A Wild Plan to Crowdsource the Fight Against Misinformation

Claire Wardle fights zombies.

Not the dead human kind, but rather the fake “facts” that have been debunked and disproven but refuse to die online. You know the kind. No need to reanimate them here. Wardle has taken to calling them “zombie rumors,” and it’s her life work to eradicate them in their many forms—misinformation posted by individuals in their personal Facebook feeds; massive disinformation campaigns coordinated by nation-state-backed propagandists; fake information perpetuated by persistent algorithms.

Maybe you’ve never heard of Wardle, but she’s one of the leading misinformation experts in the world, formerly of Harvard’s Shorenstein Center and a founder of First Draft News, a nonprofit that fights misinformation around the globe. She’s currently the director of a new group called Civic, the Coalition to Integrate Values Into the Information Commons—which she runs with former founding director of the International Fact-Checking Network, Alexios Mantzarlis—and she came to TED 2019 to lay out her vision for the coalition: to bring the power of crowdsourcing to the fight against misinformation online.

Misinformation is in some ways a harder enemy to eliminate from the internet than violent or graphic imagery, or even hate speech, which can all be a little more easily classified into cut-and-dry categories for people and machines to recognize. What makes misinfo especially pernicious is one of its hallmarks: The “fact” in question often feels just true enough or plays into existing biases. Misinformation also exploits a basic emotion: fear. Especially “people’s biggest fears about their own safety and that of the people they love,” says Wardle.

That’s where the crowd can help. People are experts in their own cultural context, Wardle says, and if there’s some sort of system where they can bring that expertise to bear, maybe they can fight against zombie rumors trudging across the internet. But what does this system look like? In her talk at TED, Wardle described what she’s calling “a Wikipedia of Trust,” a back-end contributor model where regular people could volunteer to flag, decipher, and catalog fake memes and bot activity, and add crucial cultural context to images and information that might be a zombie rumor. They could even help build a repository of cryptographic hashes for zombie rumors that keep popping up, much the same way groups have done with child sexual assault imagery online, a way to assist in the automatic filtering of common misinformation.

Wardle suggested this platform would integrate with all the major social media platforms so everyone benefits from the hive mind. Ideally, the platforms would also share whatever information they’ve separately collected on misinfo campaigns with Civic’s crowdsourced platform.

“Facebook, for example, basically has all these projects around creating all of these fact checks that then sits in a database owned by Facebook,” she says. “We should have an open database, so all that work that gets done should benefit Reddit and should benefit Google and should benefit YouTube.”

Her next idea is more radical. Wardle hopes people will choose to provide Civic with direct access to their social media data so that researchers can analyze how the platforms are actually surfacing and treating misinformation. Researchers are mostly unable to see this kind of information right now because every social media feed is algorithmically optimized to each person. “My Facebook News Feed is very different than yours. That makes it impossible to examine what people are seeing,” she says. But to understand the misinformation ecosystem—how the data is shared, suggested, and spread—researchers like Wardle need to see social media the way users are actually seeing it. They need to see it through our eyes, in the context of our actual social media feeds. However, the platforms are very cautious about giving that data up—and understandably so, given that it was an academic researcher who first gathered the information on Facebook that led to the whole Cambridge Analytica debacle. Speaking of Facebook, the company has pledged to give researchers data to help understand misinformation, but Wardle says that collaboration is slow-going. Which is why Wardle wants users to donate their data—fully anonymized—to Civic directly. “Can we build out a global network of people who can donate their data to science?” she says.

This is all at the idea phase right now. Civic’s website only went live last week, and the coalition is currently incubating at the Ted foundation in New York City. But Civic recently completed a vaccine misinformation survey of social media users in 12 different countries, which gives a hint at what she’d like to do at scale. Her team asked people where they would look online if they wanted to get vaccine information for a friend, what they would search for, and then they asked for screenshots to be sent back. Naturally, the results varied depending on where people lived, or what their networks were like, or what platform they used to find new information. One notable result she shared on Instagram is that when users typed in “vacc,” the suggested tags and accounts were “vaccines kill” or “vaccines are the worst.”

