Facebook’s Proactive Approach to Addressing Nonconsensual Distribution of Intimate Images

It’s well-known that technology has made sharing sexually intimate content easier. While many people share intimate images without any problems, there’s a growing issue with non-consensual distribution of intimate images (NCII[1]), or what is often referred to as “revenge porn.” Perpetrators often share - or threaten to share - intimate images in an effort to control, intimidate, coerce, shame, or humiliate others. A survivor threatened by or already victimized by someone who’s shared their intimate images not only deserves the opportunity to hold their perpetrator accountable, but also should have better options for removing content or keeping it from being posted in the first place.

Recently, Facebook announced a new pilot project aimed at stopping NCII before it can be uploaded onto their platforms. This process gives people who wish to participate the option to submit intimate images or videos they’re concerned someone will share without their permission to a small, select group of specially trained professionals within Facebook. Once submitted, the images are given what’s called a “hash value”, and the actual images are deleted. “Hashing” basically means that the images are turned into a digital code that is a unique identifier, similar to a fingerprint. Once the image has been hashed, Facebook deletes it, and all that’s left is the code. That code is then used as a way for Facebook to identify if someone is attempting to upload the image and prevent it from being posted on Facebook, Messenger, and Instagram.

Facebook’s new pilot project may not be something everyone feels comfortable using, but for some it may bring much peace of mind. For those who believe it may help in their situation, we’ve outlined detailed information about how the process works:

  1. Victims work with a trusted partner. Individuals who believe they’re at risk of NCII and wish to have their images hashed should first contact one of Facebook’s trusted partners: the Cyber Civil Rights Initiative, YWCA Canada, UK Revenge Porn Hotline, and the eSafety Commissioner in Australia. These partners will help them through the process and identify other assistance that may be useful to them.
  2. Partner organizations help ensure appropriate use. The partner organization will carefully discuss the individual’s situation with them before helping them start the hashing process. This helps ensure that individuals are seeking to protect their own image and not trying to misuse the feature against another person. It’s important to note that the feature is meant for adults and not for images of people under 18. If the images are of someone under 18, they will be reported to the National Center for Missing and Exploited Children. Partner organizations will help to explain the reporting process so that individuals can make appropriate decisions for their own case.
  3. The Image will be reviewed by trained staff at Facebook. If the images meet Facebook’s definitions of NCII, a one-time link is sent to the individual’s e-mail. The link will take the individual to a portal where they can directly upload the images. All submissions are then added to a secure review queue where they will be reviewed by a small team specifically trained in reviewing content related to NCII abuse.
  4. NCII will be hashed and deleted: All images that are reviewed and found to meet Facebook’s definition of NCII will be translated into a set of numerical values to create a code called a “hash.” The actual image will then be deleted. If an image is reviewed and Facebook determines it does not match their definition of NCII, the individual will receive an email letting them know (so it’s critical that someone use an email that cannot be accessed by someone else). If the content submitted does not meet Facebook’s definition of NCII, then the concerned individual may still have other options. For example, they may be able to report an image for a violation of Facebook’s Community Standards.
  5. Hashed images will be blocked: If someone tries to upload a copy of the original image that was hashed, Facebook will block the upload and provide a pop-up message notifying the person that their attempted upload violates Facebook’s policies.

This proactive approach has been requested by many victims, and may be appropriate on a case-by-case basis. People who believe they’re at risk of exposure and are considering this process as an option should carefully discuss their situation with one of Facebook’s partner organizations. This will help them make sure they’re fully informed about the process so that they can feel empowered to decide if this is something that’s appropriate for their unique circumstances.  

For more information about how survivors can increase their privacy and safety on Facebook, check out our Facebook Privacy & Safety Guide for Survivors of Abuse.


 

[1] NCII refers to private, sexual content that a perpetrator shares publicly or sends to other individuals without the consent of the victim. How we discuss an issue is essential to resolving it. The term “revenge porn” is misleading, because it suggests that a person shared the intimate images as a reaction to a victim’s behavior.

