Facebook is introducing a new “Tributes” section for memorialized accounts

Facebook is rolling out a new feature for memorialized accounts that will allow people to leave messages in a Tributes section that is separate from the rest of the profile’s timeline. Depending on a memorialized account’s privacy settings, friends can currently still post on its timeline, including in the comments of posts the person made before they died. If a memorialized account has a Tributes section, however, posts made after the day it was memorialized (which prevents anyone else from logging in) will be placed there.

Some Facebook users who have designated “legacy contacts” to manage their accounts after they die were alerted to the new feature by a notification today that contained the euphemistic phrase “if your account is memorialized.”

A page on Facebook’s Help Center describes the new tributes section “as a space on memorialized profiles where friends and family can post stories, commemorate a birthday, share memories and more.”

“Legacy contacts” will have more leeway over tribute posts than they do over the rest of the account. For example, they have the ability to decide who can see and post tributes and can delete posts. They can also change who can see posts the deceased person is tagged in or remove the tag. If the account had timeline review turned on, the legacy contact will be able to turn it off for tribute posts. Posts made to a profile after it is memorialized will be separated into the tributes section. The feature’s help page says “we do our best to separate tribute posts from timeline posts based on the info we’re given.”

Legacy contacts still can’t log into accounts, read private messages or remove and add friends.

2018 really was more of a dumpster fire for online hate and harassment, ADL study finds

Around 37 percent of Americans were subjected to severe hate and harassment online in 2018, according to a new study by the Anti-Defamation League, up from about 18 percent in 2017. And over half of all Americans experienced some form of harassment according to the ADL study.

Facebook users bore the brunt of online harassment on social networking sites according to the ADL study, with around 56 percent of survey respondents indicating that at least some of their harassment occurred on the platform. — unsurprising given Facebook’s status as the dominant social media platform in the U.S.

Around 19 percent of people said they experienced severe harassment on Twitter (only 19 percent? That seems low); while 17 percent reported harassment on YouTube; 16 percent on Instagram; and 13 percent on WhatsApp .

Chart courtesy of the Anti-Defamation League

In all, the blue ribbon standards for odiousness went to Twitch, Reddit, Facebook and Discord, when the ADL confined their surveys to daily active users. nearly half of all daily users on Twitch have experienced harassment, the report indicated. Around 38% of Reddit users, 37% of daily Facebook users, and 36% of daily Discord users reported being harassed.

“It’s deeply disturbing to see how prevalent online hate is, and how it affects so many Americans,” said ADL chief executive Jonathan A. Greenblatt. “Cyberhate is not limited to what’s solely behind a screen; it can have grave effects on the quality of everyday lives – both online and offline. People are experiencing hate and harassment online every day and some are even changing their habits to avoid contact with their harassers.”

And the survey respondents seem to think that online hate makes people more susceptible to committing hate crimes, according to the ADL.

The ADL also found that most Americans want policymakers to strengthen laws and improve resources for police around cyberbullying and cyberhate. Roughly 80 percent said they wanted to see more action from lawmakers.

Even more Americans, or around 84 percent, think that the technology platforms themselves need to do more work to curb the harassment, hate, and hazing they see on social applications and websites.

As for the populations that were most at risk to harassment and hate online, members of the LGBTQ community were targeted most frequently, according to the study. Some 63 percent of people identifying as LGBTQ+ said they were targeted for online harassment because of their identity.

“More must be done in our society to lessen the prevalence of cyberhate,” said Greenblatt. “There are key actions every sector can take to help ensure more Americans are not subjected to this kind of behavior. The only way we can combat online hate is by working together, and that’s what ADL is dedicated to doing every day.”

The report also revealed that cyberbullying had real consequences on user behavior. Of the survey respondents 38 percent stopped, reduced or changed online activities, and 15 percent took steps to reduce risks to their physical safety.

Interviews for the survey were conducted between Dec. 17 to Dec. 27, 2018 by the public opinion and data analysis company YouGov, and was conducted by the ADL’s Center for Technology and Society. The non-profit admitted that it oversampled for respondents who identified as Jewish, Muslim, African American, Asian AMerican or LGBTQ+ to “understand the experiences of individuals who may be especially targeted because of their group identity.”

The survey had a margin of error of plus or minus three percentage points, according to a statement from the ADL.

2018 really was more of a dumpster fire for online hate and harassment, ADL study finds

Around 37 percent of Americans were subjected to severe hate and harassment online in 2018, according to a new study by the Anti-Defamation League, up from about 18 percent in 2017. And over half of all Americans experienced some form of harassment according to the ADL study.

