Thanks for the email. But I think it should be fine.
I haven’t said anything that could be exploited by bad actors. As for competitors, there are no competitors in integrity. The entire industry goes to great lengths to share knowledge on what works and what doesn’t. We all win when we combat abuse well.
Internal comms are notoriously open, this kind of post would be a welcome contribution for explaining XCheck to a general audience outside of the integrity org. I don't know what kind of confidentiality agreement they signed but mine would have technically prohibited discussing this. Not only that, it's not time limited in nature, it applies "at all times during the term of my Relationship with the Company and thereafter".
I wouldn't expect Meta to actually do anything about this blog post but I wouldn't have felt comfortable posting it.
The source has been verified by The Wire to be a Meta employee / contract worker.
We reiterate the faith we have in our sources, whose identities and positions in Meta are known to us. Our reporters have had a productive relationship with them for some time already, prior to the Instagram story. Meta’s suggestion that sources who don’t know each other have teamed up to “hoax” The Wire is ludicrous.
The emails have been verified to be authentic by The Wire and 2 independent experts, one of whom works at Microsoft. Further proof of the "instagram URL" has been shared.
Even if we assume that the "instagram" workplace portal is the "weakest" evidence and a "fake" (as you and others claim), than Meta should be easily able to identify the person who created the "fake" instance and populated it with all the "fake" tickets. This is what Alex Stamos too tweeted:
If The Wire is wrong, then Meta has all the evidence they need. While you could create a whole fake Workplace, the easier move is to just create a free trial instance, meaning those fake notes are sitting in Meta's databases along with the metadata of whomever created them.
I think, at this point, it's on Meta to write-up a detailed response with whatever technical evidence they have. This will not go away just by ignoring it.
The fact is that The Wire have an obligation to protect their source and so are limited in the evidence they can share publicly (unless taken to court). So this begs the question that if Meta and you and other FB employees) are so sure of the evidence being fabricated, why do you think The Wire hasn't been sued yet to take down the "fake" articles? (Note that you do not even need to identify who faked the evidence, to sue them, as long as you can prove that it is fake, which should be easy to do so according to all the claims made by Meta, you and other FB employees).
If that's the case, it seems like someone should be informing Facebook that their DKIM signing keys have been compromised. The impact of that would be much worse than just a forged .eml file sent to a journalist.
My reasoning is two fold - I haven’t shared anything that could be exploited by anyone. And second, Meta and others in the industry try to share information about how their integrity efforts work so we can learn from each other.
“Legal peril” and “I think” are not compatible, for a rational person. “I know” is where you want to be, before putting yourself in front of one of the largest collections of lawyers on the planet.
This is not some general blanket approach you can take to talking about internal implementations. You are either right, or wrong. There is no middle ground or "I think". If you've signed an NDA around these internal implementations I would wager that NDA came with a clause to not discuss it without consulting Meta, even after your departure.
And it's obviously BS that companies can abridge a citizen's freedom of speech after the employment agreement ends. If this individual wants to be the case on the lawsuit that's a long time coming, more power to them.
This Supreme Court is not big-tech-friendly; good time to shift up the precedent.
Have you never seen https://engineering.fb.com/? Engineers there blog about their tech tools all the time. "Legal peril" sounds like a bit of a stretch.
These posts are all thoroughly reviewed by comms and legal teams. In onboarding, it’s thoroughly communicated that you need to go through the proper channels to publicly publish anything with technical details.
