Hacker News new | past | comments | ask | show | jobs | submit login
I saw millions compromise their Facebook accounts to fuel fake engagement (restofworld.org)
211 points by leoschwartz 3 months ago | hide | past | favorite | 64 comments

Marilyn Strathern's version of Goodhart's Law:

"When a measure becomes a target, it ceases to be a good measure."

The things broken about Facebook, are not just bugs, they are fundamental to what Facebook is. Pursuing "Likes" and views, inevitably becomes a target, and once it is a target, it is no longer a good metric of how many people actually like something.

To fix this, you would have to remove the "Like" counters, etc. Then, it would become much less addictive, and then it would also make a lot less money. Fixing Facebook, is about like trying to fix tobacco smoking; you would have to remove so much of what it is, that it would not be addictive any more, and therefore not financially viable at anything remotely like its current size.

These issues are fundamental to human society as a whole, not just FB. Factoids, yellow journalism, and lynch mobs have existed since the beginning of time. Literature on the subject, such as the Crucible, point out that people as a whole will always do their damndest to conform for its own sake. Because that's their drug of choice. Not the "Like" button. Not upvotes. Conformity.

That's sort of like how people have had a craving for sweets since time immemorial. But, modern high-sugar foods cater to that craving more efficiently than ever before. Sure, people have an instinct for conformity and attention. FB and other social networks gave them an ever-available focus for that craving, gamified to manipulate their emotions to keep them logged in and staring at the FB screen.

The same is arguably true for HN. For myself I wrote an extension to hide the likes (points)


I have some real gratitude towards OP for exposing some of the things going on in FB.

While much of what's being aired is no surprise for many of us, there are many reasons why it's still extremely valuable with what she's doing. Regardless of her motivations in doing so.

Whistleblowers are extremely important and I think we would all be better of if more current and former employees, executives and contractors would be open to speak publicly and sincerely about these things.

Thank you OP, I wish more stepped up like you do.

Looks like the fundamental problem is that a substantial number of users are perfectly willing to sign up for providing fake likes, as long as they receive fake likes in return. A tragedy of the commons.

> tragedy of the commons

Huh, I thought that was about shared resources getting ruined.

The shared resource is the validity of like counts.

To be fair, the validity of like counts and other similar engagement metrics being polluted is a good thing.

A tragedy of the commons and the "autoliker" problem described in the OP are both "coordination problems": people are worse off because they do coordinate with each other.

Sort of the same thing isn’t it?

> tragedy of the commons

No tragedy of scale is only limited to one socio-economic sect. There's a proverb in Bengali- "When the village burns, can the temple be safe?"

As the ANOM thing shows. InfoSec is mostly irrelevent, if you want secrets from people you can just ask them most of the time and they'll tell you.

Not just secrets, anything, as a rule, the easiest thing is to just ask people, what they want, what they have, what they are afraid of. And for secrets as well.

After seeing how Twitter nuked Unity 2020 campaign[1] using "authenticity" as an excuse, and how that garnered zero attention from either tech or political media, I am hyper-skeptical of all claims regarding "authenticity". If you can't objectively demonstrate that something is inauthentic and just make claims based on authority/trust, how can anyone know that you're not simply trying to achieve a political goal of your own by spreading FUD?

[1] https://articlesofunity.org/2020/09/press-release-for-our-tw...

This is now happening on Linkedin as well. People give access to their accounts to bots or sales people to like, share and contact people.

> All that said, self-compromised accounts are still a problem. They degrade the trust of users in what they can believe online.

I guess most have forgotten that you should not believe everything you see on the internet or even on your computer screen and Facebook is just a major component that is playing its part in fuelling these disinformation campaigns.

Facebook cannot and will never change. Even after the massive phone number data breach, It's been extremely overdue to delete your account.

> I guess most have forgotten that you should not believe everything you see on the internet

The article exclusively focuses on the Global South, ie developing countries. There are a couple billion people for whom social media, and indeed Internet connectivity, are very new, and there are countries full of these people. It takes a while to develop the memetic antibodies that we as a society developed over time (remember chain emails?). We obviously still deal with excess credulousness, epistemic naivete, and the Internet Age's unfortunate interactions with these weaknesses. But these weaknesses used to be much, much worse in the US and other developed countries. Countries with substantial subpopulations new to the Internet are pitting the immunologically naive against exploits hardened by years of adversarial co-evolution.

For example, there are places where the colloquial term for the 'Internet' is just 'Facebook.' The Hype Curve and how consumers engage with new technology is not universal around the world.

It's scary on face value.

But even scarier: this is what 'free speech' really looks like and that's an important right obviously.

Some people worry about the occasional 'ugly expression of hate' - which is a real concern, but in the grand scheme a problem that can be tackled, if there is authenticity.

But it's 1) the organic mass misinformation (things like QAnon) which influence incredible numbers of people and 2) the side-influence of things like we see in the article.

Media, just like Banking/Finance, much of Energy is a 'strategic industry'. It's always been protected. There is 0% chance that any nation would allow, for example, a Russian company with ties to Putin just go ahead and buy CNN and NBC.