Facebook users bore the brunt of online harassment on social networking sites according to the ADL study, with around 56 percent of survey respondents indicating that at least some of their harassment occurred on the platform. — unsurprising given Facebook’s status as the dominant social media platform in the U.S.

Around 19 percent of people said they experienced severe harassment on Twitter (only 19 percent? That seems low); while 17 percent reported harassment on YouTube; 16 percent on Instagram; and 13 percent on WhatsApp .

Chart courtesy of the Anti-Defamation League

In all, the blue ribbon standards for odiousness went to Twitch, Reddit, Facebook and Discord, when the ADL confined their surveys to daily active users. nearly half of all daily users on Twitch have experienced harassment, the report indicated. Around 38% of Reddit users, 37% of daily Facebook users, and 36% of daily Discord users reported being harassed.

“It’s deeply disturbing to see how prevalent online hate is, and how it affects so many Americans,” said ADL chief executive Jonathan A. Greenblatt. “Cyberhate is not limited to what’s solely behind a screen; it can have grave effects on the quality of everyday lives – both online and offline. People are experiencing hate and harassment online every day and some are even changing their habits to avoid contact with their harassers.”

And the survey respondents seem to think that online hate makes people more susceptible to committing hate crimes, according to the ADL.

The ADL also found that most Americans want policymakers to strengthen laws and improve resources for police around cyberbullying and cyberhate. Roughly 80 percent said they wanted to see more action from lawmakers.

Even more Americans, or around 84 percent, think that the technology platforms themselves need to do more work to curb the harassment, hate, and hazing they see on social applications and websites.

As for the populations that were most at risk to harassment and hate online, members of the LGBTQ community were targeted most frequently, according to the study. Some 63 percent of people identifying as LGBTQ+ said they were targeted for online harassment because of their identity.

“More must be done in our society to lessen the prevalence of cyberhate,” said Greenblatt. “There are key actions every sector can take to help ensure more Americans are not subjected to this kind of behavior. The only way we can combat online hate is by working together, and that’s what ADL is dedicated to doing every day.”

The report also revealed that cyberbullying had real consequences on user behavior. Of the survey respondents 38 percent stopped, reduced or changed online activities, and 15 percent took steps to reduce risks to their physical safety.

Interviews for the survey were conducted between Dec. 17 to Dec. 27, 2018 by the public opinion and data analysis company YouGov, and was conducted by the ADL’s Center for Technology and Society. The non-profit admitted that it oversampled for respondents who identified as Jewish, Muslim, African American, Asian AMerican or LGBTQ+ to “understand the experiences of individuals who may be especially targeted because of their group identity.”

The survey had a margin of error of plus or minus three percentage points, according to a statement from the ADL.

No, your tweets aren’t awful. Twitter’s Likes are currently borked.

If you have been experiencing issues with the Like or Retweet count on Twitter and are desperately seeking validation, here it is: yes, it’s Twitter, not you (probably). The company confirmed today that it is working on a fix for a problem with notifications that’s been messing with Like counts.

Many users around the world have reported seeing the number of Likes on their tweets fluctuate continuously, making them wonder if accounts were being suspended in mass or if Twitter was deleting them.

Twitter did not say when the issue began, but based on a careful study of Twitter search results, and not on my own desperate longing for validation from internet strangers, the issue has been going on for almost a day.

No, your tweets aren’t awful. Twitter’s Likes are currently borked.

If you have been experiencing issues with the Like or Retweet count on Twitter and are desperately seeking validation, here it is: yes, it’s Twitter, not you (probably). The company confirmed today that it is working on a fix for a problem with notifications that’s been messing with Like counts.

Many users around the world have reported seeing the number of Likes on their tweets fluctuate continuously, making them wonder if accounts were being suspended in mass or if Twitter was deleting them.

Twitter did not say when the issue began, but based on a careful study of Twitter search results, and not on my own desperate longing for validation from internet strangers, the issue has been going on for almost a day.

Everything you need to know about Facebook, Google’s app scandal

Facebook and Google landed in hot water with Apple this week after two investigations by TechCrunch revealed the misuse of internal-only certificates — leading to their revocation, which led to a day of downtime at the two tech giants.

Confused about what happened? Here’s everything you need to know.

How did all this start, and what happened?

On Monday, we revealed that Facebook was misusing an Apple-issued enterprise certificate that is only meant for companies to use to distribute internal, employee-only apps without having to go through the Apple App Store. But the social media giant used that certificate to sign an app that Facebook distributed outside the company, violating Apple’s rules.

The app, known simply as “Research,” allowed Facebook unparalleled access to all of the data flowing out of a device. This included access to some of the users’ most sensitive network data. Facebook paid users — including teenagers — $20 per month to install the app. But it wasn’t clear exactly what kind of data was being vacuumed up, or for what reason.