“Only by doing it and getting people to send you their screenshots do you see the scale of these challenges,” she says. But perhaps an anonymized, global repository for people to share data could turn a simple screenshot into an arrow aimed at the zombie rumor hordes online.


More Great WIRED Stories

A crazy Plan to Crowdsource the battle Against Misinformation

Claire Wardle fights zombies.

Maybe not the dead human being type, but alternatively the fake “facts” which have been debunked and disproven but won’t die on the web. You realize the kind. No need to reanimate them here. Wardle has taken to calling them “zombie rumors,” and it’s her life work to eradicate them within their numerous forms—misinformation posted by people within their personal Facebook feeds; massive disinformation promotions coordinated by nation-state-backed propagandists; fake information perpetuated by persistent algorithms.

Maybe you’ve never ever been aware of Wardle, but she’s one of many leading misinformation professionals on earth, previously of Harvard’s Shorenstein Center plus founder of very first Draft Information, a nonprofit that battles misinformation world wide. She’s the manager of the new group called Civic, the Coalition to Integrate Values to the Information Commons—which she operates with previous founding director for the International Fact-Checking system, Alexios Mantzarlis—and she came to TED 2019 to lay out her vision the coalition: to create the effectiveness of crowdsourcing towards the fight against misinformation on the web.

Misinformation is in some means a harder enemy to eradicate from the internet than violent or visual imagery, and sometimes even hate speech, which could all be a bit more easily classified into cut-and-dry groups for folks and machines to recognize. Why is misinfo particularly pernicious is certainly one of its hallmarks: The “fact” involved often seems simply true sufficient or plays into existing biases. Misinformation additionally exploits a fundamental feeling: fear. Especially “people’s biggest fears about unique security and that of people they love,” says Wardle.

That’s where the audience will help. Folks are experts in their own personal social context, Wardle states, and if there is some sort of system where they are able to bring that expertise to bear, maybe they could combat zombie rumors trudging over the internet. But exactly what performs this system seem like? Inside her talk at TED, Wardle described exactly what she’s calling “a Wikipedia of Trust,” a back-end contributor model where anyone else could volunteer to flag, decipher, and catalog fake memes and bot activity, and include essential cultural context to images and information that could be a zombie rumor. They could even help build a repository of cryptographic hashes for zombie rumors that keep appearing, much the same means teams have done with son or daughter sexual attack imagery on line, a method to assist in the automatic filtering of typical misinformation.

Wardle proposed this platform would integrate with the major social media marketing platforms so everyone else advantages from the hive head. Ideally, the platforms would also share whatever information they have separately collected on misinfo promotions with Civic’s crowdsourced platform.

“Facebook, for instance, essentially has these jobs around creating most of these reality checks that then sits in a database owned by Twitter,” she says. “We must have an available database, so all that work that gets done should benefit Reddit and really should gain Google and should benefit YouTube.”

Her next concept is more radical. Wardle hopes people will choose to offer Civic with direct access with their social networking data to ensure scientists can analyze the way the platforms are now actually surfacing and treating misinformation. Scientists are mostly not able to see this sort of information today because every social media marketing feed is algorithmically optimized every single individual. “My Facebook Information Feed is quite different than yours. Which makes it impractical to examine what people are seeing,” she states. But to know the misinformation ecosystem—how the info is shared, suggested, and spread—researchers like Wardle need to see social networking the way in which users are now actually seeing it. They should see it through our eyes, in the context of our real social networking feeds. However, the platforms are particularly apprehensive about offering that information up—and understandably therefore, considering the fact that it was an academic researcher who first gathered the info on Facebook that generated the entire Cambridge Analytica debacle. Talking about Facebook, the business has pledged to provide scientists information to aid comprehend misinformation, but Wardle claims that collaboration is slow-going. Which is why Wardle wants users to donate their data—fully anonymized—to Civic directly. “Can we develop down a global system of people that can donate their data to technology?” she says.

