I faked my own death on Facebook
Last month, Facebook started allowing users to select a legacy contact. The feature gives users the ability to select someone to manage their profile after they die, pending the approval of a “Memorialization Request.” Curious, I decided to test it out, and submit a Memorialization Request for myself.
I decided to fake my own death on Facebook.
But let’s back up a bit. If you die, and a loved one notifies Facebook, all they require is some basic proof — a scan of a death certificate, say, or a link to an obituary. If they approve the request, a “Remembering” label will be posted above your name, and your profile will be “disappeared” — hidden from searches, and no longer suggested to others as a potential friend. It’s swept under an algorithmic rug, keeping the feeds of others tidy with posts from only the living.
To start, I created two fake accounts. The first, a clone of myself (I only wanted to trick Facebook, after all, and not scare a bunch of friends and relatives). The second, a profile for my fake estranged brother Greebo Veix, to nominate as my legacy contact. After I had them add each other as friends, I made the legacy contact official. Facebook provides you with a sample message, which you can change or elaborate on.
I spent the rest of the night having fun playing with the clone account, connecting with myself.
On Tuesday, I posted the following ominous status update from my clone account, and then signed out for good.
Then I used Photoshop and a popular fake newspaper generator to make a crappy, unconvincing obituary, confirming that I died in a fiery blimp crash. Oh, the humanity.
I waited a few days, then submitted the Memorialization Request from Greebo’s account. I sent them a bit.ly link to the obituary image, which I had saved in DropBox, so I could keep track of when they clicked it.
For added verisimilitude, I had my coworkers post on my wall.
On Saturday morning, someone working for Facebook, apparently in the U.S., visited the link to my obituary. (Not, as I originally expected, someone at one of their content moderation companies in the Philippines). Shortly after, Greebo received two emails from Facebook, one confirming my death, the other about the transfer of account privileges. Just like that, Facebook ceded basic control of my clone’s profile over to an account that was only a few days old, with a bizarre name and a profile photo of a stoned knock-off Big Bird.
Over on Greebo’s Facebook, I received a notification about my death, and after visiting my dead clone’s account, got a supportive message that featured an illustration of a Facebook Blue flower.
As Greebo, I could now pin posts to the top of my dead clone’s Facebook page, accept friend requests, and even change the profile and cover photos. In solemn remembrance of myself, I changed my profile photo to an owl projectile vomiting on another owl.
This absurd experiment indicates that it’s alarmingly easy to fake your own death on Facebook. As far as I can tell, all they do to confirm a user’s death is check if there’s activity on an account since the provided death date, then skim the obituary you send. Somehow, none of the inaccuracies and jokes in my obituary raised any red flags. I reached out to Facebook for more information about their approval process, but as of writing this, they have not yet responded.
All told, this is a pretty worrisome exploit, for both Facebook and its users. Regarding the former, since Facebook makes its money largely by selling its users’ data to advertisers, their whole business would be seriously undermined if all of their users started suddenly, mysteriously dropping dead in some kind of Troll Plague (though honestly, who gives a shit about Facebook’s interests). Regarding the latter, someone could use this exploit to pull a cruel prank, for example, reporting a friend’s death while they’re off camping for a weekend, logged out of Facebook. Even more sinister, it could be used as another tool in a Gamergate-style harassment campaign.
It’s not something they could simply fix overnight by changing a few lines of code, either. They’d have to retrain their staff and/or hire more people, and become more discerning about who they accept as dead. Tighter rules would of course lead to some legitimately dead people being denied access to the Facebook afterlife, which opens up a whole other can of worms.
There’s still one lingering question, though: What happens if you try to log in to a dead person’s account to post from beyond the grave?
You can’t. You’re locked out forever, without any easy way to recover your profile. Dead people can’t use Facebook. RIP.