It turns out that the app was a repackaged app that was effectively banned from Apple’s App Store last year for collecting too much data on users.

Apple was angry that Facebook was misusing its special-issue enterprise certificates to push an app it already banned, and revoked it — rendering the app unable to open. But Facebook was using that same certificate to sign its other employee-only apps, effectively knocking them offline until Apple re-issued the certificate.

Then, it turned out Google was doing almost exactly the same thing with its Screenwise app, and Apple’s ban-hammer fell again.

What’s the controversy over these enterprise certificates and what can they do?

If you want to develop Apple apps, you have to abide by its rules — and Apple expressly makes companies agree to its terms.

A key rule is that Apple doesn’t allow app developers to bypass the App Store, where every app is vetted to ensure it’s as secure as it can be. It does, however, grant exceptions for enterprise developers, such as to companies that want to build apps that are only used internally by employees. Facebook and Google in this case signed up to be enterprise developers and agreed to Apple’s developer terms.

Each Apple-issued certificate grants companies permission to distribute apps they develop internally — including pre-release versions of the apps they make, for testing purposes. But these certificates aren’t allowed to be used for ordinary consumers, as they have to download apps through the App Store.

What’s a “root” certificate, and why is its access a big deal?

Because Facebook’s Research and Google’s Screenwise apps were distributed outside of Apple’s App Store, it required users to manually install the app — known as sideloading. That requires users to go through a convoluted few steps of downloading the app itself, and opening and trusting either Facebook or Google’s enterprise developer code-signing certificate, which is what allows the app to run.

Both companies required users after the app installed to agree to an additional configuration step — known as a VPN configuration profile — allowing all of the data flowing out of that user’s phone to funnel down a special tunnel that directs it all to either Facebook or Google, depending on which app you installed.

This is where the Facebook and Google cases differ.

Google’s app collected data and sent it off to Google for research purposes, but couldn’t access encrypted data — such as the content of any network traffic protected by HTTPS, as most apps in the App Store and internet websites are.

Facebook, however, went far further. Its users were asked to go through an additional step to trust an additional type of certificate at the “root” level of the phone. Trusting this Facebook Research root certificate authority allowed the social media giant to look at all of the encrypted traffic flowing out of the device — essentially what we call a “man-in-the-middle” attack. That allowed Facebook to sift through your messages, your emails and any other bit of data that leaves your phone. Only apps that use certificate pinning — which reject any certificate that isn’t its own — were protected, such as iMessage, Signal and additionally any other end-to-end encrypted solutions.

Facebook’s Research app requires Root Certificate access, which Facebook gather almost any piece of data transmitted by your phone (Image: supplied)

Google’s app might not have been able to look at encrypted traffic, but the company still flouted the rules — and had its separate enterprise developer code-signing certificate revoked anyway.

What data did Facebook have access to on iOS?

It’s hard to know for sure, but it definitely had access to more data than Google.

Facebook said its app was to help it “understand how people use their mobile devices.” In reality, at root traffic level, Facebook could have accessed any kind of data that left your phone.

Will Strafach, a security expert with whom we spoke for our story, said: “If Facebook makes full use of the level of access they are given by asking users to install the certificate, they will have the ability to continuously collect the following types of data: private messages in social media apps, chats from in instant messaging apps – including photos/videos sent to others, emails, web searches, web browsing activity, and even ongoing location information by tapping into the feeds of any location tracking apps you may have installed.”

Remember: this isn’t “root” access to your phone, like jailbreaking, but root access to the network traffic.

How does this compare to the technical ways other market research programs work?

In fairness, these aren’t market research apps unique to Facebook or Google. Several other companies, like Nielsen and comScore, run similar programs, but neither ask users to install a VPN or provide root access to the network.

In any case, Facebook already has a lot of your data — as does Google. Even if the companies only wanted to look at your data in aggregate with other people, it can still hone in on who you talk to, when, for how long and, in some cases, what about. It might not have been such an explosive scandal had Facebook not spent the last year cleaning up after several security and privacy breaches.

Can they capture the data of people the phone owner interacts with?

In both cases, yes. In Google’s case, any unencrypted data that involves another person’s data could have been collected. In Facebook’s case, it goes far further — any data of yours that interacts with another person, such as an email or a message, could have been collected by Facebook’s app.

How many people did this affect?

It’s hard to know for sure. Neither Google nor Facebook have said how many users they have. Between them, it’s believed to be in the thousands. As for the employees affected by the app outages, Facebook has more than 35,000 employees and Google has more than 94,000 employees.

