ability to banish their targets. No wonder - the platforms didn't monopolize social media; they're into home automation, cloud services, online retail, payment processing, etc.

Which means that losing your account could brick your thermostat, or cut you off from your creative wages, shut down your business's website, or erase decades of family photos and correspondence.

https://www.eff.org/deeplinks/2021/08/utilities-governed-empires

There are ways this could be better - the platforms could have a duty to return your data to you if they terminate your access and they could be required to separate social account termination from across-the-board termination on all their services.

But when we're talking about proprietary silos with hundreds of millions or billions of users, there's only so much room for improvement. As Masnick's Impossibility Theorem has it, "Content moderation at scale is impossible to do well."

https://www.techdirt.com/articles/20191111/23032743367/masnicks-impossibility-theorem-content-moderation-scale-is-impossible-to-do-well.shtml

In other words, when it comes to the fairness that arises from a nuanced, situation-specific judgment - the only way to separate trolls from victims - scale is a bug and not a feature.

It's a fool's errand to try to scale moderation and termination up to serve as full-fledged civil justice systems for a wholly owned corporate "country" that is more populous than any nation in world history, with hundreds of languages and millions of community norms.

Far more plausible is scaling these giants *down* to the point where it's at least possible to parse through conflicting claims about nuance and meaning - and also where a bad call doesn't cost the loser access to a full digital life.

Maybe we could do that with federation, through interoperability mandates like the ones in the ACCESS Act:

https://digital-lab.consumerreports.org/2021/06/15/inside-the-clock-tower/

And maybe we could do it through merger reviews and even unwinding the mergers that got us to this situation:

https://www.whitehouse.gov/briefing-room/presidential-actions/2021/07/09/executive-order-on-promoting-competition-in-the-american-economy/

But we have to stop adding complexity to systems in order to cure the problems of complexity! The more specialized knowledge to need to keep your account online, the more we'll all have to fear from griefers, harassers and trolls.

_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_

🧈 Facebook's official disinformation research portal is a bad joke

Facebook just redoubled its attacks on transparency, terminating the accounts of the NYU researchers behind Ad Observer, an independent project that monitors paid disinformation on the platform.

https://pluralistic.net/2021/08/05/comprehensive-sex-ed/#quis-custodiet-ipsos-zuck

This is inexcusable, but that doesn't stop Facebook from trying to excuse it. That defense has two prongs. The first is a false claim that Ad Observer compromises Facebook user privacy. 

This is a lie that can be trivially disproved simply by looking at the source-code for the Ad Oberver plugin. Facebook is just privacywashing, using privacy as a pretext to cover up bad corporate behavior.

https://twitter.com/mozilla/status/1422995760396726273

The other prong of Facebook's defense is to point people to its own FORT Researcher Platform, which, Facebook claims, allows researchers to safely monitor paid speech - ads - on its platform in a way that is equivalent to Ad Observer.

https://research.fb.com/blog/2021/02/introducing-new-election-related-ad-data-sets-for-researchers/

A group of eminent researchers from the Center for Information Technology Policy at Princeton University have published a stinging rebuttal to this claim, drawing on their experience attempting to negotiate access to FORT with Facebook

https://freedom-to-tinker.com/2021/08/05/facebooks-illusory-promise-of-transparency/

In Mar 2021, Facebook presented the Princeton team with a set of "strictly non-negotiable" terms "mandated by Cambridge Analytica and the FTC." The Princeton team were familiar with the FTC's Cambridge Analytica consent decree, so they knew this was bullshit.

They pointed this out to Facebook, which eventually conceded that the take it or leave it terms were actually just FB's corporate policy, nothing to do with the FTC (but blaming the policy on the FTC made FB look like good guys).

It's ironic that FB is using the FTC as an excuse to shut down independent scrutiny of its policies and activities. Yesterday, the FTC sent Mark Zuckerberg an open letter, slamming the company for attack Ad Observer and blaming it on the FTC.

https://www.ftc.gov/news-events/blogs/consumer-blog/2021/08/letter-acting-director-bureau-consumer-protection-samuel

The Princeton team ultimately refused to sign Facebook's FORT agreement. The most important issue was FB's requirement that they get pre-publication "review" of any scholarly work based on the FORT repository.

FB didn't just expect to be able to see what researchers learned before they went public - they also reserved the right to unilaterally label anything the researchers wanted to cite as "confidential" and censor it from their reporting.

The Princeton team asked FB if data about paid political disinformation during the 2020 election would be "confidential" - and FB refused to answer their question.

This just the most visible sign of FB's bad faith. The company couldn't answer basic questions about "what additional data fields were available to researchers" and "whether there were any restrictions on the types of tools we could use to analyze the data."

They promised to get back "shortly." That was five months ago.

The Princeton team doesn't mince words: "Our experience dealing with Facebook highlights their long running pattern of misdirection and doublespeak to dodge meaningful scrutiny of their actions."

"Facebook has control over the information that the public needs to understand its powerful role in our society. And, if Facebook continues to hide behind illusory offers, we need legislation to force them to provide meaningful access."


