I think it's understandable that big platforms face problems of scale with moderating ads & content, but one thing I've noticed is that Meta are extremely sensitive in rejecting ads due to images being imperfect or other minor things, yet Facebook & Instagram seem filled with crypto & fake IPO scams. I think they've misallocated moderation resources.
On the other hand, whilst I think the ACCC is right to pursue them over this, does it have anything to do with their previous showdown?
Well also some of the crypto scam ads picked the wrong dude to impersonate, someone with old fashioned values and money to fight back - Andrew Forest who started FMG mining.
"In one shocking instance, we are aware of a consumer who lost more than $650,000 due to one of these scams being falsely advertised as an investment opportunity on Facebook."
Brutal.
I'd be interested to know how much they're relying on "This was reported to Meta and they failed to act" and how much was the expectation that the publisher know which celebrities are endorsing what? Matt Damon is endorsing crypto and almost any crypto promos seem somewhat scammy, so it's not out of the question. Should a publisher know who is or isn't endorsing?
I've always wondered how far you could get using lookalikes but no names. Or random people with the same name as a celebrity, but not using a visual likeness.
The ones I've seen (and reported, and sometimes seen again) as paid ads on Facebook are as obviously scammy as a Nigerian prince email. Fake news website with design ripped off real news website, implausible claims and business mogul celebrities whose non-endorsement of crypto is almost famous (fake endorsements so prominent there's mainstream news coverage of scam victims and disavowals of crypto on the celebrities' own websites and Facebook/Meta has even actually settled lawsuits from some of them!)
Nobody with the degree of digital literacy required to work for Meta has any excuse for approving many of the ones I've seen, and even the most basic keyword-based version of a spam filter could have caught many of them.
unfortunately this happens quite a lot. I've seen it 1st hand (in my employment for someone that was being impersonated).
Even though I've seen it 1st hand quite a lot, it still astounds me how gullible people can be. People with lots of money, people with little money, people who are comfortable and have no desire to 2x their net wealth...
all it takes is a lack of focus, or a brain fart or just a little too much easily placed trust.
Presumably Forrest has limited recourse against the advertisers because they're behind shell companies (or similar) in countries with limited legal consequences. As a result, I can't see a solution that doesn't involve countries requiring publishers to filter advertising sources.
I'm guessing this sort of thing isn't politically urgent or important so the public is left dealing with the mess. Without an ad blocker, I can't see how you could even start to escape scams getting in your face.
Sure, but that could be a small agency indistinguishable from a spam operation, and is the expectation that the publisher vet each claim and endorsee?
They should be able to address complaints and to prevent repeat attempts to breach this, but is stopping it altogether feasible?
I don't use Facebook so maybe they already do this, but it's probably reasonable to require anyone advertising in a country to have a registered business presence within that country. But that's only going to work at scale (AdSense, FB, etc) and not with randoms putting ads on a site that anyone can see.
> and is the expectation that the publisher vet each claim and endorsee?
Maybe yes? If you're paid to artificially promote some content to lots of people, even more so if there's targeting criteria associated (targeting the most vulnerable to fall for such scams) you should share responsibility?
In the real world you can't hold a banner "CHEAP DRUGS SOLD HERE" without getting in trouble and I doubt the excuse of "I'm just a platform, not responsible for anything" is going to fly.
> is stopping it altogether feasible
Yes. Make a human review every single ad and raise the prices if necessary.
Ignoring the targeting aspect for a second, our comments here on HN aren't vetted. If I make a medical claim or a legal claim or a financial claim, @dang doesn't call in a doctor, lawyer or CPA to vet it before it gets live. That would be absolutely cost-prohibitive. And I suspect that vet-before-publish would assign more legal responsibility to the publisher which is partly why this doesn't happen on any major social network or forum.
How could a human review an ad with a name, without having contact details for that named individual? Or with a photo if they didn't recognise that person? Or if it was an ad about a person such as a news item?
Is there a way with digital keys so that any media claiming endorsement by a person can be signed off? Or requiring an equivalent of talent releases (I get these as photographer/videographer)?
If you are charging for publishing the content (ads) then you should charge enough to cover the vetting.