Why did internal apps at Facebook and Google break after Apple revoked the certificates?

You might own your Apple device, but Apple still gets to control what goes on it.

Apple can’t control Facebook’s root certificates, but it can control the enterprise certificates it issues. After Facebook was caught out, Apple said: “Any developer using their enterprise certificates to distribute apps to consumers will have their certificates revoked, which is what we did in this case to protect our users and their data.” That meant any app that relied on Facebook’s enterprise certificate — including inside the company — would fail to load. That’s not just pre-release builds of Facebook, Instagram and WhatsApp that staff were working on, but reportedly the company’s travel and collaboration apps were down. In Google’s case, even its catering and lunch menu apps were down.

Facebook’s internal apps were down for about a day, while Google’s internal apps were down for a few hours. None of Facebook or Google’s consumer services were affected, however.

How are people viewing Apple in all this?

Nobody seems thrilled with Facebook or Google at the moment, but not many are happy with Apple, either. Even though Apple sells hardware and doesn’t use your data to profile you or serve you ads — like Facebook and Google do — some are uncomfortable with how much power Apple has over the customers — and enterprises — that use its devices.

In revoking Facebook and Google’s enterprise certificates and causing downtime, it has a knock-on effect internally.

Is this legal in the U.S.? What about in Europe with GDPR?

Well, it’s not illegal — at least in the U.S. Facebook says it gained consent from its users. The company even said its teenage users must obtain parental consent, even though it was easily skippable and no verification checks were made. It wasn’t even explicitly clear that the children who “consented” really understood how much privacy they were really handing over.

That could lead to major regulatory headaches down the line. “If it turns out that European teens have been participating in the research effort Facebook could face another barrage of complaints under the bloc’s General Data Protection Regulation (GDPR) — and the prospect of substantial fines if any local agencies determine it failed to live up to consent and ‘privacy by design’ requirements baked into the bloc’s privacy regime,” wrote TechCrunch’s Natasha Lomas.

Who else has been misusing certificates?

Don’t think that Facebook and Google are alone in this. It turns out that a lot of companies might be flouting the rules, too.

According to many finding companies on social media, Sonos uses enterprise certificates for its beta program, as does finance app Binance, as well as DoorDash for its fleet of contractors. It’s not known if Apple will also revoke their enterprise certificates.

What next?

It’s anybody’s guess, but don’t expect this situation to die down any time soon.

Facebook may face repercussions with Europe, as well as at home. Two U.S. senators, Mark Warner and Richard Blumenthal, have already called for action, accusing Facebook of “wiretapping teens.” The Federal Trade Commission may also investigate, if Blumenthal gets his way.

Zimbabwe’s government faces off against its tech community over internet restrictions

After days of intermittent blackouts at the order of the Zimbabwe’s Minister of State for National Security, ISPs have restored connectivity through a judicial order issued Monday.  

The cyber-affair adds Zimbabwe to a growing list of African countries—including Cameroon, Congo, and Ethiopia—whose governments have restricted internet expression in recent years.

The debacle demonstrates how easily internet access—a baseline for all tech ecosystems—can be taken away at the hands of the state.  

It also provides another case study for techies and ISPs regaining their cyber rights. Internet and social media are back up in Zimbabwe — at least for now.   

Protests lead to blackout

Similar to net shutdowns around the continent, politics and protests were the catalyst. Shortly after the government announced a dramatic increase in fuel prices on January 12, Zimbabwe’s Congress of Trade Unions called for a national strike.

Web and app blackouts in the Southern African country followed demonstrations that broke out in several cities. A government crackdown ensued with deaths reported.

“That began Monday [January 14]. A few demonstrations around the country become violent…Then on Tuesday morning there was a block on social media: Facebook, Twitter, and WhatsApp,” TechZim CEO Tinashe Nyahasha told TechCrunch on a call from Harare.

On January 15, Zimbabwe’s largest mobile carrier Econet Wireless confirmed via SMS and a message from founder Strive Masiyiwa that it had complied with a directive from the Minister of State for National Security to shutdown internet.

Net access was restored, taken down again, then restored, but social media sites remained blocked through January 21.

Data provided to TechCrunch from Oracle’s Internet Intelligence research unit confirm the net blackouts on January 16 and 18.

VPNs, government response

Throughout the restrictions, many of Zimbabwe’s citizens and techies resorted to VPNs and workarounds to access net and social media, according to Nyahasha.

Throughout the interruption TechZim ran updated stories on ways to bypass the cyber restrictions.

The Zimbabwean government’s response to the net shutdown started with denial—one minister referred to it as a congestion problem on local TV—to presidential spokesperson George Charamba invoking its necessity for national security reasons.

