Hacker News new | comments | show | ask | jobs | submit login
The fake Facebook profile industry (radio-canada.ca)
795 points by imartin2k 11 months ago | hide | past | web | favorite | 258 comments

Using a throwaway account to keep things private

Last year I was "sex-torted" on Facebook but not by a ring of French criminals. Instead, it was by someone I had chatted with on the internet years ago (while we were both still teenagers)

She had recently gotten divorced and contacted me after many years away. We spoke about intimate things (I never shared intimate images, though she did) and were getting closer and closer to each other.

She eventually asked me for money to cover an expense for her daughter, but I didn't send it fearing I was being scammed. In exchange, she took screengrabs of the most intimate parts of our conversations and shared them to all of my professional contacts via LinkedIn as well as friends , colleagues and family on Facebook.

The experience haunts me to this day, I discussed consensual kinky stuff with her and she used this to paint me as a freak and deviant. The only people who understood it were those who had been in a similar situation or those who were in the "lifestyle" as well. Strangely, most of the support I received after the fact were women who have been similarly extorted. Men in my entourage just whispered and snickered.

To this day, I still feel shame in certain circles because of what is unsaid. The police have done absolutely nothing even in the face of evidence (reports filed with local police and FBI) but it's simply not a priority. Facebook won't even pull the posts because no intimate images were actually shared and it doesn't technically violate their "guidelines"

Net result: I've deleted my social profiles. Every last one of them (and feel better as a result). However, the damage is done and I'm totally still feeling PTSD as a result of the ordeal.

I consider myself very tech savvy (engineer, infosec background, on the internet since the early 90's) and able to smell a scam. However, it's really really easy to fall victim to something like this. Be careful.

This is something that could have happened to anyone. Not just because of misplaced trust in an online partner but because it's easy to create fake screenshots of conversations using Photoshop or simply Inspect Element.

I'm interested in how you mitigated the damage once the post was published. A good strategy might have been to simply discredit it as being fake/photoshopped along with a small tutorial showing how easy it is to create (most aren't tech savvy enough to understand this already).

True you'd be lying, but this is certainly not below the level of someone who's falsely accusing you.

It's shocking how easy it is to become a liar without missing a beat.

If they slipped and someone caught them lying, it would become exponentially worse. Bad idea.

But they should be proud of their sexuality. Whether it's BDSM or hotwifing or whatever strange kink, who cares? It's the same as shaming someone for being gay.

I dislike that we have to be so Victorian about sex. It's the social climate we live in, but... Why?

There are also broader implications: Whenever we discredit the truth, we're contributing to how easy it is to manufacture fake news. There's a certain piece of potentially fake news I've been dying to bring up. It had a big impact on me, and then I realized it might be fake. But in an era when the truth is so easy to distort, what should you believe?

"I dislike that we have to be so Victorian about sex. It's the social climate we live in, but... Why?"

It's religion. It teaches roughly 4 bn† people that sex is dirty, that nakedness is shameful, and that talking about it's acts and/or requisite body parts is taboo.

† According to Wikipedia 2.4 billion Christians, and 1.6 billion Muslims.

The shamefulness of sex isn't even from Christianity (or Judaism), but rather a bastardized version of an Organized Religion.

There is a whole book in the Bible that is all about sex (Old Testament: [Song of Solomon](https://www.biblegateway.com/passage/?search=Song+of+Solomon...). The only difference is that sexuality is supposed to be shared and enjoyed in a marriage.

Then of course we get (big R) Religion, where humans use it as a means of power over other people. This is where we get the things we associate with religion today.

not to mention there seems to be a pattern across religions of the people in power sexually exploiting the powerless while simultaneously telling people they are wrong for having sex

If that was true, you should see significant differences between religions. And at the same time very little differences within religions.

That does not seem to hold. Looks like religions just tend to echo some sort of natural chastity. And that is hardly surprising given how recent things religions are and how old thins STDs are.

"Oh you have tingling feeling in your weewee, it's wrath of God!" and you just explained one thing away while giving more credibility to the god thing your trying to promote.

> If that was true, you should see significant differences between religions.

You do! I'm guessing (apologies if wrong) that your thinking modern mainstream religions like Christian / Islam / Judaism. Much of these are from the same roots and and naturally similar.

Look at religion over longer history in distinctly separate branches of the tree e.g Buddhism is more relaxed than afore mentioned. The Greeks, Romans and Norse (same tree) were very liberal. Shinto / Confucianism looks as sex as healthy. Among the plains indians sex could be part of a spiritual ceremony to pass power. Australian aboriginals used to share women.

And I'm not saying religion is the cause of these views. A better way to look at that would be to see how sexual views change as religion does. It does seem Christianity brought a lot of judgement around sex and other matters that were not there before during colonisation period. I dont know much about this so someone can likely add to this much better.

If that was true, you should see significant differences between religions. And at the same time very little differences within religions.

Not following you. The Decalogue exists in Judaism, Christianity and in Islam. The Decalogue, and marriage, are indeed extremely recent social constructs.

I'm not promoting religion - I despise any form of it. I merely posit religion as being the source of humanity's prudishness (something the rest of nature does not share).

"I merely posit religion as being the source of humanity's prudishness (something the rest of nature does not share)."

Nature as a whole may not, but there are species even more monogamous than we are out there. I've sort of played a game of "construct an even remotely sensible sexual strategy no species uses" and so far I've come up empty; everything you can think of, including the closest equivalent to "prudishness", is used out there.

On that note, the "missing link" for you is probably that sex and reproduction are inextricably linked for all non-humans, and for all humans up until very recently. Hangups about sex are not hangups about sex; to put it in quite atheistic terms, they are hangups about whose selfish genes get to win out over whose. Start looking at it that way and it makes a lot more sense than your current model, probably.

Our current reproductive strategies are currently in total chaos because of the extremely recent introduction of effective birth control and I see little reason to believe that we have found the best response to that in what is still effectively just one generation, nor that our current responses will be stable over the generations, because the shock is simply too recent in generational terms. (Not to mention all the near-in-generational-term shocks that may be yet to come, including but not limited to: Effective male-directed birth control, effective sex robots for males, technology to permit cloning without loss, technology to edit genes in eggs or sperm, technology to permit taking children to term out of a biological womb, and in the craziest case, technology to completely digitize people and make biology essentially irrelevant.) In particular, it does not seem particularly clear to me that the idea that "sex is 100% just sex and nobody should be ashamed about anything as long as it is consensual" is going to win out, because that crowd tends to use birth control of one form or another, and therefore, in the next several generations can be expected to be bred out. By some definitions of morality it may well be moral, but it won't be stable.

If that was true we wouldn't have politicians in UK stepping down for having once touched a woman's knee, or "scandals" about pornography found in a parliament PC.

Brits are less prude than Americans, but way more so than Europeans. Consider how topless sunbathing is ok on the mainland; is met with snickers, cat-calls and crude propositions in the UK; and downright illegal in the US.

>who cares?

A significant amount of people with power to negatively affect your career.

Relevant to the mention of bdsm and tech, Larry Garfield a fairly prominent person within the Drupal industry, got banished after his fetlife (or similar website maybe) account got exposed and spread around.

Ha! This is the number 1 reason why I left Facebook too. People just don't realize how much personal data is stored by FB with no way to delete it. You can only archive it.

My ex's new boyfriend shared a bunch of our FB messages with a group of friends because he was jealous.

No amount of security could have prevented that. It's a social hack.

But I've heard of many many cases where Facebook message history has been used to defame someone. They should have incognito channels like snapchat so things just go poof.

You can trust someone now but no guarantee for future trust.

The climate of judging people for private sexual morality is slowly changing in the United States… Same with marijuana smoking. In the 90s, affairs or past pot smoking were considered a big deal. Since then, we have elected Obama and Trump, who would not have passed moral snuff in the 80s.

I know plenty of people who despite really, really disliking Donald Trump were very put off by the public discussion of the "pee tape" stuff. They called it kink shaming and said that on its own it shouldn't matter if that is the kind of stuff the President is into. I tend to agree and I think a lot of other sensible people do too.

That’s a completely different situation. Assuming that such a tape exists, the issue isn’t that Trump has sexual kinks. The issue is that the President is subject to blackmail from a foreign power.

If such a tape existed for anyone else and was in the hands of a foreign government, that person would not be able to get the lowest level of security clearance in the US because the opportunity for blackmail places them at great risk.

