Blog

• Should we worry about Robin Sage?

In 1996, a physicist named Alan Sokol published an article in Social Text, a cultural studies journal.  It was called “Transgressing the Boundaries: Toward a Transformative Hermeneutics of Quantum Gravity,” and as the name suggests, it’s pretty impenetrable.  You can check it out here.  Soon after it came out, he published an article in the now-defunct Lingua Franca, saying that the first article had been a hoax.  He said he did it to see if the journal “publish an article liberally salted with nonsense if (a) it sounded good and (b) it flattered the editors’ ideological preconceptions.”

I remember feeling pretty sympathetic to the Social Text editors at the time — which was before I was immersed in legal academia, where most of the law reviews are run by students and don’t perform what other fields would recognize as formal peer review.  Publishing an article doesn’t mean that the journal editors agree with everything it says, and no doubt the Social Text editors had little experience dealing with physics.  Sure, they could have sent it to other physicists, but in the meantime they probably welcomed what looked like a rare attempt by someone from the hard sciences to communicate with an otherwise-alien audience, even if the person was deemed an apostate by his colleagues.  Moreover, being of the postmodern deconstructionist bent, they gleaned a lot from the text — no doubt more than what its insincere author had put in.  (As Wiki says they put it: “its status as parody does not alter, substantially, our interest in the piece, itself, as a symptomatic document.”)

I was reminded of the Sokal Affair when I read Thomas Ryan’s presentation to the 2010 Black Hat conference about one Robin Sage.  This isn’t the U.S. special ops training exercise conducted each year, but rather a fake identity the author created on LinkedIn and elsewhere.



The author says he intentionally chose the photo of a young, attractive woman in order to better do what he did next: friend a bunch of security professionals on LinkedIn.  He says that Robin’s success in social networking said something about the security chops of those who friended her.

I’m not so sure.  He convincingly writes that her profile’s credibility could be debunked with a little Internet sleuthing, but I don’t think it’s surprising that many social network users regularly go to such lengths.  Some people are picky about from whom they allow connections; others are content to accept anything that looks like it’s not a spammer — and Robin was not.

Ryan includes some snippets of messages that Robin received from her new connections.  One asked her to review a paper he was writing; another complimented her on her looks; another pointed out a job opportunity.  I’m not sure any of these is troublesome.  Ryan figures that if the paper were shared and was pre-publication, a malevolent person behind the Robin persona could have passed it off as his or her own.  That’s a bit of a reach.  Yes, anything can happen, but there are risks in any communication or interaction with a stranger or mere acquaintance.  Ryan says in his paper’s summary that Robin was offered “gifts, government and corporate jobs, and options to speak at a variety of security conferences.”  But when that’s unpacked in the main text, it’s all very tentative — pointing out a job opportunity is not the same as offering a job, and suggesting interest in a conference is not the same as vetting the presentation should the interest be reciprocated.  There’s an intriguing section of the paper about the gender dynamic — Ryan intentionally chose a young, attractive woman as Robin’s avatar, ’and suggests that “Whether these same reactions would have been elicited towards another male is questionable. It can be put forth that Robins appearance and gender played a key role in many people’s comfort level.”

There’s some interesting research on this sort of thing, such as a study by researchers at the University of Wisconsin in which identical resumes were sent for academic jobs with only the names switched from one gender to another.  They found that men were given more opportunities than their identical women counterparts.  At the very least, gender comfort level can cut both ways, and Ryan’s experiment was, I think even by his own account, as casual as Alan Sokol’s with Social Text.  It’s more to make a provocation than to actually investigate gender bias or sloppy intellectual work, respectively.

The Robin Sage experiment — and the lessons we’re supposed to draw from it — interest me because I’m interested in the ways in which kindness among strangers can be crucial to the world being a good place to live — and the Internet functioning at all.  It’s not surprising that a security professional would conduct an experiment in which people were duped into friending someone who wasn’t real and then conclude that those people were observing security practices that were too lax.  But the more you think about it, the more you can think of all sorts of similar experiments: offer to help someone with his or her shopping bags, and then drop them.  See someone taking a picture of his friends in a park, offer to do it so he can join the picture, and then run away with the camera.  Hold a door for someone, and then hit them from behind.  Should an experimenter do any of these, would the lesson be about the gullibility of the target or the cruelty of the experimenter?

