Meta, the conglomerate formerly referred to as Facebook, has been knee-deep in cybersecurity and privacy issues for what seems forever. The conglomerate is trying to leave behind old demons that nearly toppled its array of massively used products and tarnished its reputation beyond repair. These past issues included user data leaks and international data privacy scandals. For Meta, turning a fresh page also meant making a swift exit from the face recognition dilemma as well as having to ponder about products that pose potential privacy breach risks. The now refreshed Meta is taking a very cautious, from-the-ground-up approach to the cybersecurity and privacy of its products. These latest blog posts—not to mention the recent revamp of the company—are a clear indication of the company’s new open and collaborative business model. Now, Meta’s expansion of the Facebook Protect “security program,” as well as a first-of-its-kind “end-of-year threat report” that collates research on “multiple network disruptions” seems to be a public awareness push that emphasizes an improved moral and ethical stance overall.
The Adversarial Threat Report
Meta’s new threat report published on December 1st, 2021 is tackling the problem of misinformation and connections to dangerous groups head-on. According to the report, Meta has ramped up its operations for the first time per its security policies. These operations have successfully eliminated “six adversarial networks” from Poland, Palestine, China, and Belarus that breached Coordinated Inauthentic Behavior (CIB). These include networks affiliated with KGB, Hamas and an information security organization from China that spreads COVID-19 disinformation. Meta has also removed actors sourced to Italy and France for Brigading, as well as a network in Vietnam for Mass Reporting, Meta’s new security policy protocol approach.
Brigading
Meta describes Brigading as people working together to comment, post, or engage in repetitive behaviors en masse to “harass others or silence them.” The tactics used in Brigading rely “on a combination of authentic, duplicate and fake accounts to mass comment on posts from Pages, including news entities, and individuals to intimidate them and suppress their views.”
Mass Reporting
Mass Reporting, according to Meta, is when people work together to “mass-report” accounts or particular content. This is done with the end goal of getting accounts or content removed from the platform via the use of “abuse reporting tools” and complaints launched from both authentic and duplicate accounts.
Coordinated Inauthentic Behavior
According to Meta, Coordinated Inauthentic Behavior (CIB) comprises coordinated campaign schemes that are a global threat, and are designed to “manipulate public debate” across Meta’s apps.
The Facebook Protect Program
The second novelty pertaining to Meta’s “ongoing improvements to security” was reported in their December 2nd, 2021 blog post. The blog post describes a new expansion of Facebook Protect—Facebook’s security program for those likely to be targeted by “malicious hackers.” This program also includes improvements in the two-factor authentication setup. As for the group of people the program is for, this list includes; journalists, government officials, and human rights defenders—people who are “at the center of critical communities for public debate.” The program helps such groups of people improve their account security as well as monitor for potential “hacking threats,” even sniffing out potential issues such as weak passwords. The program itself has been in a “test” phase since 2018, expanded significantly ahead of the 2020 US elections, and finally went global last September. According to Meta, the program, which notifies those who are eligible to benefit from it, has been activated on over 1.5 million accounts and has resulted in the activation of two-factor authentication on 950,000 accounts since September 2021.
Uptick in big tech security and privacy practices across the industry
It is not just Meta that has undertaken serious privacy and cybersecurity changes to its business model. Both Google and Apple have made such changes by implementing new steps such as the Advanced Protection Program (APP) and new “threat notifications,” respectively.
Is Meta on The Right Path?
The threat report outlines that Meta has shared their findings with “industry peers, independent researchers, law enforcement, and policymakers.” They stated: “Our goal over time is to make these behaviors more costly and difficult to hide, and less effective.” As far as Facebook Protect is concerned, Meta has said that they are expanding their security outlook over the next months. “We’re going to carefully expand this requirement globally. We’re encouraged by our early findings and will continue to improve Facebook Protect over time.” Regarding Meta’s approach to malicious network research, they have likewise emphasized an expansion of this notion in the coming months. “We hope that being able to study these disrupted operations in the way that closely resembles how they appeared live would help educate people on how to spot these deceptive campaigns, including signs of coordination and inauthenticity.”