In an ideal world Americans would be more like the French and not care about people’s personal consensual sex lives at all, in which case the tape would lose all its blackmailing power, but since the American public does care, the possibility of blackmail is real.

Interestingly, the "pee tape" as described doesn't really even depict the typical self humiliation-oriented urination kink. The allegation is that Trump hired five prostitutes to pee on a bed, not one that he was in or using but one that Obama had used years earlier.

It's unclear to me whether that even counts as a kink: if it's true, I'm not sure Trump was getting a sexual thrill out of it. My guess is that it's more of an unchecked mental illness, with Trump as Captain Ahab chasing after his great white whale.

Surely they must replace the mattress between presidencies, right?

None of the people I'm talking about misunderstand what the real point is. What they took issue with was the snickering about the content of the video and the fact that someone's sexual fetishes would be used as blackmail in the first place. Everyone understands the gravity of the President being blackmailed.

Well that's better- it at least shows the problem isn't misunderstanding the significance so much as it's letting a peripheral issue occupy attention at the expense of the more important issue.

But that's a problem because it's exactly this kind of conversational shift that makes derailment a good tactic for mitigating the impact of political scandals.

The Pee Tape is an issue because the Racist President had prostitutes pee on a bed that the Black President slept on. That is what the issue is with the Pee Tape. It is not about kink or anything else, just a racist doing racist stuff.

I think it's less about race and more about embarrassment. He seems to have deep-seated psychological issues that are being triggered by having been mocked at the correspondent's dinner. I'm not sure how he felt about Obama before, but he has become obsessed with fighting back and undoing everything Obama did just on principle -- regardless of whether he otherwise likes or agrees with the policy.

Wasn't the bed-peeing incident completely made up? Some guy was paid to create a Russian dossier which was later discredited.

No. The dossier has neither been discredited nor substantiated. It was Republican opposition research (I don't think we know what candidate or group funded it) and then was later picked up by someone connected to Hillary Clinton after the Republican primary was over.

AFAIK, there's no more or less reason to believe it now than there was when it first came out.

The "pee tape" has been widely discredited. I'm not pro trump but using the word "racist" three times in two sentences and offering fake news as proof does not help your point, in fact it makes you look silly.

I'll break the news to you, the current President is a racist. He is not just a little casual racist, he is pretty damn racist. Let's not tap dance around the issue anymore and let's just call him what he is.

He is also dumb, but that has nothing to do with being a racist or our discussion.

I was thinking as much of his multiple divorces, affairs, and crude statements on record.

The pee tape is an issue if it could be used for blackmail.

I'm curious what you consider to be Obama's moral failings, to say that he would not have passed in the 80s.

Can you imagine if during Reagan's campaign someone leaked nude photos of his mother? Or Bush? Do you really think Evangelicals would have gone for that?

Muckraking is not a new phenomenon at all, even to this degree. The "nude photos" of Ann Dunham have been debunked as false. [1]

I speculate you are right, though, that less people these days would give a flip about whether one modeled for a underground fetish publication in the late 1960s, even if true.

Unfortunately, there are still a significant amount of people who would have an issue with this. But to me (and probably others), the claims made say nothing about Ann Dunham (even if they were true). But they say a heck of a lot of negative about the authors of what seems to be the primary source of this muckraking [2].

[1] https://skeptics.stackexchange.com/questions/11135/are-these... (link warning, possibly NSFW) [2] https://en.wikipedia.org/wiki/Dreams_from_My_Real_Father

You are correct, the photos have been debunked. I should have clarified that. I was making a statement based on how many people believe they are real.

He admitted to using grass and coke in his youth. Bill Clinton, on the other hand, had to concoct a story about smoking grass but not inhaling.

He openly admitted smoking marijuana in his youth. Bill Clinton weaseled out of it, famously claiming he "didn't inhale" and didn't like it. 16 years later, Obama didn't feel the need to fudge his history in that regard.

> But in an era when the truth is so easy to distort, what should you believe?

What makes you think that in some time before it was easier to find the truth?

Prior to the internet and social media there was less noise, hence a higher signal to noise ratio.

I presume that holds unless the only "signal" you get is your local priest and feudal lord? Especially since for most of human civilization the vast majority(95%+) couldn't read or write...

Presumably people have gossiped for about as long as they have been able to speak. However, the 'truth content' of the average communication seems very low.

Take something as simple a speed limit sign. That sign is not literally 'true', it simply refers to what the calculation for penalties will be based if you exceed the unstated actual speed limit. Reporting is at best a game of telephone, social media ends up so many hops from what actually happens to be nearly completely separated from reality.

I'm not sure we are talking about the middle ages here.

Hmm. We do get more information, obviously, but I am not sure that means the ratio of true or correct information over false or incorrect information has changed. Formerly, there have been far more myths and lore around that are easier to falsify today, so this goes both ways.

I'm going to disagree with you there. I remember a time when everything written in print was taken as fact. You were treated like a schizophrenic if you suggested a newspaper printed something that wasn't true. Now people routinely fact check from multiple sources.

Sure there may have been more signal to noise ratio, but robber barons had much more influence. Like Bezos and WaPo but EVERY paper.

Truth and information has always been under the control of will. If someone has a "truth", there is a binary decision. The signals have always been under control of he who broadcasts them. The noise doesn't matter, apart from your ability to decide what the most likely truth is for yourself.

There's a huge difference between being ashamed of your sexual preferences and your sex life being nobody else's god damn business.

That being said, I find if laughable that the op considers himself "infosec" savvy but when it came to his sex life made such a glaringly obvious mistake. I'm not saying the woman who extorted him was in the right, but touting yourself as an infosec guy but opening yourself to the oldest trick in the blackmail book is pretty funny

The second point is very important as currently the bar for valid proof is far too low for many people nowadays, especially given the ease with which one can edit content easily to look like it came from source. The fact that too many people happily accept as proof screenshots assembled in mspaint with red arrows drawn all over astounds me, and the furvor which follows is even more flabbergasting. I know it's likely lack of knowledge as to how easy it is to use InspectElement to make the President's most recent tweet say "I fucked a pig", but that too many don't even take the time to check whether or not it actually says that is a huge issue. Data validation can be tricky, but we're talking like the basics of just check the sources. Which of course is difficult since too many dubious reports just source spam so there's no reasonable way to easily check sources.

Not sure there is a bar for valid proof - at least in the MSM - at this point. The word of the moment seems to be allocations, and that's enough to take someone down. Add in the fact that "harassment" is defined by the receiver and the accused has no recourse but to disappear.

I'm not naive. Dirty shit happens. But the current trend seems to be: guilty til proven...oh no need for proof.

Reddit's trump criticizes trump is full for fakes and they are constantly on the front page.

Same goes for "other side" who puts antifa in every shooting or crime out there, but I suspect they do it more for the lulz because media baits the Russian propaganda or not narrative, which makes these people do it even more as we all kniw if you're familiar with Chan culture.

> A good strategy might have been to simply discredit it as being fake/photoshopped along with a small tutorial showing how easy it is to create (most aren't tech savvy enough to understand this already).

He might have done that. I know if this happened to me and I denied it, I'd still be scarred for life.

Indeed, it’s even easier with tools like fake WhatsApp chat generator. Although it appears a little dated now, these tools do exist.


Pretty sure I've seen this as a service online -- just put in the text, and the site generates the screenshot for you.

The OP probably didn't think about it, but that's really a great idea/strategy. I bet the poster was just so rattled by it he didn't think about just denying it.

I can see why the police/fbi can't really do anything. It doesn't seem like there was anything criminal technically. They might be able to go after the person with a civil suit for slander? I don't know though, not a lawyer.

It would only be blackmail if she had made a threat first, but she seems to have acted out of spite. It would be a crime in the UK however; it's a malicious communication.

Really sorry to hear about your ordeal — I was once wrongly accused by a woman of something heinous and it took me a while to recover from the shock and PTSD.

In particular this part of your post bothers me: “The experience haunts me to this day..”

No - This shouldn’t be the case. You did nothing wrong. While there is no magic wand to “fix” how you feel - and esp low probability that an online post from a stranger would do anything but please consider the following strategies:

1. Try to understand shame. What is it and Why it is there? (evolutionary reasons) It might be liberating.

2. Know quite simply that the past doesn’t exist. Except In our heads.

3. Take inspiration: http://www.bbc.com/news/magazine-37735368

4. Try to research into revenge porn - what happened to you is very common; in some parts of the world with serious consequences for women - understanding that you are not alone (or special) might be oddly liberating.