To be sure, Ryan’s experiment was conducted among fellow security professionals.  He suggests that Robin’s fake job description suggested that she held a U.S. federal government security clearance — so other people with clearances might be misled into sharing classified information with her.  But there’s no reason to think that people would spill secrets under those circumstances any more than you’d write a check for $5,000 or give your home address to a brand new “friend” on Facebook.

The beauty of social networks like LinkedIn or Facebook is that they allow a level of connection with someone that has no easy real-world analogue.  LinkedIn can be for colleagues and friends, but it also can include faraway students who want to connect with a professor they’ve never met — and maybe never will — or any number of other configurations.  Just because Wikipedia allows anyone to edit most of its pages, doesn’t mean that it innately and permanently trusts every edit.  The system is set up to be able to revert the work of vandals, and any example of how “easy” it is to vandalize a Wikipedia page is beside the point.  The idea there is that there are more people quickly responding to vandals than there are vandals — so an open system functions.  Similarly, so long as we don’t share more than we mean to, the presence of strangers among our LinkedIn colleagues or even Facebook friends shouldn’t be a red flag.  More might be gained from “friends we haven’t met” than lost to the occasional bad actor.

So: pleased to meet you, Thomas Ryan — if that’s who you really are.  And even if it’s not.  …JZ

• Reputation bankruptcy

Google CEO Eric Schmidt created buzz (and some shock and criticism) when he suggested in a recent Wall Street Journal interview that, in the not too distant future, “every young person…will be entitled automatically to change his or her name on reaching adulthood in order to disown youthful hijinks stored on their friends’ social media sites.”

I’ve been intrigued by these concepts, too, and while I don’t think people should have to change their names to escape their pasts — whether earned or unearned — I like the idea of reputation bankruptcy.  It’s taken up as a partial solution to peer-to-peer privacy problems in the Future of the Internet:

Search is central to a functioning Web, and reputation has become central to search. If people already know exactly what they are looking for, a network needs only a way of registering and indexing specific sites. Thus, IP addresses are attached to computers, and domain names to IP addresses, so that we can ask for www.drudgereport.com and go straight to Matt Drudge’s site. But much of the time we want help in finding something without knowing the exact online destination. Search engines help us navigate the petabytes of publicly posted information online, and for them to work well they must do more than simply identify all pages containing the search terms that we specify. They must rank them in relevance. There are many ways to identify what sites are most relevant. A handful of search engines auction off the top-ranked slots in search results on given terms and determine relevance on the basis of how much the site operators would pay to put their sites in front of searchers. These search engines are not widely used. Most have instead turned to some proxy for reputation. As mentioned earlier, a site popular with others—with lots of inbound links—is considered worthier of a high rank than an unpopular one, and thus search engines can draw upon the behavior of millions of other Web sites as they sort their search results. Sites like Amazon deploy a different form of ranking, using the “mouse droppings” of customer purchasing and browsing behavior to make recommendations—so they can tell customers that “people who like the Beatles also like the Rolling Stones.” Search engines can also more explicitly invite the public to express its views on the items it ranks, so that users can decide what to view or buy on the basis of others’ opinions. Amazon users can rate and review the items for sale, and subsequent users then rate the first users’ reviews. Sites like Digg and Reddit invite users to vote for stories and articles they like, and tech news site Slashdot employs a rating system so complex that it attracts much academic attention.

eBay uses reputation to help shoppers find trustworthy sellers. eBay users rate each others’ transactions, and this trail of ratings then informs future buyers how much to trust repeat sellers. These rating systems are crude but powerful. Malicious sellers can abandon poorly rated eBay accounts and sign up for new ones, but fresh accounts with little track record are often viewed skeptically by buyers, especially for proposed transactions involving expensive items. One study confirmed that established identities fare better than new ones, with buyers willing to pay, on average, over 8 percent more for items sold by highly regarded, established sellers. Reputation systems have many pitfalls and can be gamed, but the scholarship seems to indicate that they work reasonably well. There are many ways reputation systems might be improved, but at their core they rely on the number of people rating each other in good faith well exceeding the number of people seeking to game the system—and a way to exclude robots working for the latter. For example, eBay’s rating system has been threatened by the rise of “1-cent eBooks” with no shipping charges; sellers can create alter egos to bid on these nonitems and then have the phantom users highly rate the transaction. One such “feedback farm” earned a seller a thousand positive reviews over four days. eBay intervenes to some extent to eliminate such gaming, just as Google reserves the right to exact the “Google death penalty” by de-listing any Web site that it believes is unduly gaming its chances of a high search engine rating.