If you are not charging (comments) then different rules apply and you must take it down if reported for certain things (copyright infringement).
If you are not charging (comments) AND you create your own content (news) then different rules apply and you must vet the content for certain things (libel, hate speech).
If you are charging for content then you should probably also ask for whatever supporting evidence is required to do a reasonable job of vetting.
If someone lies and provides a false release and you have a reasonable vetting process then you will likely be able to use that process as a defence.
To eschew responsibility for the vetting of the advertisement content, there would need to be better vetting, like KYC / AML requirements, for those submitting the ads in order to ensure there's some real person / company at the end of the chain to be brought into court.
I can't see how that is possible without blocking countries from the advertising/participation pool. It's the Wild West otherwise. Pointless having a name if your pursuit doesn't have legal teeth.
> I can't see how that is possible without blocking countries from the advertising/participation pool.
"Nigerian price" scams were basically non-existent before Internet access became easy, cheap & widespread.
It isn't that something fundamentally changed with people becoming more gullible or suddenly having more money to spend, it's just that Internet access allowed people in foreign countries with law/corrupt law enforcement to suddenly be able to make big bucks while being out of reach from the target country's law enforcement.
Back in the day this would've been theoretically possible, but would've most likely required being on the ground (putting you in reach of LE) and having some initial credibility and funds to convince a media network to broadcast your scam.
Maybe some barriers to entry are a necessary evil?
Back in the day, someone had to get a physical ad in front of you. To transfer cash, you had to go to the bank and go through some convoluted process. Now you can be convinced and lose everything without a single person giving you a second opinion along the way.
> "Nigerian price" scams were basically non-existent before Internet access became easy, cheap & widespread.
False; the model of scam (“advance-fee scam”) dates back to at least the 19th Century and became particularly popular in the 1980s, long before widespread internet access.
I'm sure the model was there, but were they so widespread? I'd expect that without the internet and requiring a business presence in the country, it would raise the risk of law enforcement involvement considerably as opposed to just being able to spam email from a foreign country.
> I'm sure the model was there, but were they so widespread? I'd expect that without the internet and requiring a business presence in the country, it would raise the risk of law enforcement involvement considerably as opposed to just being able to spam email from a foreign country.
They were less commonly addressed to the kind of people who would never even consider going along with them, because selectivity in presentation was a survival skill for scam artists, but, yes, advance-fee scams were rather notoriously common scams before the internet became popular.
How does it work in pre-internet media advertising?
> It's the Wild West otherwise.
That's the "do nothing" case that we're in now though isn't it?
> Pointless having a name if your pursuit doesn't have legal teeth.
Can't advertise into country X if you don't have a legal presence in country X. (Simple? Pending the years of legislative navigation, by which time alternatives will have filtered into the ecosystem: decentralisation and non-censorability, etc.). Which is basically what you've said "blocking countries from the advertising/participation pool".
Pre-internet, there weren't infinite scammers hammering magazines and newspapers from overseas with questionable ads. There was still some junk, but no where near as relentless. And most products were physical, so even if you were advertising miracle skin repair, you were manufacturing and shipping a physical product so it was harder to appear and disappear.
Ease of money transfer hasn't helped prevent scams either.
The issue with locking down by country is, say you have an upstanding SaaS startup and you want to advertise to the world. Can you realistically justify registering your business in 100+ countries? Even something like Stripe Atlas is arguably too heavy-handed for side-project stage.
I could see there being a verification engine whereby an advertiser posted a bond before that verification service endorsed them to publishers. But this would require countries to require publishers to use something like this, because they won't do it off their own back.
> The issue with locking down by country is, say you have an upstanding SaaS startup and you want to advertise to the world
It depends on what the ad is about. The verification requirements should be much more stringent for a financial or medical service than some random SaaS (the latter's customers can already be made whole by just disputing the transaction with their card issuer). I don't believe it's that far-fetched to require financial services to have a business presence in the local country and abide by local laws before being able to advertise.
