Facebook's Like button can still easily be gamed

Many websites are not using updated APIs that would prevent Likes from being easily faked

Facebook's Like button is a pervasive feature of the Web, a way to gauge the popularity of a website or piece of content. But researchers have found it's easy to inflate the numbers, undermining its value as an accurate measure of popularity.

The problem of bogus Likes has been around for some time, and Facebook has released updates to its software over the last couple of years to cut down on fraudulent ones generated by spammers.

But researchers with McGill University's School of Computer Science in Montreal say the social networking company still hasn't fixed several major problems with the feature. This week, they released a research paper outlining the problems, which they first told Facebook about in early 2013.

"Those Like numbers may be faked," said Xue Liu, a professor of computer science at McGill, in a phone interview. "There are easy ways to generate those fake Likes, and unfortunately on the Internet, a lot of companies and economic benefits are related to the number of Likes now."

Facebook officials couldn't be immediately reached for comment. The research is important because companies may be making marketing spend decisions based on Likes. There are thriving marketplaces for people to buy fake Likes, which can cost around US$30 for 1,000.

Also, average Facebook users may not be aware of exactly what kind of actions generate a Like. It's generally assumed that a single user can only generate one Like, but that's not actually the case. Sharing a link on Facebook from a source with an embedded Like button increases the count by one.

If the same user comments on the post, the Like button continues to rise. A demo video shows how a spammer could write a script that posts a piece of content on Facebook and then adds nonsensical comments, each of which causes the Like count to tick up once.

In that example, 30 Likes were quickly generated. The researchers found it was possible to generate up to 20 likes per minute by creating a post, adding fake comments, deleting the post and repeating. Those actions didn't trigger a rate-limiting feature in Facebook that might have frozen the account for a while.

The flaw has been around for years and is apparently rooted in outdated Facebook APIs that are still used by many websites, including CNN, ABC News, The Huffington Post and The Economist, according to their research paper.

What's useful about their method is that it can generate a high number of Likes using only a single account. It means that spammers wouldn't need to take the time and expense of creating a high number of zombie accounts that would likely be detected and removed by Facebook.

Another demonstration video shows how a Like -- which is essentially a soft endorsement -- can appear out of context and may actually be contrary to a user's real opinion.

The researchers created a fake Web page for demonstration purposes that promoted disgraced investor Bernard Madoff. The website had an embedded Like button. If the site's URL was shared on Facebook, anyone who commented on it would increase the page's Like count, even though it's doubtful anyone would truly endorse it.

But people who visited the Web page would have seen an ever-rising Like count, giving the impression that the site is worthy. Other large online services, such as YouTube and Quora have worked around this contextual problem by adding "dislike" or "downvote" buttons.

The researchers also found if a Facebook user deletes a post, the Like count doesn't correspondingly drop.

Facebook wraps a lot of data into the little number next to the Like button. The company is straightforward about it in its documentation, saying that a Like includes not only the people who hit the button, but also the number of times the URL has been shared and the number of comments. But some people may not know that.

The paper was also co-authored by Xinye Lin and Mingyuan Xia of McGill's School of Computer Science.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags Internet-based applications and servicesMcGill Universitysecuritysocial networkinginternetFacebook

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?