5. Talk to someone. Maybe even a pro.

Just some strategies that are available to you - hope you heal soon. (I am sure you are already trying to recover - Your message just stuck a cord and I wanted to offer advice)

I think your situation is very much connected to the current wave of revelations of wrong doing against (mostly) women.

Every time one of these celebrities denies a true accusation it causes a whole new wave of damage not only to the victim but, to every person who will ever have to fend off a wrongful accusation, because it muddies the waters and creates FUD.

Yes, the data suggests the percentage of false accusations is small. However it burns me when people suggest bringing it up at all diminishes the bigger issue of assaults on women. In fact I think they enhance each other because they’re both about seeking clarity and justice.

I’ve seriously heard people debate the death penalty by arguing, that the possibility of executing an innocent person is not one of the big issues because, that probably happens small percentage of the time. Scared the crap out of me to hear it articulated by a real person.

Some media outlets have chosen to be critical of Louis CK’s response to the accusations against him. They think they are advocating for women, when actually they’re doing all of us a huge disservice.

Focusing on the quality of apologies is a red herring. Only two things matter, the crime and the truth getting out about crime. Judge his apology/non apology anyway you like, at least he ended it decisively, instead of propagating it for enternity by sowing doubt.

In some small country there was recently a very interesting story. A relatively unknown actress made a post to her Facebook feed accusing relatively famous director of sexual assault without any details given (I was sexually assaulted by X, it still haunts me, #MeMoo). On Friday evening. On monday morning, one relatively strong politician with PhD in law decided to question organisations' under their influence cooperation with said director. The stated motive was that several days of public silence under such a heavy accusations is unacceptable. Politician with PhD in law states that innocent until proven guilty is a concept from criminal law, which is orthogonal to moral code.

This scares me. With this huge stream of information (disregarding signal to noise ration) stories lose "longevity" - lifetimes of stories are getting shorter and shorter and there is less and less time to react. Collecting facts for good rebuttal takes time and for trickier cases may take so long that publishing a good rebuttal backed with facts is like beating a dead horse. People tend to react to public outcry. Everyday we see a new mass hysteria, which is just perfect place to spread fake news and propaganda.

> Judge [Louis CK’s] apology/non apology anyway you like, at least he ended it decisively, instead of propagating it for enternity by sowing doubt.

What are you talking about? It was "ended" by the NYT publishing, in this current Weinstein/Spacey climate, an article about his offences[1] and leaving him absolutely no other choice but to finally come clean.

He was publicly painting his victims as liars (which you quite rightly condemn in your second paragraph) as recently as a couple of months ago[2]:

    NYT: So [the accusations are] not real?

    CK: “No. They’re rumors, that’s all that is.” 
Even now, not only does he not apologise, he tries to excuse his completely inexcusable behaviour by trying to pretend he thought it was even remotely acceptable.

[1] https://www.nytimes.com/2017/11/09/arts/television/louis-ck-...

[2] https://www.nytimes.com/2017/09/11/movies/louis-ck-rumors-wo...

That’s the whole point, they don’t have to ever admit it, regardless of the publicity, short of hidden camera footage.

The huge problem is, that even when it’s damning enough that 99% of people call bullshit, their denial will continue to cause great pain and make it difficult for other people to get justice in the future.

In a perfect world they wouldn’t have committed the crimes in the first place, but it’s a relative scale, and having an uncontested documented case is a bigger win over a denial, than having a good apology is over a bad/non apology.

> having an uncontested documented case is a bigger win over a denial

I agree. The mistake is crediting that to CK ("at least he...") when in the wake of an article as damning as the one in the NYT, in the current climate where the story was not going to go away, as before, he had absolutely no other option than admit it.

> That’s the whole point, they don’t have to ever admit it, regardless of the publicity, short of hidden camera footage.

I think that was true before (pre-Weinstein), and will unfortunately probably become true again, but right now there is too much attention being paid to showbiz abuse/harrassment for someone to get away with ignoring/denying truthful allegations against them.

That article said that CK emailed and apologized to many of the women years earlier. The only ones he seemingly didn’t were the two in the hotel room which, according to other sources, agreed to let CK do it. Maybe they thought he was joking but he may not have realized they weren’t okay with it.

The power dynamic is the issue. Can you truly consent to something sexual coming from someone who can end your livelihood?

I understand the rationale behind thinking "oh they should just have just gotten up and walked away" but it makes me sick to my stomach to justify sexual harassment at all PERIOD.

I am sickened by CK's actions. However I am equally as sickened that the conversation is focused on louis ck, who certainly deserves to lose his career, but in my opinion indecent exposure is no where near as traumatizing a crime as forcible rape.

It just screams limited hangout where the big wigs make the new money pervert take the fall in order to take the heat off them.

This is what I’m referring to. Your sickening, the the other media outlets critical of CKs response is lost energy that could otherwise better be used against the problem.

You assume discussions are driven by who to focus on, when they are driven by understanding and figuring out the best way forward for healing and justice weighing all variables.

It’s natual to be angry, there’s nothing wrong with it, please carry on with doing it. However I’m asking we separate that anger from discussions of any lessons, priories, strategies, conclusions we can learn from any of this if it has a chance of improving perspective in the long run.

Critical analysis is different from grieving and empathy, and very hard to mix. I’m sure I probably couldn’t separate them if I were a victim or someone close to me was.

I recall reading that something like one in ten people on death row ends up being acquitted, so the idea that only a small percentage of people are wrongly executed is factually wrong in the first place.

Hey, Scalia said innocence is no defense once you're convicted, so "wrongly executed" is debatable.

(lots of heavy sighing/sarcasm should be inferred)

Wow, what a terrible situation, I’m sorry you’ve had to go through that. It never ceases to amaze me at how brutal and vindictive people can be, especially online. Does she even know how much this has hurt you? I could imagine someone with poor empathy making a move like that in an emotional flurry one day, then never giving it a second thought in the months and years to come. Meanwhile, you continue to suffer the effects, psychologically and socially. Horrible.

Happens quite a bit in teen circles. There is a reason why they move in droves to snapchat. Trust is complicated online.

Men in my entourage just whispered and snickered.

It isn't manly to be a victim.

The people whispering and snickering are likely either horrible people who don't get victimized because they make sure they are taking advantage of other people and leaving no openings, or they have more terrible things to hide. Snickering is a form of denial of their own guilty behaviors.

If it makes you feel better if I got a bunch of similar content sent to me from some mystery contact about a friend... I'd just assume they were a scammer and disregard it.

I wonder how many people who get sent that stuff really change their opinions about their friends, family, etc?

That's not to take anything from your experience, it sounds terrible.

Another example of how everything you post online or send in an email is there forever and can come back to haunt you. I'm sorry for your experience but hope others can learn from this.

But more importantly fuck people who kink-shame.

It's just sex, and people into kink tend to have better sense of consent and mutuality.

Right but climate changes and what is acceptable and not changes over time. What was empowering in the 1970s is today something different. What is suffocating today will tomorrow be different.

Mores and interpretation change over time. In other words, yesterdays actions are viewed through today's lenses.

>Mores and interpretation change over time. In other words, yesterdays actions are viewed through today's lenses.

If only the "I have nothing to hide" crowd would understand this.

File a civil suit. For those still reading, practice social media isolation.

No one on my LinkedIn is on my Facebook. Only 1 person on my LinkedIn is on my twitter and only 2 people on my facebook are on my twitter.

Facebook & Linkedin are not open to public.

This works if there are assets to be seized, or if you are independently wealthy enough to sustain a suit despite a lack of assets.

Lawsuits are incredibly expensive. Figure $10k before going to trial, and $50k for a relatively simple case. Few or no lawyers will take such a case on contingency (plaintiff is not sufficiently flush).

I'm not saying don't do this, but you're going to want to think through the process very carefully, and be very much aware of what the process might, or might not, produce. There are downside costs that might emerge as well, including the prospect of paying the plaintiff's legal fees, and undergoing discovery yourself.

Talk to a lawyer, or several, if you like. Be aware that they also have their own incentives, and might be quite happy to run up billable hours, so long as you're good for them.

I didn't understand if in reality if it was really your old-time-friend who actually did this, or someone who got control of her account and discovered "conversations gone cold" and tried to "revive the flame". It would be interesting to know who which of these was it.

Do we take people too literally, when they say they care about human suffering and justice? Yes you were a victim, but not a noble victim in the eyes of most people, so that’s why hardly anyone cared.