>>without blocking countries from the advertising/participation pool
Fine. If your country doesn't have sufficient commercial and legal infrastructure to have solid basic KYC and legal responsibility, you don't get to participate. Perhaps might provide motivation for countries to step up to the requirements of a civilized world — or not, and they can enjoy the benefits of a 'wild west' world. Pick a lane, but you don't get both
That's what I've been getting at, but it would require voluntary industry participation (hasn't and won't happen), or regulation from a set of countries able to drag everyone else along with them. EU might be a shot.
HN comments don't scale by design. They are limited to the thread they're posted and to the effort it takes to manually post (most of the time - I am aware automation can briefly exceed this), and there is still moderation and banning not to mention some hidden anti-abuse mechanisms that could very well be culling a lot of spam we don't even realize was being posted.
Both HN itself and our interaction with it takes into account the fact that the damage by a malicious user will be limited. We'd most likely reconsider our use of HN if everyone got a button "reply to all threads" that would auto-spam their reply to every thread and make the website unusable.
Facebook "organic" content is the same. In most cases, organic content is limited in reach so that the potential damage caused by a malicious user is acceptable, although misaligned incentives sometimes prompt Facebook's algorithms to artificially boost the reach of organic content to increase engagement.
Facebook paid ads are different - it's basically an officially-endorsed spam machine; you pay money and you are able to bypass the normal reach limits that organic content would get. This can cause a lot of damage and harm if used to spread malicious content, even more so when you can control targeting parameters to only show it to the most vulnerable and fly under everyone else's radar.
> How could a human review an ad with a name, without having contact details for that named individual?
If you're advertising a financial investment scheme it's reasonable to expect the company to have a real address, business registration, potentially some kind of license if the local laws require it, etc. If a financial investment company doesn't want to provide contact details, it's not an investment company, it's a scam.
> Or with a photo if they didn't recognise that person? Or if it was an ad about a person such as a news item?
Having a verified audit trail behind the ad would at least leave a paper trail for the copyright holder to go after who originally posted it.
The idea isn't to be bulletproof, it's to make it both harder and riskier (legally) for malicious actors to operate. I believe it should be considered the "right thing" to do for a platform that allows ads to be pushed to potentially vulnerable people, but since it's Facebook and they have no concept of "the right thing", regulatory action is necessary.
How are copyright holders going to chase spun-up shell companies in some random country abroad where there is zero chance of pursuing them? That'd be the main reason why Facebook is being pursued here, because getting to the advertiser is hopeless.
OK, I'm a spammer. I say I'm not advertising financial investments but then my ad either more or less is a financial scam, or is some grey area where people are lured to a site (which gets changed after approval) or it names some new crypto thing which the vetter has never heard of before. Or it uses the likeness of a celebrity specific to the target country and that the vetter doesn't recognise. Does the celebrity want to be contacted for every submitted ad to answer "Is this you? Did you approve this?" Do you need to have vetters in every country and with knowledge of each industry - is this medical ad a scam? What about this one about naturopathy? Facebook might have the means of dealing with something like this, but for anyone smaller hosting ads that wouldn't be the case. So then you'd need a way of segmenting legislation by scale.
Then it's whack a mole with new scammers reappearing if you smack one down.
I can't see it happening without regulatory action either.
> How are copyright holders going to chase spun-up shell companies in some random country abroad where there is zero chance of pursuing them?
You still need to set up a shell company. That's still an extra barrier to entry.
> my ad either more or less is a financial scam
If your ad has anything to do with finance or is in a grey area it gets extra scrutiny.
> people are lured to a site (which gets changed after approval)
It's trivial for advertising companies to screen-scrape target websites and alert/suspend ads in case of significant changes. Maybe having liability would push them to do this and close this attack vector?
> it names some new crypto thing which the vetter has never heard of before.
In this case it gets escalated to a team that can do proper due diligence on it and only then it gets published if it ends up passing muster.
> uses the likeness of a celebrity specific to the target country and that the vetter doesn't recognise
That's a different problem entirely and is much less serious than financial scams. If that's the only issue with the ad (it might not be - if it's supplements or some other health-related BS it's likely to fail on health-related rules).
> Do you need to have vetters in every country and with knowledge of each industry - is this medical ad a scam?
Yes - why is this so outrageous?
