Original author(s) | Ash Bhat, Rohan Phadte |
---|---|
Developer(s) | RoBhat Labs |
Initial release | August 20, 2018 |
Stable release | |
Platform | Google Chrome, Opera |
Size | 26.43 MiB [1] |
Available in | English |
Type | Browser extension |
Website | www |
SurfSafe is a browser extension intended to help viewers spot fake news, in the form of altered or misleadingly used images. It is currently available for Google Chrome and Opera. RoBhat Labs, a company founded by two undergraduates at University of California, Berkeley, [2] who had previously developed software that identified bot accounts on Twitter. It was released in August 2018 after a presentation at the Aspen Ideas Festival. The creators liken it to antivirus for Internet users' news feeds. [3]
The extension works by comparing images that appear in the browser to a database of images culled from a hundred trusted news or fact-checking sites, such as Time and Snopes.com. If an image has been altered or has been identified as being used to mislead elsewhere online, a pop-up informs the reader of this. SurfSafe has already received recognition by universities who provide resources to students on how to avoid fake news, such as the University of Akron School of Law. [4]
While SurfSafe has been well-received, it has also been criticized for limited effectiveness and for being a technological solution to a human problem. [5] Neal Krawetz, an expert in network security and image analysis, has gone further, not only saying that SurfSafe does not come anywhere near doing what it claims, but recommending against installing it due to privacy concerns. [6]
In 2017, Ash Bhat and Rohan Phadte, both undergraduates at the University of California, Berkeley, began developing online tools to help combat the spread of misinformation on the Internet. The first, NewsBot, was an app for Facebook Messenger that attempts to identify the political leanings in a news story. The second, BotCheck.me, was developed as an extension for Google Chrome. It uses machine learning and natural language processing to assess the probability that a Twitter account is a bot spreading political propaganda. [7] Users who installed it saw a button on every Twitter account's page that they could click to determine the probability it was a bot. [3]
Within a year of its deployment, BotCheck had managed to flag almost a million accounts as bots. Bhat and Phadte believed that their model, which attempted to identify and differentiate between human and bot posting patterns, had achieved a 93.5% accuracy rate. But at the same time they had noticed another problem: Many of the bots were sharing altered images to support their positions, and it was hard to identify them. The problem was compounded by the use of unaltered images that were represented as being about something other than what they depicted. [3]
In response to that problem, Bhat and Phadte developed SurfSafe. With the extension enabled, a user can hover their mouse over a photograph; it will then be compared to others in a data base of hashes of all the images on every page any browser with the extension has visited and those hosted on a list of a hundred websites considered to be trusted sources. RoBhat believes that if it can get several hundred thousand users to install SurfSafe it will, through this method, accumulate a data base of a hundred billion images within a year. It also analyzes any text on the page and compares it with text on pages where the image has also appeared. [7] Users can also click on a button if they believe the picture has been manipulated or misleadingly used. [6]
Once SurfSafe has done those comparisons and searches, it will then place an icon at the corner: a check mark if the image appears to be genuine, a warning sign if it might be suspect, and an X if it has been identified elsewhere as altered; in the latter instance it also shows the original image. [8] Other than Snopes.com, users may select their own group of websites, mostly those of major news organizations, from which to check content. [9]
RoBhat's founders introduced SurfSafe at the Aspen Ideas Festival in June 2018. Two months later they made it available to the public. [10] At the time, it was only available for Google Chrome; [11]
While much of the initial news coverage of SurfSafe was positive, at least expressing approval of the idea behind the extension, even some of those reviewers were skeptical that SurfSafe (and some other competing products [5] ) could solve the problem all by itself. Wired noted that the underlying problem is digital literacy. "It's a bit of a leap to expect someone whose main window to the internet is Facebook to take the additional step of installing a fact-checking plug-in." Nor was the extension available for any mobile platform, although RoBhat said it was working on that. [3]
Others noted that the user's ability to select all the sites besides Snopes that they considered reliable for the purpose of evaluating an image's authenticity was problematic, as some of the sites users had the option of choosing were outlets that have been accused of intentionally propagating fake news, or allowing their sites to be used for it, in the past. "With these publications in the user's circle of trust, SurfSafe's effectiveness may be blunted before it can make a difference in the user's perception of who they're getting their news from", The Verge wrote. [5]
But Bhat did not consider that a serious flaw. A user who had chosen to trust only those sites considered dubious, he had told The Atlantic when the extension was presented at Aspen, would eventually notice that the news from those sites conflicted with each other and might thus start to doubt their reliability. "People will move closer to the objective truth" he argued. However, he allowed, if SurfSafe started to develop a community that elevated less reliable news outlets to a position of high trust, RoBhat would update its models. [7] He also responded to this criticism in The Verge's story on SurfSafe by saying that news outlets with contrasting political viewpoints nevertheless often agree on the basic facts of stories they report on, making it unlikely that such an echo chamber would develop among the extension's user community. [5]