That is all at the concept period today. Civic’s internet site only went real time a week ago, plus the coalition happens to be incubating at the Ted foundation in nyc. But Civic recently completed a vaccine misinformation survey of social media marketing users in 12 different countries, which provides a hint at what she’d want to do at scale. The woman group asked individuals where they might look online should they desired to get vaccine information for the buddy, whatever they would search for, then they asked for screenshots become sent back. Naturally, the outcomes varied depending on in which individuals lived, or exactly what their systems had been like, or exactly what platform they always find brand new information. One notable result she shared on Instagram is that when users entered “vacc,” the recommended tags and records had been “vaccines destroy” or “vaccines would be the worst.”

“Only by carrying it out and having individuals to send you their screenshots do you understand scale among these challenges,” she claims. But maybe an anonymized, international repository for folks to fairly share data could turn a straightforward screenshot into an arrow directed at the zombie rumor hordes on the web.


More Great WIRED Stories

Inside a Ferrari Hypercar, Lyft’s IPO, and More Car News

Let the unicorn feast begin! On Friday, ride-hail galumphed onto the markets with the opening day of trading for little bro Lyftt. (Big rival Uber is reportedly on its way to its own IPO.) Lyft had a strong first day of trading, reaching a share price high of $87.24 before sliding to $78.29 at market’s close. Now the big question, which will answer itself in the weeks and months to come: How do investors feel about the prospect of the mustachioed company actually making money? How about the gig economy at large?

Still, plenty of transportation interestings were happening off Wall Street this week. We took a look at the current state of automotive software safety standards, and talked to people wondering how self-driving cars might fit into the mix. We reminded ourselves that self-driving cars aren’t going to be driverless for a while, and about the role of remote drivers in the ecosystem. We drove a Jeep Gladiator, the company’s adorably tough mini-pickup.

It’s been a week: Let’s get you caught up.

Headlines

Stories you might have missed from WIRED this week

Dress Rehearsal of the Week

Porsche promises its first all-electric sports car, the Taycan, will hit the market at the end of the year. Which means it’s time for the fun stuff: test drives! This week, the German automaker said it will have tested the Taycan on 3.7 million miles of road before its official launch, in the snows of Sweden, the heat of the UAE (up to 120 degrees Fahrenheit!), and the chill of Finland. More details on the Taycan’s testing regime here.

Stat of the Week

$911.3 million

The amount of dough Lyft lost last year, according to a filing submitted to the SEC in early March. For more stats on the ride-hail company, and to help you understand its IPO this week, check out these five charts.

Required Reading

News from elsewhere on the internet
Uber acquires Middle Eastern rival Careem for $3.1 billion, though the deal needs regulatory approval and may not be finalized until the end of the year.

Recode points out: “To bet on Uber—as is increasingly clear with this Careem purchase—is to bet not on Uber but on a global ride-hailing spoke model in which San Francisco-based Uber Technologies, Inc is merely the hub.”

Lyft rings in its IPO with a “City Works” pledge, investing $50 million or 1 percent of profits (whatever’s bigger) in city infrastructure, clean energy tech, and transportation access for disadvantaged communities. Anthony Foxx, the former secretary of transportation and Lyft’s current chief policy officer, clarified to WIRED that this doesn’t necessarily mean Lyft will write $50 million in checks—”Some of it will be in-kind,” he said—but that it will continue its current work on those three target areas in close partnership with cities.

Meanwhile, Lyft and Uber drivers went on strike in California this week, demanding higher wages after Uber cut their per-mile pay.

I Rode an E-Scooter as Far From Civilization as Its Batteries Could Take Me

Oh Wow, oh no: A budget airline suddenly ceased operations.

In the Rearview

Essential stories from WIRED’s canon
Via 1998: “How the beer company that created the first Internet IPO is shaking up the stock market.”

