Facebook has filed a lawsuit in a federal court in California against a software engineer who developed ad cloaking software to allow scams to run on Facebook. Basant Gajjar, operating under the name LeadCloak, helped publishers circumvent the automated ad review system and run adverts that violated Facebook standards. Apart from Facebook, the ad cloaking technology also targeted other companies, including Google, Oath, Shopify, and WordPress. The company filed five similar lawsuits in 2019 against companies that abused its platform and compromised its users’ information.
Scams allowed to run by circumventing automated ad review systems
LeadCloak allowed both deceptive adverts and scams to run on the Facebook platform. The cloaking software was used to conceal websites running scams related to the coronavirus pandemic. Other deceptive ads allowed to run through ad cloaking include cryptocurrencies, pharmaceuticals, and diet pills. LeadCloak’s technology also allowed fake news sites and other misleading products and services to be advertised on both Facebook and Instagram.
How ad cloaking works
According to Facebook’s statement, cloaking is a malicious technique that impairs ad review systems by concealing the nature of the website linked to an ad. When ads are cloaked, a company’s ad review system will see a website showing an innocuous product such as a sweater, but a user will see a different website, promoting deceptive products and services, which in many cases violate Facebook standards.
Facebook added that it had employed additional measures against customers who used the technology. The company has already deleted accounts of users who used the technology and will seek enforcement actions against them. The company hopes the federal lawsuit will reveal more advertises who used the system to display prohibited goods and services.
Facebook’s Integrity Team Lead Rob Leathern says that ad cloaking technologies use geolocation, IP address lookup, and user agent checkup to serve different content between actual users and automated review systems such as Googlebot.
Leathern said they are working with other companies to share threat intelligence and enforce accountability for users who apply the prohibited technology.
Facebook had, in the past, taken similar steps by suing a Hong Kong-based company, ILikeAd, for tricking users with bogus links that compromised their accounts. The company applied various tricks to hijack users’ accounts, including ‘celeb baiting.’ Facebook ended up paying over $4 million in refunds to users whose accounts were compromised. A similar lawsuit involved a New Jersey-based data analytics firm, OneAudience, that harvested users’ data.
Facebook under pressure
Facebook has come under pressure for not doing enough to protect its users. By taking legal action against violators, Facebook hopes to discourage developers from taking advantage of its system vulnerabilities.
However, it is yet to achieve any substantial outcome through such lawsuits. The most effective method that Facebook can guarantee users’ security on its platform is by implementing proper security measures that are difficult to defeat by people who wish to abuse the platform.
The abuse of its platform comes at a significant moment when the country is preparing for presidential elections. During the last election, an analytics company, Cambridge Analytica, compromised millions of users’ data for political targeting. Ad cloaking technology would likely be used to run fake news campaigns to spread political propaganda.