Twitter is holding off on fixing verification policy to focus on election integrity

Twitter is pausing its work on overhauling its verification process, which provides a blue checkmark to public figures, in favor of election integrity, Twitter product lead Kayvon Beykpour tweeted today. That’s because, as we approach another election season, “updating our verification program isn’t a top priority for us right now (election integrity is),” he wrote on Twitter this afternoon.

Last November, Twitter paused its account verifications as it tried to figure out a way to address confusion around what it means to be verified. That decision came shortly after people criticized Twitter for having verified the account of Jason Keller, the person who organized the deadly white supremacist rally in Charlottesville, Virginia.

Fast forward to today, and Twitter still verifies accounts “ad hoc when we think it serves the public conversation & is in line with our policy,” Beykpour wrote. “But this has led to frustration b/c our process remains opaque & inconsistent with our intented [sic] pause.”

While Twitter recognizes its job isn’t done, the company is not prioritizing the work at this time — at least for the next few weeks, he said. In an email addressed to Twitter’s health leadership team last week, Beykpour said his team simply doesn’t have the bandwidth to focus on verification “without coming at the cost of other priorities and distracting the team.”

The highest priority, Beykpour said, is election integrity. Specifically, Twitter’s team will be looking at the product “with a specific lens towards the upcoming elections and some of the ‘election integrity’ workstreams we’ve discussed.”

Once that’s done “after ~4 weeks,” he said, the product team will be in a better place to address verification.

 

https://platform.twitter.com/widgets.js

from Social – TechCrunch https://techcrunch.com/2018/07/17/twitter-is-holding-off-on-fixing-verification-policy-to-focus-on-election-integrity/
via Superb Summers

Advertisements

Instagram is building non-SMS 2-factor auth to thwart SIM hackers

Hackers can steal your phone number by reassigning it to a different SIM card, use it to reset your passwords, steal your Instagram and other accounts, and sell them for Bitcoin. As detailed in a harrowing Motherboard article today, Instagram accounts are especially vulnerable because the app only offers two-factor authentication through SMS that delivers a password reset or login code via text message.

But now Instagram has confirmed to TechCrunch that it’s building non-SMS two-factor authentication system that works with security apps like Google Authenticator or Duo. They generate a special code that you need to login that can’t be generated on a different phone in case your number is ported to a hacker’s SIM card.

Buried in the Instagram Android app’s APK code is a prototype of the upgraded 2FA feature, discovered by frequent TechCrunch tipster Jane Manchun Wong. Her work has led to confirmed TechCrunch scoops on Instagram Video Calling, Usage Insights, soundtracks for Stories, and more.

When presented with the screenshots, an Instagram spokesperson told TechCrunch that yes, it is working on the non-SMS 2FA feature, saying “We’re continuing to improve the security of Instagram accounts, including strengthening 2-factor authentication.”

Instagram actually lacked any two-factor protection until 2016 when it already had 400 million users. In November 2015, I wrote a story titled “Seriously. Instagram needs two-factor authentication.” A friend and star Instagram stop-motion animation creator Rachel Ryle had been hacked, costing up a lucrative sponsorship deal. The company listened. Three months later, the app began rolling out basic SMS-based 2FA.

But since then, SIM porting has become a much more common problem. Hackers typically call a mobile carrier and use social engineering tactics to convince them they’re you, or bribe an employee to help, and then change your number to a SIM card they control. Whether they’re hoping to steal intimate photos, empty cryptocurrency wallets, or sell desireable social media handles that like @t or @Rainbow as Motherboard reported, there are plenty of incentives to try a SIM porting attack. This article outlines how you can take steps to protect your phone number.

Hopefully as knowledge of this hacking technique becomes more well known, more apps will introduce non-SMS 2FA, mobile providers will make it tougher to port numbers, and users will take more steps to safeguard their accounts. As our identities and assets increasingly go digital, its pin codes and authenticator apps, not just deadbolts and home security systems, that must become a part of our everyday lives.

from Social – TechCrunch https://techcrunch.com/2018/07/17/instagram-2-factor/
via Superb Summers

Dems and GOP unite, slamming Facebook for allowing violent Pages

In a rare moment of agreement, members of the House Judiciary Committee from both major political parties agreed that Facebook needed to take down Pages that bullied shooting survivors or called for more violence. The hearing regarding social media filtering practices saw policy staffers from Facebook, Google, and Twitter answering questions, though Facebook absorbed the brunt of the ire. The hearing included Republican Representative Steve King ask “What about converting the large behemoth organizations that we’re talking about here into public utilities?”

