A better way to kill fake Facebook accounts

If you’re concerned that the proliferation of fake accounts on Facebook and Twitter could be skewing public opinion, helping to spread falsehoods and creating a nasty atmosphere, perhaps you should pay attention to the suggestions of Vitalik Buterin, the founder of the the digital currency platform Ethereum. (For those impressed with big sums of money, the market capitalisation of Ether, the Ethereum cryptocurrency, stands at US$27.5bil (RM116.09bil), second only to Bitcoin).

I had an argument with Buterin on Twitter the other day. He was outraged by a column I wrote, suggesting that Twitter and Facebook should require a credit card for account registration. I was arguing that the social networks are huge media companies that need to enforce order on their platforms.

Nobody, including the networks themselves, has an accurate idea of how many of their users are actual people. Fake accounts and bots are ubiquitous. Bullies act anonymously and with impunity. Fake stories and political propaganda are pushed to large audiences, amplified by botnets. Terror groups run circles around censors, which may be great for free speech but not for public security. So I want the networks to stop letting users have anonymity. If you’re broadcasting to the world, as one does on Facebook and Twitter, you should be identified. Credit cards could verify people’s identity.

Like many others, Buterin hated my suggestion. He argued that someone like James Damore, the Google engineer who had questioned the company’s gender policies and was promptly fired for it, could have been protected by anonymity.

”Accepting such a consequence” as dismissal, “is admirable,” Buterin wrote, “but that should not be the only path.” Unpopular ideas, he argued, shouldn’t be “relegated to the shadows of one-on-one messenger conversations.” He noted that important contributions to progress have been made anonymously: Bitcoin, for example, was invented by a pseudonymous “Satoshi Nakamoto”. Privacy is important “to prevent everything in life from becoming a social signaling game,” Buterin added.

I disagree with these arguments – I believe that broadcasting isn’t, and shouldn’t be, for the faint of heart – but I’m willing to accept Buterin’s argument that the world can sometimes be unnecessarily cruel to people like Damore, who dare to disagree. I also understand the ugly optics of closing big broadcasting platforms to people without the means to own a credit card, even though, as profit-oriented businesses, these platforms can’t make much money off them.

So perhaps Buterin has a better idea, which he described like this: “I personally like the idea of one-per-person tokens anonymised via ring signatures or ZKP’s. Get sybil resistance without privacy loss.”

That’s pretty cryptic, like much of what Buterin says; his mind works quicker than he can explain things. And he wouldn’t provide a simpler description. But here’s what he means, as far as I can understand.

The general idea is to exclude “sybil attacks”, in which a malicious user can use many identities, by providing every social-network user with a unique ID that wouldn’t reveal his or her identity to the outside world or to a government.

That privacy threshold would rule out any kind of commonly-used ID – the kind of electronic signature used, for example, in Estonia, or a credit card, a Social Security number, or proven home address. To make sure each person only gets one “token”, some peer-to-peer identification process should be involved.

One ingenious way to solve this problem is by convening “pseudonym parties”, offline or online video gatherings at which every participant gets an identification token without showing any papers. The idea is that a person cannot be at several parties at the same time; to make sure there’s no cheating, parties must be held simultaneously, and rarely enough that collecting multiple identities becomes too cumbersome. The parties would be held via video chats set up among random users, as long as everyone in the group can make sure no one in it is participating in several such chats at the same time.

This would be a clumsy mechanism, forcing people to wait for “pseudonym day” to start using a social-media service. A possible solution would be to create two tiers of users, those with identification and those without, the way it works on Twitter with verified and unverified accounts. Only identified users would be able to take part in polls, cast ballots to make content more conspicuous, as is done on Reddit, or “clap” writers on Medium to help determine how much they get paid. Fake users consigned to the unverified tier would be automatically suspect, and could be rendered inconspicuous by algorithms.

The token itself would be an alphanumeric key, subject to distributed verification, the way cryptocurrency wallets work. The technical methods that can be used for such verification are well understood by experts like Buterin.

All this sounds complicated, but then the problem itself is complex. The Internet was conceived as an anarchic, decentralised network on which privacy, and anonymity as one of its attributes, is highly prized. Even though the social networks have been compromising privacy in numerous ways in order to make money, the old ideal is still there, and many people balk at the suggestion that they identify themselves. They are right to be wary of government snooping, and in some cases employer snooping. So there’s a need for a mechanism that combines individuality, accountability and privacy. Technology used in cryptocurrency platforms could provide such a mechanism.

Will social networks and platforms such as Reddit or Medium embrace it? I doubt it. That would require complicated implementation and scaling, and the networks have economic disincentives when it comes to weeding out fake accounts – if they really tried, it might deflate their all-important user numbers.

But perhaps, in time, the incentives could change. The current backlash against bots, fake news and illegal political advertising should eventually push the networks to implement identification in a way that doesn’t spook users. — Bloomberg