Facebook: Eighty-Seven Million Fakes

Posted by Viktoria Michaelis on February 21, 2013 in Internet, News & Opinion |

The title of this post is, perhaps, a little bit misleading because it is a figure which is almost impossible to estimate. However, if Facebook is to be believed, and I am sure they can safely make their own estimates when it comes to their side of the business, this is the number of fake accounts on their systems. How they arrived at this number is hard to guess, but it is a number which makes many wonder, no matter how small a proportion of the whole it may be, how such a state of affairs could ever have been allowed to happen.

And the word here really is fake, not accounts which are no longer used or where the password has been lost, or even the accounts which Facebook has closed, for whatever reason, without actually deleting them from the system. They are accounts set up by people with no right to a name, with thoughts other than those of most social media users, perhaps even with criminal intent. Yet many of these accounts could have been stopped right at the point of their creation, and with very little personal intervention from the few people assigned to customer service and similar jobs employed by Facebook Inc.

Last Thursday I decided to see exactly how easy it is to set up a fake account and what security measures could be in place from the Facebook side to prevent such a creation. The whole took just a matter of minutes: the creation of a fake mail account through a throwaway service, the creation of the Facebook page itself. I purposefully chose a small town in the middle of Texas as my hometown, one with about one thousand five hundred residents, and expanded my small test a stage further: who would befriend this unknown, non-existent person? Further, to make it even harder, I created the account as a minor, meaning that no one who is not on the friends’ list would be able to see any details of the person behind the name.

Viktoria Michaelis: Facebook Security and Fake Accounts

Screenshot: Facebook

The result is Amanda Miller, a thirteen year old from Sundown, Texas, attending Sundown High School. As you can see from the screenshot, above, there is nothing but a photograph to be seen, and the fact that she is female. The photo albums are closed to outsiders, the About link leads to a page which only shows that she is female, nothing more. Not even her age is shown, and certainly not her location. The automatic security settings imposed by Facebook for minors – people under the age of eighteen – prevent anything else being visible to the casual visitor. From this point of view the security, for the child, is good, assuming that it is a child who has created the page and that she is who she says she is, which is not the case.

During the set-up phase, new customers at Facebook are asked to enter their hometown. I chose Sundown, Texas simply because it is such a small town where, you would think, most people would know one another. Facebook also knows this town; it has been registered by other users and over one thousand five hundred people have clicked to say they have been there. The school, Sundown High School, has several users registered and there are also a number of businesses listed.

And here comes the first real opportunity for Facebook – through an automated system – to check whether a person really is who they say they are.

Viktoria Michaelis: Facebook Security and Fake Accounts

Screenshot: Facebook

I enter the details of my town and my school. They are immediately linked to other profiles with similar information – for the People You May Know function – and the whole is registered. At the same time, despite what I have entered, the Facebook system is well aware of where I am. My IP is logged and the system can see where I am logging in from. This is theoretically used to prevent hackers from entering a profile from elsewhere and, for those who only access their profile page from one area, can be fine-tuned so that only one location is allowed to log in.

Viktoria Michaelis: Facebook Security and Fake Accounts

Screenshot: Facebook

Since the system can automatically see where a person is and automatically links to places they say they are it would be possible to block anyone who claims to be in one area but is logging in or creating an account from another, and that right from the moment when they first try to create a profile. At present the only check used by Facebook is a confirmation mail to the given mail address, which could also be anywhere in the world. The provider for Amanda Miller, as an example, is in Canada and the Top Level Domain for the address is Anguilla.

There is a further automatic check which Facebook can use, the registration of a cellphone number. This is used to allow users to register a user name other than their real name, although the Facebook rules suggest that the real name should be included in this made-up name. Here the actual location of a person is also automatically registered:

Viktoria Michaelis: Facebook Security and Fake Accounts

Screenshot: Facebook

and is another fail-safe system which could be used, but isn’t, to determine the exact location of registration. The fact that a new user can alter this entry makes no difference, the software Facebook uses has already determined which country the new user is in.

Having registered, the user is now offered the opportunity to link up with people they may know, and this linking is based exclusively on the location of their Hometown or Present Location, details they have entered. It is not based around where they actually are. Having entered a school name, the new user can also see who also attends that school, providing they have a Facebook account, or who claims to have been there in the past. Students and teachers are listed along with parents and other workers. In addition the Facebook system offers the new user profiles from nearby towns and other nearby schools.

The information each user enters and the security settings they use are, to a certain extent, entirely up to the individual. Facebook, for minors, only allows status updates and other entries to be shared with Friends and Friends of Friends. This is a good system, providing that the Friends of Friends are real and actually known in real life. It can be abused. My faked profile allows me to see and link to the Friends of Friends of those who join by Friends List no matter who they are and no matter whether they might know me or not.

The choice of whether a person clicks on the Accept Friend is also an individual choice. I had imagined, since Sundown is such a small town, that my experiment would end at this point. However, as I write this, Amanda Miller has thirty friends on her list, none of whom can possibly know her. Only one of these ‘friends’ questioned her, asking whether they knew one another or not, and even she was satisfied with the answer given and remains on the Friends List – the answer was that Amanda might have picked out the wrong forename since she didn’t look at the surname of the user, although the name is not all that common.

