Don’t click this link: Illegal activity in Ads on Meta Apps linking to Telegram
By Damon McCoy, Laura Edelson, and Yael Eisenstat
Finding illegal content in ads on Meta is as simple as searching for Telegram links in the Meta ad library. We did so on August 28th, and we manually reviewed the most recently posted ads in the United States from that day with links to Telegram. We found that 64% of those Telegram-linked ads appear to have violated Meta’s policies, including some promoting illegal activity. One design change to Meta’s ad systems that could mitigate this issue would be to simply flag Telegram-linked ads for human review, or higher scrutiny before they can be approved to run on Meta’s ad network.
Figure 1: Ads on Meta apps for forged documents and drugs sold through Telegram links
With the recent arrest and indictment of Telegram CEO Pavel Durov in France, there has been a renewed spotlight on the company’s lack of content moderation and whether the app enables illegal activity to proliferate, including drug sales. The preliminary French charges against Durov are for “complicity in managing an online platform to allow illicit transactions by an organized group” and not cooperating with law enforcement.
Research has repeatedly found a wide range of illegal content on Telegram, so this is not necessarily a surprise. Research from the Stanford Internet Observatory last year found that Telegram was implicitly allowing the trading of CSAM in private channels (which can host hundreds of thousands of users), but this was only one of many reports highlighting different types of illegal content circulating freely on Telegram.
And this is the internet, so what happens on Telegram does not just stay on Telegram. The same SIO report also found that self-generated CSAM was being advertised on Instagram via links to Telegram. An investigation by the Tech Transparency Project in July also found a large number of ads for illegal drugs, including cocaine and opioids active on Facebook and Instagram with links back to Telegram groups.
These reports focused on different content areas, and presumably, Meta devoted resources to better detecting those content areas (CSAM and drug ads). However, based on our analysis Meta is not devoting sufficient reviewing effort to ads with outbound links to Telegram in general. In cybersecurity terms, they left the vector for attack open and focused their enforcement efforts on the content. This leaves us with a few questions: What is the correlation between ads on Meta linking to Telegram and violating ads? What types of harmful ads are using this link to Telegram vector now?
On August 28th, we used the Meta Ad Transparency Library to search for active ads on Meta which included a link to a Telegram channel. We reviewed the 50 most recent ads, and of those that had not already been removed, 32 appeared to violate Meta's advertising policies, and another seven were likely in violation (but we would have had to visit the sites linked in the ads to tell for certain, which we did not want to do.) Nine of these were drug ads, one was potentially promoting CSAM (we didn’t investigate the actual product offering), and the rest were a range of gambling and financial scams. Only two of the 50 had been removed by Meta at the time we did this search.
Figure 2: Telegram Channels advertised on Meta offering drugs and money transfer scams
In terms of percentages, this means that 64% of the most recently posted ads with links to Telegram appeared to violate Meta’s ad policies, and an additional 14% likely did as well. Through a cybersecurity lens, this all means that an outbound link to Telegram is a high signal feature.
Many users aren’t aware of this, but the earliest successful spam filters for email didn’t rely on reading email contents; instead, they evaluated the reputation of the sender and the sender’s network. If an email sender had been reported by other users for sending spam or a network was brand new and had not been seen before, it was much, much more likely to be sending spam. This reputation-based model is still the cornerstone of most spam filters today.
We’re not privy to how Meta secures its ad network, but it’s likely that they are already using some reputation evaluation of user accounts - this is a nearly universally adopted tool. However, they don’t appear to be leveraging the broader insight about network reputation, at least not proactively.
In conclusion: Using a simple search, we have found that harmful and sometimes illegal activities on Telegram are being promoted by ads on Meta. This reinforces the well-known phenomenon that harmful activity on one app spreads to other apps, in this instance Facebook and Instagram. We don’t know the full range of processes Meta uses to determine if ads comply with its policies, but it is clear they are not adequately, proactively enforcing their own ad rules with regard to Telegram-linked ads. Also, they either aren’t using the outbound link as a signal that an ad may require extra vetting before running, or if they are, they aren’t weighting it highly enough to be effective.
Given the degree of correlation between ads on Meta that link to Telegram and violating ads, we recommend that Meta more strongly weight this feature of an ad linking to Telegram to devote more reviewing effort to these frequently violating ads. Ideally, this would reduce the amount of harmful–and even illegal–content that crosses over from Telegram to Meta’s apps. As a final note, this pattern of activity may exist on other social media apps as well. However, because other apps don’t consistently make all ads transparent, we don’t have any way of knowing. Meta deserves credit for the transparency it offers around its ad network because while it could be better, it could also be non-existent, as it is on some other social networks.