Cambridge Analytica and Why Privacy Matters to Survivors

Recent news that the personal information of tens of millions of people was used by Cambridge Analytica “to create algorithms aimed at ‘breaking’ American democracy” as the New Yorker phrases it, has led to a call to #DeleteFacebook. For those unfamiliar with the story, our friends at AccessNow wrote a great summary.

This kind of invasion of privacy is not new, nor is it limited to this case. The old expression, “No free lunch,” applies to any service that we don’t pay for, whether it is social media or a discount card at the grocery store or entering a raffle to win a new car. The true cost is allowing those companies to access our personal information for their own profit.

Safety is the primary concern. For survivors who face threats of harm, who live daily in fear from the abusers, the security of personal information can be a life and death issue. For survivors fleeing an abuser, information about location, work, kids’ schools, and social connections can lead an abuser to the doorstep. For survivors living with abuse, information about friends, thoughts, feelings, opinions, and interests can be misused by an abuser to control, isolate, or humiliate.

For survivors, privacy is not an abstract issue, or a theoretical right to be debated on CSPAN. Privacy is essential to safety, to dignity, to independence. Yet, we live in a time when personal information = profit.

The Cambridge Analytica story surfaces the underlying reality that our personal information is not under our control. It feels like we are seldom asked for consent to share our personal data. When we are, it is in legalese, in tiny letters that we might have to scroll through to be able to check that box, and get on with using whatever website we’re trying to use. Even if we do take the time to read through those privacy terms, we know that data is routinely stolen, or accidentally published on the Internet, or used against us to affect access to loans, insurance, employment, and services.

We are social animals. We crave connection. Research shows that we suffer without it. Isolation is a classic tactic of abuse. But the price we too often pay for connection online is our privacy.

At times like these, we may think about deleting Facebook, going offline, or throwing away our phones. We may think that survivors should give up their tech at the door of our shelters, or that they have to go off the grid in order to be safe.

Digital exile is not the answer. Technology, and the Internet, is a public space where everyone, including survivors, should have the right, to share their voices, to make connections, and to access information without fear of their personal information being collected and used without their consent. April Glaser writes in Slate that, “[d]eleting Facebook is a privilege,” pointing to the huge number of people that rely on it to connect with friends, to learn about events, to promote a business, or, in parts of the world with limited Internet access, just to be online at all.

Survivors, just like every other consumer, should be given the opportunity to give truly informed consent. That consent must be based on clear, simple, meaningful, understandable privacy policies and practices – not just a check box that no one pays attention to.

A guide to the process of changing your Facebook settings to control apps’ access to your data is available from the Electronic Frontier Foundation. Also check out our own guides to Online Privacy and Facebook Privacy and Safety.

Privacy Risks and Strategies with Online Dating & Gaming

Both online dating and online gaming are fast-growing industries that are increasingly becoming a regular part of life. Online dating has rapidly gained in popularity as a common way to connect to potential dates or find a partner. And, contrary to popular perception, online gaming is not just a pastime for teenage boys. Many people have concerns about the safety of online dating, often due to widely publicized stories of assault and abuse, and unfortunately, online harassment is an all-too-common experience while playing games online, that can also cross into real life.

Everyone should be able to be online safely, free from harassment and abuse, and that includes dating and gaming. For survivors of domestic violence, sexual assault, and stalking, privacy and safety concerns may be even greater when trying to engage in online spaces. Fortunately, it is possible to increase privacy and safety when dating and gaming online.

Two new resources from Safety Net discuss both risks and strategies, for survivors who want to be active in online dating or gaming communities.

Harassment, threats, and abuse that happen “only” online should be taken seriously. Such experiences can be traumatizing, and may include financial crime or identity theft. Victims report efforts to ruin their reputations and drive them from the online community. If enough identifying information is known, the abuse can also quickly become an offline threat.

