Many of you know that I have friends in the modeling industry, ranging from runway and fashion to glamour and print to adult and erotic. Online social networking has become so ingrained in modern lifestyles that some my modeling friends who I have become close with are also friends with me on Facebook.
The friends of mine who are models have become fairly well known thanks to Internet media, and this fame has resulted in undesired attention such as stalkers and jealous critics (aka ‘haters’). In many cases, well known models become targets of fake social networking profiles. More specifically, profiles are created pretending to be them for malicious purposes (e.g. tarnish reputations).
The fake profiles are sometimes reported and subsequently disabled and/or deleted. But sometimes, the fake profile creator is able to get the legitimate/real profile taken down or disabled by the social network by somehow convincing the administrators the real profile is the fake one. Just recently, a friend of mine had her account deleted as well as her fan page (which is tied to her actual Facebook profile). She had to contact Facebook and was able to get the account restored.
If someone told me about this a few years ago, I would have laughed it off and asked why this is even a relevant problem that should garner any attention.
But considering Facebook is being leveraged for more critical Internet tasks such as commercial marketing as well as Open Authentication (OAuth) to provide Single Sign On for other services, protecting a Facebook account is actually fairly important.
What can be done to counter fake profiles and the incorrect deletion of a legitimate account?
1. Put more emphasis on the Two Factor Authentication feature of Facebook.
For those that don’t know, Facebook has optional two factor authentication. This means that in order to login the user must provide both the standard password along with a one-time generated token (often a numeric sequence) that is only valid for a few minutes from the time it was generated.
Facebook’s method of two factor authentication is that after the user logs in by providing the username and password combination, a one time password is sent to the account’s mobile phone number via SMS (text message). The user then provides that password in the next prompt that is presented in order to login.
Facebook should promote this feature and tell their users that if they bind a mobile phone number to their accounts, it will give them some higher level of ‘verification’ for their account. While this won’t prevent a malicious person from using their own mobile phone number when creating a fake Facebook profile in another person’s name/identity, it does add one level of complexity to dissuade malicious profiles.
2. Create smart algorithms to rank profile legitimacy.
Facebook should create a formula to generate a metric value that can be used to score a profile’s authenticity. This metric can be influenced not just by the number of friends the user has, but also the ‘authenticity’ value those friends have, the amount of interactivity between the user and his/her friends (e.g. comments, posts on friends’ walls, posts on own wall by friends, photo tags, check-ins), posted photos, etc.
Assuming this metric existed, say user Real Alice has 20 friends and Real Alice has 100 photos posted, 40 of those photos are tagged of her and 70 of the photos are tagged with one or more of the 20 friends Real Alice has. Also, let’s say that all 20 of Real Alice’s friends have commented at least two times on one of her wall posts and Real Alice has commented at least one time on a wall posts by all of her friends’.
Then let’s say Fake Alice creates an account and has 15 friends and has 40 photos posted. 40 of those photos are tagged of her and none of the photos are tagged with her friends. Fake Alice has several wall posts with comments on her wall or wall posts by all of her 15 friends, but no posts by Fake Alice on her friends’ wall activity.
A carefully constructed algorithm should be able to analyze profile and the activity between the immediate friends and assign a higher ‘authenticity’ score to Real Alice compared to Fake Alice. It’s a simple matter of a weighted node graph for all you science nerds.
So if Fake Alice tried to report Real Alice’s profile to Facebook, the administrators should be able to make a reasonable hypothesis that Fake Alice is a malicious profile.
Granted, I’m sure there are going to be ways to generate a fake profile of another person and get the ‘authenticity’ value higher than the real profile of that person, but this adds another layer of protection in the social network.
3. Allow for users to ‘verify’ their accounts.
While only granted by Twitter on a case by case basis for high profile people and companies, Twitter does have “Verified Accounts”. Look for the white checkmark on blue next to a person’s name on their twitter profile. Example: http://twitter.com/taylorswift13
This is one process with no real ‘good’ way of implementing. Using a credit card tied to an account as a way of ‘verifying’ it is one way. Of course, this adds a great level of overhead on Facebook with the management of user financial information.
But those are three ideas I have been able to come up with. I’d be curious to hear other opinions to solve this issue.