These reputation systems now stand to expand beyond evaluating people’s behavior in discrete transactions or making recommendations on products or content, into rating people more generally. This could happen as an extension of current services—as one’s eBay rating is used to determine trustworthiness on, say, another peer-to-peer service. Or, it could come directly from social networking: Cyworld is a social networking site that has twenty million subscribers; it is one of the most popular Internet services in the world, largely thanks to interest in South Korea. The site has its own economy, with $100 million worth of “acorns,” the world’s currency, sold in 2006.

Not only does Cyworld have a financial market, but it also has a market for reputation. Cyworld includes behavior monitoring and rating systems that make it so that users can see a constantly updated score for “sexiness,” “fame,” “friendliness,” “karma,” and “kindness.” As people interact with each other, they try to maximize the kinds of behaviors that augment their ratings in the same way that many Web sites try to figure out how best to optimize their presentation for a high Google ranking. People’s worth is defined and measured precisely, if not accurately, by the reactions of others. That trend is increasing as social networking takes off, partly due to the extension of online social networks beyond the people users already know personally as they “befriend” their friends’ friends’ friends.

The whole-person ratings of social networks like Cyworld will eventually be available in the real world. Similar real-world reputation systems already exist in embryonic form. Law professor Lior Strahilevitz has written a fascinating monograph on the effectiveness of “How’s My Driving” programs, where commercial vehicles are emblazoned with bumper stickers encouraging other drivers to report poor driving. He notes that such programs have resulted in significant accident reductions, and analyzes what might happen if the program were extended to all drivers. A technologically sophisticated version of the scheme dispenses with the need to note a phone number and file a report; one could instead install transponders in every vehicle and distribute TiVo-like remote controls to drivers, cyclists, and pedestrians. If someone acts politely, say by allowing you to switch lanes, you can acknowledge it with a digital thumbsup that is recorded on that driver’s record. Cutting someone off in traffic earns a thumbs-down from the victim and other witnesses. Strahilevitz is supportive of such a scheme, and he surmises it could be even more effective than eBay’s ratings for online transactions since vehicles are registered by the government, making it far more difficult escape poor ratings tied to one’s vehicle. He acknowledges some worries: people could give thumbs-down to each other for reasons unrelated to their driving—racism, for example. Perhaps a bumper sticker expressing support for Republicans would earn a thumbs-down in a blue state. Strahilevitz counters that the reputation system could be made to eliminate “outliers”—so presumably only well-ensconced racism across many drivers would end up affecting one’s ratings. According to Strahilevitz, this system of peer judgment would pass constitutional muster if challenged, even if the program is run by the state, because driving does not implicate one’s core rights. “How’s My Driving?” systems are too minor to warrant extensive judicial review. But driving is only the tip of the iceberg.

Imagine entering a café in Paris with one’s personal digital assistant or mobile phone, and being able to query: “Is there anyone on my buddy list within 100 yards? Are any of the ten closest friends of my ten closest friends within 100 yards?” Although this may sound fanciful, it could quickly become mainstream. With reputation systems already advising us on what to buy, why not have them also help us make the first cut on whom to meet, to date, to befriend? These are not difficult services to offer, and there are precursors today. These systems can indicate who has not offered evidence that he or she is safe to meet—as is currently solicited by some online dating sites—or it may use Amazon-style matching to tell us which of the strangers who have just entered the café is a good match for people who have the kinds of friends we do. People can rate their interactions with each other (and change their votes later, so they can show their companion a thumbs-up at the time of the meeting and tell the truth later on), and those ratings will inform future suggested acquaintances. With enough people adopting the system, the act of entering a café can be different from one person to the next: for some, the patrons may shrink away, burying their heads deeper in their books and newspapers. For others, the entire café may perk up upon entrance, not knowing who it is but having a lead that this is someone worth knowing. Those who do not participate in the scheme at all will be as suspect as brand new buyers or sellers on eBay.