You hear people say everybody likes sex, but it’s not true. Actually everyone mostly hates sex. What they really mean is, out of one million possible sexual acts, there are 3, 6, or maybe a dozen they love, and 99.9% that they think are disgusting. The only difference between any of us is whether or not we insist that our 6 are better than everyone else’s.

I'm sorry that happened to you.

Since she knew your real identity, did you know hers? Did the possibility exist that you could sue her in civil court? I don't feel like I'm the litigious type but that case seems to be begging for a legal response.

Going to court to clear your name can result in the Streisand Effect. Lots of people are very judgey about sex. Letting more people know can just compound the problem, even if you win. It also is kind of like throwing good money after bad. After this has taken so much away, you are sinking more of your life into it. It can just magnify the damage.

I wish there were more justice in the world. I wish fighting the good fight were more rewarding. But that is often not a pragmatic approach.

Going to court after such an episode is another traumatic experience where you have to relive the whole situation. That's why it's difficult for rape victims to go to the police or court because they have relive the trauma again in all detail.

Court or not, you are going to relive it. Next time an old friend contacts you, you will relive it, could even be via email or phone. Someone trying to get into a relationship could be talking and getting personal and you would panic and wonder if it's a setup. You could be watching a TV show or see someone that looks like the lady. Lots of things can trigger it. Going to court won't eliminate it, but the more often people are punished for things like these, the less people will engage in such evil acts.

I agree that going to court is a good thing but you can't compare talking about one of the most vulnerable moments of one's life with friends to having to tell all details of the story to strangers in public while possibly being challenged by an adversarial lawyer or cops who may not believe you.

I'm sorry to hear that happened to you and yet it's a great opportunity to highlight the benefits of self-deleting messages. Specifically it's elevates the cost of an attacker being able to comb through a vast ream of documents to weaponize your seemingly 'private' communications. Though self-deleting messages (such as on Signal) can't prevent the recipient from logging all communications as the come over the wire, it does prevent an attacker from weaponizing them retrospectively.

You should post this verbatim on social media.

Brutal. Thanks for the reminder. Hope things get better.

Could you not use the anti stalker laws ?


We don't do this on Hacker News, please.



Seems like James Damore has almost nothing to do with this scenario, not least because in his case he voluntarily shared his manifesto publicly.

To get subsequently smeared to hell and back.

Oh, and he didn't even share it publically. He shared it with an internal group discussing these issues. It was then "leaked", and everybody piled on. And you now took part in exactly that, repeating the slander.

Yeah I'm sure the guy who was immediately itching to do an interview with all the luminaries of the alt-right was a shrinking wallflower who didn't want to draw any attention to his manifesto or himself.

does that change what I just said? you don't even acknowledge it, neither that it was gotten wrong the first time. like that doesn't matter. It doesn't matter what he did, it matters what you think he wanted to happen in response, and then you can just shorten and jumble it like you want.

Complete with more abuse, victim blaming, that poor little alt-right guy who actually wanted this. He totally planned it!

HE didn't leak it. People opposed to it leaked it. He didn't go public before losing his job, did he?

So, my point still stands, and you added to it. Abusive intellectually dishonest people cheer this kind of stuff on.

Well, I suppose it's possible literally everyone who disagrees with you is "dishonest and abusive." Another possibility is that people honestly do not see it your way. I think the most likely explanation is he expected, and wanted, it to go public so he could do the media circuit and become a cause celebre. In fact, choosing all alt-right figures to do interviews first was probably, in my view, his biggest miscalculation, since it tipped his hand.

He was talking about emphaty, because media simply lied about him, without even reading his manifesto, and crucified him.

Is the party in this story lacking empathy the media? Or the guy who wrote a manifesto about how women just aren't fit for jobs as engineers, genetically?

I'd even argue that his case is not a priority, but 'her' case would certainly be.

You admit you like kinky/deviant sexual stuff so why do you care what others think?

Well the hard truth is you are trying to dishonestly maintain your sexual market value. You know they type of girl that high value men like and you don't want to limit your options. However you are not that person.

(and SJW oblivion shall commence)

Also who says "my entourage" when referring to their friends?

So would you care to share your intimate details of your sex life? How about some nude photos? And you won't mind if I share all of that with your linkedin contacts? Maybe your boss?

Feel free to put your money where your mouth is.

Throwaway to share a valuable perspective. My dad is a chronic target for scammers, and falls for them at a rate where I can only think it intentional on some level. He'll allow fake MSPs to install programs as root, on the same machine he does banking and legal on. He'll call numbers when strange javascript alerts tell him he has a virus. He'll then pay people to "remove" said malware, giving them full access to the machine via teamviewer etc.

I've managed to limit his internet usage to an iPad and a chromebook - but as mentioned above that does little good. He is extremely proud and talking to him is useless. A good chunk of these events come while browsing porn, which he refuses to admit. I feel hopeless and am in the process of separating any financial connections with my mother for fear I'll become a victim. My mother has been saving cash for years to insulate herself (my dad also refuses to write a will - but thats another problem entirely).

I know a major event is coming soon. While I'm fairly certain his porn usage is tame, all it would take is a fake $THAT_ACTRESS_WAS_ACTUALLY_17_WE_WILL_REPORT_TO_FBI email and he could probably be extorted for everything he has. I don't know what to do honestly. This is a real threat to millions of Americans and it seems there is no solution.

Where I work spear-phishing is a real concern, so they have instituted a training program where they send fake phishing emails every now and then. If you fall for it, you are directed to a training page. If you spot it and click the "report" button, you are greeted with a message congratulating you for being on the ball.

Perhaps some training is in order. You may not have the means to simulate a scam from his favorite "adult" website, but perhaps you could do something with a throwaway email account, or maybe simulate collateral damage from a successful scam.

And yes, you need to insulate your respective financial lives from that risk ASAP

I don't think I would fall for a phishing campaign at work because I get too many emails to read them all anyway!

Have you considered running OpenWRT / LEDE or a pi-hole (https://pi-hole.net/) to block adverts / known websites where such scams occur at a network level?

(There are publicly available lists of known botnet / scam IP's)

I've use OpenDNS at my parents house to help block most of the worst scams, works pretty well.

So far I have just installed Ghostery for my parents, since it doesn't break most sites, and they are sharp and AFAIK don't visit sketchy sites. But I have seen one grandfather turned into a Fox Geezer and ripped off by scammers, despite his children trying to clue him in, so I suspect I will have to do something more aggressive at some point in the future. Thankfully, I think they have enough distrust of humanity that I should have no problem installing a firewall.

Also, they thankfully show no interest in social networks.

I would also consider installing ad blocker(s) into his browser (and possibly hiding the icon) along with the anti ad blocker blocker, so not to get those pop ups saying you are using ad blocking. It is what I have done with family in the past in order to help cut down on a lot of that stuff.

Scammers know the older generation is ripe for exploitation. One of my older relatives, who I'll call Bill, has had a few hacking incidences. Most recently they had their email compromised. The perpetrator must have dug through it quickly because hours later they called up Bill's financial advisor and requested 90k be transferred from his 401k. The financial advisor later told Bill that the reason he didn't do the transfer was because he realized that the voice calling him wasn't Bill's.

Wow that is scary. I could easily see this happening to my mother.

This might sound weird, but what about buying him a premium porn account? Maybe don't even tell him about it, let him find it. Ideally one with an app, a good reputation and clean (infosec-wise) content. It would be like a $30/mo insurance policy on your dad's assets!

Or even just install a porn blocker on the machine. He'd probably move to using his phone or something, but at least it isn't the same machine he does finances on.

That's horribly abusive to forcibly suppress someone sexual experience.

> my dad also refuses to write a will - but thats another problem entirely

Another problem, yes - but a huge one all the same. Does your mother have a will?

I went thru this with my parents; my dad had a will but my mom did not. My dad passed away; no biggie. But my mom never probated his will. I didn't find this out until after she passed away - without a will.

I ended up spending quite a bit of money with a lawyer, plus more than a few trips between where I live and where my parents lived (thankfully only a few hundred miles away - but still far enough to be annoying), plus gathering documents, and a whole host of other issues.

It was not fun. The only thing that saved my butt was the fact that before my mom passed, I was able to get power of attorney (as well as medical POA), because she ultimately slipped into dementia (my wife and I caught it in the nick of time, while my mother was still coherent enough). Without that, accounts would have been frozen preventing me from taking care of my mother before she passed, and later the estate, afterward (though I had to go thru a short process to be appointed as executor).