_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_

🧈 This day in history

#20yrsago Steve Ballmer: "DEVELOPERS DEVELOPERS DEVELOPERS" http://www.ntk.net/ballmer/dancemonkeyboy.mp

#10yrsago $300 Million Button: making customers create logins to buy cost etailer $300M/year https://web.archive.org/web/20090122015711/http://www.uie.com/articles/three_hund_million_button/

#5yrsago How and why to short Uber https://qz.com/707947/investors-have-placed-a-one-way-bet-on-uber-which-made-us-want-to-figure-out-a-way-to-short-it/

#1yrago Stiglitz quits Panama’s official money-laundering panel over internal sabotage https://www.reuters.com/article/us-panama-tax-idUSKCN10G24Z

#1yrago Web companies can track you — and price-gouge you — based on your battery life https://www.cs.princeton.edu/~arvindn/publications/OpenWPM_1_million_site_tracking_measurement.pdf

#5yrsago 1 billion computer monitors vulnerable to undetectable firmware attacks https://defcon.org/html/defcon-24/dc-24-speakers.html#Cui

#1yrago Qanon is an ARG (pt II) https://pluralistic.net/2020/08/06/no-vitiated-air/#other-hon

#1yrago NY AG wants to dissolve NRA https://pluralistic.net/2020/08/06/no-vitiated-air/#nra-no-more

#1yrago Writers Guild vanquishes a major agency https://pluralistic.net/2020/08/06/no-vitiated-air/#WME-CAA-next

#1yrago Ventilation vs covid https://pluralistic.net/2020/08/06/no-vitiated-air/#aerosols

#1yrago NY State's promising new antitrust law https://pluralistic.net/2020/08/06/no-vitiated-air/#S8700A

_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_

🧈 Colophon

Today's top sources:

Currently writing: 

* Spill, a Little Brother short story about pipeline protests. Friday's progress: 266 words (13437 words total)

* A Little Brother short story about remote invigilation.  PLANNING

* A nonfiction book about excessive buyer-power in the arts, co-written with Rebecca Giblin, "The Shakedown."  FINAL EDITS

* A post-GND utopian novel, "The Lost Cause."  FINISHED

* A cyberpunk noir thriller novel, "Red Team Blues."  FINISHED

Currently reading: Analogia by George Dyson.

Latest podcast: Are We Having Fun Yet? https://craphound.com/podcast/2021/08/02/are-we-having-fun-yet/

Upcoming appearances:  

* Privacy Without Monopoly, Defcon 29, Aug 7
https://defcon.org/html/defcon-29/dc-29-speakers.html#doctorow

* Keynote speaker, The Quills Conference, Aug 12-15
http://quillsconference.com/

* Launch for Ben Rosenbaum's The Unraveling, Aug 23 (Booksoup)
https://www.booksoup.com/event/benjamin-rosenbaum-conversation-cory-doctorow-discusses-unraveling

* From Wayback to Way Forward: The Internet Archive turns 25, Oct 21
https://www.eventbrite.com/e/from-wayback-to-way-forward-the-internet-archive-turns-25-virtual-tickets-163615196457

Recent appearances:

* Building the Digital Commons (Money on the Left)
https://moneyontheleft.org/2021/08/01/building-digital-commons-with-cory-doctorow/

* Reset the Internet? (Project Syndicate) 
https://www.project-syndicate.org/podcasts/reset-the-internet

* Trustbusting (Nicole Sandler)
https://www.youtube.com/watch?v=cLtbU-D1ay0

Latest book:

* "Attack Surface": The third Little Brother novel, a standalone technothriller for adults. The *Washington Post* called it "a political cyberthriller, vigorous, bold and savvy about the limits of revolution and resistance." Order signed, personalized copies from Dark Delicacies https://www.darkdel.com/store/p1840/Available_Now%3A_Attack_Surface.html

* "How to Destroy Surveillance Capitalism": an anti-monopoly pamphlet analyzing the true harms of surveillance capitalism and proposing a solution. https://onezero.medium.com/how-to-destroy-surveillance-capitalism-8135e6744d59 (print edition: https://bookshop.org/books/how-to-destroy-surveillance-capitalism/9781736205907) (signed copies: https://www.darkdel.com/store/p2024/Available_Now%3A__How_to_Destroy_Surveillance_Capitalism.html)

* "Little Brother/Homeland": A reissue omnibus edition with a new introduction by Edward Snowden: https://us.macmillan.com/books/9781250774583; personalized/signed copies here: https://www.darkdel.com/store/p1750/July%3A__Little_Brother_%26_Homeland.html

* "Poesy the Monster Slayer" a picture book about monsters, bedtime, gender, and kicking ass. Order here: https://us.macmillan.com/books/9781626723627. Get a personalized, signed copy here: https://www.darkdel.com/store/p1562/_Poesy_the_Monster_Slayer.html.

Upcoming books:

* The Shakedown, with Rebecca Giblin, nonfiction/business/politics, Beacon Press 2022

This work licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_

🧈 How to get Pluralistic:

Blog (no ads, tracking, or data-collection): 

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/web/accounts/303320

Medium (no ads, paywalled):

https://doctorow.medium.com/ 

(Latest Medium column: "Managing aggregate demand," part four of a series on themepark design, queing theory, immersive entertainment, and load-balancing. https://doctorow.medium.com/managing-aggregate-demand-part-iv-8d2022a5125b)

Twitter (mass-scale, unrestricted, third-party surveillance and advertising):

https://twitter.com/doctorow

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"*When life gives you SARS, you make sarsaparilla*" -Joey "Accordion Guy" DeVilla



More information about the Plura-list mailing list