Tag: flaws
Meta Oversight Board finds plenty of flaws with Facebook’s content moderation
Facebook’s content moderation systems are clearly in need of repair.
On Thursday, Meta’s Oversight Board announced that it had reversed two of Facebook’s decisions to remove content from its platform. The independent group’s conclusions point to major flaws in Facebook’s content moderation protocols in two major areas: the platform’s use of automated systems to take down content and the removal of newsworthy content by human moderators.
The first case from the Oversight Board concerns a Facebook user in Colombia who had posted a cartoon image depicting police brutality from the National Police of Colombia in September 2020. Facebook removed the user’s post 16 months later when the company’s automated systems matched the cartoon image with one stored in a Media Matching Service bank.
The Oversight Board determined it was wrong for Facebook to remove the user’s post because the image depicted did not violate Facebook’s rules and should not have been added to the Media Matching Service bank.
And, according to the Oversight Board, this user wasn’t the only one affected. In total, 215 users appealed the removal of a post which included this image. Of those, 98 percent were successful in their appeal to Meta. However, the cartoon image remained in the bank and continued to lead to automated detections and subsequent post removals. Meta only removed the image from the Media Matching Service bank when the Oversight Board decided to take up this particular case.
In the second case, the Oversight Board determined Meta wrongly removed a news post about the Taliban. In January 2022, an India-based newspaper had posted a link to an article on its website about the Taliban’s announcement to re-open schools for women and girls. Meta had determined that the post was in violation of its Dangerous Individuals and Organizations policy as it construed the post as “praise” of the Taliban.
As a result, Meta removed the post and limited the Indian newspaper’s access to certain Facebook features, such as Facebook livestreaming. The newspaper attempted to appeal the decision but it was not reviewed due to a lack of Urdu-speaking reviewers at the company.
Once more, when the Oversight Board decided to take this case, Meta then reversed its decision, restored the content, and removed the Facebook Page limitations. Simply reporting on newsworthy events is not a violation of Facebook’s policies, the Oversight Board determined.
While the affected users in these specific cases may be fairly small in number or reach, the Oversight Board used the opportunity to recommend broader changes to Facebook’s content moderation systems, whether it be automated or human-reviewed.
Founded in 2018, the Oversight Board was formed to create somewhat of a Supreme Court for Meta’s content moderation decisions. The organization released the decisions on its first cases in January 2021. One of those early rulings was heavily criticized as it called for the restoration of a removed post that Muslim activist groups deemed as hate speech. But, the Oversight Board’s most notable case up to this point has easily been its decision to uphold Meta’s suspension of Donald Trump on Facebook. The former President was suspended from the platform following the violent riots at the Capitol building on Jan. 6.
The Oversight Board’s decision did force Meta to set a timeframe for Trump’s suspension, however. Shortly after this 2021 ruling from the Oversight Board, Meta announced it would consider allowing Trump back on its platforms in January 2023. That may have sounded far off into the future back in June 2021, but now that’s just a few months away. If and when Trump returns to Facebook next year, don’t be surprised to see his name on an Oversight Board case or two…or twenty.
Hackers may have exploited security flaws – Apple
Security researcher reveal Zoom flaws that could’ve allowed attackers to take over your Mac
Zoom’s automatic update option can help users ensure that they have the latest, safest version of the video conferencing software, which has had multiple privacy and security issues over the years. A Mac security researcher, however, has reported vulnerabilities he found in the tool that attackers could have exploited to gain full control of a victim’s computer at this year’s DefCon. According to Wired, Patrick Wardle presented two vulnerabilities during the conference. He found the first one in the app’s signature check, which certifies the integrity of the update being installed and examines it to make sure that it’s a new version of Zoom. In other words, it’s in charge of blocking attackers from tricking the automatic update installer into downloading an older and more vulnerable version of the app.
Wardle discovered that attackers could bypass the signature check by naming their malware file a certain way. And once they’re in, they could get root access and control the victim’s Mac. The Verge says Wardle disclosed the bug to Zoom back in December 2021, but the fix it rolled out contained another bug. This second vulnerability could have given attackers a way to circumvent the safeguard Zoom set in place to make sure an update delivers the latest version of the app. Wardle reportedly found that it’s possible to trick a tool that facilitates Zoom’s update distribution into accepting an older version of the video conferencing software.
Zoom already fixed that flaw, as well, but Wardle found yet another vulnerability, which he has also presented at the conference. He discovered that there’s a point in time between the auto-installer’s verification of a software package and the actual installation process that allows an attacker to inject malicious code into the update. A downloaded package meant for installation can apparently retain its original read-write permissions allowing any user to modify it. That means even users without root access could swap its contents with malicious code and gain control of the target computer.
The company told The Verge that it’s now working on a patch for the new vulnerability Wardle has disclosed. As Wired notes, though, attackers need to have existing access to a user’s device to be able to exploit these flaws. Even if there’s no immediate danger for most people, Zoom advises users to “keep up to date with the latest version” of the app whenever one comes out.