> Facebook might have the means of dealing with something like this, but for anyone smaller hosting ads that wouldn't be the case. So then you'd need a way of segmenting legislation by scale.
Potentially, or alternatively we might not. Maybe having the potential to force harmful content in front of millions of people needs to be regulated closely, and if you can't do it responsibly, well tough luck - what matters is the potential harm, not how many employees or your company turnover. Nobody has a right to be in business after all, and it's clear that the industry is not capable of self-regulation.
> Then it's whack a mole with new scammers reappearing if you smack one down.
I don't doubt there's always going to be a few that fall through the cracks, but the objective is to at least raise the barrier to entry and hopefully having a better paper trail that makes it easier to catch up with the offenders if they do manage to slip through.
My Facebook ads are 50% crypto-scams, 40% bizarre and weird gambling games, and 10% medications. So basically 90% scams. And even the medications are probably iffy.
The very foundational idea of "the advertising of medication" is worse than iffy, without getting into the entire cesspool-chain of companies behind the companies behind the advertising.
Let's round it up to 100% and write to our local representatives, yeah?
Oh I would love for them to take action against the millions of adverts for mobile games where video is either unrelated to the game or stolen from other games.
At one point I had a blocklist of absolutely dozens of these in AdSense and they were still getting through and advertising on my site. Evony or something. Google didn't do a great deal to help stop it.
But I think what the parent was referring to was more along the lines of games which literally use images from other games -- or, in some cases, games which don't exist at all -- in their advertisements.
Evony might as well not exist at all either - not like I was ever going to play it!
How does a publisher verify whether images are from the project being advertised? How do they verify that the game exists? On HN, we talk about running ads to build a database of interested users for a project we might not have created yet.
I think we can hold companies to greater account for not locking out bad actors once they're identified, but I can't see a viable way to do that pre-publishing short of an ad requiring potentially hours of due diligence.
And after the fact, we'd require any advertisers to have a local (business) presence so that false advertising claims could be dealt with. I'd be all for that.
When I say "games that don't exist at all", I actually have two specific ad campaigns (or, possibly, groups of copycat ad campaigns?) in mind.
One campaign contained illustrations showing a physical scenario involving barriers that the player could remove to help or harm a character, e.g. by dropping a character into lava, or by releasing that lava to destroy an enemy. The advertising campaign sent viewers to a generic match-three game, a la Bejeweled; the game appearing in the advertisements didn't exist (although some other enterprising developers actually created the game later on).
Another campaign contained illustrations of a character faced with obstacles and given a selection of objects to overcome that obstacle, e.g. a character faced with a fire might be offered a gasoline can, a firehose, and a vacuum cleaner. These advertisements typically showed a player choosing the wrong item, causing the player character to be graphically injured or killed, and challenged the viewer to do better. Again, these ads typically sent the viewer to a match-three game bearing no resemblance to the advertised game.
Neither of these was a situation where a developer was running an ad campaign to gauge interest in a game concept -- these campaigns ran for years (and may even still be ongoing), and were used to drive users to finished games completely different from the advertised content.
Unpopular Opinion: Celebrities should be held legally accountable for the products they endorse.
If a "reasonable person" can look at the info the celeb or influencer had at the time and consider it a scam or untruthful, the celebrity should face financial penalties for making that endorsement.
True. And nobody likes fraud. And it should be dealt with.
I just have trouble having sympathy for people that willingly hand over money to obvious scams. Double your Bitcoin is a classic one. Yeah, right, elons going to double your deposit. Greedy stupid people fall for it, lose, why didn’t someone protect me.
I don't have much sympathy for greedy people who are scammed. I do have sympathy for elderly people who are scammed. Mental acuity can diminish significantly with age.
My Dad used to be a very sharp corporate lawyer. He's now over 80 and was very lucky not to lose $10,000 to a phone scam a while ago. They were in the process of switching ISPs and a scammer called saying they were from his ISP and needed to check his computer. They managed to talk him into installing remote access software and logging into his bank account. A huge red flag for us is not necessarily so for people who are old and technically challenged.
Luckily the scam happenned on a weekend, my Dad was suspicious enough to call me and we managed to stop the $10k transfer just in time.