Bhat himself acknowledged to Wired another flaw, a limitation resulting from the data base SurfSafe uses. If the extension encounters a picture that no other user with it enabled has seen, it cannot make any call on the image's authenticity and will mark it as genuine. However, he considered that a small problem, since the images the extension aims to spot are those that spread virally, meaning many people will be looking at them in a short period of time. [3]
The Verge also tested SurfSafe at doing what it was supposed to do and found it came up short. It tested on two widely circulated altered images: one a Seattle Seahawks player apparently burning an American flag as his teammates cheered in the team's locker room (the flag had been added to the original image, which had merely showed him dancing), and another of Stoneman Douglas High School shooting survivor and gun control activist Emma González tearing up a copy of the U.S. Constitution (it had actually been some shooting targets). While SurfSafe easily recognized the most widely circulated copy of the first image, it did not similarly flag variants, which had also widely circulated on Facebook, that had been cropped or were screenshots of the image taken from elsewhere. It was even less successful with the González image, recognizing no variant, not even screenshots on the Snopes page debunking the image. [5] On his blog, Hacker Factor, Neal Krawetz, an expert in network security and image analysis who operates the FotoForensics.com website, [12] took a very negative view of SurfSafe. Acknowledging that it was a response to a real problem, he warned that it was complex and that "this desire for a fast, simplified solution opens the door for lots of snake-oil solutions and charlatan products." Krawetz excoriated other publications that had written positively about SurfSafe, suggesting they had only rewritten the press release announcing its release instead of downloading it and reviewing it. [6]
Krawetz reiterated the criticism that SurfSafe's reliance on crowdsourcing for suspect images both presented an easy avenue for an organized attack with the intent of subverting its intended purpose and did not guarantee that it would favor the spread of accurate images. "Regardless of whether I think the BBC is good journalism or you think Fox is trustworthy, this says nothing about whether the reporting is actually accurate." In tests he also found that the extension did not recognize identical versions of the same image when it encountered them on different pages with different URLs. [6]
However, Krawetz did not find these to be the primary reason he recommended readers "stay away" from SurfSafe. During his tests, the developer panel on Chrome revealed that the extension was querying his browser for the URL and all images on every page he visited to store in RoBhat's own servers. This, he noted, would include not only private images that might be on the same page as an image a reader was querying SurfSafe about, but URLs to those images, URLs that might even have credentials or tokens embedded within, since even the HTTPS protocol would not prevent them from being passed along in response to a query (Krawetz did allow that SurfSafe appeared to strip out those credentials from URLs of its stored images when displaying them publicly, but noted that in turn made for broken links should users try to visit those sites to assess the images' authenticity themselves). [6]
Conversely, Krawetz noted, anyone looking into the domain name, which had only been registered the month before, would learn very little about RoBhat Labs or even who owned the name. Nor did the getsurfsafe.com website identify anyone involved with the company: "They don't list any of their people and there's no 'About Us' or 'Who we are'". He learned more about these things from the company's press release than its website. "When it comes to trustworthiness, I have a lot of issues with site owners who don't identify themselves on their sites." [6]
Snopes, formerly known as the Urban Legends Reference Pages, is a fact-checking website. It has been described as a "well-regarded reference for sorting out myths and rumors" on the Internet. The site has also been seen as a source for both validating and debunking urban legends and similar stories in American popular culture.
Fact-checking is the process of verifying the factual accuracy of questioned reporting and statements. Fact-checking can be conducted before or after the text or content is published or otherwise disseminated. Internal fact-checking is such checking done in-house by the publisher to prevent inaccurate content from being published; when the text is analyzed by a third party, the process is called external fact-checking.
This is a comparison of both historical and current web browsers based on developer, engine, platform(s), releases, license, and cost.
AVG AntiVirus is a line of antivirus software developed by AVG Technologies, a subsidiary of Avast, a part of Gen Digital. It is available for Windows, macOS and Android.
Mozilla Firefox has features which distinguish it from other web browsers, such as Google Chrome, Safari, and Microsoft Edge.
Add-on is the Mozilla term for software modules that can be added to the Firefox web browser and related applications. Mozilla hosts them on its official add-on website.
A browser extension is a software module for customizing a web browser. Browsers typically allow users to install a variety of extensions, including user interface modifications, cookie management, ad blocking, and the custom scripting and styling of web pages.
WOT Services is the developer of MyWOT, an online reputation and Internet safety service which shows indicators of trust about existing websites. The confidence level is based both on user ratings and on third-party malware, phishing, scam and spam blacklists. The service also provides crowdsourced reviews, about to what extent websites are trustworthy, and respect user privacy, vendor reliability and child safety.