Then President Dambudzo Mnangawa took to Twitter to announce he would skip Davos meetings and return home to address the country’s unrest—a move panned online given his government’s restrictions on citizens using social media.    

The Embassy of Zimbabwe in Washington, DC and Ministry for ICT did not respond to TechCrunch inquiries on the country’s internet and app restrictions.

Court ruling, takeaways

On Monday this week, Zimbabwe’s high court ordered an end to any net restrictions, ruling only the country’s president, not the National Security Minister, could legally block the internet. Econet’s Zimbabwe Chief of Staff Lovemore Nyatsine and sources on the ground confirmed to TechCrunch that net and app access were back up Tuesday.  

Zimbabwe’s internet debacle created yet another obstacle for the country’s tech scene. The 2018 departure of 37–year President Robert Mugabe—a  hero to some and progress impeding dictator to others—sparked hope for the lifting of long-time economic sanctions on Zimbabwe and optimism for its startup scene.

Some of that has been dashed by subsequent political instability and worsening economic conditions since Mugabe’s departure, but not all of it, according to TechZim CEO Tinashe Nyahasha.   

“There was momentum and talk of people coming home and investing seed money. That’s slowed down…but that momentum is still there. It’s just not as fast as it could have been if the government had lived up to the expectations,” he said.  

Of the current macro-environment for Zimbabwe’s tech sector, “The truth is, it’s bad but it has been much worse,” Tinashe said

With calls for continued protests, Monday’s court ruling is likely not the last word on the internet face-off between the government and Zimbabwe’s ISPs and tech community.

Per the ruling, a decision to restrict net or apps will have to come directly from Zimbabwe’s president, who will weigh the pros and cons.

On a case by case basis, African governments may see the economic and reputational costs of internet shutdowns are exceeding whatever benefits they seek to achieve.

Cameroon’s 2017 shutdown, covered here by TechCrunch, cost businesses millions and spurred international condemnation when local activists created a  #BringBackOurInternet campaign that ultimately succeeded.

In the case of Zimbabwe, global internet rights group Access Now sprung to action, attaching its #KeepItOn hashtag to calls for the country’s government to reopen cyberspace soon after digital interference began.

Further attempts to restrict net and app access in Zimbabwe will likely revive what’s become a somewhat ironic cycle for cyber shutdowns. When governments cut off internet and social media access, citizens still find ways to use internet and social media to stop them.

Microsoft confirms Bing is down in China

Microsoft’s Bing is down in China, according to users who took to social media beginning Wednesday afternoon to complain and express concerns.

The Seattle-based behemoth has confirmed that its search engine is currently inaccessible in China and is “engaged to determine next steps,” a company spokesperson said in a statement to TechCrunch Thursday morning.

Citing sources, the Financial Times reported (paywalled) on Thursday that China Unicom, a major state-owned telecommunication company, confirmed the government had ordered a block on Bing.

Public reaction

The situation appears to be a DNS (domain name system) corruption, one method for China to block websites through its intricate censoring system called the Great Firewall. When a user enters a domain name associated with a banned IP address, the Firewall will corrupt the connection to stop the page from loading.

Several users told TechCrunch they are still able to access Bing by directly visiting its IP address as of Thursday morning.

Other users writing on social media believe the block is a result of Bing’s server crash after a viral article (link in Chinese) attacking Baidu’s search quality directed traffic to its lesser-known American rival. Many referred to a Chinese report that says high traffic from Baidu had crashed Bing. The article, published by Jiemian, a news site under the state-owned Shanghai United Media Group, now returns a 404 error.

Microsoft has long tried to play by China’s rules by filtering out sensitive results from its search engine. It also modified Windows 10 for China back in 2017 through a collaboration with state-owned China Electronics Technology Group to eliminate Beijing’s fears of possible backdoors in the American software. Former Microsoft executive Steven Sinofsky lamented Bing’s blockage in China, writing on Twitter that Microsoft had “worked so hard to be successful there.”

Tight seal

Bing remained one of the few non-Chinese internet firms that still have their core products up and running in a country where Google and Facebook have long been unavailable. Another rare case is LinkedIn, which runs a filtered version of its social network for professionals and caught flack for bending to local censorship.

Bing also censors its search service for Chinese users, so it would be odd if its inaccessibility proves to be a case of government clampdown. That said, China appears to be further tightening control over the cyberspace. Case in point, LinkedIn recently started to run strict identity checks on its China-based users.

Baidu remains the biggest search engine in China with smaller rival Sogou coming in second. Bing, which some users find is a more pleasant alternative to local options that are usually flooded with ads, is active on 320,000 unique devices monthly, according to third-party research firm iResearch. That’s dwarfed by Baidu’s 466 million and Sogou’s 43 million.