But without a will, and my dad's will not probated, things went slowly. There were fortunately no real major assets involved (a house and a couple of old cars were the only things), plus I was an "only child" - but I still had to go thru the process of no one contesting my dad's will (I did worry that something might come up from his past or from his family), or contesting me as sole heir.

Ultimately it worked out - but it could have turned into more of a logistical nightmare than the merely annoying situation it only turned out to be.

So - I implore you to try to fix this, especially if other family or large assets are involved. If not, and you don't care about things otherwise, you might talk with a lawyer about other options. I am not sure if this is possible, but it might be possible to "reverse disown" your immediate family (mother/father). It would be a very harsh thing to do, but it may be the only thing that keeps you from being dragged down into a potential economic morass.

How about you print and show him some horror stories of confessions from people who've been scammed or extorted online, There might even exist whole books with this stuff on Amazon. If he doesn't trust your opinion (sounds like exactly my dad) he might trust someone more authoritative. Even FBI could have stories like that.

if he won't listen i would create a fake phishing website and get him into a little bit of trouble before he -and your family- get into REAL trouble.

Made me think about this stephen king short story: https://en.wikipedia.org/wiki/Quitters,_Inc.

I wonder if a router-based solution to limiting his traffic would work. DD-WRT or something else with an online solution for dynamic limiting of sites might help.

I'd start looking for an attorney who's familiar with elder abuse situations and can tell you about your options. If you can gather the right evidence, something can be done.

What does this even mean? Being concerned your dad may fall for scams doesn't mean you should talk to an elder abuse attorney???

1) Someone elderly being scammed by randos is not elder abuse.

2) if there is a scam your "elder abuse attorney" is not going to be able to do any more than the police considering the vast majority of these scams are from overseas.

> falls for them at a rate where I can only think it intentional on some level

> extremely proud and talking to him is useless

This is terrible, and I can't think how I'd cope with it :(

How about don't look at questionable sites, as a solution?

That is the porn-equivalent of suggesting that abstinence is the solution to teen pregnancy. It may be technically correct insofar as abstinence obviously works for those that rigorously follow it, but fails to account for the simple fact that teenagers have sex regardless of whether they are told not to.

Shaming porn usage does nothing to reduce its prevalence and just encourages users to hide and deny, hence your suggestion is not productive.

1. I got told many years ago, that when you get that crazily bad emails, where it claims to be from some official source, but there are spelling mistakes, the return email address is obviously wrong, grammer is terrible, etc. the sort where it is so completely obviously it is a scam - often this is done on purpose, they aren't intereseting >99% of people who can spot a scam, they are interested in the <1% who can't spot it is obviously a problem. Basically they cast a wide net, but when the haul it in, only the whales are found within. At that point, they can use a large amount of resource, per victim, as they know they have a reasonable chance of success.

2. Separately to the above, a reasonable amount of men (perhaps women to? I don't know, I feel like it is more men) will happily look at girls, whether this in a Playboy Magazine in the 50's, looking at girls as the enter a bar in the 90's or whether it is flicking through images of a girl on Facebook/Instagram in the 21st century. Some of these men actually know it is a scam, but don't really care, at the end of the day it's a picture of an attractive girl/woman, they so they look through. Maybe they even add that profile as a friend, as they don't mind having the pictures appearing naturally in their news feed. I don't know whether many (any?) of this group of people end up getting scammed. Perhaps somehow overtime, they get convinced the account isn't fake, or perhaps they still think it is fake but agree to go onto a video chat and then are convinced on there, or perhaps they are trying to catch the scammer out, but end up being caught out themselves.

See Why Do Nigerian Scammers Say They are From Nigeria?: https://www.microsoft.com/en-us/research/publication/why-do-...

I remember that post. I also remember when I first learned that Nigerian scammers are actually for Nigeria. I thought for sure they'd pick a different country than their actual one.

Interesting link, thanks. It is a numbers game really and a logical one too; why spend time where you have to tread carefully when you can filter out the savvy targets.

I seldomly read something more interesting. This is really well done, I had no idea Microsoft was looking into that field.

The danger, or maybe just annoyance, with #2 (with only accepting friend requests without intent to do more) is that they then use the friend connection to further advertise to your friends. I accepted one once - wasn't paying attention to mutual friend count or something - and was immediately spammed on my wall with some site ad and then they deleted their account. So some, rather than the slow scam game, are just playing the spam game.

Another danger is that with the extended access to your profile, they could get enough content to clone you convincingly, and then you get the scam where all your friends receive a duplicate friend request from "you", and the new profile tries to sell them on some scam.

This is ”pre AI world”. Once scammers catch up with tech, things will change. When they learn to automate the scamming they can also afford to target people with low probability of falling into scam. This will lead to scam that is harder to detect and where the amounts are smaller (instead of going for the big fish, you can build on volume).

The opportunities are endless. Just think for example the latest developments on speech synthesis (voice transfer). Improvements in CGI will allow creating believable fake videos. Mobile phones with fancy camera tech will allow 3d scans of people faces.

The second group, whilst they might not be getting scammed themselves, they help social proof that account to other people. Now someone else will be more likely to add the fake account if they see it is friends with other people, even someone you know in real life.

Regarding #1, I have heard this theory a couple times from different sources, but I have some skepticism about how true it is. It's entirely possible that bad grammar, poorly constructed stories and other tells that should be obvious just happened to work out in the scammers' favor, rather than them being intentionally designed that way.

I think the saddest part of this is that they prey on people. Many of the peeps here on HN can look at a profile and say "spam," so it's hard to imagine the people who can't. The 1% return from SPAM that click on those links, or put in their credit card details.

There was a ReplyAll podcast episode where one of the reporters actually tracks down a shop in India; even goes there and talks to people who've worked at a "tech support" places which charges $400 to remove fake viruses they've implanted.

I think this is even more insidious because they're preying on people who may be extremely lonely or desperate. When you really think about that, it's really sad. It's either psychopathic or they justify it to themselves in some horrible way like, "These people are losers anyway," or "If we say the girls are underage, then we're only going after sexual predators." .. The same crazy logic used by the Ashley Madison leakers.

I've reported spam accounts to Facebook - in fact I do so whenever I come across one. And on more than one occasion Facebook have closed the ticket claiming the account was legitimate.

If some of Facebook's own moderation team cannot differentiate between spam accounts and legitimate ones then what hope is there for others?

Facebook's moderation team faces far different incentives and consequences than you when checking if an account is spam. Which is worse - a false positive, or a false negative?

Facebook would rather leave 999 false profiles up and not accidentally close 1 genuine profile that just happens to look spammy. From their perspective, ruining someone's Facebook experience by deleting their account is worse than letting everyone else have a slightly worse experience (after all, even those fake profiles are generating ad revenue).

In contrast, Youtube is flagging, demonetizing, and three-striking channels left and right, using much more trigger-happy moderation (and even auto-mods) to control videos. They have plenty of content creators, but need to keep both viewers and lawyers happy.

Be careful that you know where you stand on these platforms, especially on important things like Amazon AWS accounts.

Facebook will happily ban real people using names they are commonly known by if that's not their birth name. I agree that false positives are bad but they need to take a look at their prioritisation of these actions.


I am sure I will sound naive to you but what do you mean by AWS accounts here?

Amazon Web Services is a cloud computing service which, to put it briefly, allows you to run websites. You could have a physical server rack in a datacenter near you, or spin up some servers on AWS (or Google Cloud, or Azure).

A lot of very large companies use it, including a lot of Fortune 500s for their ordinary company websites, as well as major web apps like Netflix, Reddit, Pinterest, Spotify, etc. And of course Amazon itself.

Now, those listed sites probably would get a call if something were to happen, but too many HN startups are running on AWS accounts linked to the founder's gmail and personal shopping account. Imagine if a dispute over a return of some counterfeit junk bought on Amazon by some CTO suddenly took down all of Netflix...

AWS stands for Amazon Web Services. https://aws.amazon.com/

Closing someone's https://aws.amazon.com/ account for any reason potentially destroys their business and (if not reversed promptly) loses data.

Anecdotally, Facebook seems to have gotten worse at handling fake account reports recently. I have a hunch that it’s because their moderation team has grown, and the average moderator ability hasn’t kept up.

Why do you need to impart any ethical justification? For millennia, humans have been stealing from other humans for their own benefit. It's not psychopathic in any exceptional sense. It's so prevalent that it's hard to call it anything but human nature.

