Threat Actors looking to manipulate us can exploit vulnerabilities to increase their probability of success. Sometimes a vulnerability is in a platform, sometimes the vulnerability exists in our very own BRAINS!!!! This one is a platform one.
ProPublica’s examination showed that ads from Google are more likely to appear on misleading articles and websites that are in languages other than EnglishFrom “How Google’s Ad Business Funds Disinformation Around the World” by Craig Silverman, Ruth Talbot, Jeff Kao and Anna Klühspies for ProPublica on 29 Oct 2022.
What is this Vulnerability?
Online platforms generally don’t want to host harmful content (it’s bad for business). One way they can tell if there’s undesirable stuff on their site is by having humans check every single thing that’s been posted. You would need to hire lots of people to pull that off though (also bad for business), so a shortcut can be to automatically remove or flag for moderation posts which contain phrases indicative of harmful content.
While automation can save money, it can also mean less efficient removal of harmful content in non-English languages. For example, an investigation found that Google had placed adverts on harmful content in non-English languages, violating Google’s stated policy barring the placement of ads on content that makes unreliable or harmful claims.
A former Google leader who worked on trust and safety issues acknowledged that the company focuses heavily on English-language enforcement and is weaker across other languages and smaller markets. They told ProPublica it’s because Google invests in oversight based on three key concerns.
“The number one is bad PR — they are very sensitive to that. The second one is trying to avoid regulatory scrutiny or potentially regulatory action that could impact their business. And number three is revenue,” said the former leader, who agreed to speak on the condition that their name not be used in order not to hurt their business and career prospects. “For all these three, English-speaking markets primarily have the biggest impact. And that’s why most of the efforts are going into those.”From “How Google’s Ad Business Funds Disinformation Around the World” by Craig Silverman, Ruth Talbot, Jeff Kao and Anna Klühspies for ProPublica on 29 Oct 2022.
Platforms decide to cater to a global market, without being able to adequately protect non-English language communities:
“These companies have decided to go global in their services, and that was their own decision for growth and to make revenue,” [Alexandre Alaphilippe, executive director of the EU Disinfo Lab] said. “It’s not possible to make this choice and not face the accountability needed to be in all of these countries at the same time.”From “How Google’s Ad Business Funds Disinformation Around the World” by Craig Silverman, Ruth Talbot, Jeff Kao and Anna Klühspies for ProPublica on 29 Oct 2022.
“If the world’s largest online advertising platform doesn’t care that it has made false information, hate speech and toxic propaganda profitable in societies like ours, and has no intention to do anything to change because it wouldn’t financially pay off, that is devastating,” said Tijana Cvjetićanin, a member of the editorial board of Bosnian fact-checking site Raskrinkavanje, which shared data with ProPublica.From “How Google’s Ad Business Funds Disinformation Around the World” by Craig Silverman, Ruth Talbot, Jeff Kao and Anna Klühspies for ProPublica on 29 Oct 2022.
How do Threat Actors exploit this Vulnerability?
In a way this vulnerability enables Algospeak, a technique used by threat actors to replace terms they believe would trigger automated moderation with another word, or an emoji.
Basically, English speakers who want to say bad things online can avoid detection using Algospeak, while non-English speakers don’t yet need to worry too much about that.