Lawsuit reminds us that Facebook is a double edged sword for skeptics

I’ve written many times here about how skeptics need to take care not to inadvertently promote the online wares of those who we criticize. I’ve long recommended that skeptic bloggers and webmasters always use the NOFOLLOW attribute on links to web sites containing such material. If you don’t do this, you are boosting them in Google and thus helping their cause.

As social media has become ever more important, I’ve additionally advised to take care in linking directly to certain web sites on Twitter and Facebook. This is because even though the links on the web interface to those services are marked NOFOLLOW as an anti-spam measure, the importance of social media in marketing means those links are measured in other ways.

A lawsuit filed in the last two weeks is a vivid reminder of one of the less obvious examples of this involving Facebook specifically. I’ve mentioned this quirk of Facebook before, but only in a comment to a previous post, so I think it’s worth revisiting here.

You may be surprised to learn there is a very simple thing you may have done yourself on Facebook that plays right into the bad guys’ hands. And now Facebook is being sued over it.

The focus of the lawsuit is private messages on Facebook. The company portrays these messages as if they are equivalent to email – indeed, each user was given a private email address by Facebook. In the United States there are various Federal and State laws regarding how an email provider must safeguard the privacy of information like this.

Two Facebook users, Matthew Campbell and Michael Hurley, have filed a class-action lawsuit alleging that Facebook is violating these laws, and taking information from private messages and converting it into public information in the form of “Facebook Likes”. It all stems from an investigation by a security researcher published in October 2012. It was reported in the Wall Street Journal, and I mentioned it in a comment on this blog at that time.

As Campbell and Hurley describe in the court filing:

In October 2012, a security researcher published findings in the Wall Street Journal showing that Facebook scans users’ private messages for URLs. When a private message contains a link to a third-party website, and that website has a “Like” social plugin, Facebook registers up to two “Likes” for that web page via the social media plugin.

Emphasis mine in the above – but let me reiterate.  Simply by passing a link to web site to another skeptic in a private message, you can increase the “Like” counter for that site by not one but two!  These likes show on the site’s count, but not in your personal Facebook profile.

The filing goes on:

The article notes that this practice is described in Facebook’s guidance for developers – administrators of the third-party websites whom Facebook seeks to entice to use social plugins. The developer guidance states that “the number of inbox messages containing” a link to a page will count as ‘Likes.’” However, this practice – scanning private messages and doling out “Likes” to websites if a hyperlink is contained therein – is not disclosed anywhere in Facebook’s Privacy Policy.

The court filing is surprisingly readable – and even contains screen shots of how the investigator figured out this was happening. (This is especially handy because the investigator’s original video showing his technique has been removed because it violates YouTube’s prohibition on depicting “harmful activities”).

If you go back to the developer documentation for the Like plugin mentioned in the filing, you can currently find the following text regarding the number of likes counted:

The number shown is the sum of:

• The number of likes of your URL
• The number of shares of your URL (this includes copy/pasting a link back to Facebook)
• The number of likes and comments on stories on Facebook about your URL

So not only are private messages increasing likes by two, but any share of a link (regardless of whether the associated comment is positive or negative) counts as a like, and any comment on a share counts as a like too!

The Problem for Skeptics

So how do spurious “Likes” of web pages relate to skeptics? Likes and follows and retweets are the currency of social media. They are the means of promotion in this 21st century Internet marketing world.  And if you hand them out to the pseudoscientists and paranormalists we are trying to combat, you are helping their cause and hurting ours.  You could be helping promote pseudoscience, simply by making a sarcastic remark in a Facebook comment thread.

Imagine a new homeopathy website appears, and skeptics put the word out to each other about it using Facebook PMs to pass around the link. Each one of those PMs can generate up to two Likes for the homeopathy website.  Then the skeptics post sarcastically about the site on their Facebook walls, and other skeptics chime in to comment on how terrible the new site is.  Pretty soon the brand new site full of pseudoscience is swimming in Likes (according to the button proudly displayed on it) – even though only skeptics might be looking at it.  That’s a huge promotional backfire for our side.

Bottom line: never, ever link directly to a website containing misinformation on Facebook – either in a public post or in a private message. And if you see others doing it, do not comment on the thread – contact them in private without referring to the URL.

To compensate for this, I’ve recommended using a special tool called DoNotLink if you absolutely must post a link to a pseudoscience or paranormal site on social media. I can’t tell you about it now, but very soon there will be an even better method of linking to these sites that does the same thing and more. Stay tuned!

Update March 2014: That new tool is the RBUTR Toolbar, which is equivalent to Do Not Link for social media posts.