Earlier this year, a new source reached out to journalists at the nonprofit Indian news site The Wire with a tantalizing offer. The source worked at Meta, they told the publication, and wished to share information about the company’s internal workings with reporters.
The Wire met with the source, who sought to verify their identity by providing Sen with documents including their work badge and pay slips. Many conversations followed, reporter Jahnavi Sen told Platformer in an interview, and by the fall The Wire trusted the source enough to turn to them while investigating a potential story: the suspicious removal of seven Instagram posts satirizing an official in India’s right-wing government.
Meta issued a strong denial to the resulting story, which claimed that the company had given a high-ranking official in the ruling Bharatiya Janata Party the ability to remove Instagram posts at will. What followed has been one of the strangest tech journalism stories in recent memory: The Wire gradually releasing more information about its sources and methods in reporting the story, and Meta leveling unheard-of accusations — supported with evidence — that the documents underpinning the publication’s stories appear to be fabricated.
The Wire doubled, then tripled down on its reporting; in an unsigned statement Monday, the publication referred to “the impossibility of this being a hoax.” Meta, for its part, issued a lengthy rebuttal and suggested that the publication itself might be perpetrating the deception.
It’s a story about how credibility is won — and lost — in a low-trust environment
On one level, this is a story about whether a social platform has granted extraordinary secret powers to a government official, and a subsequent forensic investigation into whether any of the materials published to support that claim actually back it up. On another, though, it’s a story about how credibility is won — and lost — in a low-trust environment. When the truth can seemingly be explained only by the revelation of an actual conspiracy on one side or the other, who is anyone to believe?
This is also, of course, a story about India: a country whose authoritarian government has worked consistently to reduce press freedoms, and is working to create a government panel that could review and overturn social networks’ content moderation decisions. The Wire itself reported last year that it was targeted by the NSO Group’s Pegasus software, which it said had likely been used by the Indian government to surveil its journalists. Last week another journalist who worked on the Meta stories, Devesh Kumar, reported that his accounts had been hacked.
We have grave doubts about The Wire’s reporting, which among other inconsistencies seems to have relied upon a fabricated email from Meta spokesman Andy Stone and a phony Workplace instance set up in the aftermath of the original report. The report also describes the company’s use of an internal program called XCheck, which typically has been used to prevent posts from high-profile users from being taken down, in ways that are not consistent with our own understanding of how it works.
In an effort to learn as much as we could, we’ve spent the past few days interviewing journalists at The Wire, sources at Meta, and knowledgeable outside observers. Here’s what we’ve learned so far.
On October 10th, The Wire published a story alleging that Amit Malviya, head of the BJP’s IT department, had been granted special privileges under Meta’s opaque XCheck program that allow him to get Instagram posts removed quickly — even if they don’t violate Meta’s rules.
The report cited as evidence an internal document that said posts Malviya had reported for removal were escalated automatically because of his XCheck privileges. If true, the report would suggest that Meta’s XCheck program, first reported by the Wall Street Journal last year, granted even more power to high-profile users than was previously understood.
But Meta denied the report. On Twitter, Meta spokesman Andy Stone said the documentation it was based on appeared to be fabricated.
The following day, The Wire upped the ante with a second report. The publication said it had been leaked an internal email that appeared to be from Stone, in which he asked “how the hell” the Instagram report on Malviya had leaked.
But that email, too, was a fake, Meta said. “The supposed email address from which it was sent isn’t even Stone’s current email address, and the ‘to’ address isn’t one we use here either,” tweeted Guy Rosen, Meta’s chief information security officer. (Meta is in the process of switching employees from @fb.com to @meta.com email addresses).
The email sounds nothing like the real Stone (and arguably not like anyone who grew up in New England)
Some tech reporters weighed in to say that they had received emails from Andy Stone’s @fb.com email address as recently as August 31st. The more important point, to us, is that the mail simply doesn’t sound like anything Stone has ever said to us in years of conversations and email.
“Contact the reporter and gather more information about the document, post which I will tweet about it,” the email reads, sounding nothing like the real Stone, and arguably not like anyone who grew up in New England, as he did. (Stone also denied writing the email when we asked him.)
