Reddit and TikTok score low on security controls that may prevent disinformation campaigns

Social media platforms used by US political leaders often lack the security controls necessary to prevent disinformation, researchers said after analyzing the safety features of Twitter, Facebook, Reddit, TikTok, and Instagram.

“Despite their continued growth as the news medium of choice for voters, the US does not have security standards or oversight for social media platforms. Until this changes, politicians and voters should expect a continued assault from nation-states looking to execute disinformation campaigns,” researchers concluded.

Security company Cerby judged prominent platforms across critical areas, such as privacy, multi-factor authentication, and enterprise readings, using a scale of 0 to 5. Facebook turned out to be the safest platform for politicians to use, with a 3.34 rating. Twitter came second at 2.75, followed by Instagram (2.68), TikTok (2.00), and Reddit (1.95).

“Based on the findings, researchers at Cerby are not recommending politicians stop using these platforms but focus their efforts on mature platforms scoring at least 2.6 or higher,” Cerby said.

Reddit challenged the research, saying it is “a secure platform with strict policies and enforcement against disinformation.”

“This research attempts to analyze security controls, not disinformation, and doesn't take into account that Reddit is based on the concept of pseudonymity, and users on Reddit follow interest-based communities rather than specific individuals,” the company’s spokesperson said.

Social media ranking
By Cerby

Regarding two-factor authentication (2FA), Facebook and Twitter are believed to have the strongest protection. However, none of the platforms offer mature, enterprise-grade security options outside 2FA.

“Even in the category of 2FA, support for emerging standards like FIDO2 and U2F (passwordless) is inconsistent across social media platforms. This is a massive challenge as a lack of enterprise-grade authentication options leaves political leaders susceptible to credential reuse attacks,” researchers said.

They noted that influencing a vote via disinformation campaigns is much easier than changing one in an election system.

“Consider that the US has been the biggest data requester for many of the most popular social media platforms. Don’t think of one social media platform’s data in isolation, but what could a nation-state do with it in conjunction with data from public and dark web sources—like the Twitter breach in 2022 that exposed millions of its users?”

Nation-states could exploit the data to target owners of sensitive intellectual property, for example, defense contractors or telecommunications companies, promote a particular point of view to sway the opinion of a group of interest, identify individuals who could become influential in the future, and target them for espionage purposes.