In an effort to combat fake users, spam and Russian propaganda, Facebook have reportedly introduced a new type of captcha test.
Instead of standard testing methods that ask you to decipher muddled numbers or correctly tick stock images, Mark Zuckerberg has been asking for something a bit more personal – a photograph of your face.
The notification, which has been shared on social media, reads: “Please upload a photo of yourself that clearly shows your face.
“We’ll check it then permanently delete it from our servers.”
To prove you’re not a bot, the social network runs tests on the selfie you provide and matches it to those they have on file to authenticate your profile. In a similar way to Apple Face ID on the iPhone X which also uses your face as a login metric.
In a statement to HuffPost UK, Facebook said this was a measure from their “abuse-fighting team” deployed in order to “help us catch suspicious activity at various points of interaction on the site” and was “one way” they are doing this.
But users still aren’t happy, because although Facebook presumably has lots of your personal pictures already, this move raises questions about security.
Something which, cybersecurity expert and Sophos senior technologist Paul Ducklin says is valid.
Why should I be worried about this move?
Ducklin explained: “Many people are freaking out because it feels so personal, and because you have to trust Facebook to delete the picture afterwards. But I don’t like this approach for a different reason – it feels to me like a false sense of security – a bit like using your birthday as a security question.
“After all, the very people you might most want to guard your account against, such as ex-boyfriends or girlfriends, grudge-bearing colleagues, and so on – are the same people who might very well have their own, unique, clear photos of you handy on their phones from the days before the relationship went sour.”
“And if you try to make up a synthetic image to represent yourself – like inventing a fake birthday – you might end up locking yourself out of your own account, if it turns out that Facebook requires a fresh image each time, as you imagine they would.”
“Facebook needs to be much clearer about how this new system works, and whether you can opt out and go for a different, albeit stricter, re-verification process instead.”
Not only is this frustrating users who don’t want to submit this data, but it is also stopping people using the platform.
This is because the automated process seems to lock people out of their accounts for hours at a time, until the internal authentication has been completed, according to reports by a user on Reddit.
Facebook will not confirm when this started taking place, but it seems it could be as long as seven months ago, when a user uploaded a query to a Facebook community forum.
He had been trying to open a second account, but was met with the photo test.
Opening a second account seems to be one of the ‘suspicious activity’ red flags that Facebook is trying to navigate with this software.
As well as when users set up advert payments or create and edit adverts – in September Facebook acknowledged it was paid to promote 3,000 Russian-backed ads during the 2016 US election.
But exactly how the process will avoid being manipulated by hackers, malware or large organisations is unclear, and Facebook would not confirm themselves.
This is the second time this month that Facebook has asked users to upload private photographs to help them bolster their security efforts.
A pilot scheme in Australia asked for nude photos to tackle revenge porn, in an attempt to give some control back to victims of this type of abuse.