The strange story of EiM’s LinkedIn block

I'm Ben Whitelaw, the founder and editor of Everything in Moderation*. I'm standing in for Alice in this week's Trust & Safety Insider while she's on a well-earned holiday.

I've been meaning to write about today's topic for more than two years. It's a slightly strange and, at times, technical account of a takedown incident that bears little significance in the grand scheme of things.

However, many T&S won't have experienced being on the receiving end of the systems that they build, buy or help enforce. And I learnt a lot about the potential pitfalls of automated moderation systems, users' limited redress mechanisms and often obscured supply chain of safety decisions.

Drop me a line if if you've experienced something similar or if this raises questions inside your own team. In honour of my T&S Insider co-writer, here we go! — Ben

The moderation newsletter gets moderated

What happened

It was a typical week. I had just sent a new edition of Week in Review and, as I often do, I went to LinkedIn to post about it to whoever the algorithm would deign to show it to. Except this time, no dice. LinkedIn showed a “cannot display preview” warning and said I should try another link.

Odd. I hadn't changed anything on the site and didn’t see why that would be the case. I had posted dozens of (let’s be honest) anodyne updates about my niche newsletter many times before without issue. 

One possible explanation was that EiM had written about child sexual abuse material or the content policies of, say, OnlyFans or Pornhub. Perhaps that was enough to trigger an automated system or lead a disgruntled subscriber to report me to an email service provider? But the edition in question led on the US Supreme Court and previous editions were about the Digital Services Act, the Oversight Board and Taylor Swift. Hardly controversial.

So, I reached out to LinkedIn via its case management page to ask what was happening.

‘Contact our browsing partner’

Credit to LinkedIn, a support agent came back to me within a few hours and tried to replicate the issue. After a bit of back and forth in which I tried different browsers, cleared my cache, and disabled various extensions, it was escalated to LinkedIn’s internal research team. Then, a breakthrough.

One of its partners, VirusTotal, had apparently blacklisted the everythinginmoderation.co domain for reasons that were not apparent. VirusTotal is an intelligence service headquartered in Spain that provides signals to companies about whether a domain, file or IP address could be malware. It was bought by Google in 2012 and is now part of Google Security Operations, a subsidiary of the search giant.

To clarify: it wasn’t LinkedIn that said my domain was dangerous, but a third-party company that I had never heard of and that wasn’t even a content moderation vendor in the way most EiM subscribers would understand. But that was where I went next.

On 7 March, I contacted VirusTotal, which explained that it “only aggregates data from a variety of vendors” and produces “no verdicts of our own”. I was asked to rescan the EiM domain and then reach out to a list of vendors if I believed there was a false positive.

Either I was too enraged about the situation to follow instructions, or the rescan didn't yield anything because I reached out again, wondering what the problem was. The message came back: speak to a company called CyRadar. At which point, the story became more interesting.

Not on my CyRadar

Having spent an unhealthy amount of time following content moderation vendors, tooling and infrastructure, I thought I had a robust knowledge of the main players in the ecosystem. But, like VirusTotal, I had never come across CyRadar. 

Based in Vietnam, it brands itself as a “pioneer (sic) cyber security company which applies AI, Machine Learning and Big Data technologies to provide next-gen security solutions”. Its homepage — at the time of the incident and to this day — advertises its “Endpoint Security for Consumer” software to “protect your computers”. Whatever that means.

I tried CyRadar’s website contact form but received no response. A few days later, I followed up with an email. Again, nothing. [The CyRadar website now has a page for reporting a false positive, but that didn’t exist in 2024]. 

So I did what any self-respecting person would do after exhausting the official channels: I went to CyRadar’s Facebook page. 

This did not immediately fill me with confidence. I vaguely remember it having a couple of hundred followers and not having been updated in some time (it has 4.6k followers now). Still, I sent a message explaining that Everything in Moderation had been incorrectly identified as malware and asked them to check why that might be.

To my surprise, someone replied: “Hello, tell me your domain pls”. I sent it. They said they would review it in the next 24 hours and asked me to check the result on VirusTotal afterwards. 

The next day, after I followed up, they confirmed it had been removed from the blacklist. I checked VirusTotal. My domain was unblocked. Much to the relief of EiM’s followers (I’m guessing), I was able to post to LinkedIn again.

Learning my lesson

More than two years on, I’m able to laugh about what happened. As an EiM subscriber once put it to me, "the newsletter about content moderation got content moderated". All very meta, you can probably agree. 

But it also led to three bigger questions that have shaped my thinking since — and which I intend to spend more time exploring:

1. How large is the ecosystem of T&S vendors? 

Despite being familiar with a large number of T&S vendors, I had never heard of VirusTotal or CyRadar before this whole saga. This suggests there is a much larger ecosystem of moderation, threat intelligence and cybersecurity vendors that play a role in who gets to say what online. 

Some of those will be mature tech providers with processes in place for, say, reporting false positives. Others will be quickly spun up and hastily integrated. Both deserve more scrutiny. 

As researcher Lucas Wright put it in his recent paper on T&S vendors:

“If our goal is to understand trust and safety as a field and how it shapes the experiences people have online, then we must examine how safety, security, and digital governance are shaped by a range of actors, including vendors”.

Plus one to that.

An Appeal a Day Keeps the Censor Away - Ctrl-Alt-Speech

In this week’s round-up of the latest news in online speech, content moderation and internet regulation, Mike and Ben cover:States sue TikTok over app’s effects on kids’ mental health (CNBC)Risks vs. Harms: Youth & Social Media (Substack)Insta…

Buzzsprout

2. Who is accountable for automated decisions?

The process of getting EiM reinstated was long, convoluted and marked by limited accountability. LinkedIn didn’t fix the issue; it pointed me to VirusTotal. VirusTotal said they only aggregated results and directed me to CyRadar. CyRadar, even after it whitelisted my domain, told me to check VirusTotal. 

Luckily for me, I knew how to find LinkedIn’s support portal, had the motivation to search out CyRadar’s Facebook page and conjured the patience to endure the whole process. For your average internet user, small business, journalist, civil society organisation or researcher, something along the way probably would’ve stopped them. The number of people who face issues like this is only going to increase as more black-box AI tools get integrated into the safety stack.

That’s why I continue to be interested in both formal and informal redress mechanisms, including the platform appeal process but also the Digital Services Act's out-of-court dispute settlement (ODS) process and the independent-but-Meta-funded Oversight Board. These mechanisms recognise that platform accountability cannot begin and end with an internal appeals form.

3. Why do we still treat technology as a silver bullet?

For those who place their hopes for online safety on technology alone, or believe it to be a silver bullet, this should raise eyebrows. Yes, automated systems are necessary at the scale that many platforms work at. But necessary isn’t the same as sufficient or, indeed, fair. 

That goes for regulators too. In various guises, governments are pushing platforms, AI companies and digital services towards more automated detection, greater technical compliance and machine-readable data disclosures. But if those systems are not paired with meaningful audits, tangible transparency mechanisms and fines for non-compliance, we are not making people safer; we are putting the burden onto users to understand, challenge and fix decisions made by systems they can’t see.

I was able to get EiM’s LinkedIn page back, had the time and bandwidth to do so and knew it wasn’t a personal disaster if I wasn’t successful. And yet, it was still a tortuous, Kafaesque experience that I wouldn’t wish on even my worst enemy. The shame is that plenty of people are going to have a version of it, and there’s nothing they can do about it.