Facebook’s Proactive Approach to Addressing Nonconsensual Distribution of Intimate Images

It’s well-known that technology has made sharing sexually intimate content easier. While many people share intimate images without any problems, there’s a growing issue with non-consensual distribution of intimate images (NCII[1]), or what is often referred to as “revenge porn.” Perpetrators often share - or threaten to share - intimate images in an effort to control, intimidate, coerce, shame, or humiliate others. A survivor threatened by or already victimized by someone who’s shared their intimate images not only deserves the opportunity to hold their perpetrator accountable, but also should have better options for removing content or keeping it from being posted in the first place.

Recently, Facebook announced a new pilot project aimed at stopping NCII before it can be uploaded onto their platforms. This process gives people who wish to participate the option to submit intimate images or videos they’re concerned someone will share without their permission to a small, select group of specially trained professionals within Facebook. Once submitted, the images are given what’s called a “hash value”, and the actual images are deleted. “Hashing” basically means that the images are turned into a digital code that is a unique identifier, similar to a fingerprint. Once the image has been hashed, Facebook deletes it, and all that’s left is the code. That code is then used as a way for Facebook to identify if someone is attempting to upload the image and prevent it from being posted on Facebook, Messenger, and Instagram.

Facebook’s new pilot project may not be something everyone feels comfortable using, but for some it may bring much peace of mind. For those who believe it may help in their situation, we’ve outlined detailed information about how the process works:

  1. Victims work with a trusted partner. Individuals who believe they’re at risk of NCII and wish to have their images hashed should first contact one of Facebook’s trusted partners: the Cyber Civil Rights Initiative, YWCA Canada, UK Revenge Porn Hotline, and the eSafety Commissioner in Australia. These partners will help them through the process and identify other assistance that may be useful to them.
  2. Partner organizations help ensure appropriate use. The partner organization will carefully discuss the individual’s situation with them before helping them start the hashing process. This helps ensure that individuals are seeking to protect their own image and not trying to misuse the feature against another person. It’s important to note that the feature is meant for adults and not for images of people under 18. If the images are of someone under 18, they will be reported to the National Center for Missing and Exploited Children. Partner organizations will help to explain the reporting process so that individuals can make appropriate decisions for their own case.
  3. The Image will be reviewed by trained staff at Facebook. If the images meet Facebook’s definitions of NCII, a one-time link is sent to the individual’s e-mail. The link will take the individual to a portal where they can directly upload the images. All submissions are then added to a secure review queue where they will be reviewed by a small team specifically trained in reviewing content related to NCII abuse.
  4. NCII will be hashed and deleted: All images that are reviewed and found to meet Facebook’s definition of NCII will be translated into a set of numerical values to create a code called a “hash.” The actual image will then be deleted. If an image is reviewed and Facebook determines it does not match their definition of NCII, the individual will receive an email letting them know (so it’s critical that someone use an email that cannot be accessed by someone else). If the content submitted does not meet Facebook’s definition of NCII, then the concerned individual may still have other options. For example, they may be able to report an image for a violation of Facebook’s Community Standards.
  5. Hashed images will be blocked: If someone tries to upload a copy of the original image that was hashed, Facebook will block the upload and provide a pop-up message notifying the person that their attempted upload violates Facebook’s policies.

This proactive approach has been requested by many victims, and may be appropriate on a case-by-case basis. People who believe they’re at risk of exposure and are considering this process as an option should carefully discuss their situation with one of Facebook’s partner organizations. This will help them make sure they’re fully informed about the process so that they can feel empowered to decide if this is something that’s appropriate for their unique circumstances.  

For more information about how survivors can increase their privacy and safety on Facebook, check out our Facebook Privacy & Safety Guide for Survivors of Abuse.


 

[1] NCII refers to private, sexual content that a perpetrator shares publicly or sends to other individuals without the consent of the victim. How we discuss an issue is essential to resolving it. The term “revenge porn” is misleading, because it suggests that a person shared the intimate images as a reaction to a victim’s behavior.

What’s the Deal with Snap Map?

snap map image

Snapchat recently released a new feature called Snap Map. It was immediately met with a flurry of negative feedback and concerns for user privacy and safety. As with any technology, device, platform, or service, new features can have an unexpected impact on user safety and privacy. The following is our assessment of potential privacy issues and possibilities for misuse within Snap Map.

