Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Facebook's Like button can still easily be gamed

Jeremy Kirk | March 27, 2015
Facebook's Like button is a pervasive feature of the Web, a way to gauge the popularity of a website or piece of content. But researchers have found it's easy to inflate the numbers, undermining its value as an accurate measure of popularity.

Facebook's Like button is a pervasive feature of the Web, a way to gauge the popularity of a website or piece of content. But researchers have found it's easy to inflate the numbers, undermining its value as an accurate measure of popularity.

The problem of bogus Likes has been around for some time, and Facebook has released updates to its software over the last couple of years to cut down on fraudulent ones generated by spammers.

But researchers with McGill University's School of Computer Science in Montreal say the social networking company still hasn't fixed several major problems with the feature. This week, they released a research paper outlining the problems, which they first told Facebook about in early 2013.

"Those Like numbers may be faked," said Xue Liu, a professor of computer science at McGill, in a phone interview. "There are easy ways to generate those fake Likes, and unfortunately on the Internet, a lot of companies and economic benefits are related to the number of Likes now."

Facebook officials couldn't be immediately reached for comment. The research is important because companies may be making marketing spend decisions based on Likes. There are thriving marketplaces for people to buy fake Likes, which can cost around US$30 for 1,000.

Also, average Facebook users may not be aware of exactly what kind of actions generate a Like. It's generally assumed that a single user can only generate one Like, but that's not actually the case. Sharing a link on Facebook from a source with an embedded Like button increases the count by one.

If the same user comments on the post, the Like button continues to rise. A demo video shows how a spammer could write a script that posts a piece of content on Facebook and then adds nonsensical comments, each of which causes the Like count to tick up once.

In that example, 30 Likes were quickly generated. The researchers found it was possible to generate up to 20 likes per minute by creating a post, adding fake comments, deleting the post and repeating. Those actions didn't trigger a rate-limiting feature in Facebook that might have frozen the account for a while.

The flaw has been around for years and is apparently rooted in outdated Facebook APIs that are still used by many websites, including CNN, ABC News, The Huffington Post and The Economist, according to their research paper.

What's useful about their method is that it can generate a high number of Likes using only a single account. It means that spammers wouldn't need to take the time and expense of creating a high number of zombie accounts that would likely be detected and removed by Facebook.

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.