[Disclaimer: you’ll probably see ads under and possibly incorporated into articles on this blog. I don’t choose them and I don’t approve them: that’s the price I pay for not being able to afford to pay for all my blogs…]
I have spent a not-very-happy time this morning, besieged by Facebook group posts passed off as porn videos and trying to get rid of them. In fact, it’s unlikely that they’re either porn or videos: they’re bot postings of malicious links that are probably intended to steal credentials. It’s not just fake porn that infests Facebook groups, by the way: there are all those fake ‘sad news’ links about celebrities alleged to be dead, ill or maimed, for instance, or scams based on fake ‘special offers’, or ‘bait and switch’ posts about lost/found dogs.
Obviously, this stealing of credentials exposes the legitimate account owner to losing control of their account, but that is usually just a stepping stone to other malicious activities that may range from scam distribution to ‘denial of service’ attacks, from ‘Londoning’ to distribution of political propaganda, from clickjacking to spurious advertising.
Facebook users: bots post all sorts of material to public groups. If it isn’t relevant to the community, it’s probably dangerous. Unfortunately, that doesn’t mean that material that is relevant is safe, but that’s a discussion for another time. I don’t, of course, advise you to follow links like those mentioned above – sadly, there will be other scam links that I haven’t seen or remembered… But do use the option to advise group admins: do it often enough and they may even be inspired to tighten up their group settings.
Facebook group admins: I can understand when people don’t want to make a group private, because that’s likely to hamper growth. However, you don’t have to let anyone (or anybot) post anything. Some of the facilities formerly only available in private groups have recently become available to public groups, too. In particular, turning on participant approval may add to your administrative workload, but it does make a big difference. (That’s what I do on groups I set up, but don’t feel able to enforce it on groups where I’m a co-admin but don’t feel that it’s ‘my’ group.
Don’t rely on Facebook to sort this out for you. Apart from the fact that the platform doesn’t always act in good faith, there are ways that scammers can avoid Meta’s checking. For instance, by showing Meta’s detection systems an innocuous page, where normal FB users see something quite different. (Other malware uses similar techniques to avoid probing by security companies and law enforcement agencies.) If Facebook tells you that a clearly offensive or malicious post doesn’t offend community standards, the likelihood is that its detection has been subverted by this or a similar deception.
[Addendum]
The day after originally posting this, I was encouraged to find that:
- If I report a fake pornographic video to Admin as being sexual exploitation (as indeed it is, since it exploits fake porn to capture credentials), it actually gets reported to Meta for review. It isn’t clear whether Meta’s review systems actually look at a post when it’s been deleted and the user (normally a bot/fake profile) removed. So now I’m ‘reporting to admin’ even on groups where I am an admin, before removing the offensive post.
- Facebook actually advised me that it was removing the post of a video that I’d previously reported from other posts. It seems that Meta’s Machine Learning is, in fact, sometimes capable of learning. Unfortunately, so are malicious algorithms, so this won’t necessarily last indefinitely, but after a weekend dominated by unattractive renditions of the human body – AI seems to have a curious idea of how perspective and human anatomy correspond – I’m happy for this tiny victory. And no, I’m not puritanical by nature, but this stuff is not only ugly but dangerous.
The AVIEN Portal 