What Facebook Must Do To Regain Our Trust

TL;DR - Facebook's current problem is that it has no good way of verifying the identity of those looking to leverage its users for advertising or broadcasting via Facebook groups. It got there because it needed to rush to get users and then monetize them before it ran out of money. Now it needs to raise that bar by learning from Airbnb. 

Getting users on its platform as quickly as possible is what gave Facebook a valuation of over $300 billion. It grew a community so big, so fast, and so loyal it was able to become a fast track for advertising - advertisers could leverage all of the personal data Facebook users unwittingly offered up every time we added to a profile, made a friend, or "liked" a post. 

These advertisers used this information, either leveraged from Facebook or, in Cambridge Analytica's case, through apps that granted access to our data on Facebook. This doesn't even cover all of the more technical information about our browsing habits and other online activities that Facebook collects and offers to advertisers.  

Facebook's speed and breadth of user acquisition is also what has Zuckerberg in the hot seat. He's admitted that Facebook had not done enough to check the security of apps it allowed on its platform.  It also didn't do enough to find out who was buying the ads or if they should even be allowed purchase them.

Why? Because when Facebook decided to start leveraging user data with advertisers, it did so because Facebook was at a point where it needed revenue to prove its long-term worth. It needed to "move fast and break things" to get revenue and stay alive.

And so now we're left with the age-old technology backlash - the tech had to move fast to survive and sacrificed security, privacy, and safety to do so. We saw it with the dawn of the Internet - soon enough, people we're hacking into government systems and committing crime online. 

We also saw it with Airbnb. When Airbnb started, it had issues with trust - sleeping in a stranger's home who signed up with a website can be dangerous. But Airbnb realized that to stay alive, it needed to implement personal verification measures that are difficult to spoof and reviewed by its team thoroughly. Only then will hosts or visitors trust its platform with their safety. Check them out here. Among the verification measures are:
  • “At least one profile photo that shows your face." 
  • “Multiple verifications and a Verified ID."
  • “A description of at least 50 words highlighting why you decided to join the Airbnb community, your interests or hobbies, or anything else you think someone would want to know."
("Multiple verifications and a Verified ID" means that they verify a government-issued ID that you provide.)

The answer that Airbnb stumbled on: if you want to leverage our platform, you must sacrifice your anonymity - our users' safety and trust are too fragile and important. Facebook can and must force those who wish to utilize Facebook user data to create Facebook groups or advertise on its platform to verify their true identities as well. 

Facebook needs to do something similar. Right now, adversaries can hide under a cloak of  anonymity to purchase targeted ads and to create groups for broadcasting to scores of followers. These adversaries are currently using these mechanisms to spread false facts and incendiary rhetoric, not just in the US but in democratic societies across the globe. This presents a serious global security and safety issue for which Facebook must take some responsibility.

Is this verifying identities fool proof? Will the bad guys just play by the rules? No. No security or privacy measure is ever 100%. Heck, even bank vaults are rated by the time required to break into them. We know that if someone is determined to get in and has enough resources, they'll get in. 

That's because security (or privacy/safety) isn't about eliminating risk - it's about reducing risk to acceptable levels. Making those who wish to target and broadcast to Facebook's massive user base sacrifice their anonymity for that power will reduce risk. It will deter less-savvy bad guys and will make it harder for determined bad guys to trick Facebook into letting them spread propaganda.

Facebook's motto was "Move fast and break things" - now it must move fast and fix things to regain our trust. Creating some accountability for those who wish to leverage the largest network on the planet is a great start.


Popular posts from this blog

Cybersecurity CEOs: find your "big why" or get out of the way

Two-Factor Authentication - the most important thing you can do to keep hackers out of your accounts