Facebook’s Identity Authentication Is Broken

Update: Within 24 hours of writing this post, Facebook restored my account. I am happy for this but the problem for Facebook’s identity authentication still exists. It is my hope that engaged thinkers around network identities will continue to put forth potential solutions to these emerging and difficult problems.

You may have read my previous posts about scammers using my personal photos to construct fake identities for the purpose of entering into online romantic relationships with women and defrauding them out of money or goods. If not, here’s the original post which outlines the problem and here is the followup.

Over the better part of seven years, I have notified and reported hundreds of fake profiles, some that have been made up of my name and photos, and others comprised of my photos and alternate names. These profiles have shown up on sites such as Twitter, VK.com, Match.com, Christian Mingle, and most prominently, Facebook. At any given time, there are at least three fake Alec Couros’ on Twitter or Facebook, and likely dozens if not hundreds of others that I do not know about. It has been a frustrating game of wack-a-mole. The other discouraging piece is that many women (at least one per week on average) continue to report to me that they have been scammed, or nearly scammed, by these criminals. In many cases, even when there isn’t a loss of money, there is certainly a high incidence of heartbreak and hurt.

And, while I have successfully had Facebook take down hundreds of profiles, apparently they no longer believe that I am Alec Couros. My Facebook account has been suspended as seen by the notice shared below.


I’ve submitted my government ID with the hope that this will be resolved soon. However, this is incredibly frustrating. My assumption was that a Facebook account that is 7+ years old with over 2000 friends and hundreds of posts would have had some weight in terms of authenticity. I assume also that my profile has been taken down by one of the very scammers that I have been reporting, likely from an account that is fairly new (less than a few months old) and connected to a limited number of friends.

But mostly, I’m really frustrated because the response from Facebook on romance scamming has been entirely absent. Through messages sent through reporting dozens of these fake profiles, I have been regularly, and perhaps naively, offering Facebook my services (for free) to better help them envision a way that they can fix their reporting and authentication system. I am more than happy to pay my way to get to Facebook HQ (or wherever I need to be) to sit down with people and help them fix this. And while, part of this is selfish (I want this 7+ year problem solved once and for all), I really do want to fix this for others.

As an addendum to this post, I want to share my reasons for even wanting a Facebook account. I know that there are countless reasons to quit Facebook altogether. I have thought about closing it down many times. However, I have continued to use Facebook for three main purposes:

  1. I enjoy it. Still. I connect with people there that I do not connect with in any other place. And I enjoy what they have to share. Although there is much content that can be annoying, I feel that Facebook still connects me to people I know well, and people that I want to know more about, in ways that other spaces do not easily allow.
  2. My timeline is meaningful. I regularly look back through my timeline to see what I have posted, and it gives me a sense of who I am and who I have become. Interactions that I’ve had with friends in Facebook still make me laugh and make me cry. My message history, for instance, includes conversations I’ve had with hundreds of people, including my dad. I don’t want to lose those meaningful artefacts.
  3. I’ve used it to verify who I am. Due to the fact that my profile was long-standing and well-connected, the profile seemed from the outside as being more authentic. Thus, this was the place where many of the romance scam victims felt safe to come forward and trust that I am who I say I am. In this way, Facebook helped me protect my identity. While, I’d rather have my identify authenticated through other personally-controlled spaces (like this blog), for many of these victims, my Facebook profile felt like a familiar and trustworthy space.

So, I don’t do this often, but could I ask you to share this post? Certainly, I want my profile restored, and perhaps I’ll only have to wait a few days for this to happen. But more so, I want to help Facebook recognize, remedy, and acknowledge this huge problem that they have with romance scams. Facebook’s identity authentication is broken and it needs to be fixed. And daily, people are being hurt and scammed because of this problem.

Thanks for listening,

The ‘real’ Alec Couros

10 thoughts on “Facebook’s Identity Authentication Is Broken

  1. You have earned a pile of karma chips for the open way you have dealt with the rampant mis-use of your identity. I do not judge anyone’s decision about their choice to be or not be in a space, what I value most is having the ability to choose.

    But this “inevitability of Facebook” –that someone as connected as you still has trouble going Fasebook-less– is a worrisome sign, it’s giving them way too much power. Not only have they allowed scammers to steal your identity, they come and steal it themselves? When will someone give the finger to facebook? That would have been more than the last straw for me.

    So, as some responses:

    (1) Maybe not having been that immersed ever in Facebook, is it really the *only* thing that allows people to connect? Is it that essential, as electricity, water, heat? That too worries me. That people have given so much to Facebook when as a company they only want to financially benefit from you. That they can repeatedly stomp all over your illusion of privacy.

    (2) I totally get the sentimentality of your communications with your Dad. That Facebook gives you access to your timeline, but does give your own timeline to you in a way you can take it with you? Beyond being stingy. That stinks. And I had much worse adjectives in mind. Because it’s not your timeline, it’s theirs. They just build the illusion it’s yours.

    (3) Can you really even say this given they have yanked your identity away from you? Really? Facebook is not there to protect your identity at all.

    Again, totally your call. I know for me, just getting that message would call for a middle finger salute to Facebook. I am a bit surprised at how we are letting them steamroll us over, pretending to give us what is ours.

    I had a pretty low rock bottom opinion of Facebook, and your story sends it a lot lower. If you don’t flip them off, I sure will.

  2. @cogdog:disqus I am not sure if I am supporting the “inevitability of Facebook”. I believe that my identity is multi-faceted and is performed in multiple spaces. I don’t know if I’ve ever stated in those three posts that my identity has been stolen (if so, please correct me). In fact, I cringe when people retweet my posts and say something like “Alec’s identity has been stolen”. My photos have been misused to construct other identities, but I still largely control my identity (as much as we all are able in a TripAdvisor society where others’ perceptions of you weigh more heavily than they have in the past).

    In terms of my third point “to verify who I am”, I am making that point that a Facebook profile with some weight does seem to generate some level of trust. I’d much rather have some of the scammed women report these issues to my blog, but they’re certainly not making the connection. I get reports at either Facebook or at my University email address.

    So, maybe I’ve not adequately relayed what I mean by Facebook allowing me to verify my ID. And, I’m certainly not saying I’d like have Facebook, or Google, or Twitter, or another corporation becoming the primary authenticator of my identity. But, networked identities, as they exist, are authenticated, and seen as valid, through both the weights of the spaces where identity artefacts exist and their relationship to one another. For the victims of online scammers, who seem to have low-level technological literacies, Facebook seems trustworthy. For hyper-connected outliers (like me and you) whose identities are reflected in spaces that we control and those that we don’t, it is easier for us to trust in spaces outside of corporate control.

    There’s much more to say on this … up for a webcast on this topic? It would be neat to bring others together on the state and future of networked identity. Thanks for your comments, Alan.

  3. Fair enough, Alec. The “inevitability of Facebook” is what I read when many people criticize its aspects, but resign themselves to it “because everyone is there” or some similar rationale. That’s not what you have said, so its more of a reaction. My trust in them has never been high, so my own exit is more an experiment to try and show that one can operate online w/o it. So far I’ve been unable to comment on blogs like Anil Dash and maybe skipped trying a few sites because it was an only login option.

    No your identity has not been stolen, but I am not sure what you call it when you have to go to such extremes to Facebook to prove yourself. One could say they are being good at validating. What do you call the feeling when they have taken something away from you that you feel is yours?

    This would be great convo and of course I’d be a part; I really like the approach Jonathan Worth took in his portion of Connected Courses. We need to make more people aware of the risks in going online in a non-fear based way that they can be more confident in their choices. Like just because a company says they are deleting your images, are you really sure they are?

  4. Alex, I’m sorry to hear about your struggles. You are such a strong advocate for the power and benefits of social media, and it’s a shame that representatives from social media companies would treat you with anything other than respect.

    I have been increasingly concerned about Facebook over the past few years because of it’s size. The lack of a serious competitor creates an environment where abuse is inevitable. News organizations were getting excited about Ello, but when I sat down I figured out that if it keeps adding 40000 users a day, it would take 2500 days, or 68 years, to reach Facebook’s popularity. (http://www.mediummessage.com/?p=6888) I think we’re creating a monster that we won’t be able to control or escape.

  5. I think there are several important issues at play here around “identity.” I am particularly interested in the technological and by extension political implications of who gets to verify who you are and what data is exchanged in the process.

    That’s something that has been traditionally the realm of the government and the church, and more recently the medical industry. You have an official identity in a birth certificate, for example, or a baptismal certificate. That becomes an Official Government Document. Add to that, with a passport or a drivers license, an Official Photo ID. Interestingly, this is what Facebook is now requesting to verify “the real Alec Couros.” The government remains the arbiter of identify verification… For now.

    It’s hard (particularly for Americans I reckon) to imagine the government playing a role in online identity verification. We sorta like it that we think we can’t be precisely identified (right up until we don’t, of course, as catfishing reminds us). And as such, we’ve decided we’re going to outsource the identity authentication process to the tech sector — until cases like this come up, of course.

    If we consider the power of the offline identity management process (that is, the power of the government to say who you are — a huge huge huge power), we need to recognize the growing power of this online as well. Facial recognition, biometric data, and so on — these are being developed and implemented by governments and corporations alike. Our privacy and security are certainly at stake. (What new data does Facebook glean about us when we hand over an official government ID? Height. Weight. A confirmed photo for facial recognition algorithms. Birthdate. Organ donor status. Citizenship. Drivers license or passport number. Physical address. Etc.)

    Instead of decentralized standards like OpenID (which has its own set of problems around security and trust), the tech industry has us gravitating towards Facebook and Google as the holders of this new identity authentication process. Facebook and Google already monopolize the ways in which we log-in to applications (using these log-ins rather than creating a new username and password). It’s certainly worth thinking about why both of these companies have tried to demand their users only use “real names.”

    But as you note, Alec, people do seem to trust Facebook.

    As educators, we need to do a much better job poking a stick at that “trust” issue, I think, and at the technological issues of privacy and security and identity as well. I am sorry that this has to play out over your Facebook profile and your photos.

  6. Most interesting aspect to me is (as you point out) Facebook’s widely heralded Big Data approach cannot distinguish a long time user on an active account from catfishing frauds. So either the Big Data ability is not there or they don’t give a crap or both.

    The “real names” thing is fascinating to me as well. Ello won’t be a Facebook killer, but it’s interesting to me that the early niche they filled was for artists and members of the LGBT community who did not want to use their “legal names”. My daughter and her friends avoid “real names” sites because they want different accounts for different parts of their identity. It’s a simple solution and it works, it’s only the advertisers that hate it.

    As to whether people should be on Facebook — Fb is like a horrible bar your best friends and family insist on going to. So to some extent, what are you going to do? I check it once a week for three people that matter to me.

  7. I get email say Thanks for your report. We’ll review the information you provided and get back to you soon.

    In the meantime, you can review our Community Standards to learn more about what is and isn’t allowed on Facebook:

    I never get in touch

  8. I’m sorry to hear of your troubles.

    Facebook’s “cure” is to have you upload a colour jpeg of a primary piece of government issued identification.

    But how does Facebook verify this jpeg is authentic in the Photoshop era?

    And how do you know who will see and have access to this important piece of primary identification?

    Or delete it afterwards?

    Here is what flabbergasts me. The issue is identity theft. Identity theft occurs when someone appropriates elements of your identity, in your case photographs.

    Privacy settings are not the problem: Facebook is. I fail to see how uploading a digital scan of one of your primary pieces of ID to Facebook can possibly help secure your identity. Facebook isn’t a person. Facebook has hundreds (thousands?) of anonymous Facebook employees. Into whose hands are you placing your valuable ID? How do you know that person won’t pass it along to someone nefarious? Or maybe it is all automated and just goes into the FB database. Even if we trust Facebook, and give the company the benefit of the doubt and assume it won’t sell the database contents along, how do you know one of its many employees in one of the many countries it operates in won’t do so for their own gain without the company knowing?

    Seems to me that entrusting more important personal information to a faceless corporation that has already proven to be untrustworthy is not a reasonable solution, but rather something that might open you up to even worse problems.

Comments are closed.