Social networks have battled spam, scams, phishing, and account hijacking for years. And over the past week, two of them unveiled a new plan to deal with it: pass the cost on to users.
The first move came from Twitter, which made SMS-based two-factor authentication (2FA) a premium feature late last week. After March 20, users will need to switch to an app-based authentication system, pay $8 to $11 a month, or turn off the basic security feature. The decision is part of a broader attempt to push people to subscription-based Twitter, and Musk also agreed with a tweet saying which is also an attempt to reduce the number of carriers that charge Twitter for SMS spam.
Soon after, Meta announced its own security subscription service. The company announced plans for a Twitter Blue-like payment verification service designed to help “emerging creators” grow their audience. In addition to a blue check and increased visibility, it includes “real person access” for account support, as well as “proactive account monitoring for impersonators who might target people with growing online audiences.”
From one perspective, both moves are understandable. Twitter still allows free app-based two-factor authentication, which is usually a more secure option, and pushing more people towards it is a good thing. Meta’s new plan follows a common strategy for business users: charging businesses an extra fee for fast, full-featured support. The company is trying to solve a real customer service problem. It apparently started putting more resources into a customer support division last year, as users turned to black market account restoration services when they were hacked.
Money is a widely accepted form of friction for the Internet.
In general, money is a widely accepted lever to apply friction to bad actors online. The fluidity and sheer scale of the web make it easy to create large numbers of accounts for nefarious purposes, while also making it difficult to support individual users: it’s staggeringly difficult to offer free, non-automated customer service at almost 2 billion users. Some smaller online social spaces, like Metafilter and WELL, have used subscriptions or one-time fees as a quality filter for years.
At the same time, there is a real drawback here.
About three quarters of people who use Twitter’s two-factor authentication have been relying on SMS services since last year. (Only 2.6 percent of accounts used it.) Where companies like Google have gradually phased out 2FA based on text messages, Twitter is now trying to simultaneously move people to a more secure option and make a profit out of it, and it’s an awkward combination. The new change is happening on a rushed month-long timeline that seems almost designed to scare people into paying for a less secure option, which Twitter presents as a fancy service rather than the outdated system it really is. The result may be that many people simply turn 2FA off altogether, especially when the warning message it’s about telling people to remove SMS authentication unless they pay, not getting them into a different method.
Meanwhile, Meta’s plan combines things that make sense like premium updates with what a good social network should do by default. Flagging accounts particularly at risk of phishing (a list that includes activists and public servants, not just aspiring business influencers) improves service for everyone, because it tells the average user who can be trusted that they are actually following the people you believe. are. Even if it’s impossible to offer billions of people that level of care, large and fast-growing accounts are a much smaller subset of the user base, one that the overall Facebook experience benefits from supporting without requiring a fee. . The plan also means there’s less incentive to improve the lousy customer service experience for non-paying users who can’t access their accounts.
Much of Silicon Valley is currently trying to get people to pay for options that were once cheap or free. But in social media, there is a balance between the revenue of any individual user and the health of the ecosystem at scale. Security is generally at the latter end of that spectrum – it’s a fundamental element of any digital service, a basic prerequisite for keeping eyes connected on the site. But as businesses tighten their belts, there’s a powerful incentive to get a monthly fee down the road.
