An anonymous whistleblower tip sent to Facebook last year contains a slew of accusations mirroring many of those found in an ongoing federal lawsuit facing Meta and OnlyFans. The anonymous tip, according to a copy provided to Gizmodo, was submitted more than six months before the lawsuit began.
The report, which makes allegations of bribery and deferential treatment toward OnlyFans content, was sent to Metaâs investigations team in Washington D.C. in August 2021 by a person claiming to work for the company in London. Beyond their location, the report offers few clues about the alleged employeeâs duties, other than implying a close knowledge of Metaâs integrity operations.
âCertain employees are taking bribes to protect OnlyFans on the platform. This has been going on for months if not years,â the report states.
Similarly, a class-action suit, brought by attorney David Azar and three adult-entertainer clients in a California federal court this February, lays out an outrageous scheme involving multiple top executives accused of taking bribes to shield OnlyFans creators from Instagram and Facebookâs pornography-banning algorithms. Whatâs more, the suit says, Meta employees strove to blacklist OnlyFans rivals across the adult entertainment industry by, allegedly, submitting content they published to threat-detection databases used by major internet companies.
Meta, which had previously couched its denials around its legal arguments, firmly denied the allegations in the complaint for the first time on Wednesday, while also condemning Gizmodoâs decision to report on the whistleblower tip. Gizmodo deemed the allegations in the report newsworthy because they mirror the California federal court case and two other cases filed by Azar on behalf of adult industry clients in California and Florida state courts.
âThese claims are false, there is not a shred of evidence to back them up, and reporting out these claims that lack any evidence is irresponsible,â a Meta spokesperson said. (Meta also reached out to a Gizmodo editor Monday night to raise concerns about assertions in the story.)
Azar is currently pursuing discovery against both Meta and OnlyFans, as well as its owner Leonid Radvinsky. Azar has asked the presiding U.S. district judge, William Alsup, to force Meta to turn over records that, he says, may shed light on whether the allegations are true â that Meta employees, as he alleges, secretly placed his clients and other entertainers on confidential lists typically reserved for entities suspected of cybercrime and terrorism.
Azar, a partner at the law firm Milberg Coleman Bryson Phillips Grossman, which is currently pursuing a number of privacy-related cases against major U.S. companies such as Walmart and Zillow, filed an amended complaint in the Meta lawsuit last month. In it, he noted something new; that he and his clients had been informed by a source that a company whistleblower had filed a report to Facebook âthat overlaps with some of the allegations alleged herein.â
In response this month, Metaâs lawyers made no effort to dispute the existence of any whistleblower. Rather, they attacked the lack of specificity with which Azar had described the supposed report. âPlaintiffs do not explain how, when, or by whom they were âinformedâ of the alleged existence of a âwhistleblowerâ report or what the report says,â Metaâs lawyers said.
Gizmodo was provided with a copy of an anonymous whistleblower report last week that appears, at least on face, to fit the bill. âThis a widespread problem and is occuring at both EMEA and in the main Menlo Park office,â the report says, referring collectively to Metaâs Europe, Middle East, and Africa markets and its California HQ, respectively. âJust look at the emails between OnlyFans people and FB employees and youâll see the truth plain as day. I have seen copies.â
A spokesperson for Azar declined to comment, saying the suit filed against Meta and OnlyFans speaks for itself. âThis case is about a corrupt business gaining an enormous advantage over its competitors by wrongfully manipulating behind-the-scenes databases, and in the process, harming thousands of small entrepreneurs who rely on social media to earn a living,â his complaint says.
Gizmodo was unable to independently verify the identity of the alleged whistleblower, but otherwise took steps to ensure the report had not been photoshopped, while confirming that it did, in fact, originate from Facebookâs whistleblower system. That system, known internally as âSpeakUp @ Facebook,â is operated by EQS Group, a company specializing in âanonymous whistleblowing software.â
Across many industries, third-party whistleblower systems are common. They are designed to engender trust among workers by granting whistleblowers added protection from employers who might otherwise try to unmask them.
Gizmodo provided Meta with a copy of the whistleblowerâs report last Friday, including a unique reference number that could be used to call it up in the system. A company spokesperson declined to dispute the reportâs authenticity during several exchanges. Instead, the spokesperson pointed to the fact that SpeakUpâs web portal is open to public, while attempting to cast doubt on whether the filer is an real employee. (Not requiring employees to login is another feature of whistleblower systems designed to encourage reporting.)
Anyone could have, technically, filed the whistleblower report; however, theyâd first need to know that the system exists and that itâs publicly accessible. Finally, they have to be able to find it. Cursory searches online suggest the web address has never been tweeted or posted publicly on Facebook, nor on any other mainstream platforms. While a Meta âaboutâ page today identifies the system by its own name, SpeakUp @ Facebook, as of last summer, internet archives show that wasnât the case. Gizmodo was only able to locate the systemâs address on a single corporate document, which can be publicly located, but only on a handful of sites.
While many details supplied by this alleged whistleblower comport with allegations already raised by Azar, they also includes some not previously made public. They claim, for example, that the purported bribes paid out by OnlyFans to Facebook executives were not one-off payments, but rather a rolling ârevenue shareâ of OnlyFansâs growth paid out surreptitiously over time.