The meatiest part of the hearing centered on whether social media platforms should delete accounts of conspiracy theorists and those inciting violence, rather than just removing the offending posts.

The issue has been a huge pain point for Facebook this week after giving vague answers for why it hasn’t deleted known faker Alex Jones’ Infowars Page, and tweeting that “We see Pages on both the left and the right pumping out what they consider opinion or analysis – but others call fake news.” Facebook’s Head of Global Policy Management Monica Bickert today reiterated that “sharing information that is false does not violate our policies.”

As I detailed in this opinion piece, I think the right solution is to quarantine the Pages of Infowars and similar fake newers, preventing their posts or shares of links to their web domain from getting any visibility in the News Feed. But that deleting the Page without instances of it directly inciting violence would make Jones a martyr and strengthen his counterfactual movement. Deletion should be reserved for those that blantantly encourage acts of violence.

Rep Ted Deutch (D-Florida) asked about how Infowars’ claims in YouTube videos that Parkland shooting’s survivors were crisis actors squared with the company’s policy. Google’s Downs explained that “We have a specific policy that says that if you say a well documented violent attack didn’t happen and you use the name or image of the survivors or victims of that attack, that is a malicious attack and it violates our policy.” She noted that YouTube has a ‘three strikes’ policy, it is “demoting low quality content and promoting more authoritative content”, and it’s now showing boxes atop result pages for problematic searches like is the earth flat?’ with facts to dispel conspiracies.

Facebook’s answer was much less clear. Bickert told Deutch that “We do use a strikes model. What that means is that if a Page, or profile, or group is posting content and some of that violates our polices, we always remove the violating posts at a certain point” (emphasis mine). That’s where Facebook became suddenly less transparent.

“It depends on the nature of the content that is violating our policies. At a certain point we would also remove the Page, or the profile, or the group at issue” Bickert continued. Deutch then asked how many strikes conspiracy theorists get. Bickert noted that ‘crisis actors’ claims violate its policy and its removes that content. “And we would continue to remove any violations from the Infowars Page.” But regarding Page-level removals, she got wishy-washy, saying “If they posted sufficient content that it would violated our threshold, then the page would come down. The threshold varies depending on the different types of violations.”

“The Threshold Varies”

Rep Matt Gaetz (R-Florida) gave the conservatives’ side of the same argument, citing two posts by the Facebook Page “Milkshakes Against The Republican Party” that called for violence, including one that saying “Remember the shooting at the Republican baseball game? One of those should happen every week.”

While these posts had been removed, Gaetz asked why the Page hadn’t. Bickert noted that “There’s no place for any calls for violence on Facebook”. Regarding the threshold, she did reveal that “When someone posts an image of child sexual abuse imagery their account will come down right away. There are different thresholds for different violations.” But she repeatedly refused to make a judgement call about whether the Page should be removed until she could review it with her team.

Image: Bryce Durbin/TechCrunch

Showing surprising alignment in such a fractured political era, Democratic Representative Jamie Raskin of Florida said “I’m agreeing with the chairman about this and I think we arrived at the same exact same place when we were taking about at what threshold does Infowars have their Page taken down after they repeatedly denied the historical reality of massacres of children in public school.”

Facebook can’t rely on a shadowy “the threshold varies” explanation any more. It must outline exactly what types of violations incur not only post removal but strikes against their authors. Perhaps that’s something like ‘one strike for posts of child sexual abuse, three posts for inciting violence, five posts for bullying victims or denying documented tragedies occurred, and unlimited posts of less urgently dangerous false information’.

Whatever the specifics, Facebook needs to provide specifics. Until then, both liberals and conservatives will rightly claim that enforcement is haphazard and opaque.

For more from today’s hearing:

from Social – TechCrunch https://techcrunch.com/2018/07/17/facebook-strikes-policy/
via Superb Summers