In the Ferrari Hypercar, Lyft’s IPO, and much more automobile News

Let the unicorn feast begin! On Friday, ride-hail galumphed on the markets utilizing the starting day’s trading for little bro Lyftt. (Big rival Uber is apparently returning to unique IPO.) Lyft possessed a strong very first day’s trading, reaching a share price high of $87.24 before sliding to $78.29 at market’s near. Now the big question, that may respond to itself into the days and months to come: How do investors experience the outlook for the mustachioed company actually earning profits? Think about the gig economy most importantly?

Still, a great amount of transportation interestings were occurring off Wall Street this week. We took a look at the current state of automotive computer software safety criteria, and talked to individuals wondering how self-driving cars might fit into the mix. We reminded ourselves that self-driving cars aren’t going to be driverless for a while, and concerning the part of remote motorists in the ecosystem. We drove a Jeep Gladiator, the organization’s adorably tough mini-pickup.

It’s been a week: Let’s enable you to get trapped.

Headlines

Tales you might have missed from WIRED recently

Dress Rehearsal of Week

Porsche promises its very first all-electric sports vehicle, the Taycan, will hit the industry at the conclusion of the year. Meaning it is time for the fun material: test drives! Recently, the German automaker stated it’ll have tested the Taycan on 3.7 million miles of road before its formal launch, inside snows of Sweden, heat of the UAE (up to 120 levels Fahrenheit!), and the chill of Finland. Additional information regarding the Taycan’s screening regime right here.

Stat associated with Week

$911.3 million

The amount of dough Lyft destroyed last year, based on a filing submitted towards SEC in very early March. To get more stats regarding the ride-hail company, and to help you comprehend its IPO recently, check out these five maps.

Required Reading

News from somewhere else on internet
Uber acquires center Eastern rival Careem for $3.1 billion, though the deal requires regulatory approval and may never be finalized before end of the year.

Recode highlights: “To bet on Uber—as is increasingly clear with this Careem purchase—is to bet perhaps not on Uber but for a international ride-hailing spoke model by which San Francisco-based Uber Technologies, Inc is only the hub.”

Lyft bands in its IPO by having a “City Functions” pledge, spending $50 million or 1 % of earnings (whatever’s bigger) in city infrastructure, clean energy tech, and transport access for disadvantaged communities. Anthony Foxx, the previous assistant of transport and Lyft’s current chief policy officer, clarified to WIRED this doesn’t suggest Lyft will write $50 million in checks—”Some from it may be in-kind,” he said—but it will stay its current work on those three target areas in close partnership with cities.

Meanwhile, Lyft and Uber motorists proceeded hit in Ca recently, demanding higher wages after Uber cut their per-mile pay.

“we Rode an E-Scooter as Far From Civilization as Its Batteries Could simply take Me”

Oh Wow, oh no: A spending plan flight suddenly ceased operations.

In Rearview

Crucial tales from WIRED’s canon
Via 1998: “How the alcohol company that created the initial Web IPO is shaking up the currency markets.”

Facebook Stored Millions of Passwords in Plaintext—Change Yours Now

At this point, it’s difficult to summarize all of Facebook’s privacy, misuse, and security missteps in one neat description. And it just got even harder. On Thursday, following a report by Krebs on Security, Facebook acknowledged a bug in its password management systems that caused hundreds of millions of user passwords for Facebook, Facebook Lite, and Instagram to be stored as plaintext in an internal platform. This means that thousands of Facebook employees could have searched for and found them. Krebs reports that the passwords stretched back to those created in 2012.

Organizations can store account passwords securely by scrambling them with a cryptographic process known as hashing before saving them to their servers. This way, even if someone compromises those passwords, they won’t be able to read them, and a computer would find it difficult—even functionally impossible—to unscramble them. As a prominent company with billions of users, Facebook knows that it would be a jackpot for hackers, and invests heavily to avoid the liability and embarrassment of security mishaps. Unfortunately, though, one open window negates all the padlocks, bolts, and booby traps money can buy.