The Snap Map feature allows users to share their location with other friends on Snapchat and to share Snaps on a map. The ability for others to see your location can definitely sound a little creepy, particularly if you’re concerned about your privacy. While there are a few things to consider and be aware of to protect your privacy, there are also a few features that make us a little less worried about Snap Map.

1.     The user controls the feature, and therefore controls their privacy.
Snap Map is an opt-in feature, not an opt-out feature; meaning it is off by default until a user chooses to turn it on. Opt-in by default is an important safety feature, but it is noteworthy that a person with access to the account could still turn on location sharing without the account owner’s knowledge. Because of this, it’s important that users know how to find the location sharing setting so that they can check to see if someone has turned it on without their permission.

2.     Users also control the audience, even if the feature is on.
If you choose to use Snap Map, you can keep it in Ghost Mode. Ghost Mode means that your location isn’t shared with anyone at all, but that you are able to see yourself on the map. You can also choose between sharing your location with all of your friends, or with just a few select friends. Ghost Mode is the default setting when you have opted into using the Snap Map feature, that way you don’t share your location with anyone unless you choose to, even if you open the feature to check it out. If you decide to no longer share your location, even with a few selected friends, you last location is removed from the map.

3.     Submitted Snaps don’t show username, but images can still be identifying.
You can submit a Snap to “Our Story” to be shared on the Snap Map, although not all submitted Snaps are accepted to be on the Snap Map. Ones that are accepted do not show the username of the person who submitted it, but it will show up on the Snap Map at or near your location. Certain information in the Snap could make it more identifying (signs or landmarks can identify exact location, and clothing or tattoos can identify a person, even if their face isn’t shown). Also, users should be aware that Snaps submitted to “Our Story” may show on Snap Map regardless of their chosen location setting. This is important to consider, especially if other people are in your Snaps and you don’t have their permission to share.

4.     Notifications for the win!
We are always fans of user notifications when there is a feature that could be a potential safety and privacy risk. Snapchat will send reminders if location sharing has been left on for a period of time; making sure that users know their location is being shared. These notifications can also greatly decrease the chance that someone could turn on someone else’s Snap Map without their knowledge.

5.     When you’re sharing, you’re always sharing.
It’s really important to understand that once you opt-in and choose an audience to share your location with, that audience will continually be able to see your updated location every time you open the app, whether or not you are engaging with them or sending anyone a Snap. This might be the biggest concern, since if people don’t clearly understand this they may inadvertently share their location without realizing it.

Overall, Snap Map definitely makes it easier for people to share—and to receive—information about another person’s location. As with similar features on other platforms, users should be cautious and make informed, thoughtful decisions on how to protect their privacy; including if, when, and how they use it. It’s also really important to consider the privacy of others. You might not know what could be a safety or privacy risk for each of your friends, so you should never share images, videos, or location information about others without their consent. The good news is that this feature does have some built-in privacy options and gives users control over what is shared. Learn more about manage your location settings in Snap Map and check out SnapChat’s Approach to Privacy

YouTube’s New Tools Attempt to Address Online Harassment

Online harassment and abuse can take many forms. Threating and hateful comments turn up across online communities from newspapers to blogs to social media. Anyone posting online can be the target of these comments, which cross the line from honest disagreement to vengeful and violent attacks. This behavior is more than someone saying something you don’t like or saying something “mean” – it often includes ongoing harassment that can be nasty, personal, or threatening in nature. For survivors of abuse, threatening comments can be traumatizing, frightening, and can lead some people to not participate in online spaces.

YouTube recently created new tools to combat online abuse occurring within comments. These tools let users who post on their site choose words or phrases to “blacklist” as well as the option to use a beta (or test) version of a filter that will flag potentially inappropriate comments. With both tools, the comments are held for the user’s approval before going public. Users can also select other people to help moderate the comments.

