Marco's Blog

All content strictly personal opinions.
en eo

Locked out of Facebook

2008-02-11 4 min read Web marco

No sooner do I discover the new personals ad on Facebook that I start getting flagged for sending too many messages. It starts with a warning that you are about to exceed your quota for sending messages, that you have to slow down. This message shows up every time you send a message. Then I am shut out: I can use Facebook, can receive and read messages, but cannot send them.

Now, how many messages can you send until you get blocked? I didn’t send a lot, despite the Personals app. I counted them, and despite the fact it’s hard to figure out from the FB message box, it’s about 50 in 5 days.

Would you think that 10 messages a day is such an egregious abuse that you should get flagged because of it? Would you think that if you send a message every hour, that still doesn’t count as “slowing down”?

I figure there must be something else going on. For instance, the application may have flagged the fact I am sending a lot of messages that aren’t getting answers. Now, that would be a good way to figure out there is a spammer working.

How would that happen? Well, the personals app, Are YOU Interested allows you to view a series of profile snapshots. You decide whether you like someone or not, and they get a chance to (a) know you like them, and (b) choose that they like you.

Now, when I get someone that says they like me, I feel compelled to get in touch with them. I know, it’s hard to imagine an introvert like me doing that. Maybe I’m not much of an introvert in the first place – I like meeting people.

{moszoomimglink:Snowball fight in Heavenly 2} Now, given privacy settings on Facebook, the message gives people access to my account information. The only thing they knew about me in the beginning is my age, location, and this picture:

Once they get to my profile, they actually see what I look like:

{moszoomimglink:Marco grinning}

No wonder they don’t reply! Laughing

Now, what’s the problem? Well, If Facebook decides that mine is an abusive pattern, it should state that. Of course someone in security is doing their usual job with Security Best Practices™, the proven Internet way of screwing people into unusable applications. In this case, the SBP™ that “applies” (I use the word in a very loose way) is the “minimal information” principle: never give people an indication of the numbers, quotas, and limits that are in place, because they can use the information to get around the intent of the limit.

Of course, that’s BS from the old days when people spent all their time guessing what things were going on. Creating accounts was socially expensive, and keeping those accounts clean was paramount.

Nowadays, anyone can create as many accounts on Facebook as they want, so that someone determined to find out the limits can just do so by creating as many accounts as needed and then getting a profile of unacceptable behavior. It’s a little like the card counters in Vegas.

So, the vague “you need to slow down” is plain idiotic, because it doesn’t tell you what “slowing down” means. Similarly, “slowing down” is not the problem, but detected abusive behavior. If the application had said “you are sending too many messages to people that don’t care”, I would have known what to do.

Instead, Facebook chose to tell me nothing of value, or even worse: told me something that didn’t make any sense, and as a consequence locked me out.

The attitude that leads to this is usually fairly simple: the guys that implement the security and privacy features are usually not the best developers. Even if they are, they typically resent the task. And even if they don’t, they are typically steeped in a culture that thinks it doesn’t matter if the product is still usable, since you are defending a greater good.

Well done, Facebook!