“As part of a routine security review in January, we found that some user passwords were being stored in a readable format within our internal data storage systems,” Pedro Canahuati, Facebook’s vice president of engineering, security, and privacy wrote in a statement. “Our login systems are designed to mask passwords using techniques that make them unreadable. To be clear, these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them.”

Canahuati says that Facebook has now corrected the password logging bug, and that the company will notify hundreds of millions of Facebook Lite users, tens of millions of Facebook users, and tens of thousands of Instagram users that their passwords may have been exposed. Facebook does not plan to reset those users’ passwords.

“In some ways that’s the most sensitive data they hold, because it’s raw and unmanaged.”

Kenn White, Open Crypto Audit Project

For such a prominent target, Facebook has had relatively few technical security failures, and in this case appears not to have been compromised. But the company’s track record was severely marred by a breach in September in which attackers stole extensive data from 30 million users by compromising their account access tokens—authentication markers generated when a user logs in.

That breach indirectly helped Facebook discover the trove of plaintext passwords and the bugs that caused them to be there; the incident motivated a security review that caught the lapse. “In the course of our review, we have been looking at the ways we store certain other categories of information—like access tokens—and have fixed problems as we’ve discovered them,” Canahuati wrote.

“It’s good that they’re being proactive,” says Lukasz Olejnik, an independent cybersecurity adviser and research associate at the Center for Technology and Global Affairs at Oxford University. “But this is a big deal. It seems like they found the issue during an audit so maybe their past mistakes plus new privacy regulations are making these checks more standard.”

Facebook told WIRED that the exposed passwords weren’t all stored in one place, and that the issue didn’t result from a single bug in the platform’s password management system. Instead, the company had unintentionally and incidentally captured plaintext passwords across a variety of internal mechanisms and storage systems, like crash logs. Facebook says that the scattered nature of the problem made it more complicated both to understand and to fix, which the company says explains the nearly two months it took to complete the investigation and disclose the findings.

A company operating at Facebook’s enormous scale needs to keep network traffic logs to better understand and trace bugs, outages, and other incidents that may crop up. Those logs will inevitably pull in whatever network data happens to be flowing by. That Facebook caught passwords in that process makes sense; the question is why Facebook retained logs that included sensitive data for so long, and why the company was apparently unaware of its contents.

“The data that’s captured incidentally as part of debugging and operating at the network scales they do is not uncommon,” says Kenn White, a security engineer and director of the Open Crypto Audit Project. “But if Facebook retains that for years it raises a lot of questions about their architecture. They have an obligation to protect these debug logs and audit and understand what they’re retaining. In some ways that’s the most sensitive data they hold, because it’s raw and unmanaged.”

Twitter dealt with a very similar plaintext password-logging bug last May; it, too, didn’t require users to reset their passwords, saying it had no reason to believe that the passwords were actually breached. Similarly, Facebook says its investigation hasn’t revealed any signs that anyone intentionally accessed its hundreds of millions of errant passwords to steal them. But whether you get a password notification from Facebook or not, you might as well go ahead and change it just in case.

To do so on Facebook desktop, go to Settings → Security and Login → Change Password. On Facebook for iOS and Android, go to Settings & Privacy → Settings → Security and Login → Change Password. On Facebook Lite for Android, go to Settings → Security and Login → Change Password. Changing your account password on either main Facebook or Facebook Lite changes it for both.

On Instagram, go to Settings → Privacy and Security → Password to change your password. Instagram and Facebook do not use the same password, but can be linked to log into one with the other.

And while you’re at it, the easiest way to keep track of and manage your passwords so you can easily change them after incidents like this is to set up a password manager. Go get one now.

Facebook says that the plaintext password issue is now fixed, and that it doesn’t think there will be long term impacts from the incident, because the passwords were never actually stolen. But given the company’s apparently endless stream of gaffes, it’s difficult to know what will come next.

“I get that they are working at mind-boggling scale,” White says. “But these are the crown jewels right there.”


More Great WIRED Stories