Increasingly, difficult-to-shed indicators of our identity will be recorded and captured as we go about our daily lives and enter into routine transactions— our fingerprints may be used to log in to our computers or verify our bank accounts, our photo may be snapped and tagged many times a day, or our license plate may be tracked as people judge our driving habits. The more our identity is associated with our daily actions, the greater opportunities others will have to offer judgments about those actions. A government-run system like the one Strahilevitz recommends for assessing driving is the easy case. If the state is the record keeper, it is possible to structure the system so that citizens can know the basis of their ratings—where (if not by whom) various thumbs-down clicks came from—and the state can give a chance for drivers to offer an explanation or excuse, or to follow up. The state’s formula for meting out fines or other penalties to poor drivers would be known (“three strikes and you’re out,” for whatever other problems it has, is an eminently transparent scheme), and it could be adjusted through accountable processes, just as legislatures already determine what constitutes an illegal act, and what range of punishment it should earn.

Generatively grown but comprehensively popular unregulated systems are a much trickier case. The more that we rely upon the judgments offered by these private systems, the more harmful that mistakes can be. Correcting or identifying mistakes can be difficult if the systems are operated entirely by private parties and their ratings formulas are closely held trade secrets. Search engines are notoriously resistant to discussing how their rankings work, in part to avoid gaming—a form of security through obscurity. The most popular engines reserve the right to intervene in their automatic rankings processes—to administer the Google death penalty, for example—but otherwise suggest that they do not centrally adjust results. Hence a search in Google for “Jew” returns an anti- Semitic Web site as one of its top hits, as well as a separate sponsored advertisement from Google itself explaining that its rankings are automatic. But while the observance of such policies could limit worries of bias to search algorithm design rather than to the case-by-case prejudices of search engine operators, it does not address user-specific bias that may emerge from personalized judgments.

Amazon’s automatic recommendations also make mistakes; for a period of time the Official Lego Creator Activity Book was paired with a “perfect partner” suggestion: American Jihad: The Terrorists Living Among Us Today. If such mismatched pairings happen when discussing people rather than products, rare mismatches could have worse effects while being less noticeable since they are not universal. The kinds of search systems that say which people are worth getting to know and which should be avoided, tailored to the users querying the system, present a set of due process problems far more complicated than a stateoperated system or, for that matter, any system operated by a single party. The generative capacity to share data and to create mash-ups means that ratings and rankings can be far more emergent—and far more inscrutable.

As biometric readers become more commonplace in our endpoint machines, it will be possible for online destinations routinely to demand unsheddable identity tokens rather than disposable pseudonyms from Internet users. Many sites could benefit from asking people to participate with real identities known at least to the site, if not to the public at large. eBay, for one, would certainly profit by making it harder for people to shift among various ghost accounts. One could even imagine Wikipedia establishing a “fast track” for contributions if they were done with biometric assurance, just as South Korean citizen journalist newspaper OhmyNews keeps citizen identity numbers on file for the articles it publishes. These architectures protect one’s identity from the world at large while still making it much more difficult to produce multiple false “sock puppet” identities. When we participate in other walks of life—school, work, PTA meetings, and so on—we do so as ourselves, not wearing Groucho mustaches, and even if people do not know exactly who we are, they can recognize us from one meeting to the next. The same should be possible for our online selves. []

As real identity grows in importance on the Net, the intermediaries demanding it ought to consider making available a form of reputation bankruptcy. Like personal financial bankruptcy, or the way in which a state often seals a juvenile criminal record and gives a child a “fresh start” as an adult, we ought to consider how to implement the idea of a second or third chance into our digital spaces. People ought to be able to express a choice to de-emphasize if not entirely delete older information that has been generated about them by and through various systems: political preferences, activities, youthful likes and dislikes. If every action ends up on one’s “permanent record,” the press conference effect can set in. Reputation bankruptcy has the potential to facilitate desirably experimental social behavior and break up the monotony of static communities online and offline. As a safety valve against excess experimentation, perhaps the information in one’s record could not be deleted selectively; if someone wants to declare reputation bankruptcy, we might want it to mean throwing out the good along with the bad. The blank spot in one’s history indicates a bankruptcy has been declared—this would be the price one pays for eliminating unwanted details.

The key is to realize that we can make design choices now that work to capture the nuances of human relations far better than our current systems, and that online intermediaries might well embrace such new designs even in the absence of a legal mandate to do so.

(And, as long as we’re talking about reputation — you can check out Dan Solove’s excellent book on the future of reputation here.)

• Net neutrality: the FCC takes back the ball

There’s some movement in the U.S. network neutrality debates under a rather dry heading: “Further Inquiry Into Two Under-Developed Issues in the Open Internet Proceeding.”