Google Chrome is a web browser developed by Google. It was first released in 2008 for Microsoft Windows, built with free software components from Apple WebKit and Mozilla Firefox. Versions were later released for Linux, macOS, iOS, and also for Android, where it is the default browser. The browser is also the main component of ChromeOS, where it serves as the platform for web applications.
Cross-site request forgery, also known as one-click attack or session riding and abbreviated as CSRF or XSRF, is a type of malicious exploit of a website or web application where unauthorized commands are submitted from a user that the web application trusts. There are many ways in which a malicious website can transmit such commands; specially-crafted image tags, hidden forms, and JavaScript fetch or XMLHttpRequests, for example, can all work without the user's interaction or even knowledge. Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user's browser. In a CSRF attack, an innocent end user is tricked by an attacker into submitting a web request that they did not intend. This may cause actions to be performed on the website that can include inadvertent client or server data leakage, change of session state, or manipulation of an end user's account.
Convergence was a proposed strategy for replacing SSL certificate authorities, first put forth by Moxie Marlinspike in August 2011 while giving a talk titled "SSL and the Future of Authenticity" at the Black Hat security conference. It was demonstrated with a Firefox addon and a server-side notary daemon.
Browser security is the application of Internet security to web browsers in order to protect networked data and computer systems from breaches of privacy or malware. Security exploits of browsers often use JavaScript, sometimes with cross-site scripting (XSS) with a secondary payload using Adobe Flash. Security exploits can also take advantage of vulnerabilities that are commonly exploited in all browsers.
Yandex Browser is a freeware web browser developed by the Russian technology corporation Yandex that uses the Blink web browser engine and is based on the Chromium open source project. The browser checks webpage security with the Yandex security system and checks downloaded files with Kaspersky Anti-Virus. The browser also uses Opera Software's Turbo technology to speed web browsing on slow connections.
National Report is a fake news website that posts fictional articles related to world events. It is described by Snopes.com as a fake news site, by FactCheck.org as a satirical site, and by The Washington Post as part of a fake-news industry, making profits from "duping gullible Internet users with deceptively newsy headlines." The National Report describes itself as a "news and political satire web publication" and provides a disclaimer that "all news articles contained within National Report are fiction".
Microsoft Edge is a proprietary cross-platform web browser created by Microsoft. Released in 2015 as part of Windows 10 and Xbox One, it was initially built with Microsoft's own proprietary browser engine, EdgeHTML, and their Chakra JavaScript engine. Later on, it was ported to Android and iOS as a fork of Google's Chromium open-source project. In late 2018, Microsoft announced it would completely rebuild Edge as a Chromium-based browser with Blink and V8 engines, which allowed the browser to be ported to macOS. The new Edge was publicly released in January 2020, and on Xbox platforms in 2021. Microsoft has since terminated security support for the original browser. Edge is also available on older Windows versions, as well as Linux.
Fake news websites are websites on the Internet that deliberately publish fake news—hoaxes, propaganda, and disinformation purporting to be real news—often using social media to drive web traffic and amplify their effect. Unlike news satire, fake news websites deliberately seek to be perceived as legitimate and taken at face value, often for financial or political gain. Such sites have promoted political falsehoods in India, Germany, Indonesia and the Philippines, Sweden, Mexico, Myanmar, and the United States. Many sites originate in, or are promoted by, Russia, North Macedonia, and Romania, among others. Some media analysts have seen them as a threat to democracy. In 2016, the European Parliament's Committee on Foreign Affairs passed a resolution warning that the Russian government was using "pseudo-news agencies" and Internet trolls as disinformation propaganda to weaken confidence in democratic values.
Fake news websites target United States audiences by using disinformation to create or inflame controversial topics such as the 2016 election. Most fake news websites target readers by impersonating or pretending to be real news organizations, which can lead to legitimate news organizations further spreading their message. Most notable in the media are the many websites that made completely false claims about political candidates such as Hillary Clinton and Donald Trump, as part of a larger campaign to gain viewers and ad revenue or spread disinformation. Additionally, satire websites have received criticism for not properly notifying readers that they are publishing false or satirical content, since many readers have been duped by seemingly legitimate articles.
Avast Secure Browser is an Avast Software web browser included for optional installation in the Avast Antivirus installer since 2016, but it is also available on its website. It is based on the open source Chromium project. It is available for Microsoft Windows, macOS, iOS, and Android.
AdGuard is an ad blocking service with applications for Microsoft Windows, Linux, MacOS, Android and iOS. AdGuard is also available as a browser extension.
NewsGuard is a rating system for news and information websites. It is accessible via browser extensions and mobile apps. NewsGuard Technologies Inc., the company behind the tool, also provides services such as misinformation tracking and brand safety for advertisers, search engines, social media platforms, cybersecurity firms, and government agencies.