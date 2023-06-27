June 27, 2023 04:47 pm | Updated 04:50 pm IST

Social media giants like Facebook-parent Meta and Elon Musk-owned Twitter are pivoting to a model where users will have to pay for additional privileges and other important features. This shift has been accelerating since Musk made Twitter’s blue verification ticks a paid feature. The Twitter Blue subscription gives users options to post longer tweets and videos, edit and format text, and see fewer ads.

In June, Meta followed suit. It rolled out paid verification in India with badges and support for account issues. Apart from the privileges and bonus features, Twitter and Meta, separately, also put some security feature behind the paywall in past weeks.

Twitter ended its two-factor authentication (2FA) via text message/SMS for users who were not subscribed to its paid Twitter Blue service. While Twitter authenticates users through an app or a security key as well, the SMS feature is reserved for users who can pay for Twitter Blue.

What is Two-Factor Authentication (2FA)? Two-factor authentication, or 2FA, is a form of securing accounts and data by requiring a user to pass two security tests in order to gain access. This can take a variety of forms, such as password + OTP combinations. There are even specialised authentication apps, where users not only enter a password but then access the app registered to their account in order to type out a series of numbers before they time out and the next set of numbers is generated. 2FA makes it difficult for hackers, as obtaining just a password is not enough to break into a user’s account. Many common platforms such as Google, Twitter, Meta, and others offer multiple 2FA options for users to enable. While there are several 2FA options, authentication by SMS/text message is usually less work than authentication via an app with timed OTPs. Twitter has put the 2FA by SMS option behind a paywall.

“While historically a popular form of 2FA, unfortunately we have seen phone-number based 2FA be used - and abused - by bad actors. So starting today, we will no longer allow accounts to enrol in the text message/SMS method of 2FA unless they are Twitter Blue subscribers,” said Twitter in a blog post in February, giving non-subscribers 30 days to choose another 2FA method or have their accounts disabled.

But even if users switch to another 2FA mode, their phone number will still be connected to their Twitter account, the company confirmed.

Social media for the privileged

There weren’t any significant advantages to putting security features behind a paywall and it was an “anti-consumer” and “anti-user” move for a company to make, said Prateek Waghre, Policy Director at the Internet Freedom Foundation, an Indian NGO focusing on digital rights.

“[They are] basically saying that ‘if you’re not paying for these services, you’re going to be treated differently,’ right? Which is a little rich given that over the years, these platforms have built their credibility, their network based on users coming and choosing to share content on their own. They do owe a lot of their success to free labour by users,” he told The Hindu.

However, Twitter’s decision to restrict 2FA by SMS could have an unintended happy ending as Waghre pointed out that non-paying users were being “nudged” towards authentication via an app, which is more secure than authentication by SMS - though there were other educational ways of achieving this conclusion.

Price of Twitter Blue in India Android/iOS: ₹9,400 per year or ₹900 per month Web: ₹6,800 per year or ₹650 per month Price of Meta Verified in India Android/iOS: ₹699 per month Web (To be launched): ₹599 per month

One security feature on Meta’s list of paid privileges was “more protection from impersonation with proactive account monitoring for impersonators who might target people with growing online audiences,” according to a blog post about the Meta Verified subscription in India.

The Hindu emailed Meta to learn how account protection for Meta Verified users differed from protection for non-paying users.

“Meta Verified is focused on the top requests we get from our up-and-coming creator community. In this case, because we know these creator accounts have or are looking to grow a large following, this then puts them at an increased risk for impersonation attempts,” said a Meta spokesperson, but stressed that protecting all users - paying and non-paying - was a priority.

Level the platform

However, Waghre was against this form of “differentiated support,” as he called it. He said that even non-celebrity users could be at risk of impersonation, such as from hostile ex-partners or cyber-stalkers.

The Meta spokesperson said there were about 40,000 people working on safety and security issues, and that the company had invested over $16 billion in user safety since 2016. Meta is also not removing existing security options or putting these behind a paywall.

“The account support that is offered with Meta Verified is not meant to be viewed as the standalone value of the subscription and we wouldn’t encourage users to purchase it for that alone,” said the Meta spokesperson, adding that anyone with a Facebook or Instagram account could access scaled support resources.

Waghre noted that if a social media platform implemented a feature that was criticised by many - such as Twitter deciding to monetise its once free verification mark - other companies might still use this as a pretext to try out similar tactics.

He also pointed to the controversy surrounding Reddit’s new application programming interface (API) prices and communities going dark in protest. This came several months after Twitter decided to hike the price of its own API access tiers.

“We’re seeing this across companies, that they’re going to try and move more and more features behind paywalls,” said Waghre.

“I think that over time, more platforms may try to look at ways to monetise various features.”