So far: a couple weeks ago Google and Verizon announced a “legislative framework proposal” to “preserve the open Internet and the vibrant and innovative markets it supports, to protect consumers, and to promote continued investment in broadband access,”  blogged here.  The proposal emerged in the vacuum created by a Federal court ruling overturning the FCC’s regulation of Comcast’s throttling of peer-to-peer traffic, and it was criticized harshly by a number of open Internet advocates as an undue boon to the network providers’ interests.

Now the FCC has re-entered the picture with its September “further inquiry,” and done so with a deft touch.  First, by seeking additional comments, the document makes it clear that its “NPRM” — a proceeding to craft rules to promote an open Internet that many thought the Comcast decision had derailed — is still alive.  Exactly how any rules will be made is not discussed; instead, the FCC notes the areas where consensus has been reached: some conception of net neutrality is a good idea, at least on non-wireless platforms; that network practices should be disclosed; that net neurality shouldn’t preclude reasonable network management practices by ISPs; and that case-by-case, flexible adjudication beats lengthy and complex rules.

That’s an astute move: to the extent that the Google/Verizon document represented horse trading — “I’ll agree that net neutrality should apply to wired networks if you agree that it’s too soon to talk about rules for wireless” — the FCC has moved rhetorically to lock in the parts of the deal that most embrace an open Internet by pointing out that there’s now consensus on those points.

That leaves the most controversial parts of the agreement as objects for further inquiry, and it’s where the FCC is looking for more public comments.  These “under-developed issues” are on the confusing “specialized services” and the less confusing (but no less challenged) wireless proposed exemptions (or at least temporary relief) from net neutrality rules.

There, the FCC offers a lucid and measured summary of the state of play on each issue, along with some initial thoughts on ways to resolve each, drawing from among the many comments already received from industry and public interest participants.  For specialized services, there’s the question of what happens when a network provider wants to use the pipe it has into someone’s house or business for something independent of vanilla Internet broadband.  There are legacy examples of this: the same wires that carry a phone company’s Internet DSL service carry regular old telephone service, too; and the same cable company coax that carries broadband also carries cable TV.  Indeed, those “specialized” services used to be the main ones, with the Internet as the afterthought.

It would be strange to say that the same net neutrality principles that mean Comcast can’t favor access to cnn.com over foxnews.com also ought to mean that Comcast can’t favor MTV over Animal Planet in basic cable.  Basic cable is Comcast’s to fill as it pleases, conducting all sorts of deals to figure out whether a new channel should be cute cats or pay-per-view boxing.  (To be sure, this is with the exception of the byzantine and ill-considered “must carry” rules that give legacy TV broadcasters a chance to demand a corresponding cable channel without having to negotiate a deal for it — while also allowing those broadcasters to refuse to allow the cable company to carry the channels unless they cut a deal.  That’s Congress’s mess, though, not the FCC’s.)

So the strongest view against specialized services might be: OK, network providers, maybe you keep your legacy specialized services, but other than that, we want you to use your bandwidth for open Internet.  But then one could see new specialized services shoehorned in via one’s telephone (“Look, a new handset with a screen to plug into the regular phone line!”) or cable (“A new channel called the Best of YouTube, with fast forward, rewind, and favorite buttons on my cable remote!”).  The puzzle is: if we want to give those legacy modalities a chance to freshen up, or even contemplate new kinds of specialized services not anchored in the old ones, can we do it without the prospect of diminishing the open Internet that’s currently so popular over those very wires?  The Internet tail stands to wag the telco/cable/TV dog to which it was first attached; how to mediate between them now, if at all, should the dog (and its more proprietary frame) stage a comeback?

Check out pp. 2-4 of the FCC’s document for its own view of the issue, along with some approaches that could help situate specialized services without simply banning them.  I’m intrigued with the idea of guaranteed capacity for regular Internet service — in other words, new specialized services should not be used to shrink the pie for regular Internet offerings.  Experimentation could continue apace on the open Internet, with some of its best results then bottled up and offered sleekly through a more appliancized offering.  So long as there’s still general public access to and broad usage of the regular Internet, a hybrid ecosystem could offer the best of both worlds.  In a way, it’s preferable to have generative and “sterile” environments side-by-side than to have generative environments compete with “contingently generative” ones.  The latter is like the case of the iPhone — to a developer, it acts just like the open PC environment, where anyone can code for it and reach consumers, until it doesn’t — Apple bans a particular app or changes its rules after achieving huge market share.