Google told the U.S. Congress in December it had no immediate plans to relaunch its search engine in China but felt “reaching out and giving users more information has a very positive impact.” The Mountain View-based firm shut down its search engine in mainland China back in 2010 under pressure over censorship but also cited cyber attacks as a factor in its decision to leave.

A photo of an egg has toppled reality star Kylie Jenner as Instagram’s most-liked post

Instagram has found something it likes more than a Kardashian-Jenner family baby, and it’s an egg.

This weekend, a photo of a plain egg became the most-liked photo on Instagram, the social app owned by Facebook with over one billion users that’s reflective of internet culture.

The photo, which you can see below in its full glory, currently has more than 23 million likes at the time of writing. That has seen it surpass a February 18 photo from Kylie Jenner — the sister of Kim Kardashian and a reality TV star in her own right — which announced the birth of her baby with rapper Travis Scott and has 18.2 million likes.

Unlike Jenner, who has 21 million Instagram followers, the egg account — “world_record_egg” — is a newcomer that seems to have been created in early January. Nothing is known of its ownership, although it now has 2.4 million followers which could — and I can’t believe I’m writing this… — make it an influencer account.

While much can be said about Jenner’s rise to fame, she’s a pretty successful entrepreneur. Her two-year-old ‘Kylie Cosmetics’ brand is estimated to gross over $600 million in annual revenue. While it is funny that a photo of an egg can take the record on Instagram there might be more to it. Jenner’s company trades on her brand, the egg could be a rejection or protest of today’s reality TV culture… which is best embodied by the Kardashians and, in particular, Kylie Jenner. That certainly seems the case looking at the splurge in new and egg-related comments on Jenner’s birth post from last year.

Maybe that’s wishful thinking and this is just another internet phenomenon that can’t be explained. It could simply be a joke that blew up, but don’t discount the potential that this is a stunt from a company launching a new product or wanting to make a splash.

Showing that she might have a sense of humor, 21-year-old Jenner acknowledged the new record in a video of her smashing an egg.

View this post on Instagram

Take that little egg

A post shared by Kylie (@kyliejenner) on

This is the second social media record set this year after Twitter got a new most-retweeted tweet — however, the roles were very much different.

Yusaku Maezawa, a Japanese billionaire who is paying Elon Musk’s SpaceX for a trip to the moon, saw a tweet that offered nearly $1 million in prize money for retweets surpass a true internet phenomenon, U.S. teen Carter Wilkerson. Back in April 2017, Wilkerson took to Twitter to plead for free chicken nuggets; his original tweet now has around 3.6 million retweets.

Facebook is not equipped to stop the spread of authoritarianism

After the driver of a speeding bus ran over and killed two college students in Dhaka in July, student protesters took to the streets. They forced the ordinarily disorganized local traffic to drive in strict lanes and stopped vehicles to inspect license and registration papers. They even halted the vehicle of the chief of Bangladesh Police Bureau of Investigation and found that his license was expired. And they posted videos and information about the protests on Facebook.

The fatal road accident that led to these protests was hardly an isolated incident. Dhaka, Bangladesh’s capital, which was ranked the second least livable city in the world in the Economist Intelligence Unit’s 2018 global liveability index, scored 26.8 out of 100 in the infrastructure category included in the rating. But the regional government chose to stifle the highway safety protests anyway. It went so far as raids of residential areas adjacent to universities to check social media activity, leading to the arrest of 20 students. Although there were many images of Bangladesh Chhatra League, or BCL men, committing acts of violence on students, none of them were arrested. (The BCL is the student wing of the ruling Awami League, one of the major political parties of Bangladesh.)

Students were forced to log into their Facebook profiles and were arrested or beaten for their posts, photographs and videos. In one instance, BCL men called three students into the dorm’s guest room, quizzed them over Facebook posts, beat them, then handed them over to police. They were reportedly tortured in custody.

A pregnant school teacher was arrested and jailed for just over two weeks for “spreading rumors” due to sharing a Facebook post about student protests. A photographer and social justice activist spent more than 100 days in jail for describing police violence during these protests; he told reporters he was beaten in custody. And a university professor was jailed for 37 days for his Facebook posts.

A Dhaka resident who spoke on the condition of anonymity out of fear for their safety said that the crackdown on social media posts essentially silenced student protesters, many of whom removed from their profiles entirely photos, videos and status updates about the protests. While the person thought that students were continuing to be arrested, they said, “nobody is talking about it anymore — at least in my network — because everyone kind of ‘got the memo,’ if you know what I mean.”