Here’s a summary of the tools, pulled from YouTube:

  • Choose Moderators: This was launched earlier in the year and allows users to give select people they trust the ability to remove public comments.
  • Blacklist Words and Phrases: Users can have comments with select words or phrases held back from being posted until they are approved.
  • Hold Potentially Inappropriate Comments for Review: Currently available in beta, this feature offers an automated system that will flag and hold, according to YouTube’s algorithm, any potentially inappropriate comments for approval before they are published. The algorithm may, of course, pull content that the user thinks is fine, but it will improve in its detection based on the users’ choices.

Survivors who post online know that abusive comments can come in by the hundreds or even thousands. While many sites have offered a way to report or block comments, these steps have only been available after a comment is already public, and each comment may have to be reported one by one. This new approach helps to catch abusive comments before they go live, and takes the pressure off of having to watch the comment feed 24 hours a day.

These tools also offer survivors a means to be proactive in protecting their information and safety. Since many online harassment includes tactics such as doxing (where personal information of someone is posted online with the goal of causing them harm), a YouTube user can add their personal information to the list of words and phrases that are not allowed to be posted. This can include part or all of phone numbers, addresses, email addresses, or usernames of other accounts. Proactively being able to block someone from posting your personal content in this space will be a great tool.

Everyone has the right to express themselves safely online, and survivors should be able to fully participate in online spaces. Connecting with family and friends online helps protect against the isolation that many survivors experience. These new tools can help to protect survivors’ voices online.

New & Updated Resources on Facebook Privacy & Safety

We recently had the exciting opportunity to collaborate with Facebook on their international roundtables on Women’s Online Safety and were able to participate in three of these events in Washington, DC, Hyderabad, India, and New York City. The roundtables featured leading voices from many of the nation’s gender based violence (GBV) organizations as well as government representatives from various countries.

The roundtables were devised to create space for GBV organizations to contribute to the broader conversation on how Facebook in particular can engage the voices of women and create a safer environment for women to use the platform without fear of harassment and threats.  The goals of the roundtables were:

  1. To share existing Facebook tools women can use to help with privacy and safety.
  2. To share innovations Facebook is currently working on to improve the user experience. 
  3. To hear concerns from the field on what users are experiencing. 
  4. To create a network for GBV organizations to foster continuous conversations and provide a support structure for women users. 

The roundtables included conversations around Facebook’s Real Name Policy. Facebook has strongly backed their long-standing policy for users to be authentically identified by their real names. This policy also minimizes the ability for abusers and perpetrators to hide behind fake accounts and increases the likelihood that abusers misusing the platform to harass, threaten, or stalk a person can be held accountable. The policy has received some push-back, however, and Facebook addressed the various steps they have taken to allow some flexibility for individuals who are going by a different name in their everyday lives than their legal name.

All of the meetings discussed counter speech, which is used to combat negative comments posted on an account. By using counter speech, users can ask their audiences to post positive comments and help manage some of the negative, threatening, and harassing comments they are receiving.

During the roundtables, Facebook and Safety Net introduced the new Guide to Staying Safe on Facebook. This guide is a condensed version of the Privacy & Safety on Facebook: A Guide for Survivors of Abuse, providing short and concise tips on privacy and safety settings. Both resources can be found in our Privacy & Safety on Facebook page of the blog.

The roundtables were an incredible success. We appreciate the opportunity Facebook provided for global GBV organizations to convene and share their concerns. We will continue to foster collaborations between technology companies, government organizations, and non-profits to help eradicate violence against women in all forms, including in online spaces. To learn more about the roundtables and all of the great topics discussed, visit #HerVoice. Also, check out our video series on Facebook Privacy, Security and Safety!

Stop. Think. Connect.

The internet is such a big part of our lives. We bank, shop, watch movies, read the news, play games, and do a lot more. We also share a lot about ourselves online, whether it’s letting Sephora (and every online targeted advertiser) know that you're currently looking for the perfect lipstick (which I found, by the way!) or sharing selfies of said perfect lipstick on Facebook. The internet knows a lot about us – just Google yourself. You might be surprised at how well-known you actually are.

