Meta and Twitter are holding basic security features for ransom

It’s funny how the aspirational mottos of big tech companies evolve with their morals. Google famously deleted “don’t be evil” from its code of conduct in 2015. Similarly, Facebook amputated its promise of “free and always will be” back in 2019. And that removal has never been more sorely felt as the company — now rebranded as Meta — is looking to charge for security features.

Of course, this isn’t how it’s being marketed. What the public has been presented with is Meta Verified — a premium subscription service that is about to be trialled in Australia and New Zealand.

What is Meta Verified?

The service will be bundled across Facebook and Instagram for an eye-watering $19.99 a month, or $24.99 for iOS and Android. If you’re confused as to why mobile devices are charged a premium, it’s thanks to the 30% cut Apple and Google take of all in-app purchases.

Considering Instagram is largely unusable on desktop, it’s likely there will be a stronger proclivity for the higher price bracket.

According to Meta CEO Mark Zuckerberg, this premium price tag will afford you a verified blue tick, direct access to customer support and “extra impersonation protection against accounts claiming to be you”.

It’s all a bit vague and it’s currently unclear how it will work in practice.

There has also been talk of Meta Verified users getting increased discoverability across its platforms.

But it’s really this security narrative that Meta has been pushing with this grift. The way it is selling this is by requiring a government ID in order to sign up for Meta Verified.

Fine, that all sounds legitimate enough. But are we forgetting that this is a company with a notoriously horrendous track record with safeguarding user data?

The most infamous case is of course the Cambridge Analytica scandal that was exposed in 2018. This is where Facebook allowed the personal data of roughly 50 million users to be harvested by the consultancy firm.

That’s an extreme example, but Meta’s primary source of revenue comes from the use of user data for targeted ads. A British woman even took Meta to court in November 2022 over the practice.

So, while the idea of being able to accurately identify users is cute, the company doesn’t exactly inspire confidence when it comes to securely protecting identifying documents.

Would it not save us all a lot of time to be transparent about the fact that this is another attempt — in a long line of them — to gratuitously co-up features from other social platforms in a desperate attempt to stay relevant?

The only thing that’s surprising this time is that Meta is copy-pasting Twitter Blue — a buggy cash generator that has been notoriously dunked on for months now.

At least the implementation of Reels was based on something that people actually liked.

Why are social media platforms holding decent security for ransom?

But since Meta is so keen to place security at the alleged centre of its subscription service, let’s talk about that.

Security and data protection should be a priority for all companies, especially those that capture so much about their users.

What it shouldn’t be is an optional extra for those willing to pony up the cash. Perhaps there is an argument in the idea that a company has a right to charge for whatever features it wants. If you don’t like it, leave.

Alright, but that still doesn’t change the fact that Meta is monetising a rampant problem on Instagram in particular: fake accounts.

These aren’t just simple annoyances for those targeted. The problem goes to the potential damage this can do to individuals and brands in the public eye. They’re also often used in scamming operations to extort cash or, ironically, phish identifying information from innocent people.

From January to September 2022 alone Scamwatch received more than 166,00 scam reports that totalled $425.8 million in losses. Yes, these occurred across multiple platforms including telephone and email. But these numbers indicate how much of a serious issue scams are here in Australia.

But sure, Meta can sell whatever it wants on its own apps and websites. Free market, baby.

Riddle me this. Why does a billionaire who runs one of the biggest tech companies in the world feel its appropriate to hold basic security measures for ransom?

Why is he placing a paywall between the users — who he’s already data mining for advertising revenue — and their ability to have their online identities adequately protected?

We could level a similar question at Twitter, which just announced that two-factor authentication (2FA) over SMS will become a Twitter Blue feature in March.

This means there will no longer be any in-built 2FA account protection unless you pay for it. At least in this case SMS 2FA isn’t the most secure option available to users. There are other free tools you can use instead.

Plus, we can see a clear motive here: SMS 2FA costs money for every security text that is sent out. And as much as I would like to pin this just one Musk’s need to make a dent in Twitter’s US$1 billion annual debt repayment, the removal was planned before he took over.

Regardless, both companies are happily engaging in abhorrent anti-user moves that normalise the notion that data privacy and online security is a privilege, not a right.