If you are concerned about online harassment or abuse, see our Survivor Toolkit for more information about Online Privacy & Safety Tips, guides to Facebook and Twitter, and for resources to assist in documenting abuse.

Online harassment and abuse may fall under a number of crimes, depending on what is happening. To learn more about laws in your state on online harassment, visit WomensLaw.org

Safer Internet Day: So What's the Deal with HTTPS?

computer with lock on it

While browsing online, you may (or may not) have noticed that some web addresses start with http:// and some they start with https://. So what’s the difference and why does that extra “s” matter so much for online safety and privacy? With tomorrow being Safer Internet Day, we thought it'd be a great time to explain.

HTTPS (Hypertext Transfer Protocol Secure) encrypts the data that’s sent between your browser and the webpages you visit. When you see https:// at the beginning of the address, it means that the page you are visiting is secure. It tells you that it isn’t a fake version of what you were looking for, and that information you enter on that page is kept private.

For instance, Facebook uses HTTPS by default, so every time you go to log into your Facebook account, you should see that the login page is https://www.facebook.com. As long as you see that “s”, you can rest assured knowing that the username and password you enter will be kept secure and private. But if you see that instead it says http://www.facebook.com, it means someone has set up a fake version and is trying to steal your login information and gain access to your account.

For survivors who are especially concerned for their privacy and are carefully trying to ensure no one gets access to their accounts, this is an important tip to remember. In addition, there are a number of things you can do to help make sure the pages you are visiting are secure:

  • Most browsers now will show an icon of a deadbolt lock when you are on a site that is secured with HTTPS.
  • When you use the newest versions of Chrome or Firefox to browse the internet, you’ll receive a warning if you are trying to access a webpage that isn’t properly secured.
  • The browser extension HTTPS Everywhere can be added to your Firefox, Chrome or Opera browser and will automatically switch thousands of websites you visit from HTTP to HTTPS.

But remember that nothing is perfect when it comes to online security. HTTPS has its vulnerabilities - but using it is much better than browsing the web unencrypted. Most importantly, on Safer Internet Day and every day, it’s critical to remember that online security is a complex picture. HTTPS is just one of many tools available to increase security. For more tips and information on increasing your online safety and privacy, especially if you are a survivor of abuse, visit our Toolkit for Survivors on Technology Safety & Privacy.

Stop. Think. Connect.

The internet is such a big part of our lives. We bank, shop, watch movies, read the news, play games, and do a lot more. We also share a lot about ourselves online, whether it’s letting Sephora (and every online targeted advertiser) know that you're currently looking for the perfect lipstick (which I found, by the way!) or sharing selfies of said perfect lipstick on Facebook. The internet knows a lot about us – just Google yourself. You might be surprised at how well-known you actually are.

October is Domestic Violence Awareness Month as well as National Cyber Security Awareness Month (NCSAM). For survivors of domestic violence, stalking, and sexual assault, online security and safety is imperative; but it’s also important for everyone. One of the theme for NCSAM is STOP. THINK. CONNECT. Before you connect online, stop, and think about your privacy and security. Who’s going to see that selfie on Facebook? Is your connection secure when you type in your credit card information on Sephora’s website? (Tip: Check your Facebook privacy settings, and make sure you’re using an HTTPS connection when sharing sensitive financial information.)

To honor Domestic Violence Awareness Month and National Cyber Security Awareness Month, we’ve put together a series of videos on Online Privacy & Safety. Below is today’s video, and for the next four days, we’ll be releasing a new video in this series (check back here daily or follow NNEDV on social media to see them all!). They’re short and sweet, and we hope they will be helpful.

·        Online Privacy & Safety - Introduction

·        Creating an Account

·        Security Settings

·        Privacy Settings

·        Facebook Privacy, Security & Safety

Meanwhile, if you want more tips on surfing the internet safely, check out:

“Online Privacy & Safety” section in our Technology Safety & Privacy: A Toolkit for Survivors

National Cyber Security Awareness Month’s Tips