Intervention did a fantastic episode on "Greg," a man who had a large cash windfall that managed to squander it all on internet scams. You'll probably cry; I know I did.


It's easy to dehumanize people when they live thousands of miles away, and are comparatively wealthy.

I find it unbelievable that Facebook doesn't have the fake profile situation under control. Facebook builds an incredibly detailed social graph of every user (and non-user) with a big trail of activity, on and off Facebook.

Surely there are signs; surely there are common characteristics, and if this journalist can write such a detailed exposé with only public data, Facebook can do much better.

Why would they scuttle their own engagement metrics by pruning out highly-engaged segments of the social network, though?

Twitter has a similar problem with bots. They're bad for the platform, but the short term incentives are all wrong for them to actually do something about it.

I'd think because at least publicly they've placed a great deal on emphasis on accounts being real, with the stated goal of producing a certain kind of environment. If your social network becomes polluted with trash and even brutal scams, then won't engagement go down? But I guess they've run the numbers.

Because as it becomes more fake they lose their reason to have users in the first place. Ads are the product, metrics are the data that leads to the product, and users are the raw material. If they lose the raw material the product loses value.

> https://finance.yahoo.com/quote/FB/chart

The data disagrees with your analysis.

I didn’t say they are losing users, just that they could.


Facebook will only remove the accounts that give them too much (media) trouble.

Yeah, but surely they must understand (especially after their uncomfortable turn in front of a congressional committee) that if they keep up the bullshit for too long they are going to find themselves regulated.

There may be no immediate financial incentive, but I'll bet good money that they fear a future of regulatory compliance.

Edited for spelling.

This too.

The burden is on us to disengage from Facebook rather than clutch our virtual pearls.

Doesn't deleting a ton of fake profiles have implications for FB valuation and revenue?

I doubt it. User growth is used as a metric to measure future ad revenue. Fake profiles aren't going to generate a lot of revenue from those ads. Facebook would simply need to make a statement about deleting a bunch of fake profiles, but they don't expect revenue to dip.

However, that is not the case for a pre-revenue or pre-profitable business. Those startups are dependent on VC funding, they might lie about users and usage to get more funding (see Silicon Valley Season 3). *This is 100% inappropriate and should not be done. You will burn credibility with investors, for your current venture and any future ventures. It's better to shut down a venture and move on, than to lie about your metrics.

Also, if they are knowingly sold ad impressions to bots' eyeballs (seems like they did), they committed fraud.

They can always go the Twitter way and say they were miscounting user growth during a call where they deliver good revenue:


This morning a guy from high school finally joined Facebook and sent me a friend request. I don't track him in real life, but were have enough of a connection that I'll click yes if that is really him. I honestly do not know for sure if this is him or not: I decided it is, but it wouldn't be hard to social engineer all the data that is on Facebook so I'm not sure. (I decided it is him because his name isn't in my friends list, while all the spam I've seen so far is someone already in my friend list)

To have this many accounts, they might have a series of scripts and potentially farm out captcha. I find it interesting the article mentions one of them messing up and switching to a fake account in a post. That would suggest some of this is done manually, which would be bizarre.

I'm sure Facebook creates filters that helps delete some, but remember it's a constant war between spam script writers and platforms. They're constantly finding ways to get around each other.

It's tricky for Facebook as a public company to report any sort of dip or stall in user growth.

"One of them said that she made 10,000 euros ($14,800 CDN) in a single month by “sharing links on Facebook.” She also claimed that the network was based in France, Spain and Italy. Both women abruptly ended all communication with us after initially agreeing to an interview."

I'd rather suspect those are false confessions and more an attempt to attract new members in this scheme network who hope to make huge amount of money.

Worth reading despite many from HN likely knowing this existed already.

What I find interesting is that to me and I assumed a lot of people, fake profiles are very obvious and as such I assumed there were, relatively, easy techniques to deal with them.

After working on some twitter marketing campaigns over the years and witnessing the swarming bot networks do their thing I have concluded that they are not dealt with whole heartedly on purpose.

Lately I have been getting contacted by random 'women' on gtalk who 'just want to be friends'. I usually just block them but last week I decided to play along.

Long story short: they wanted me to cam with them and to see my picture. I sent them a link to non-existent page on my domain and logged their IP. I confronted them with their IP and the fact that they were in Nigeria and not south Carolina. The account was immediately deleted.

follow up: I have not been contacted by any more friendly 'women' since this happened

I had one contacting me on my Playstation messager account. I didn't even know that was a thing to be honest.... Same story about cam.... "She" wanted to go on cam with me.... sounded more like a bot. I didn't follow through so I don't know what was the final plan.

Blackmail, they get a dick pic and threaten to send it to all your contacts unless you pay up.

"Hey I can't messsage here but talk to me on Kik www.kik.com etc"

Skype has that a lot too.

I deleted my facebook app since half of the posts in my feed were fake anyway. Facebook disguises ads as friend's share and likes, even when it is obvious that a particular friend would never like a corporate page. They even pushed the bad taste by making my deceased father (who's account we didn't think to delete) like things after he passed. So if you add fake profiles to that...

As a note, I hadn't received an email from facebook since pretty much I registered many years ago. Since I deleted the app a few weeks ago, facebook started spamming my email with notifications. And they use this trick that is really a new low, they create a thousand different kinds of mailing list so that every time you unsubscribe from one, you still receive new spam because it's "another" mailing list.

Even worse, Facebook seems to allow people to open an account using someone else's email address. I've never had a FB account yet occasionally I get emails from 'facebookmail.com' addressing me by a woman's name (I'm a man) and pestering me with friend suggestions of people I've never heard of. My email has never been compromised, yet Facebook spams it with the assumption I'm part of their network. I will never join their pile of shit spam den, and have never clicked on anything in the emails they send.

To be fair this sounds more like phishing. I would assume emails from facebook came from the facebook.com domain.

I thought that too but after looking it up FB email does indeed come from facebookmail.com

This is why Facebook's new Non Consensual Image Program seems like a really bad idea.

The technical implementation is fine, seems reasonable, only concern is that a human has to screen every image.

The real problem is that internet users have learned "Anything you upload to the internet is as good as public." Facebook is trying to teach people a new precedent: "Images uploaded to facebook in the right way will REMOVE images from the public".

People are going to fail to read the fine print, and thousands will be phished for nudes through facebook with similar schemes.

The 2010 documentary catfish, and subsequent mtv series, offers an interesting look behind the curtain at the type of people who create fake facebook profiles. It covers a wide variety of reasons for creating them spanning from people who suffer from low self-esteem and confidence issues to not being able to reveal that they are homo-sexual out of fear of their friends and family finding out, just out of pure malice or even in one case creating a fake account story to get the show to pay for flights so they could finally meet face to face. Its crazy some of the lengths people go to keep up the charade and how much evidence certain people will ignore to keep the idea that the person is real alive.

You should be aware that this is a very questionable documentary and the makers of the documentary who are now the presenters of the TV show have been credibly accused of faking footage and exploiting the subject.

> Some journalists and film critics have cast doubt on the filmmakers motivations. Kyle Buchanan of MovieLine questions why the filmmakers would begin obsessively documenting Nev's online relationship so early on, and argues that it is highly improbable that media-savvy professionals like the Schulmans and Joost would not use the Internet to research Megan and her family before meeting them. Buchanan and others have suggested that the filmmakers likely discovered the fabrications in Wesselman-Pierce's story earlier than is presented in the film and pretended to be fooled only so that they could exploit her story for the documentary. https://en.wikipedia.org/wiki/Catfish_(film)#Authenticity

> You should be aware that this is a very questionable documentary

Your links only talk about the film makers; the phenomenon of cat-fishing is real.

You might also enjoy similar documentaries Cloverfield, The Blair Witch Project, and This is Spinal Tap ;-)

> in one case creating a fake account story to get the show to pay for flights so they could finally meet face to face.

That's brilliant. I couldn't find anything about this episode on google, but I'm interested to know how the hosts reacted to that.

It is season 4 episode 18. Here is a summary of the episode http://www.mtv.com/news/2244348/catfish-fake-victim/

I can't remember the exact reactions but Machine Gun Kelly was a guest host and was not happy about it. I imagine the producers where pretty happy that they got something exciting happening.

All of the problems with fake profiles are fixable if we just use the social graph. It drives me nuts that this a problem. I have a solution, which i'll share here. I'm sharing it because i hope SOMEONE can build this or share it with someone at a high level at FB or twitter.

