I wonder how much of Meta the corporation is a scam waiting to crumble. Hundreds of billions of dollars can make people do questionable things.
-their revenue is 99% ads with more than 80% coming from FB and IG
-they can only sell ads if they have a large and active user base
-DAP (daily active people) is reported publicly but calculated internally
-ad spending, views, and engagement are calculated by Meta's own platform
Anecdote (why I think it is a scam)-
I had a FB account, I needed it for a previous job but didn't want it. I set up a random email address at a host I had never used, had a made-up FB name, and used a password generator for both the email address and FB accounts. My FB account had almost no activity besides viewing company posts. FB was only used from a single desktop computer. Passwords were stored in my (local only desktop) password manager.
After a couple years, FB emailed me and claimed my account was hacked. The "hacker" changed my profile picture (was a blank avatar icon) to an AI photo of a random guy. Facebook says it is hacked but they keep it visible, my two friends are still friends with the old account (they know it was hacked). FYI - I didn't care enough to send them a copy of my ID, nor did my ID match my user name, so I couldn't reclaim my account.
How would a hacker combine a random username, with a random email (has not been pwnd) only used for FB, guess a ~20 character random password, etc? And why, to steal an account with no followers and to do nothing with the account? That is a lot of work and criminal charges for nothing.
I am fine with FB saying the account was hacked and closing it. It has been years and the account is still live. Is it "active" and counted towards their users? They have a HUGE financial incentive to keep and count all accounts, and they have no oversite to verify accounts since it is all calculated internally with opaque algorithms.
> I wonder how much of Meta the corporation is a scam waiting to crumble.
I imagine almost none of it. Social networks solve connectivity problems that people want solved. Talk to some "casuals" who aren't in tech about how they find out about new restaurants, social trends, arts and crafts, places to go visit, etc. and the answer is Instagram or TikTok. And FB does the same but for older generations.
Ads are also a fundamental revenue pillar in this world. You can layer in relevance ads for a product to anyone, at any time, for any topic. If something exists and people pay attention to it, there's a way to make money advertising around it.
There's ... certainly deeper questions to be had about if this stuff is actually good for us, but in the mean time, it's very real and worth a lot of money.
Meta's security team seemingly does not care. My mom had her long-time Facebook account taken over during the summer. It was a credentials stuffing attack (she's now using a password manager with random passwords), and the bad actor immediately put on 2fa TOTP and signed up for some advanced security so the account couldn't be recovered without the 2fa.
We spent weeks trying to recover the account, but recovery codes weren't being sent through to her email or phone, the email and phone that has been on the account for 10+ years. The bad actor started making posts that she had cars to sell and to message her if they wanted to buy (also claiming that her sister was sick and she needed the money which is why she was selling the cars, completely untrue) Tens of her friends including her son reported the account as taken over and the posts as fraudulent. All responses from Facebook saying there was no indication of anything violating the guidelines, which is insane because all this behavior taken together screams account takeover.
Eventually, I reached out to a friend who worked at Meta who filed an internal report and we were hopeful that might actually fix it, but nothing ever came of it and when I reached out to the friend a month later he said the report was closed and he couldn't see any more details (for security reasons). If my mom meeting me in person, and me reaching out to my former teammate on a live phone call and proving my identity, and that teammate filing a report with the security team can't get it fixed, what can?
At this point, we think the original account is still up (we can't see, since the bad actor has blocked the entire family) and every new account she makes gets deleted for being a sockpuppet / ban evader.
She's devastated that someone ruined her online life like this, and that she was in Facebook groups for her career that she no longer has access to, she can no longer keep up with her friends and family. So many local businesses post their events and updates on Facebook and she has no ability to see these anymore.
We don't know what to do next. I'm so thoroughly disappointed with how Meta handled the situation. It's clearly an account takeover if someone looked at the account and the indicators. I think our next step is to write a letter to Meta legal alleging gross neglect after being presented with evidence of identity theft. Maybe that finally would get someone's attention. I'm nearly to the point where I would potentially spend thousands of dollars of my own money for a lawyer just to prove a point.
Anecdote (why I think it is a scam)- I had a FB account, I needed it for a previous job but didn't want it. I set up a random email address at a host I had never used, had a made-up FB name, and used a password generator for both the email address and FB accounts. My FB account had almost no activity besides viewing company posts. FB was only used from a single desktop computer. Passwords were stored in my (local only desktop) password manager.
After a couple years, FB emailed me and claimed my account was hacked. The "hacker" changed my profile picture (was a blank avatar icon) to an AI photo of a random guy. Facebook says it is hacked but they keep it visible, my two friends are still friends with the old account (they know it was hacked). FYI - I didn't care enough to send them a copy of my ID, nor did my ID match my user name, so I couldn't reclaim my account.
How would a hacker combine a random username, with a random email (has not been pwnd) only used for FB, guess a ~20 character random password, etc? And why, to steal an account with no followers and to do nothing with the account? That is a lot of work and criminal charges for nothing.
I am fine with FB saying the account was hacked and closing it. It has been years and the account is still live. Is it "active" and counted towards their users? They have a HUGE financial incentive to keep and count all accounts, and they have no oversite to verify accounts since it is all calculated internally with opaque algorithms.