October is Domestic Violence Awareness Month as well as National Cyber Security Awareness Month (NCSAM). For survivors of domestic violence, stalking, and sexual assault, online security and safety is imperative; but it’s also important for everyone. One of the theme for NCSAM is STOP. THINK. CONNECT. Before you connect online, stop, and think about your privacy and security. Who’s going to see that selfie on Facebook? Is your connection secure when you type in your credit card information on Sephora’s website? (Tip: Check your Facebook privacy settings, and make sure you’re using an HTTPS connection when sharing sensitive financial information.)

To honor Domestic Violence Awareness Month and National Cyber Security Awareness Month, we’ve put together a series of videos on Online Privacy & Safety. Below is today’s video, and for the next four days, we’ll be releasing a new video in this series (check back here daily or follow NNEDV on social media to see them all!). They’re short and sweet, and we hope they will be helpful.

·        Online Privacy & Safety - Introduction

·        Creating an Account

·        Security Settings

·        Privacy Settings

·        Facebook Privacy, Security & Safety

Meanwhile, if you want more tips on surfing the internet safely, check out:

“Online Privacy & Safety” section in our Technology Safety & Privacy: A Toolkit for Survivors

National Cyber Security Awareness Month’s Tips

A Glimpse From the Field: How Abusers Are Misusing Technology

The Safety Net Project recently surveyed victim service providers on the misuse of technology by abusers. Of the programs surveyed, 97 percent reported that the survivors they are working with experience harassment, monitoring, and threats by abusers through the misuse of technology.

Abusers in intimate partner violence misuse technology in many ways: to stalk and monitor victims, to harass victims through the “anonymity” of the technology, and to impersonate victims through technology, such as creating false social media accounts. The survey found that 79 percent of programs reported that abusers monitor survivors’ social media accounts, 74 percent report that abusers check victims by text messages, and 71 percent report that abusers scrutinize survivors’ computer activities.

Using technology to facilitate harassment of the victim is a major tactic by abusers, according to the reporting programs. Abusers harassing survivors via text messaging was reported by 96 percent of programs, while 86 percent reported that abusers harass victims through social media.

Of the type of technology misused by offenders, social media, text messaging, and email were the top three. It is not unusual that these three technologies should be reported the most abused by offenders. Abusers seek to disrupt and interrupt survivors’ lives. Stalkers gather information and monitor victims’ activities based on where they are and what they are doing. According to Pew Research Internet Project, 74 percent of adults who are online use a social networking site of some kind and 81 percent of adult cell phone owners send and receive text messages.

In fact, nearly all (99%) the responding programs reported that Facebook is the most misused social media platform by abusers. This finding is not shocking. Facebook is a platform in which abusers and survivors both engage in. With over 1.2 billion monthly active users, Facebook is a key place for offenders to access information about victims or harass the victim by directly messaging the victim or the victim’s friends and family. An advocate wrote: “Facebook is the hardest for survivors to shut down or avoid because they use it to keep in contact with other friends and family.”       

Respondents to the survey also stated how difficult it is to “prove” that an abuser is behind the abuse. “Officers and state attorneys are saying that anyone could have posted those comments and pictures on Facebook, so proving in court that the abuser is doing it is very difficult,” noted one advocate.  Advocates and survivors find it frustrating when they are told that it is impossible to trace harassing text messages or emails back to the perpetrator.

”A Glimpse From the Field” was conducted by the National Network to End Domestic Violence and funded under a grant awarded by the Office for Victims of Crime, Office of Justice Programs, U.S. Department of Justice.

Click here for a copy of the report.

Social Media and Stalking: Q&A with the Safety Net Team

The Safety Net team recently wrote an article on social media and stalking for the New York State Office for the Prevention of Domestic Violence. Check out the full Q&A here!

Here is a snippet of some of the questions and answers:

Q: What is social media?
A: Social media is user generated content that promotes engagement, sharing, and collaboration. It includes a wide range of websites and applications that can be accessible from computers, smart phones, and tablets. Facebook, Twitter, and Instagram are three of the most popular social media platforms, although there are many more. 

Q: How do abusers misuse social media?
A: Abusers misuse social media as a tool to harass, manipulate, and threaten. Abusers often send harassing messages or post offensive images – even explicit images of the victim that may or may not have been taken with consent (sometimes referred to as “revenge porn”). 