I have a mortgage in silicon valley and a young child, so i'm not in a position to take the time and risk to do this. But i really desperately want to see it in the world.

All we have to do is use the social graph to verify each other, and follow 'verified' edges to determine trust in a third party. People can just tell fb or twitter 'yes i know this account', and that's all we really need.

If I can't follow any 'yes i know this person edges' to a remote account, don't let me interact with that account. Shadowban them. It's THAT simple. This technique stops bots and it stops trolling by fake remote accounts.

If someone claims "i know all these fake accounts", then we ban that person, for creating all the fake accounts. Fake accounts are easily identified after the fact; when no real person pays any price, they'll keep getting created.

Yes it has the downside of temporarily slowing adoption. That's the main reason imagine twitter and FB haven't done this. They think us being harassed is less important than onboarding new people.


I don’t see this working. Too many people on Facebook accept friend requests from unknown people already for it to work. I guess you could have some kind of “have you actually met this person in real life” test, but that’s an annoying friction, and people seem to enjoy inflating “friends” regardless.

Also breaks as soon as anyone in your graph gets their password stolen.

Out-of-band verifications are kinda cumbersome in real life. Let’s say a profile claiming to be your college friend, or a coworker from three jobs ago sends you a friend request on Facebook - will you really go out of your way to email/call/visit them to verify the account is theirs and not an impostor’s?

Do it after the fact, like Twitter’s “get verified.” Minimally, someone could score accounts like fakespot for Amazon reviews.

Facebook recently started sending me notifications that somebody unknown was trying to log into my account, that they'd temporarily blocked it, and later re-enabled it. The emails actually come from Facebook, the problem is that the email address they're contacting me on is one I've never used for Facebook. The email contains a link to log into Facebook to "fix" the situation, but I obviously can't log in. The other link in the email is to unsubscribe from their notifications, but not from Facebook. There is absolutely no way for me to say "yes, this is my email address, and no, it should not be tied to Facebook in any way". There is also no way for me to check what Facebook account is supposedly attached to this email. This feels incredibly underhanded, it's either "join Facebook, or risk having somebody steal an account you never created". So back to the point of the article, Facebook is at the very least passively encouraging this fake profile stuff, and the cynic in me thinks it might not be that passive...

Doesn't this mean that someone at one time had access to your Email account at one time, in order to register a Facebook account with it? I would ask myself how much of my email history might have been compromised.

Try forgot password?

I find it amusing and sad at the same time when I get targeted with these sorts of things. Amusing because they seem so obviously 'honey traps' of one form or another, and sad because I'm sure there are many people that fall for them (this article just confirms that suspicion).

I had hoped they would have done a bit of work to track the money flow in these scams. Clearly there is an opportunity here to disrupt that cash flow since most use electronic payment providers with at least some level of tracking. I want the electronic equivalent of 'marked bills' which have mandatory reporting requirements at all financial institutions that process them.

I'm glad others are digging into this. It's a fairly common problem. I had to deal with my with my deceased friend's account being hijacked by a 'bait' account a few months ago. Facebook seemed fairly indifferent to the issue.

Wrote about the process here: https://medium.com/@vonkunesnewton/facebook-parasite-the-sec...

They’ve gotta keep increasing those gross margins.

Two stories that I remember about this:

1. Sextortion scam for personal gain Back in 2002 i was using MSN Messenger as a teenager, being like 17yo and full of testosterone, I accepted any girl wanting to share intimate details with me. There was one local girl, chatting with me for 2 years, but always had excused for not opening her cam. I was sharing intimate details while being on cam, but finally stopped, as she never wanted to meet me, despite living 20km away. She always had excuses. Two years later, I was dipping again into script kiddie stuff and trying out some trojan generators, combining it with an exe cryptor to make it undetectable for the early anti-virus tools. I contacted that girl again, and told her I had some new videos of my holidays. Sent it to her (holiday-in-france.avi.exe) and two mins later I was on "her" PC. Turns out it's a local guy, 5 years older than me, having like 100 folders named after local boys, where he kept videos, screen grabs and photos neatly organized. Most of them underage. Fortunately I found a word document with his resumee, even with a photo of him. I reported that guy to the feds the same day.


2. Sextortion with the wrong guy

Years later I migrated to an asian country. I now speak the local language and have a second Facebook and Skype profile that I only use for local contacts here, that I barely know and who are not family, friends or business contacts.

Every now and then some fake russian/eastern european girls try to add me on Skype or Facebook randomly. This time those girls are real, they even start a real webcam conversation.

But this time I'm prepared, being interested in infosec and online since the early 90ies and prepared because I was scammed before (see story 1.).

Those girls quickly start skype video calls, where they try to scam guys. Me, knowing this scam for years, had a laugh and continued the video chat, also sharing intimate details with them, and who says no to watch a beautiful girl undress herself and sharing her sexual preferences?

After usually 20-30 minutes of showing off on the camera, asking my sexual preferences and begging to add me on Facebook, they will change the tone of the conversion and try to blackmail me. Since I knew the scam, I was laughing and telling them, that my whole online presence is fake and all the profiles they have from me are filled with fake friends. They swore at me and immediately blocked me on Skype and Facebook.

Happened several times.

The article explores sextortion, but doesn't ponder too deeply whats going on the with sharing images of disabled people etc. Perhaps people who respond sympathetically are also easy marks for sob story and pleading for money?

Off the cuff opinion:

Sex has a strong emotional component. People who are "sexually needy" are often really emotionally needy and emotionally unhealthy. They are attracted to things with a strong emotional component, but low commitment. Liking pics of people who have cancer or whatever fits those criteria. The people gushing at pathetic photos of that sort are (probably) more likely than others to also be vulnerable to sextortion.

I am handicapped and had a lengthy medical crisis. Lots of people wanted me to be their big feels hit for the day while not actually giving a flying fuck about my welfare. Trying to get people to invest two nanoseconds in actually being helpful instead of merely using me as some emotional drug was a huge uphill battle.

A good filter for who to not waste my time on is folks who seek me out because I have a disability (or other sob story) and they have such big feels about it. These are always leeches who cannot respect me as a person and will only ever talk to me to meet their emotional needs. It's really sick stuff.

It seemed like it was just a way to get a lot of followers so that the sexual stuff was seen by more people.

One of the worst thing about it is that they seemed to have started this not to make money but to have fun and hurt some people.

Thank you for sharing this investigation.

Sometimes when I warn my friends and family about oversharing online, and the "dangers of social media" (on-the-internet-nobody-knows-you're-a-dog 1993 cartoon) they think I'm paranoid.

This is a very good case study for all social media users to understand.

Ironically, if you try sharing this piece on social media you'll see that their graphic designer could spell neither "temptation" nor "extortion" correctly. In Canada! Yikes!

Were you looking at the French text portions? This reads like a study conducted and first published in French and then translated into English. Where I could find "extorsion" the context was French.

Is there a plugin that tags fake profiles?

How? If a plugin could do that then the site could do that.

The site has incentives to avoid doing that. A crowd-sourced plugin similar to uBlock's 3rd party filters would probably work way better.

Maybe Twitter does but Facebook doesn't. That's why in the article they talk about how scammers are very eager to get the conversation off Facebook before the account is deleted.

Yes, FB absolutely does. Their inflated "active user" count is where their money comes from.

I think in Facebook's case it has more to do with having highly detailed information about their users, which fakes go against. Anyway, a lot of fake accounts get deleted quickly, as mentioned in the article (and I've observed this myself, as obviously fake profiles I've gotten friend requests from usually end up deleted in a day or two).

And a lot of other fake accounts don't get deleted. FB doens't really care about the detailed information about their users, as long as they advertisers keep sending them money. Don't mix up what FB says they want, and what they actually want.

OK, but if the information is obviously bogus will advertisers keep paying? I don't think deleting fake accounts is necessarily an easy problem. Particularly when we consider that a false positive is much worse than a false negative as far as user impact goes.

> OK, but if the information is obviously bogus will advertisers keep paying?

Apparently yes. It's no secret that FB's numbers are not accurate, but they are still making a ton of money.

> I don't think deleting fake accounts is necessarily an easy problem. Particularly when we consider that a false positive is much worse than a false negative as far as user impact goes.

Nobody said it was easy. Only that FB is incentivised to do detection poorly. FB doesn't really care about user impact, they only care about profit. If it's not enough user impact to cause a dent in profit, they aren't incentivised to care.