Although my Dad's scam was a phone call, online advertisers can do a much better job of screening for scam ads at trivial cost to their operations compared to the effect on vulnerable individuals.
Thank you for sharing. My post was insensitive and missed the human connection where real people are hurt. I wish nothing but bad tidings on those that wish to exploit human vulnerability for selfish gain.
I'm assuming you read the article. I don't understand why you would hold that opinion. Why should anyone be held responsible for a product that they are typically not even aware about that has used their face / name without permission?
If I took a picture of you and overlaid it on my ad for a special brand of consumable bleach which I then promote all over social media, should you then be held responsible?
I haven't seen this on Facebook (I have ads blocked there and see almost nothing from people I don't know personally), but I see this a lot on Twitter, on YouTube, and in email spam (some of which makes it through gmail's spam filter). The scammers have fairly sophisticated tactics and a high degree of automation; flagging and blocking individual spam accounts is useless, they clearly have scripts churning them out.
Fighting spam is a legitimately difficult problem. It's particularly difficult with crypto-scams, because the per-victim profit is so high that the spammers wind up well-resourced. Given that other major platforms have mostly failed to deal with the same scammers, it doesn't seem reasonable to hold Facebook-in-particular liable.
I agree wholeheartedly. Spam (email, if that's the comparison here) can be sent by anyone to anyone. Advertising (and I can't believe this would need explaining, unless my understanding is ridiculously simplified) involves a business transaction between two parties:
Party #1: I want to run this ad on your network
Party #2: OK, pay me money and we'll run it
The party being paid (should - and this seems to be the crux of the issue at hand) be responsible for what they're serving up because otherwise they could be serving up viruses, malware, Russian propaganda, etc. The ad network (looking at your Google and Facebook) are the party serving the advertisement to the public; distributing the ad as software, handing out the flyers containing the message, whatever analogy you prefer.
I'm starting down the "should" slippery slope here: The ad network has (should have) a responsibility to both police the content for obvious malevolence and the ability to point to a legitimate, traceable Party #1 to hold legally responsible for the kind of content in question here.
What are the rules governing TV, radio, and print advertising?
Could a TV ad company get away with this same advert? If not, why is internet advertising held to a less stringent set of rules?
Could I pay Facebook to run an ad that's actually a recently released full length movie?
Separate topic: Do they wonder why ad-blocking is an increasingly popular practice?
Unlikely. Given that these are scammers, they wouldn't want a trail of payment information leading to their real identities. So I'd expect them to use stolen credit cards and stolen accounts, which tends to lead to a lot of chargebacks and a net loss.
There's some loss for sure, but given that ads are free to Facebook, even a 10% success ratio is still profit.
Either way, whether it's later charged back or not, it doesn't change the fact that Facebook is initially happy to take money to artificially promote & spread this harmful content.
I'm sure these are negotiable - I don't expect Facebook to be held to the same standard as small businesses. They are big enough to become their own processor if they wanted to.
It doesn't even have to end up in chargebacks even - if the scam ads are profitable, it's in their best interest to keep paying for the ads legitimately and fly under the radar (yes - the account may be under a false identity, but nobody cares if the money is there; these things tend to come to light when someone looks closer, but if the account is in good standing there's no reason for anyone to do so).
So many YouTube channels get hacked and used to post those weird Ethereum/Ripple/whatever crypto livestreams where there's a video in the corner of Big Crypto Icon Guy giving some kind of talk and a big banner telling you to send money to XYZ address.
This is still an ongoing problem; YouTube has just gotten somewhat better about not surfacing these streams in recommendations. Searching for livestreams with the keywords "Elon Musk" makes it pretty clear that they're still quite active:
I stumbled across one of these sponsored posts, it looked like a blatant scam but was well enough crafted that unsuspecting folk could easily fall for it.
Surprisingly, some comments were >6 weeks old (meaning it had been up for at least that long), and it had hundreds of 'reactions' (hinting it had been displayed to a lot of people).
On the other hand, whilst I think the ACCC is right to pursue them over this, does it have anything to do with their previous showdown?
https://www.abc.net.au/news/2022-02-18/facebook-blocked-aust...