Social networks have struggled for years with spam, scams, impersonation and account hijacking. And over the past week, two of them unveiled a new plan to deal with it: passing the costs on to users.
The first move came from Twitter, which made SMS-based two-factor authentication (2FA) a premium feature late last week. After March 20, users will have to switch to an app-based authentication system, pay $8 to $11 per month, or disable the basic security feature. The decision is part of a larger effort to push people to subscription-based Twitter, and Musk also agreed a tweet saying that it is also an attempt to prevent providers from charging Twitter for spam text messages.
Soon after, Meta announced its own security subscription. The company announced plans for a paid verification service similar to Twitter Blue, designed to help “emerging creators” grow their audience. On top of a blue check mark and increased visibility, it includes “access to a real person” for account support, as well as “proactive account monitoring for impersonators who may be targeting those with growing online audiences.”
From one perspective, both movements are understandable. Twitter still allows free app-based two-factor authentication, which is generally a more secure option, and pushing more people towards it is a good thing. Meta’s new plan follows a common strategy for business users: companies charge an additional fee for expedited, full support. The company is trying to solve a real customer service problem. It apparently started pouring more resources into a customer support department last year, as users appeared to be calling on black market account recovery services when they were hacked.
Money is a generally accepted form of friction for the Internet
In general, money is a widely accepted lever to antagonize online adversaries. The seamlessness and sheer scale of the web make it easy to create massive numbers of accounts for nefarious purposes, while at the same time making support for individual users difficult – it’s staggeringly difficult to provide free non-automated customer service to nearly 2 billion users . Some smaller online social spaces, such as Metafilter and the WELL, have been using subscriptions or one-time fees as a quality filter for years.
At the same time, there is a real drawback here.
About three quarters of people using Twitter’s two-factor authentication have relied on text messaging services since last year. (Only 2.6 percent of accounts used it at all.) Where companies like Google have gradually phased out text-based 2FA, Twitter is now simultaneously trying to move people to a more secure option And make a profit with it, and it’s a tricky combination. The new change comes on a rushed month-long timeline that’s almost designed to alarm people into paying for a less secure option, which presents Twitter as a luxury service rather than the outdated system it really is. The result may be that many people simply disable 2FA altogether, especially when the warning message is designed to tell people to remove SMS authentication unless they pay – not to enroll them in any other method.
Meanwhile, Meta’s plan mixes things that make sense like premium upgrades with things a good social network should do by default. Flagging accounts that are at particular risk of impersonation (a list of activists and officials, not just aspiring commercial influencers) improves service for everyone because it tells the average user they can trust that they are actually helping the people follow what they think they are. Even if it’s impossible to provide that level of attention to billions of people, large and fast-growing accounts make up a much smaller subset of the user base — one that will benefit the overall Facebook experience if they’re supported without the need for a fee. The plan also means less incentive to improve the dismal customer service experience for non-paying users who can no longer access their accounts.
A lot of Silicon Valley is currently trying to get people to pay for previously cheap or free options. But on social networks, there is a balance between income from each individual user and the large-scale health of the ecosystem. Security is usually at the end of that spectrum: it’s a fundamental part of any digital service, a basic requirement to keep logged-in eyes on the site. But as businesses tighten their belts, there’s a powerful incentive to collect a monthly fee over time.