Q: How do survivors safely use social media? 
A: Social media usually involves sharing personal information. Users should look at privacy options and take note of what will always be public and what they have more control over. Some sites have rules against using fake names while others allow it. Many sites encourage users to share their location as well. Survivors should only share information that they are comfortable with. 

Q: What can a survivor do if an abuser is misusing online spaces? 
A: It depends on what the survivor wants to happen. One important step is documenting all contact and harassment. The survivor can take screenshots or photographs of the activity. A few platforms, like SnapChat, will tell the sender if the recipient takes a screenshot, so it might be safer to take a picture of the screen since notification may escalate abusive behavior. The survivor can also save all messages. It may be tempting to hit delete to make them disappear, but original messages will be important for evidence. 

Read the full article here.

 

10 Easy Steps to Maximize Privacy

Photo source: Ruth Suehle for opensourceway.com via flickr.com/ photo cropped from original

Photo source: Ruth Suehle for opensourceway.com via flickr.com/ photo cropped from original

We live in a world of constant technology use and lots of sharing. Technology has made it easier for families, friends, co-workers, and long-lost classmates to connect, and our online lives are just as important to us as our offline ones. But what you share doesn’t always stay within those circles and can be shared much more broadly than expected. Sometimes our technology gets out of our control.

So what can you do? Here are some quick ways to ensure that your tech use and sharing is done a little bit more safely. Although these may sound simple, these are some of the easiest things to forget to do and some of the easiest ways to lose control and privacy. 

1.    Log out of accounts and apps
Yeah, this is kind of duh advice, but you’d be surprised at how many people forget to log out of their accounts. They only realize they forgot when someone else posts something outrageous on their Timeline or feed. Logging out of your account is even more important if you’re using someone else’s device. Uncheck the “keep me logged in” feature and don’t allow the web browser to remember your password to automatically log you in. Doing so will make it easy for anyone to pick up your computer, tablet or smartphone, and post away, pretending to be you. 

2.    Use strong passwords
Use passwords to prevent strangers, parents (if you have nosy parents), and children (if you have nosy children) from accessing your accounts. Don't use the same password for more than one account, a password that someone who knows you can easily guess, or a one-word password that can be easily cracked. Create a password system so that you use unique passwords only you will know. 

3.    Review privacy settings
Review the privacy settings on all your online accounts, particularly your social media ones. Most sites allow users to limit what others see, whether it’s status updates or profile information. Don’t forget that it’s more than just social networks like Facebook or Twitter that have privacy settings. Most online accounts, such as Amazon, allow you to limit who can see your profile information. 

4.    Minimize location sharing
Smart phones have GPS location capability and you could be sharing your location without even knowing it. You can control which app has access to your location by turning off that option through your smart phone. (Most phones have location privacy options in the settings.) Some social network sites also allow you to manage your location privacy through the site’s privacy settings. 

5.    Don’t include location coordinates in your pictures
Did you know that when you take a picture on your smart phone, you could inadvertently share your location as well? That means that the selfie you just posted and uploaded online could contain your exact GPS coordinates. You can turn off that capability through the privacy setting on your camera app. Don’t forget that even if you turned off the location option for your camera app, the photo sharing app that you’re using may share your location—so turn off the location option for the app as well. 

6.    Be thoughtful about connecting social media accounts
Yeah, you can connect your Instagram to your Facebook or your Foursquare account to other social networks—and yeah, that may make it easier to update them all with just one click. But that also means that a lot more people will have access to lots of info about you. It also makes it more difficult to lock down your privacy. So be thoughtful about which social media accounts you connect. 

7.    Be careful when using free wireless networks
Free internet is always awesome. But you pay for it by being more vulnerable to risks. Using open wireless networks at your local coffee shop or sandwich shop can leave you susceptible to hackers accessing your private information. If you’re going to check bank accounts, buy something where you have to give your credit card information, or do anything sensitive, wait until you are back on a secure network. And if your personal wireless network doesn’t have a password on it, for the love of any deity, put a password on it!

8.    Use HTTPS everywhere
Not all websites are created equal. Some sites are more vulnerable to viruses, which makes your computer/tablet more vulnerable. However, some sites have a secure version – you can tell by looking at the link in the URL address bar. If it starts with https, it’s a secure page vs. http, which is just a normal page. (The next time you’re checking your bank account or buying something online, check out the address bar; it'll probably be green.) The easiest way to ensure that you’re using the secure page whenever you can is to download the HTTPS-everywhere browser add-in. Each time you go to a site, it’ll try to open the secure (https) site rather than the normal one. If the site doesn’t have a secure page, it’ll default to the normal page. 

9.    Use Incognito, Private Browsing, or InPrivate Browsing
Currently, Google Chrome, Mozilla Firefox, and Microsoft Explorer allow you to browse privately. Basically, privately browsing means that someone can’t open your web browser after you’ve used it and go through the history to see what you’ve been up to. Browsing privately is safer if you’re using a friend’s computer or tablet or are on a public computer. Keep in mind though that you have to close the browser to erase your history. If you leave it open, users after you can still see your browsing history.

10.    Use more than one email address
Email addresses are free, so have as many as you want! You can use one specific email address with a super strong password for your banking and shopping. Use another email for all the junk mail and accounts you have to create in order to use a particular web service. You could even consider using different email addresses for different social media accounts. Using different emails for different accounts is safer because if someone guesses one of your email + password combo, they don’t have access to all your accounts. You can even go one step further and download a service that “masks” your account address, so that you’re never using your actual email address. 

Facebook Removes Search By Name Option

 

Last week, Facebook announced that they were removing the “Who Can Look Up My Timeline By Name” option for their users. Since then we have been contacted by many concerned advocates about what removing this feature means for survivors, many of whom use Facebook to stay connected with friends and family but whose privacy from their abusers and stalkers is equally important.

When Facebook first told us they were planning to make this change, we expressed that this feature is one method some survivors use to control their privacy. Opting out of being searchable by name was one way in which survivors could use to keep an abuser or stalker from finding their timeline/account. 

However, Facebook explained, and we agree (because we’ve known this for a while too), that this feature gave a false sense of privacy, since even if this feature was activated, people can still be found in other ways. Some of those ways include:

  • Mutual friends. If you have mutual friends, unless you choose to not allow mutual friends to see your activity, many people can be found that way. Moreover, even if they have chosen to not allow friends of friends to see their activity, we have heard of many survivors whose mutual friends simply shared the information with their abuser or other people. 
  • Username/User ID. If someone knew your exact username or userID, they can find you that way. 
  • Graph Search. Graph search is a new searching option that Facebook has been slowly rolling out, and this type of search will make anyone searchable, even if they have selected that they don’t want to be found by name. Unlike personal demographics information, graph search reveals users based on things they like or things their friends like and other demographics information about the user that public. So, for example, if you like a particular restaurant, live in Albuquerque, NM, someone can do a search for “People who like [restaurant] in [city]” and find all the people who have liked it. 

Although we are disappointed that the option to be searched by name has been removed, the safest course for survivors and advocates is to educate themselves about how they can be found on Facebook regardless of privacy settings. Users should know what kinds of information will always be public, understand how widely information can be shared online, and determine what they will share based on their own privacy risks. The reality is that social media always has, and always will, move toward a model of sharing and openness; even if something is private now, it may not always be so. 

In light if that, it is important to know that these activities/information will always be public on Facebook:

  • Your name, profile picture, your cover photo, your username and user ID, and any networks you belong to.
  • Any public pictures or posts you like or comment on. For example, if you like or commented on a picture or a post where the original author set that picture or post to public, the fact that you liked it or your comment will be public. 

There are a few things that survivors can do to maximize their privacy.

  • Check out the “view as” option, to see what someone can see when they look at your page, whether it’s as a friend, a friend of a friend, or the public. 
  • Review your timeline by going back to previous posts on your timeline and change who can see those posts. You can even delete old posts. 
  • Going forward, limit what you share by choosing only friends. You can even go further and create lists that will limit exactly who see the specific information you are sharing. 
  • Take a look at Safety Net’s handout on Facebook Privacy for more privacy tips. 

As Facebook continues to change their privacy settings and introduce new features to their users, it is critical that survivors and advocates understand those changes and how it affects the personal information they share on Facebook. Facebook allows users to delete old posts or pictures, so it might be time to do your own Facebook audit and clean up your timeline.