Whatâs more, rather than solely implicating Facebook employees in blacklisting OnlyFans competitors, they describe a seemingly more effortless graft â whitelisting the accounts of OnlyFans creators, guarding them against enforcement actions that, based on Metaâs own policies, wouldâve automatically targeted rival businessesâ content. Executives had, the report alleges, potentially as far back as 2018, started âfavoring OnlyFans within the content moderation algorithms and not flagging it as outright pornography.â
Asked by the whistleblower system how they became aware of the misconduct, the self-proclaimed employee wrote, âI observed it.â
Like the whistleblower report itself, Azarâs case hinges in no small part on information stemming from a range of anonymous sources. Two of them spoke to the BBC in February, for example: A pseudonymous adult creator who regularly posed in bikini shots on Instagram and witnessed her revenue drastically slashed. And the owner of an adult business who told reporters his top performers could do little but watch as lucrative referrals from their Instagram accounts simultaneously plummeted over time.
Other claims brought by Azar are likewise based on anonymous tips or attributed to sources who are as-of-yet unnamed. One is a lawyer, said to have reviewed âmore than 200 pages of internal Facebook documentsâ provided by the same or another whistleblower, which describe potential abuses of a Meta-designed database known as GIFCT, a tool for combating terrorist content. Another is a tipster whoâs said to have passed along details of alleged wire transfers bearing Facebook executivesâ names, all destined for trusts in the Philippines, home to one the worldâs most secretive banking systems.
Meta moderation in focus
Controversies surrounding Facebookâs use of whitelists are well reported and substantiated by numerous documents leaked last year by the Facebook whistleblower Frances Haugen. Rampant misuse of whitelists â which can either excuse policy violations detected by Facebook and Instagramâs algorithms or render accounts invisible to detection entirely â is a topic candidly discussed by employees over the course of several years, the documents show.
Leaked records reveal that after employees began flagging widespread misuse of internal whitelists, Meta leadership ordered a cleaning up of the problem beginning with a series of audits in 2019. Much of the focus was on the XCheck system, which was launched, in short, to protect high-profile users, such as politicians and celebrities, from enforcement based on âfalse positives.â
The XCheck system was subject to, as one employee put it, âcommon misuse,â according to documents reviewed by Gizmodo. The Wall Street Journal first reported last year that Facebook employees had at one point âshieldedâ â in Facebook parlance â 5.8 million users from its content policies and standards. The auditing process found, on the whole, that processes for adding accounts to XCheck and other whitelists was rarely, if ever, subject to review. It was, in effect, a free-for-all. Whitelists at Facebook, employees said, were âscattered throughout the company, without clear governance or ownership.â
As Meta began to tighten the reins, one employee raised specific concerns about how the repeal of certain whitelists âwould affect nudity contentâ already being shielded at the time, records show. âWe routinely see content deletions protected by XCheck even though we donât know how the entity was XChecked,â they wrote.
Leaked enforcement statistics from 2020 reveal that Facebook, over the course of a single quarter, spent nearly a million man-hours enforcing violations of its nudity and pornography policy. Not all who violated that policy were punished, however. When, in 2019, the Brazilian soccer star Neymar was accused of rape, (in a case later dropped by authorities citing a lack of evidence) he took to Facebook and Instagram to mount a defense, posting a video that named his accuser and included nude photos purportedly of her.
Publishing revenge porn is in clear violation of Metaâs rules, yet Neymar was shielded by the XCheck program. Privately, Meta employees noted that his video had been shared more than 6,000 times by supporters, people who had also sought to harass and bully his accuser. The leaks revealed that Meta leadership decided to ignored their own âone-strikeâ policy for revenge porn cases, and allow Neymar to keep his accounts.
As it turned out, XCheck was not the only means of shielding users purposely violating Metaâs rules. Another document shows that as many as 45 out of 60 Facebook integrity teams had devised their own unique whitelists. Eight of them, it says, existed âupstream,â rendering the accounts invisible to moderation systems. Lists by 22 teams, meanwhile, were designed to block any automated enforcement against violators âwithout any further review or mitigation.â
Another document goes on to state that the auditing process, then still ongoing, had turned up more than a million accounts added to âad-hocâ whitelists, some âhard-codedâ into the platform using âcustom config files.â Another stated that whitelisting could be performed using no more than a user ID.
According to one employee, the problem was âpervasive, touching almost every area of the company.â The leaked document trail describing Metaâs sweeping efforts to rein in what the employee called âthe whitelist problemâ ends abruptly in 2021.
That same fall, OnlyFans announced a ban on what it called sexually-explicit content. âIn order to ensure the long-term sustainability of the platform, and to continue to host an inclusive community of creators and fans, we must evolve our content guidelines,â the company told Gizmodo in August 2021. Days later, however, with a creator strike apparently looming, OnlyFans backed down, telling reporters the changes were no longer necessary, citing assurances from banking partners.
Around that same time, Metaâs investigation team, based in Washington D.C., was eagerly trying to set up a meeting with the elusive whistleblower accusing OnlyFans of bribery. In their report, they wrote: âThey created this legal fiction and are even taking official stances that OnlyFans isnât a porn site. Itâs such a joke.â They further confessed to being motivated to step forward, at least in part, due to personal financial interests. âI want my stock options to stay valuable,â they told the company, âand provide for my children.â
âAs a whistleblower, you are entitled to protections,â the investigations team wrote in response. âI will meet with you if my anonymity is protected,â they were told. A meeting was quickly set up using video conferencing software and scheduled for the following day. But when the hour arrived, for reasons unknown, the purported whistleblower failed to appear.
OnlyFans, which is currently running around 150 ads across Facebook, has said only that the allegations against the company and its owner are âmeritless.â Reached by Gizmodo on Tuesday, a company spokesperson said it had nothing more to say at this time.
