Facebook Instant Articles: why hiding URLs hinders careful reading of media

Today, I saw a story doing the rounds on Facebook about a group of pro-Brexit buffoons attempting to block an Aldi supermarket warehouse as a protest against Britain’s failure to depart from the EU.

Which is all very amusing and everything, but I was immediately a little sceptical (as you should be if you read a news article on Facebook that tickles that bit of your brain that makes you go “I’m right and everyone else is stupid”), so I clicked (tapped?) through and saw this on my phone:

Screenshot of a Facebook Instant Article view for a news article on Metro.co.uk

Oh, it is one of those Facebook Instant Article things.

I loaded the same article in a web browser, so let’s compare.

Screenshot of the same Metro.co.uk article loaded in Mobile Safari

There’s some important differences between the version shown in Facebook’s Instant Articles view and the version shown in Mobile Safari:

  • I can see who wrote it. The name “Joe Robinson” sounds vaguely more like a journalist than “metrojoey”. The latter hardly inspires the sort of confidence one might expect for a newspaper, even a tabloidy British one they hand out for free at train stations.
  • The space on the page is actually used better: I can read the intro of the article. (That might be due to having an adblocker installed. And, yes, adblockers are as required on the web as vaccinations are in real life.)
  • I can see who published the damn thing.

One would think, with the prevalence of both fake news websites (in the original meaning of that term), the spread of propaganda, and wider issues around trust in journalism, being able to see where your news comes from would be useful.

That’s why, as I’ve said before, security requires you to see the seams. You can have a seamless user experience, or you can have security and trust. Transposed into the modern jargon of web development, scammers and tricksters want to deliver a perfectly seamless user experience. (That doesn’t mean that wanting to deliver a perfectly seamless user experience is bad, just that every scam requires a very good sales job. See: anything about the Fyre Festival, or the glowing media coverage of Theranos and Elizabeth Holmes.)

How do I know that a web page-like thing in Facebook is actually published by the publisher it purportedly comes from? Because it has a logo at the top of it? I can put a newspaper logo on a website. That doesn’t make it a newspaper.

On the web, we can do it through either digital signatures or through domains. And until web publishers, including newspapers, decide to start digitally signing all their news articles (or, heaven forbid, something involving blockchains and smart contracts and all that nonsense), the only thing we really have as a guarantee of provenance is domains.

If you see an web page claiming to be from the Guardian or the BBC or the New York Times or Wikipedia or whoever, the way you verify the provenance is you see “is it being served from theguardian.com or bbc.co.uk or nytimes.com or wikipedia.org?” That’s not wholly sufficient—that’s why we have HTTPS on top, to ensure that the content that was delivered from those domains have not been modified in transit. But being able to match publisher to domain is pretty much the minimum standard of being able to ensure some kind of provenance on the web.

So, of course, some designer at Facebook hides the domain so you literally have no way of knowing where the article came from. Users being able to verify trust and provenance doesn’t increase eyeball metrics or DAU/MAU KPIs on your agile Gantt chart. The user story of “as a user, I want to be able to know whether what the fuck I’m reading was published by the organisation who says they published it” obviously never made it through the agile user needs discovery process. (Maybe a few more design sprints with some differently coloured Post-It® Notes will fix that.)

Facebook’s hyper-efficient news accuracy squadron (or whatever they are called this week) will, of course, promptly remove any bad actors from this system. You can totally rely on them. They’ll get round to it just after they’ve finished deleting some more mastectomy scar photos.

The embrace by Facebook, Apple (in News+ etc.) and Google (AMP) of such a helpful design will surely only have positive results for the already highly critical and bullshit-resistant social media environment we now live in.