Aside from that - there was/is cultures and standards within that industry that regulate information. All of them are susceptible to some 'national bias' and other biases run amok, that said, there is at least some degree of scrutiny and control.

On TikTok, you can make up whatever truth you want, millions will see it and that's that.

I'm seeing dozens of Pro/Anti Israeli/Palestinian TikToks and it's 99% rubbish, I just can't fathom what people's heads are being filled with, it's hard enough to get good information even from the 'regular news'.

If you make it so that public forums can be controlled by powers (political, external, commercial - whatever) - they will be.

So this is a legit new 'Giant Problem' we face.

The simplest solution is to just ban all user-visible metrics: # of likes, followers, friends, comments, etc.

At best, these serve as an indicator of quality for the public, but that function can be replaced by curation and validation by social media staff, or even just outright payment directly to the company.

At worst, these metrics are designed for social addiction anyway.

The 'like' button on Facebook was only introduced in 2009 anyway, 3 years after the platform became available to the public.

We probably need regulation to get to that point, but social media companies might very well make money money from this new world anyway. Moving towards greater user direct payment might also lessen reliance on advertising.

If Facebook cared about the mental health of its customers it would remove public likes. One of the big crushers of self-esteem is seeing your own post get 5 likes while a friend's gets 50.

FB won't, of course, because it's a big part of what keeps people engaged. Getting a lot of likes is a big dopamine hit. If no one sees all your likes - well that's not as satisfying. If no one sees likes they are probably less likely to "like" something. I get that, but it's still a sad bottom-line based decision.

Interestingly enough, last time I opened Instagram it offered me to completely hide the number of likes on all posts (others' and your own as far as I understood).

> One of the big crushers of self-esteem is seeing your own post get 5 likes while a friend's gets 50.

That's also a symptom of a problem outside of Facebook's control. From my personal experience, comparing myself to others has never been an authentic source of self confidence. But it's hard to remember that when modern culture and media values perfection and popularity.

Facebook is opportunistic and exploitative about it, where the entire product is engineered to be addictive keep you coming back. And so are thousands of other apps, news programs and articles, tv shows, etc.

That's part of it, but I'm also sitting here with the warm satisfaction that my earlier comment is up to 12 votes. Without votes or likes, I tend to assume that no one has read my comment, or no one finds it interesting. The effort I put into posting it ( I assume) was a waste of time and effort.

It also depends on your motivation. The intrinsic value of writing your post maybe is worth your efforts.

I write to engage. I'm enjoying my time in this topic since I'm getting some response and I always upvote all responders hoping to encourage the conversation to continue. I've gotten highly upvoted comments with no responses and I find that unsatisfying.

You can do it like i have been doing in hn and reddit. The moment my account gets enough points, i just delete it and start a new one. I think this is my third in hn or so, but i have been through more than ten on reddit

Even before likes were introduced to Facebook, the site was still capable of delivering a blow to one’s self-esteem, because comments were another sign of attention given to you. Plenty of people can tell you how in the period 2005–2009 their status update saying, for example, that they were having a hard time with their lives got zero comments from supposed friends, while someone’s vacation photos got many gushing comments.

Removing 'likes' won't solve all the morale-crushing issues of course. When everyone you know is posting pictures of the happy hours that you weren't invited to, and the fabulous vacations that you don't have the time or money to take, it's pretty miserable.

There are people I unfollow just because their posts fill me with envy and a destructive hope that they secretly have problems they don't talk about. I can sit here and tell myself they might be under crushing debt or have bitterly miserable marriages - but that's a nasty, unhealthy frame of mind. Some people have better lives than I do. I have a better life than some other people. Expecting some sort of karmatic "fairness" isn't going to help.

> The simplest solution is to just ban all user-visible metrics: # of likes, followers, friends, comments, etc.

As long as on the server side things are sorted by likes and such metrics people will always go out of their way to game the system.

In the early 2000's the original Counter-Strike game had a server browser utility and when it asked for a list of servers by default it gave them sorted by IP address. The result of this is that people would buy up and trade "low" IP addresses to be used as game servers.

There will always be a system to game.

But people like likes.

If nothing else, it’s good feedback to know what resonates with your audience.

My impression is likes come from a unique set of users who feel compelled to interact. Most don’t interact. So you’re getting a reading from the most “opinionated” or likely to share emotion and all the others who also have valid input but who are less likely to engage are discounted.

Who wants feature X on our product? You get a few saying yeah I’d pay an extra hundred for that, and very few who say no. Meanwhile most people just don’t want it, but never said so and the new feature is a dud.

A few years back, I was trying to become a food influencer on Instagram because it seemed like a fun optimization problem.

You quickly learn there's a game. You go and find a bunch of other influencers roughly in your tier (getting some traffic but not rockstars) and you like their posts and follow them. They return the favor.

You comment (nicely) on their stuff, they return the favor. If you've ever played those obnoxious mobile games that want you to recruit your friends, same idea.