And speaking of mobile smartphones, there’s then the question of wireless.  Some net neutrality advocates might ask: what question, saying that it should be treated the same as everything else — as Internet protocols intended.  Others, most directly the wireless carriers themselves, say that nondiscrimination rules will constrain their investment in building out the more nascent wireless infrastructure.  Again the FCC lays out some options, and for the first time that I’ve seen, asks the question not only of net neutrality for use of wireless bandwidth, but app neutrality for developers’ access to a smartphone platform’s app store.  I’ve got my own views on that question, and the FCC neatly asks if perhaps rules on one could help justify an absence of rules on the other: maybe app neutrality would make us worry less about network discrimination, or net neutrality could still permit app discrimination.

Despite the nondescript eponymous title that suggests that it’s just another abstruse government document, the FCC’s further inquiry is worth a read.  And its contents signal that regulators can be reassuringly versed in the topics they’ve taken up, even as their power to regulate remains in question.  There are still some moves the FCC could make to create net neutrality rules in the absence of a new statute, and without mentioning (much less taking) them, the invitation to comment is one the major parties to the debate won’t ignore.

• Has the Future of the Internet come about?

This week there’s an online symposium at Concurring Opinions about the Future of the Internet — And How to Stop It. I’ll be blogging there; in the meantime here’s my opening entry. Read more »

• FTC goes after astroturfing

Last week the U.S. Federal Trade Commission announced a settlement with Reverb Communications, a firm that describes its business as a:

… full service videogame agency that provides public relations, marketing, and sales services through one integrated campaign to the interactive entertainment and music industry.  Using precise messaging and calculated marketing campaigns, we are able to drive consumer and industry demand for our clients’ products, resulting in increased product sales.

According to the FTC’s complaint, some of the “precise messaging” involved the firm putting in fake positive user reviews of various video games on the iTunes store.

I haven’t been able to track down Reverb’s answer to the charges except a statement repeated here, a blog entry that reports some additional details of how the FTC got onto Reverb’s trail.  Reverb is said to have said:

During discussions with the FTC, it became apparent that we would never agree on the facts of the situation. Rather than continuing to spend time and money arguing, and laying off employees to fight what we believed was a frivolous matter, we settled this case and ended the discussion because as the FTC states: “The consent agreement is for settlement purposes only and does not constitute admission by the respondents of a law violation.”

That sounds like a non-denial denial, and the FTC appears to be doing good work here.  In the fall of ’09 it announced that paid commercial endorsements had to be disclosed — even on Twitter, Facebook, and in blogs.  There was some handwringing over this — would the government be going after any blogger who says something good about something and might have a financial interest in it?  It is not particularly easy to predict, especially since the FTC, unlike other Federal agencies, does not do formal rulemakings — it can only announce guidelines and then bring one enforcement action at a time under its general charter to combat unfair or deceptive trade practices.

The Reverb case provides a good example of how the FTC is thinking about applying its limited staff power: to professional organizations working to subvert ratings schemes.  That’s a good place to start; if nascent ratings schemes are to work, it’s helpful to know what the boundaries are — especially to PR and marketing firms that don’t want to have to race to the bottom.  Now they can tell their clients that they’re just not able to help out with fake reviews.  (In the meantime, the Reverb main home page is showing a generic parked message — odd.)

I remain curious how effective sites like subvertandprofit.com are.  S&P says it:

… runs social media campaigns across a variety of social media sites, via our 25,000 users who earn money by viewing, voting, fanning, rating, or posting assigned tasks. Since 2007, our user actions have effectively promoted our advertisers’ web content to popularity at significant cost savings. In 2010, Subvert and Profit merged with Crowdsource Corp. to extend the power of crowdsourcing to a variety of social and business applications.

More directly, S&P tells advertisers that they can:

Buy votes on social media sites.

1. Sign up.
2. Add funds to your account.
3. Buy votes.
4. Get visitors to your site for cheap.
5. Repeat.

And in turn, social media users can “get paid just for clicking buttons.”

Perhaps they or other intermediaries that help to launder ratings could find themselves answering some questions from the FTC.  I see the domain for subvertandprofit is registered in Massachusetts, so I’ve sent an email to its owner — I’ll update this post if I hear anything.

About Jonathan Zittrain

Jonathan Zittrain is Professor of Law at Harvard Law School and co-founder of the Berkman Center for Internet and Society at Harvard Law School