This isn’t the first time Bangladeshi citizens have been arrested for Facebook posts. As just one example, in April 2017, a rubber plantation worker in southern Bangladesh was arrested and detained for three months for liking and sharing a Facebook post that criticized the prime minister’s visit to India, according to Human Rights Watch.

Bangladesh is far from alone. Government harassment to silence dissent on social media has occurred across the region, and in other regions as well — and it often comes hand-in-hand with governments filing takedown requests with Facebook and requesting data on users.

Facebook has removed posts critical of the prime minister in Cambodia and reportedly “agreed to coordinate in the monitoring and removal of content” in Vietnam. Facebook was criticized for not stopping the repression of Rohingya Muslims in Myanmar, where military personnel created fake accounts to spread propaganda, which human rights groups say fueled violence and forced displacement. Facebook has since undertaken a human rights impact assessment in Myanmar, and it also took down coordinated inauthentic accounts in the country.

UNITED STATES – APRIL 10: Facebook CEO Mark Zuckerberg testifies during the Senate Commerce, Science and Transportation Committee and Senate Judiciary Committee joint hearing on “Facebook, Social Media Privacy, and the Use and Abuse of Data” on Tuesday, April 10, 2018. (Photo By Bill Clark/CQ Roll Call)

Protesters scrubbing Facebook data for fear of repercussion isn’t uncommon. Over and over again, authoritarian-leaning regimes have utilized low-tech strategies to quell dissent. And aside from providing resources related to online privacy and security, Facebook still has little in place to protect its most vulnerable users from these pernicious efforts. As various countries pass laws calling for a local presence and increased regulation, it is possible that the social media conglomerate doesn’t always even want to.

“In many situations, the platforms are under pressure,” said Raman Jit Singh Chima, policy director at Access Now. “Tech companies are being directly sent takedown orders, user data requests. The danger of that is that companies will potentially be overcomplying or responding far too quickly to government demands when they are able to push back on those requests,” he said.

Elections are often a critical moment for oppressive behavior from governments — Uganda, Chad and Vietnam have specifically targeted citizens — and candidates — during election time. Facebook announced just last Thursday that it had taken down nine Facebook pages and six Facebook accounts for engaging in coordinated inauthentic behavior in Bangladesh. These pages, which Facebook believes were linked to people associated with the Bangladesh government, were “designed to look like independent news outlets and posted pro-government and anti-opposition content.” The sites masqueraded as news outlets, including fake BBC Bengali, BDSNews24 and Bangla Tribune and news pages with Photoshopped blue checkmarks, according to the Atlantic Council’s Digital Forensic Research Lab.

Still, the imminent election in Bangladesh doesn’t bode well for anyone who might wish to express dissent. In October, a digital security bill that regulates some types of controversial speech was passed in the country, signaling to companies that as the regulatory environment tightens, they too could become targets.

More restrictive regulation is part of a greater trend around the world, said Naman M. Aggarwal, Asia policy associate at Access Now. Some countries, like Brazil and India, have passed “fake news” laws. (A similar law was proposed in Malaysia, but it was blocked in the Senate.) These types of laws are frequently followed by content takedowns. (In Bangladesh, the government warned broadcasters not to air footage that could create panic or disorder, essentially halting news programming on the protests.)

Other governments in the Middle East and North Africa — such as Egypt, Algeria, United Arab Emirates, Saudi Arabia and Bahrain — clamp down on free expression on social media under the threat of fines or prison time. And countries like Vietnam have passed laws requiring social media companies to localize their storage and have a presence in the country — typically an indication of greater content regulation and pressure on the companies from local governments. In India, WhatsApp and other financial tech services were told to open offices in the country.

And crackdowns on posts about protests on social media come hand-in-hand with government requests for data. Facebook’s biannual transparency report provides detail on the percentage of government requests with which the company complies in each country, but most people don’t know until long after the fact. Between January and June, the company received 134 emergency requests and 18 legal processes from Bangladeshi authorities for 205 users or accounts. Facebook turned over at least some data in 61 percent of emergency requests and 28 percent of legal processes.

Facebook said in a statement that it “believes people deserve to have a voice, and that everyone has the right to express themselves in a safe environment,” and that it handles requests for user data “extremely carefully.”

The company pointed to its Facebook for Journalists resources and said it is “saddened by governments using broad and vague regulation or other practices to silence, criminalize or imprison journalists, activists, and others who speak out against them,” but the company said it also helps journalists, activists and other people around the world to “tell their stories in more innovative ways, reach global audiences, and connect directly with people.”

But there are policies that Facebook could enact that would help people in these vulnerable positions, like allowing users to post anonymously.