Likes and attention farming is basically a pyramid scheme with monopoly money.

Only if you can know that your audience is actually seeing your content.

People like cocaine, and illegal gambling, and money laundering, and pyramid schemes, and cryptocurrencies.

Just because people 'like' them, doesn't mean they aren't ultimately destructive for society, and worthy of Government regulation/banning.

If you don't want to gamble / crypto and do coke, then don't. Same for social media. I didn't ask for help from the nagging busybodies at the government. I am an adult, and I will manage my own affairs even if the government could do it better. And if they fucked off from wasting money on the war on drugs, then money laundering wouldn't even be a thing.

Also doesn’t mean they are.

>> but that function can be replaced by curation and validation by social media staff

I think that the curation and validation of EG the lab leak hypothesis by Facebook and other social media companies shows that they cannot be trusted.

What they gonna do with the big like button in front of their office?

i think likes are vital to facebook. Even if they think they have locked-in the network of users, removing likes would disengage users so much to make it uninteresting

Is HN any different with its points?

Maybe a two factor like should carry more weight. Or one factor likes should carry little.

This isn't phishing. These people are giving out full access to their account on purpose.

They would give out the 2FA seed if that was a requirement.

This should be considered "on purpose behavior", as Fbook is a cult training system. (Fratnet) People are complicit in using Coupon Book as a dependency for communication with friends & family in this system. These are people who choose to sell themselves out, and sell their contact list out by structural intent. Of course they are going to compromise their accounts, they have compromised themselves and Society by the choice to use this system propagated by digital illiteracy. How is this even surprising or news worthy at this point?

The term Self-compromise frames the issue in a biased way. A person who doesn't care or isn't invested in a foreign multinational ad network like FB isn't probably causing themselves any harm or compromise this way.

I was thinking along a similar line while reading that article.

I understand that from the perspective of somebody living in a country where Facebook has all sorts of relevance/influence on people's daily lives (and certainly more than any company should ever have), this "abuse" of their precious products/services may be a serious thing.

However, I have seen other countries where many have already all but ditched Facebook (often after having been bombarded with local BS), or just never let it become a significant factor in their lives in the first place.

The problems these comprised accounts pose is mostly (if not only) a problem for Facebook itself. Facebook wants to sell the idea that a user account reveals information about the person operating that account. However, these user may have no interest in playing along with Facebook's wish to sell that information. They found a different use for Facebook's services. One that serves them better than Facebook's original intended.

It should also be noted that blatant disinformation, especially from governments, is very common in South America (and plenty of other places too). Many (maybe even most) locals grow up with it and are aware that nothing is as it appears. Especially when power is at play. It's probably more remarkable how naive people in the USA and EU still are , when it comes to their propaganda (be that state or commercially driven). Probably because their propaganda has been more subtle and less obviously in-your-face unbelievable. Either way, the way locals may look at propaganda and misinformation (or even their participation in it) may be very different from how people in the USA (or working at Facebook) look at it.

> I have seen other countries where many have already all but ditched Facebook (often after having been bombarded with local BS), or just never let it become a significant factor in their lives in the first place.

Which countries?

"During my time at Facebook, I heard reports of autolikers using compromised accounts to seize ownership of prominent pages" sounds exactly like a compromised account being abused.

Except when they are affected by the real-world outcomes of political systems manipulated by bad actors. But that never happens, of course...

Yes, all 3 (user who sold access, "bad actor", and FB as the market maker) are complicit. But the user may make this choice knowing all this, because who believes stuff anyway on fb, or maybe they are politically aligned with the "bad actors".

why does she keep getting airtime? nothing she's saying is even remotely surprising.

Because very few other former FB employees (or Google for that matter) have come out from under NDA's to talk frankly about what they've seen in the mega-iest of megacorps.

It's not that what she's saying is especially surprising, it's that it's rare for someone to be saying it at all.

what is and isn't surprising to our Internet bubble of tech nerds isn't the same for the entire readership she's primarily targeting. her whistleblowing is a net positive for global awareness and provides content that I can easily pass on to family, friends, etc.

nobody outside the bubble cares about what she has to say.

How do you justify such an incredibly strong assertion?

Have you seen any uptake on the articles around her? I don't. I see multiple articles that are being ignored.

Yet here we are on HN. I learned something from the article.

I didn't know that the most common vector for compromised accounts were like farms.

And still many people don't know.

> 10.5 million fake reactions may sound like an impossibly large and impactful number

No, that actually sounds tiny and insignificant. And all politics is generating fake engagement. It's just that before you had to be an entrenched political party / billionaire that can afford to spend 8 figures on PR and advertising.

Nothing new...

15 years ago when MSN was existing i saw script with "login prompt" to share something important with your MSN buddies. Once user login - script dump his username/password to DB, login on MSN and share same text to all his buddies about game.

Of course link leading to same login prompt and least one buddy click on it and login.

So was easy to reproduce that even in Facebook using token of logged user.

What you are describing here sounds to me like phishing, where as what is described in the article sounds like those people deliberately share their accounts with bot farms. Willingly.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact