Posts

Facebook

Facebook: a small update causes major disruption

Hervé Debar, Télécom SudParis – Institut Mines-Télécom

Late on October 4, many users of Facebook, Instagram and WhatsApp were unable to access their accounts. All of these platforms belong to the company Facebook and were all affected by the same type of error: an accidental and erroneous update to the routing information for Facebook’s servers.

The internet employs various different types of technology, two of which were involved in yesterday’s incident: BGP (border gateway protocol) and DNS (domain name system).

In order to communicate, each machine must have an IP address. Online communication involves linking two IP addresses together. The contents of each communication are broken down into packets, which are exchanged by the network between a source and a destination.

How BGP (border gateway protocol) works

The internet is comprised of dozens of “autonomous systems”, or AS, some very large, and others very small. Some AS are interconnected via exchange points, enabling them to exchange data. Each of these systems is comprised of a network of routers, which are connected using either optical or electrical communication links. Communication online circulates using these links, with routers responsible for transferring communications between links in accordance with routing rules. Each AS is connected to at least one other AS, and often several at once.

When a user connects their machine to the internet, they generally do so via an internet service provider or ISP. These ISPs are themselves “autonomous systems”, with address ranges which they allocate to each of their clients’ machines. Each router receiving a packet will analyse both the source and the destination address before deciding to transfer the packet to the next link, following their routing rules.

In order to populate these routing rules, each autonomous system shares information with other autonomous systems describing how to associate a range of addresses in their possession with an autonomous system path. This is done step by step through the use of the BGP or border gateway protocol, ensuring each router has the information it needs to transfer a packet.

DNS (domain name system)

The domain name system was devised in response to concerns surrounding the lack of transparency with IP addresses for end users. For available servers on the internet, this links “facebook.com” with the IP address “157.240.196.35”.

Each holder of a domain name sets up (or delegates) a DNS server, which links domain names to IP addresses. They are considered to be the most reliable source (or authority) for DNS information, but are also often the first cause of an outage – if the machine is unable to resolve a name (i.e. to connect the name requested by the user to an address), then the end user will be sent an error message.

Each major internet operator – not just Facebook, but also Google, Netflix, Orange, OVH, etc. – has one or more autonomous systems and coordinates the respective BGP in conjunction with their peers. They also each have one or more DNS servers, which act as an authority over their domains.

The outage

Towards the end of the morning of October 4, Facebook made a modification to its BGP configuration which it then shared with the autonomous systems it is connected to. This modification resulted in all of the routes leading to Facebook disappearing, across the entire internet.

Ongoing communications with Facebook’s servers were interrupted as a result, as the deletion of the routes spread from one autonomous system to the next, since the routers were no longer able to transfer packets.

The most visible consequence for users was an interruption to the DNS and an error message, followed by the DNS servers of ISPs no longer being able to contact the Facebook authoritative server as a result of the BGP error.

This outage also caused major disruption on Facebook’s end as it rendered remote access and, therefore, teleworking, impossible. Because they had been using the same tools for communication, Facebook employees found themselves unable to communicate with each other, and so repairs had to be carried out at their data centres. With building security also online, access proved more complex than first thought.

Finally, with the domain name “facebook.com” no longer referenced, it was identified as free by a number of specialist sites for the duration of the outage, and was even put up for auction.

Impact on users

Facebook users were unable to access any information for the duration of the outage. Facebook has become vitally important for many communities of users, with both professionals and students using it to communicate via private groups. During the outage, these users were unable to continue working as normal.

Facebook is also an identity provider for many online services, enabling “single sign-on”, which involves users reusing their Facebook accounts in order to access services offered by other platforms. Unable to access Facebook, users were forced to use other login details (which they may have forgotten) in order to gain access.

Throughout the outage, users continued to request access to Facebook, leading to an increase in the number of DNS requests made online and a temporary but very much visible overload of DNS activity worldwide.

This outage demonstrated the critical role played by online services in our daily lives, while also illustrating just how fragile these services still are and how difficult it can be to control them. As a consequence, we must now look for these services to be operated with the same level of professionalism and care as other critical services.

Banking, for example, now takes place almost entirely online. A breakdown like the one that affected Facebook is less likely to happen to a bank given the standards and regulations in place for banking, such as the Directive On Network And Service Securitythe General Data Protection Regulation or PCI-DSS.

In contrast, Facebook writes its own rules and is partially able to evade regulations such as the GDPR. Introducing service obligations for these major platforms could improve service quality. It is worth pointing out that no bank operates a network as impressive as Facebook’s infrastructure, the size of which exacerbates any operating errors.

More generally, after several years of research and standardisation, safety mechanisms for BGP and DNS are now being deployed, the aim being to prevent attacks which could have a similar impact. The deployment of these security mechanisms will need to be accelerated in order to make the internet more reliable.

Hervé Debar, Director of Research and PhDs, Deputy director, Télécom SudParis – Institut Mines-Télécom

This article has been republished from The Conversation under a Creative Commons licence. Read the original article.

Fake News

A real way to look at fake news

The SARS-CoV2 virus is not the only thing that has spread during the Covid-19 pandemic: fake news has also made its way around the world. Although it existed even before, the unprecedented crisis has paved the way for an explosion of fake news. Anuragini Shirish, a researcher at Institut Mines Télécom Business School, explains the factors at play in this trend and how it could be limited in the future.

Why has the pandemic been conducive to the emergence of fake news?

Anuragini Shirish: At the individual level, fear and uncertainty are psychological factors that have played an important role. People have several fears that pertain to safety of their lives and that of their families, jobs, resources leading to unexplained uncertainty about both the present and the future. As a response to this situation, people try to make sense of the situation and understand what’s going to happen to reassure themselves, from both the health  and economic point of views. To do so, they look for information, regardless of how truthful it is.

How do individuals seek guidance in an unpredictable situation?

AS: The main sources of guidance are institutional resources. One of the important resources is the freedom of the media. In countries like India, the media can be influenced by politicians and people tend not to trust it entirely. In Nordic countries, on the other hand, the media focuses on being as objective as possible and people are taught to adhere to objectivity. When trust in the traditional media is low, as may be the case in France, individuals tend to seek out alternative sources of information. Freedom of the media is therefore an institutional resource: if people have confidence in the strength and impartiality of their media, it tends to lower their level of fear and uncertainty.

Another important resource is the government’s measures to increase economic freedom perceptions. If individuals believe that the government can maintain job security and/or their sources of income throughout the pandemic, including periods of lockdown, this also helps reduce their fear and uncertainty. In countries such as Brazil, India and the United States, this has not been the case.

Lastly, there is the freedom of political expression, which gives individuals the opportunity to express and share their doubts publicly.  But in this case, it tends to foster the emergence of fake news. This is one of the findings of a study we conducted with Shirish Srivastava and Shalini Chandra from HEC Paris and the SP Jain School of Global Management.

How is the lack of confidence in institutions conducive to the emergence and dissemination of fake news?

AS : When people trust institutions, they are less likely to seek information from alternative sources. Conversely, when there is a low level of trust in institutions, people tend to react by seeking out all kinds of information on the internet.

Why and how has fake news spread to such an extent?

AS: In order to verify the information they obtain, people tend to share it with their acquaintances and close friends to get their feedback about the validity of the information. And due to their cognitive biases, people tend to consume and share ideas and beliefs they like, even when they’re aware that the information may be false. Fake news are generally structured to evoke a variety of emotions, leading to strong feelings such as anger, fear, sadness, which also helps it to spread more easily than information presented in a more rational or neutral way. 

Each country has its own characteristics when it comes to the emergence and dissemination of fake news, which also explains why an understanding of institutional resources is helpful to identify the factors that can explain the national level differences at play. The emergence  and dissemination of fake news vary widely from country to country: the inhabitants of a country are far more concerned about what’s happening in their own country. Fake news is therefore highly context-specific.

Where is most fake news found?

AS: The majority of fake news is found on social media. That’s where it spreads the quickest since it is extremely easy to share. Social media algorithms will also display the information that people like the most, therefore increasing their cognitive biases and their desire to share this information. And social media is the number-one media consumed by individuals, due to its ease of mobile access and connectivity available at several countries in the world.

Who creates fake news?

AS: It’s hard to understand the deeper motivations of each individual who creates fake news, since they don’t typically brag about it! Some may do so for economic reasons, by generating “clicks” and the revenue that comes with them. Almost half of fake news is generated for political reasons, to destabilize opposing parties. And sometimes it comes directly from political parties. Uncertain situations like pandemics polarize individuals in society, which facilitates this process. And then there are individuals who may just want to create general confusion, for no apparent economic or political motives.

How can we as individuals contribute to limiting the spread of fake news?

AS: When we aren’t sure about the validity of information, we must not act on it, or share it with others before finding out more. It’s a human tendency to try to verify the legitimacy of information by sharing it, but that’s a bad strategy at a larger scale.  

How can we tell if information may be false?

AS: : First of all, we must learn to think critically and not accept everything we see. We must critically examine the source or website that has posted the information and ask why. There is an especially high level of critical thinking in countries such as Finland or the Netherlands, since these skills are taught at high schools and universities, in particular through media studies classes. But in countries where people are not taught to think critically to the same extent, and trust in the media is low, paradoxically, people are more critical of information that comes from the institutional media than of that which comes from social media. Tools like Disinformation Index or Factcheck.org may be used to verify sources in order to check whether or not information is authentic.  

Is fake news dangerous?

AS: It depends on the news. During the pandemic, certain light-hearted fake news was spread. It didn’t help people solve their problems, but it provided entertainment for those who needed it. For example, there was a tweet that appeared in March 2020 saying that a group of elephants in the Yunnan province in China, had drunk corn wine and fallen asleep, amid the recommendations for social distancing.  This tweet was shared 264,000 times and got 915,500 likes and 5,000 comments. This tweet was later “debunked” (proven to be false) in an article that appeared in National Geographic. This kind of fake news does not have any harmful consequences.  

But other kinds of fake news have had far more serious consequences. First, political fake news generally reduces trust in institutional resources.  It doesn’t offer any solutions and creates more confusion. Paradoxically, this increases fear and uncertainty in individuals and facilitates the dissemination of more fake news, creating a vicious circle! Since it reduces institutional trust, government programs have less of an impact, which also has economic implications. During the pandemic, this has had a major impact on health. Not only because the vaccine campaigns have had less of an effect, but because people self-medicated  based on fake news and died as a result. People’s mental health has also suffered through prolonged exposure to uncertainty, at times leading to mental illness or even suicide. This is also why the term “infodemic” has appeared. 

Is social media trying to fight the spread of fake news?  

AS: During the pandemic, content regulation by the platforms has increased, in particular through  UN injunctions and the gradual implementation of the Digital Service Act. For example, Twitter, Facebook and Instagram are trying to provide tools to inform their users which information may be inauthentic.  The platforms were not prepared for this kind of regulation, and they generated a lot of revenue from the large volume of information being shared, whether or not it was true.  This is changing – let’s hope that this continues over time!

Read more on I’MTech: Digital Service Act: Regulating the content of digital platforms Act 1

What are the levels of institutional control over fake news?

AS: Control over information must be carried out through various approaches since it affects many aspects of society. The government can increase its presence in the media and social media, and improve internet security. There are two ways of doing this: through the law, by punishing the perpetrator of fake news, but also by increasing collective awareness and providing programs to teach people how to verify information. It’s important to put this aspect in place ahead of time, in order to anticipate potential crises that may occur in the future and to monitor collective awareness levels . However, the goal is not to control the freedom of media, on the contrary,  this freedom increases the contribution of independent media, and signals to the citizens that the government seeks to be impartial.

How can we improve people’s relationship with information and institutions in general?

AS: Individuals’ behavior is difficult to change in the long term: new regulations are ultimately violated when people see them as meaningless. So, we must also help citizens find value in the rules of society that may be put in place by the government, in order for them to adhere to them.

By Antonin Counillon