“Facebook’s real names policy doesn’t exactly protect anonymity, and has created issues for people in countries like Vietnam,” said Aggarwal. “If platforms provide leeway, or enough space for anonymous posting, and anonymous interactions, that is really helpful to people on the ground.”

BERLIN, GERMANY – SEPTEMBER 12: A visitor uses a mobile phone in front of the Facebook logo at the #CDUdigital conference on September 12, 2015 in Berlin, Germany. (Photo by Adam Berry/Getty Images)

A German court in February found the policy illegal under its decade-old privacy law. Facebook said it plans to appeal the decision.

“I’m not sure if Facebook even has an effective strategy or understanding of strategy in the long term,” said Sean O’Brien, lead researcher at Yale Privacy Lab. “In some cases, Facebook is taking a very proactive role… but in other cases, it won’t.” In any case, these decisions require a nuanced understanding of the population, culture, and political spectrum in various regions — something it’s not clear Facebook has.

Facebook isn’t responsible for government decisions to clamp down on free expression. But the question remains: How can companies stop assisting authoritarian governments, inadvertently or otherwise?

“If Facebook knows about this kind of repression, they should probably have… some sort of mechanism to at the very least heavily try to convince people not to post things publicly that they think they could get in trouble for,” said O’Brien. “It would have a chilling effect on speech, of course, which is a whole other issue, but at least it would allow people to make that decision for themselves.”

This could be an opt-in feature, but O’Brien acknowledges that it could create legal liabilities for Facebook, leading the social media giant to create lists of “dangerous speech” or profiles on “dissidents,” and could theoretically shut them down or report them to the police. Still, Facebook could consider rolling a “speech alert” feature to an entire city or country if that area becomes volatile politically and dangerous for speech, he said.

O’Brien says that social media companies could consider responding to situations where a person is being detained illegally and potentially coerced into giving their passwords in a way that could protect them, perhaps by triggering a temporary account reset or freeze to prevent anyone from accessing the account without proper legal process. Some actions that might trigger the reset or freeze could be news about an individual’s arrest — if Facebook is alerted to it, contact from the authorities, or contact from friends and loved ones, as evaluated by humans. There could even be a “panic button” type trigger, like Guardian Project’s PanicKit, but for Facebook — allowing users to wipe or freeze their own accounts or posts tagged preemptively with a code word only the owner knows.

“One of the issues with computer interfaces is that when people log into a site, they get a false sense of privacy even when the things they’re posting in that site are widely available to the public,” said O’Brien. Case in point: this year, women anonymously shared their experiences of abusive co-workers in a shared Google Doc — the so-called “Shitty Media Men” list, likely without realizing that a lawsuit could unmask them. That’s exactly what is happening.

Instead, activists and journalists often need to tap into resources and gain assistance from groups like Access Now, which runs a digital security helpline, and the Committee to Protect Journalists. These organizations can provide personal advice tailored to their specific country and situation. They can access Facebook over the Tor anonymity network. Then can use VPNs, and end-to-end encrypted messaging tools, and non-phone-based two-factor authentication methods. But many may not realize what the threat is until it’s too late.

The violent crackdown on free speech in Bangladesh accompanied government-imposed internet restrictions, including the throttling of internet access around the country. Users at home with a broadband connection did not feel the effects of this, but “it was the students on the streets who couldn’t go live or publish any photos of what was going on,” the Dhaka resident said.

Elections will take place in Bangladesh on December 30.

In the few months leading up to the election, Access Now says it’s noticed an increase in Bangladeshi residents expressing concern that their data has been compromised and seeking assistance from the Digital Security hotline.

Other rights groups have also found an uptick in malicious activity.

Meenakshi Ganguly, South Asia director at Human Rights Watch, said in an email that the organization is “extremely concerned about the ongoing crackdown on the political opposition and on freedom of expression, which has created a climate of fear ahead of national elections.”

Ganguly cited politically motivated cases against thousands of opposition supporters, many of which have been arrested, as well as candidates that have been attacked.

Human Rights Watch issued a statement about the situation, warning that the Rapid Action Battalion, a “paramilitary force implicated in serious human rights violations including extrajudicial killings and enforced disappearances,” and has been “tasked with monitoring social media for ‘anti-state propaganda, rumors, fake news, and provocations.’” This is in addition to a nine-member monitoring cell and around 100 police teams dedicated to quashing so-called “rumors” on social media, amid the looming threat of news website shutdowns.

“The security forces continue to arrest people for any criticism of the government, including on social media,” Ganguly said. “We hope that the international community will urge the Awami League government to create conditions that will uphold the rights of all Bangladeshis to participate in a free and fair vote.”