• Tech
  • Social Media

Facebook and Twitter Are Charging for Added Security. Here’s What That Means for You

6 minute read

Social media platforms have battled bots, spam, hacks and impersonation for many years. Now, Meta and Twitter have come up with a new approach to tackling the problem: passing the cost of better security on to users.

Meta announced on Feb. 19 it would be launching Meta Verified, a subscription service that offers additional verification, security and customer service features, for the price of $11.99 a month on the web and $14.99 on iOS. It is currently being tested in Australia and New Zealand. The process: users can sign up for the service, provide their government ID for screening and then if approved, they will get a blue badge and Meta will proactively monitor against fake accounts and provide direct customer support.

“This new feature is about increasing authenticity and security across our services,” wrote Meta CEO Mark Zuckerbeg in an announcement on his Facebook page. It’s quite similar to Elon Musk’s Twitter Blue service that recently relaunched, which offers perks like a blue verified check mark (a once free feature reserved for the notable and famous) and the ability to edit your tweets, for $11 a month. It’s not just a blue check mark that users are paying for, but also a security feature that has become standard for various online accounts: from late March, non-Blue users will no longer have access to Twitter’s two-factor authentication via text message system. (If you don’t disable the feature, you may be logged out of your account after March 20).

These services seem to be targeting content creators, with a growing following, who may want the extra security. But the average user is still vulnerable to hacking and impersonation. Nearly one-fifth of U.S. teens and adults experienced their social media accounts getting hacked within the first three months of 2022, according to a survey conducted by Deloitte. Half of the respondents said they were concerned about online security breaches.

More from TIME

Cybersecurity experts are concerned that these paid features will create a two-tiered system of social media users. “It’s like offering an optional lock at the front door of a new house for security,” says Peter Tran, chief information security officer at cybersecurity firm InferSight, “They’re creating a modulate view of security to potentially have an upsell affect in their business model, which is very dangerous, because then it becomes the haves and have-nots of security.” Pay-to-play schemes, Tran says, are among “the most egregious security decisions” he’s seen.

Many users are just as dissatisfied with the decision to charge for the service. Facebook user Jason Waterfalls tweeted, “Making users pay for account verification and security services is like a car manufacturer charging extra for seatbelts and airbags. Twitter, instagram [and] Facebook gotta do better.” A Twitter user, Ramon Rivas II, tweeted, “So do I want to pay $15 a month for security on Twitter?… No. So will I? No. I’m probably just going to get hacked and send everyone a virus at some point.”

Meta’s Zuckerberg claims providing security to the nearly 4 billion users of Facebook and Instagram comes at a high cost.He responded to a user criticizing the choice to charge for the service with a comment saying, “Verifying government IDs and providing direct access to customer support for millions or billions of people costs a significant amount of money. Subscription fees will cover this and will also pace how many people sign up so we’ll be able to ensure quality as we scale.”

The Meta CEO also says the company already provides some level of protection and support to all users. Meta says it has over 35,000 global employees that work on identifying and deleting the more than 5 billion fake and cloned profiles that exist on the site annually.

Twitter Help Center currently asks that impersonator accounts be reported via its help center. If the report is deemed valid, the impersonated account can be suspended from the platform. If a user is hacked and cannot log into their account, Twitter asks the user to request a password reset or to contact their support team.

Yet, security on these platforms remains a concern. Meta has had a long history of bot accounts, as well as data privacy and security concerns, including using users’ personal data for extensive advertisement targeting. Many users have reportedly had their accounts compromised and gone through laborious processes to get their access restored.

“If you can imagine from the hacker or cyber criminal perspective, this is absolutely fertile ground to start to plan attacks,” says Tran.

Tran isn’t convinced that only needing a government ID for verification is secure enough. “The process is flawed in that it takes the government ID at face value,” he says. Tran questioned how Meta would authenticate and store ID information, highlighting these as further areas of security concern.

There’s no guarantee that these programs will be popular, as users think twice when it comes to spending their money. Since Twitter Blue’s first launch in November, it has gained just 180,000 U.S. subscribers, which only accounts for 0.2% of all Twitter users. Tran believes the changes will ultimately lead to non-subscribed users engaging with these platforms less altogether.

How to protect your account without paying

If you’ve decided you don’t want to pay for either Meta Verified, or Twitter Blue, you can try protecting yourself more by having “strong security hygiene,” according to Tran. Simple steps you can take to limit platform’s access to your information include disabling the application’s access to your camera, microphone and geo-locations. To prevent hacking, you should create more complex passwords and Tran suggests rotating them every 90 days. However, some cybersecurity experts now advise against this practice. Tran encourages users to be judicious about communications over direct messages and to be careful when clicking on links from users they don’t know. And if your account has been compromised, be sure to report it to the platform to document the experience. Lastly, consider diversifying your social media interactions, to avoid sharing an endless amount of information to just one platform.

Ultimately, Tran doesn’t believe users should have to take these measures for a safe experience on Facebook and Twitter. “The onus and responsibility of security and a trusted secure space should fall under these platforms.”

More Must-Reads from TIME

Write to Mariah Espada at mariah.espada@time.com