It is difficult to go into the minds of those who decide to accept an online friendship offer from someone they do not know where next to no information is provided. Social media has opened up many new possibilities but, for minors, the dangers are also plain to see. That someone can then remove the friendship, block the false user or even report them makes little difference. Once the friendship has been accepted the fake user has enough time to gain more information about that person, read through their status updates, check out their list of friends.

The ability of anyone to create a fake Facebook account is a failing of Facebook’s security and could easily be avoided. The information needed to determine whether a person really is where they claim to be – but not necessarily who they claim to be – is already registered when a person creates the account. A simple automatic check could prevent the new profile ever going live, even without the immediate intervention of a real person. Fake accounts will always be there, and Facebook is not the only social media network which suffers from them, but it is possible to limit their number, to make creation of a profile that little bit more difficult, if only the systems already in operation were linked together and decent security measures – as far as this case is concerned – were implemented.

  • Viktoria Michaelis.

Tags: , , , , , ,


  • Danyi says:

    you only have to look at some of the names (no one was born with some of these you see) to realise they are not real…..some of my friends have two accounts….an innocent example…one for fun where they can say what they like and one for family who they would not post those comments for.
    that’s not a bad thing….but yeh others have fake accounts for more sinister purposes….ugly but happens!
    FB could stop these with more rigorous checks…..but they don’t…..why? easy……87 million fake accounts might still look at the advertising on fb……might still play the silly game apps ……all revenue for fb……so why stop a source of revenue…..after all…is not there fault predators can thrive in this environment trying to entrap young teenage girls…..(okay probably a small minority of the fakes….but an example) or is it if they don’t care about there customers enough to check…lets face it….profit comes first

    • Profit does indeed come first, with most companies to be fair. In this case Facebook announced the figure of 87 m fake accounts, a drop in the ocean to be honest, but still. And the figures are good if you want to show how many potential customers are available for advertising purposes, but the Facebook system is rather more refined. Advertisers pick out their potential customers through a series of personal information checks – the information Facebook has previously collected about all of us – according to our location, gender, interests, purchasing history. The advertiser then pays either according to how many clicks come through their banner or according to how many profiles show the advert. It is in the advertisers interest, and therefore also in Facebook’s interest, to limit the number of fakes in order to maximize customer / advertiser happiness and income.

  • Francois says:

    Viktoria, I would invite you to repeat the same experiment on vk.com, the so-called “Russian Facebook” whose owner is the second-largest shareholder of Facebook itself.

    You would find out how civilised and safe Facebook is in comparison.

    This being said: why do you want Facebook to take extraordinary* measures to authenticate their users?

    *They would have to be extraordinary: a legitimate user from Montreal should be able to create an account from Kyiv using the http tunnel from his personal server in France, and give his French mobile number. Why not? Because some people would abuse it? Why is that Facebook’s problem?

    • Oh, I’m not saying that they have to implement such a simple verification system, just that it is a possibility to cut back on some of the fake – and dangerous – accounts which have been created. I don’t doubt for a moment that some other social media networks are considerably worse, but they don’t gain as much news space as Facebook does….

  • Francois says:

    And how would Facebook deal with two to three hundred million such red flags because Internet Services Providers in small towns really are tributaries of bigger nodes and those are sometimes in another country?

    Add to that the number of purely mobile users who do not even have an IP address because they use only the in-phone app over GSM or CDMA and you need tou outsource the manual validation the North Korean armed forces.

    It simply cannot be done on a one-billion users database.

    • Is the number of people who create a profile over a mobile device really that high? I think not. For me it goes more along which country a person is in, at the most basic level, and then how close their claimed town is to the node they are being directed through. I am sure that FB also notes the IP address – otherwise they wouldn’t have the connection – which gives another clue as to a person’s real location. A red flag for a human being would only be raised when an automatic clearing question couldn’t be answered, or when an automatic query to the person in question, for proof of identity as an example, couldn’t be answered. Even slightly smaller companies such as eBay and PayPal check on authenticity these days, one with a written confirmation through the post and the other with two minor credits to a given bank account. I believe the possibility is there although, of course, it is not foolproof and anyone with good Internet knowledge can run their connection through servers elsewhere or hide their true location sufficiently to fool the system. For the average criminal, though, it would be enough to put them off.

  • Francois says:

    eBay and PayPal (really the same company) deal with real money, they need better authentication.

    Yes, there are a lot of mobile-only Facebook users. Pulling a number out of my hat: between 50 and 100 million with 50 more likely. The iPhone, iPad, Android, Nokia younger users who never touch a “real” computer until they get their first job, if then. It was a big, big, question during the good old days of the IPO: no ads on mobile.

    My question remains: why do you want a free-to-register service such as Facebook, which does nothing of vital importance or strategic value, to authenticate its users?

    • I didn’t say that I wanted them to authenticate, merely that the means are there to prevent some of the fake profiles which are constantly being created. And there are many, many free-to-register sites on the Internet, which mostly have premium membership so that you can gain access to all the useable facilities, which probably also have nothing of great value to offer but authenticate. No, it is merely a possibility Facebook might have considered to avoid some of the constant haranguing they receive over fake profiles, over harassment, over misuse of the facilities by people who portray themselves as something they are not (more than normal people, that is!).

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2010-2018 Viktoria Michaelis All rights reserved.
This site is using the Desk Mess Mirrored theme, v2.5, from BuyNowShop.com.

error: Content is protected !!