> Nobody said it was easy. Only that FB is incentivised to do detection poorly. FB doesn't really care about user impact, they only care about profit. If it's not enough user impact to cause a dent in profit, they aren't incentivised to care.

I think you've misunderstood my point (or perhaps glossed over it). From a UX perspective, it's way, way worse to delete a real person's account and tell them they're fake (tons of negative news coverage every time these screw-ups happen) than it is to let a fake account slide. So any technique that errs on the side of being too aggressive they are unlikely to use.

How does the SEC not crack down on Facebook misleading investors around the number of "active" users?

It’s a secondary metric and investors only carry about the revenue/profit. (Look at Snap, whose user count is growing, and stock price is not).

And since FB advertisers are paying for engagement, not impressions, the amount of ad fraud is likely insignificant.

This... was an unreadable experience. Gratuitous animations, football field sized paragraph widths, proportional/fluid CSS sizing (thought maximizing my browser on a 1080p screen would allow me to see more), bite sized paragraphs interspersed with information-thin graphic inserts, full width graphics that have a larger height than your browser viewport, text swooshing down the screen while you're scrolling because the above graphic is dynamically resizing.

I appreciate the desire to experiment with the medium, but it just does a disservice to the content.

I agree. It was pretty annoying. So are the new top/bottom footers on Medium. I sometimes open up the inspector and delete those two divs just to read the page, but most of the time I don't bother, give up on the article, and just close the tab.

Content should just be content. You shouldn't need Javascript to simply view a page. Even if this was all just CSS tricks, it's still pretty annoying. I mean it's a neat idea. Scrolling animation can be kinda neat if done right, but this totally wasn't. It takes away from the content, which is pretty interesting.

> I sometimes open up the inspector and delete those two divs just to read the page

It's crazy how often I need to do this as well. I remember back in the old days hitting esc would stop all the animations on a page, now you need to inspect + delete those elements.

There needs to be some crowd sourced way of doing this, so if you delete an element and I visit the site, the element is gone.

> There needs to be some crowd sourced way of doing this, so if you delete an element and I visit the site, the element is gone.

This is how adblockers work (sort of).

We could probably leverage the same tech used for adblockers to make UI blockers, which maintain lists of "bad" UI and remove their tags and scripts.

Of course, I find it easier to just not use those websites.

In fact you can just right click an element and block it with most desktop ad-blockers.

Greasemonkey / Tampermonkey? I'm just too lazy to install them and write the little scripts.

The one time I tried, I saw that the scripts aren't loaded reliably. Was more aggravating than helpful. Was trying to disable links on the HN homepage that led to paywalled content so that I can avoid clicking on it.

But if it can't work reliably, it's not worth it at all. That's ultimately what makes technical solutions hard, not doing it at all, but rather doing it well enough to be worth the effort.

If you know the ids of those two divs, you could easily make a javascript bookmarklet to delete those two divs at click of a button. Or I will be happy to do that for you just for fun :)

Please call it "Large, a screen-friendly view for Medium".

Or: Larj. ;-)

You could try using a content blocker like uBlock Origin and subscribe to my annoyances filter list[1] - I attempt to block (without breaking site functionality) annoying web behavior like this automatically.

[1] https://github.com/yourduskquibbles/webannoyances

I really like outline.com (they also have a chrome extension), which shows a stripped down version of the article. It works pretty reliable with medium and most other common sources.

Just have a look at https://outline.com/vznfxw

Thanks for that! It's unfortunate that sites like that (and this: http://deslide.clusterfake.net) are needed... but that's the world we live in.

Why not just use reader mode? It worked fine for me for this article.

I found this somewhere and use it to eliminate footers. Save it as a bookmark : javascript:(function()%7B(function () %7Bvar i%2C elements %3D document.querySelectorAll('body *')%3Bfor (i %3D 0%3B i < elements.length%3B i%2B%2B) %7Bif (getComputedStyle(elements%5Bi%5D).position %3D%3D%3D 'fixed') %7Belements%5Bi%5D.parentNode.removeChild(elements%5Bi%5D)%3B%7D%7D%7D)()%7D)()

Ohh good idea to save that sort of thing as a bookmark. Thanks!

I quite liked it but there was one annoying thing: occasionally, new sections would open in between the lines, after the part is was reading, stopping me from reading. That was actually quite painful and annoying.

There used to be a "Kill Button" in Opera browser that, once activated, would remove any clicked element.

It was so easy to get rid of unwanted divs. I would like something like that for the latest version of firefox, but I couldn't find anything similar.

Element hiding helper for adblock plus works well for me in Firefox. Even has shortcuts w and n for wider and narrower respectively. Then whatever you select gets blocked permanently for you.

I've mainly used it to block all the shit youtube puts on top of videos, block position fixed videos on news sites, and make a bunch of forums less painful to browse.

not as elegant as a single button, but this does the same job:

* Ctrl + Shift + C

* Select your div

* Press [Delete]

I totally agree. I used Firefox reader view to read it. It was much better that way!

uBlock Origin and uMatrix are your friends. Here's how it looks for me (zoomed way out): https://tmp.thekyel.com/month/2017.

It looks really great on mobile though.

I use printfriendly 70% of the time. Firefox reader mode too.

I really liked it!

yes too much work for a rather simple issue. Somewhere in the way i was so annoyed i stopped reading.

Ugh, there is no way to just read the text, you have to scroll from short paragraph to short paragraph, like a fancy tweet storm. Do they even want people to read that thing?

It's really a horrible experience. Just let us read the goddamn thing and don't spam me with animations!

Can someone with a longer attention span than me provide a summary? I didn't get far enough to glean what the "scam" is.

tl;dr: The author discovered the identity of two guys (which were not explicitly disclosed) running a big network of bots that targetted man attracted to young, sometimes underage, women.

Those bots would point to video chat services, encouraging the man to masturbate himself while viewing pre-recorded videos of a girl masturbating. Then, the person would be threated to give a ransom or else have the video leaked, with the additional threat that he was masturbating to underage woman sometimes.

Fraudulent porn websites stealing credit cards were also shared by the bots network.

I kept skimming to the bottom, but unless I missed something, they never actually catch these people and report them to the police do they? Like it looks like they determine two of their real names and then .. nothing?

Thanks, that's a useful site!

It's about time Facebook should start taking action against fake profile. They should make use of AI to separate them out.

They have every incentive to do the opposite though. Fake profiles still count towards ad-revenue because advertisers aren't calling Facebook out on their bullshit.

More to that I think some advertisers benefit from a known gullible community. It would be quite easy (and unethical) for someone to make money out of targeted ads piggybacking on this sort of network.

> Fake profiles still count towards ad-revenue

How? Unless the fake profiles manage to generate significant amount of ad fraud along the way, the advertisers still end up paying for actions, not impressions.

Why would an operator of a fraudulent network click on ads, sign up for third-party newsletters, install promoted mobile apps or do whatever else the dominant ad unit in his/her feed would promote?

Sounds like a competitor of Facebook should do it then..

You can't compete with mindshare on that scale. The network effects are ludicrous. People have made generally better products than Facebook for years that all wither because they don't have a billion people and everyone you already know on them.

If Facebook were using an open protocol like Ostatus anyone could make a peer network that is better than Facebook and actually compete, but their userbase is entirely locked into their platform. On purpose, of course, thats why investors value FB so highly. Its entirely against their interests to enable competition.

lol - what competitor?

This is what technology is - a double edged weapon. Use it wisely.

What do you do with the real profiles, that are fake too? Too many people just present on Facebook what they perceive to be their best self.

Hah, how stupid do you need to be to fall into this obvious trap. Let's see... a random cute girl approaches you online and wants to initiate a sexy chat. The chances of this happening for real and not being a scam are about the same as you being a distant cousin to a Nigerian prince who just passed away and left you millions of dollars of inheritance.

Spam relies on that 1% return, and it comes from either the lowest, the most ignorant, the most uneducated, .. or potentially the most lonely. That's what's probably the most insidious about this particular type of scam, that they target people who may have already made a series of bad decisions, or who are desperate and alone.

> that they target people who may have already made a series of bad decisions, or who are desperate and alone.

like alcohol, casinos+lotteries, and free-to-play games with microtransactions

Are you comparing sextortionists to EA? I agree.

It _has_ to be stupid. A non-scammy-looking scam might attract people who would notice any minor inconsistency, thus risking more reports and more time of the scammer wasted interacting with a potentially-failed prospect.

Now, only the most gullible, most desperate of people would fall into such "obvious" scams, which means a greater return rate for the effort spent.


Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact