The Facebook Blog

Facebook Page · RSS Feed
    • Explaining Facebook's Spam Prevention Systems
      by Caroline Ghiossi on Tuesday, June 29, 2010 at 4:17pm

      As a global service connecting 400 million people, Facebook has helped build and extend communities around the world. As with any community, the benefits of bringing people together are occasionally accompanied by inappropriate or unacceptable conduct by a small number of people. This behavior ranges from thoughtless to criminal and can degrade the experience for others or undermine the community itself.

      On Facebook, the most common unacceptable behavior involves some abuse of our communication tools. This can be as innocent as annoying... others with too many messages or friend requests or as serious as deliberately trying to spam others for commercial gain.

      We take these deliberate spam attacks seriously and devote a tremendous amount of our engineering time and talent to build systems that detect suspicious activity and automatically warn people about inappropriate behavior or links. Because of our efforts, only a very small percentage of people who use Facebook has ever experienced spam or a security issue.

      Every once in a while, though, people misunderstand one of these systems. They incorrectly believe that Facebook is restricting speech because we've blocked them from posting a specific link or from sending a message to someone who is not a friend. Over the years, these misunderstandings have caused us to be wrongly accused of issues ranging from stifling criticism of director Roman Polanski over his sexual abuse charges to curbing support for ending U.S. travel restrictions on Cuba to blocking opponents of same-sex marriage.

      To try to be more transparent, we've been working to improve our warnings and make them more clear. We'd also like to take this opportunity to explain in more detail how our systems work.

      New warning explaining why content has been blocked.


      With billions of pieces of content being shared on Facebook every month and bad actors constantly targeting the people who use Facebook, preventing spam isn't easy. Just as a community relies on its citizens to report crime, we rely on you to let us know when you encounter spam, which can be anything from a friend request sent by someone you don't know to a message that includes a link to a malicious website.

      Using information from your reports and what we know about how the average person uses Facebook, we've identified certain common patterns of unacceptable behavior. For example, we've learned that if someone sends the same message to 50 people not on his or her friend list in the span of an hour, it's usually spam. Similarly, if 75 percent of the friend requests a person sends are ignored, it's very likely that that person is annoying others he or she doesn't actually know.

      We can't share all of the details of how these systems work because if we did, the spammers might try to get around them. However, they're designed to automatically detect suspicious behavior, block it and warn the person who's engaging in it to slow down.

      In extreme cases where the behavior continues despite our warnings, we may disable the person's account. When this happens, it usually isn't a person's account at all but a fake account or a real account that's been compromised. The compromised accounts are put into a process to give control back to the rightful owner. In all other cases, we always give the person an opportunity to appeal the decision by contacting us. We then review the account and reactivate it if we determine that the person hasn't violated our Statement of Rights and Responsibilities. For more information on our warnings, check out our Help Center.

      These automated systems don't just prevent spam and other annoyances. They also protect against dangerous websites that damage your computer or try to steal your information. When we're notified about one of these sites, we immediately add it to a block list and prevent Wall posts or messages that link to it. We also provide the person who's attempting to share the link with an explanation of why it's blocked and a way to correct us if we're wrong.

      Sometimes, spammers try to hide their malicious links behind URL shorteners like Tiny URL or bit.ly, and in rare cases, we may temporarily block all use of a specific shortener. If you hit a block while using a URL shortener, try a different one or just use the original URL for whatever you're trying to share.

      These systems are so effective at working in the background that most people who use Facebook will never encounter one. They're not perfect, though, and we're always working to improve them. We do this by actively monitoring appeals and learning from the rare cases in which we make mistakes.

      If you do encounter one of our spam prevention systems, remember that its sole intent is to protect you and maintain Facebook's trusted environment.


      Caroline Ghiossi, an associate on Facebook's user operations team, is fighting spam.

      See More
    • Topics: Security, Abuse, Spam
    • · Comment · Share
    • The Fight Goes On
      by Sam O'Rourke on Thursday, October 29, 2009 at 7:29pm

      UPDATE on Thursday, Aug. 4, 2011: Today, U.S. Attorney Melina Huaag announced that Sanford Wallace self-surrendered to agents from the FBI. On July 6, a federal grand jury in San Jose indicted Wallace with multiple counts of fraud for sending unwanted messages and Wall posts to people on Facebook. He now faces serious jail time for this illegal conduct. We applaud the efforts of the U.S. Attorney's Office and the FBI to bring spammers to justice and will continue to pursue and support both civil and criminal consequences for spammers and others... who attempt to harm Facebook or the people who use our service.

       

      UPDATE on Thursday, Oct. 29: Today, a San Jose, Calif. court awarded Facebook $711 million in damages against Sanford Wallace, one of the spammers who accessed people's accounts without their permission and sent phony Wall posts and messages. While we don't expect to receive the vast majority of the award, we hope that this will act as a continued deterrent against these criminals. Most notably, the judge referred Wallace to the U.S. Attorney's Office with a request that Wallace be prosecuted for criminal contempt, which means that in addition to the judgment, he now faces possible jail time. This is another important victory in our fight against spam. We will continue to pursue damages against other spammers.

       

      Published on Friday, March 6

       

      We hate spam just as much as you do, and we're always working to stop it. Last week, we won a ruling in this ongoing fight. A court in San Jose, California issued a temporary restraining order against three spammers—Sanford Wallace, Adam Arzoomanian and Scott Shaw. They broke the law by sending unwanted messages and wall posts to people on Facebook, which in the United States violates the Computer Fraud and Abuse Act, the California Anti-Phishing Act and the Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM). Now, any contact these spammers have with you or anyone on Facebook could land them in jail.

      This isn't the first time we've gone to court to battle spam. Last November, we also told you about our first victory—an $873 million judgment made against Adam Guerbuez and Atlantis Blue Capital for sending sleazy messages to people on Facebook. This was the largest judgment ever for an action brought under CAN-SPAM. We continue to work on collecting as much as possible from Guerbuez and Atlantis Blue (likely far less than the full amount) and have hired a firm to help with this. We're hopeful that this kind of persistent pressure will act as a deterrent against those attempting to trick and annoy people on Facebook.

      Of course, this fight requires a team effort. In addition to our dedicated legal team, Facebook also has security experts and engineers focused on the integrity of the site. We're continuing to build systems to prevent and respond to spam attacks. Our User Operations team also works around the clock to identify problems and assist people who've been affected.

      We will continue bringing spammers to justice, but we need need your help, too. Report spam by using the links located throughout the site.

      Be sure to also check out the tips and information on our Security Page to educate yourself on how to keep your account secure.

      Sam O'Rourke from the Facebook legal team is busy keeping you safe from spam.

      See More
    • Topics: Security, Spam
    • · Comment · Share
    • New Ways to Find and Engage with Your Favorite Applications
      by Austin Haugen on Thursday, October 29, 2009 at 10:07am

      Here at Facebook we can't build all the features for the site that you want to use to connect with your friends. That's why in 2007, we opened up a platform for people outside of Facebook to create experiences directly on the site for you to interact with.

      Since that time we have seen over 350,000 applications built on Facebook Platform, in areas ranging from sports and games to family and education. These applications were built to accompany our core Facebook applications like photos, events and groups. Our goal is to offer you a smooth... experience regardless of what applications you're interacting with on the site, which is why in the next couple of months we're going to roll out some improvements to Facebook Platform.

      Here's what the changes will mean for you:

      Easier Access to Applications
      Soon, the applications menu will move from its current location on the bottom left-hand side of any page on Facebook to the navigation menu on the left-hand side of your home page. This way, you always can rely on seeing applications in the same place and easily interact with your favorites, in addition to discovering new ones. You'll have the option to bookmark applications on the home page so that your favorite applications are only a few clicks away. You'll also be able to see instant alerts from applications that you've bookmarked.

      We will be introducing a new Games Dashboard and an Application Dashboard that can be accessed from the home page and will serve as destinations for you and your friends' application activity. These will make it easy to view the latest applications you've interacted with, as well as discover new applications based on what your friends are using. You can also receive updates directly from applications here. For instance, if you're playing a game of Scrabble with your mother, you can visit the Games Dashboard to find short messages about when it's your turn to play, as well as interesting activity from games your friends are playing.

      Direct Contact with Applications
      With these upcoming changes, you'll have the option to share your email address with any application you use. If you choose to do so, you may be emailed notifications directly from any application. This new choice will give you the ability to control which of your applications can contact you and enable you to leverage the tools of your email inbox, such as folders and routing rules, to manage these communications. Finally, if you no longer want to hear from an application, you'll be able to simply unsubscribe from their mailing list.

      The email practices we're developing will be similar to signing up for or creating accounts on other web services, which is essentially what applications on Facebook are. When you do so, those services can email you directly to confirm a purchase, or provide newsletters or updates for which you signed up. Soon, you'll have a comparable experience with applications on Facebook. Keep in mind that applications will never be given your email address unless you explicitly grant them permission, and like other websites you can always choose to unsubscribe if the service is no longer of value.

      A Better Facebook Experience with Less Spam
      Allowing you to control which applications send you email notifications is just one step we are taking to reduce spam and ensure you don't receive unwanted notifications, requests or invitations through Facebook. We have heard from many of you that you want greater control over how and when you see stories in News Feed about applications. Our upcoming changes aim to improve that experience, by enabling you to only see application requests and invitations if your friends have explicitly chosen to send them to you rather than have the application take that action on your behalf.



      If you are interested in staying updated on these upcoming improvements, become a fan of the Facebook Page. We'll be rolling these changes out over the couple of months.


      Austin, a product manager, loves that playing games on Facebook is part of his job.

      See More
    • Topics: Spam, Games, Platform, Applications
    • · Comment · Share
    • New Tools to Secure a Compromised Account
      by Jake Brill on Friday, July 17, 2009 at 10:24am

      In our continued battle against cyber criminals, one of the biggest challenges we face is helping people whose accounts have been compromised by spammers understand how it happened and how to fix the problem. The vast majority of people who use Facebook have never experienced a security problem. For the small number who do, knowing how to fight back is key.

      It can be an embarrassing experience to log in to Facebook to find that unauthorized messages have been sent from your account and then face questions from friends who have received spam from... you.

      We've spent the last few months improving the way to guide people through the process of regaining access to their account after it's been compromised and used to send spam. Currently, we send emails explaining what happened and provide links to remedy the situation. Now we're moving towards a new model that also involves clear and simple steps taken within Facebook itself. In doing so, we can ensure that the person logging in is the true owner of the account, thereby preventing hackers from using it to send spam in the future.

      Going forward, we'll continue to send a notification email to the tiny percentage of people whose Facebook accounts have been compromised. What's new is that when these people try to access the site, they'll first see a page explaining what happened, as shown below.

      Next, they'll go through a quick verification process to ensure that they're the legitimate owner of the account in question. Finally, we'll help them pick a new, secure password and refer them to the Facebook Security Page, which includes helpful tips and information on how to be safe on Facebook and across the Internet.

      This new change will help us not only fight spam, but also spread the word about security on Facebook. In the coming months, we'll be rolling out similar processes to address the different threats people may face. Our teams are working hard to make sure you never experience a security issue on Facebook, and in the rare case that you do, we're committed to making the process of regaining control of your account easy and informative.


      Jake, a project manager for the site integrity team, hates spam but loves bacon.

      See More
    • Topics: Spam, Security
    • · Comment · Share

Most Popular Stories

Newsroom

Newsroom

Visit the newsroom for the latest updates from Facebook.

Facebook Favorites

Blog Archive

Looking for a specific post? Visit our full archive of blog posts sorted by categories and dates.