Rosen also said The Wire’s first story was “simply incorrect” about the nature of the XCheck program, and reiterated Stone’s point that the underlying report appears to be fabricated. “The URL on that ‘report’ is one that’s not in use,” he wrote. “The naming convention is one we don’t use.”
Four days later, on October 15th, The Wire published a new response. The publication said it had verified the origin of Stone’s email using DKIM, a protocol that adds a digital signature to outgoing messages so that the recipient can verify the email really came from the sender.
In the article, The Wire embedded a video showing a step-by-step process of how it verified the email. It also said that it had demonstrated this process to two independent domain experts on a video call and included emails from those experts showing the DKIM-signature test passed.
The Wire also included a screen recording of their source logging into instagram.workplace.com — the domain where the original report about Malviya was hosted — and scrolling through what appeared to be Instagram incident reports.
But even as it attempted to set the story straight, The Wire’s explanations introduced puzzling new inconsistencies and potential fabrications into the narrative.
To start, when The Wire published its third article, the emails from DKIM experts were timestamped 2021. Then the publication updated the screenshots so the timestamps read 2022. We asked Devesh Kumar, The Wire reporter who handled the DKIM check, about this, and he promised to send a “bigger technical response of such a small mistake.” So far, we haven’t received that.
On Twitter, Kumar’s explanations for the mixup have gotten increasingly complicated, saying the error had resulted from him manually setting the date to 2021 in his operating system.
Meta said an account was “deliberately set up with Instagram’s name and brand insignia in order to deceive people”
Second, as former Meta chief security office Alex Stamos and other technical experts have pointed out, the DKIM verification video doesn’t definitively prove anything. “It would be trivial to fake the verification by dkimverify, as all you would need is a script in your path that prints ‘signature ok,’” Stamos tweeted.
Finally, and most damning, Meta said that the video that purported to show a source logging into the internal Instagram system was, in reality, a spoof of that system created on October 13th using a free trial of its software — three days after The Wire’s first article came out. It was an “externally-created Meta Workplace account that was deliberately set up with Instagram’s name and brand insignia in order to deceive people,” the company said.
On Sunday, The Wire said Kumar’s Gmail and Twitter accounts had been hacked and that the perpetrator was sending phishing emails from his accounts.
The Wire’s certainty that Meta is lying hinges in part on the sheer effort it would seemingly take to orchestrate this series of events.
“We first reported this Instagram document on October 15th,” Kumar said in an interview with Platformer. “Let’s think about it. Within four days, anyone who is fooling us (if we assume that this is the case) has created forged documents, has created forged videos, has created a forged email that does DKIM checks, has created a forged instance of instagram.workplace.com, which has our URL of instagram.workplace.com that does not exist, and uploaded hundreds of documents in that group and shared all of these things with us.”
There’s also the fact that, in The Wire’s telling, at least two different sources are responsible for the leaked documents it has published — indicating that if this is a hoax, it is a more elaborate one than is found in most journalism scandals.
Kumar said that when The Wire approached its original source and asked about the Instagram takedowns, it only took 20 minutes for that person to send the report regarding Malviya’s XCheck status. When The Wire reached out to a different source about Meta’s pushback on the resulting story, this source said that while they didn’t know anything about the Instagram incident report, they did have insight into the discussions happening internally. Seven minutes later, Kumar said, the source responded with the email allegedly from Stone.
“What a shit way to do it for BJP.”
The Wire journalists were adamant to us that they stand behind their reporting. Still, we asked them, what if this had been a hoax — who might have been responsible? The publication has consistently been critical of the BJP, and its journalists have previously been targeted in surveillance attacks. Might there be a connection?
The reporters dismissed this explanation for two reasons. First, the pay slips and badge shown to them by one of their sources, along with the DKIM verification, convinced them that they are dealing with a real Meta employee. Second, if the BJP wanted to target The Wire, why waste it on a story about posts from an Instagram account with fewer than 700 followers?
“What a shit way to do it for BJP,” Kumar said.
The Wire told us it would consult with outside experts in a further effort to verify its documents and seek to build trust with readers. “At this point, we’re not doing it for ourselves,” Sen says. “These checks are not for us.”
On Monday, though, The Wire said that while it is “still trying to develop, with recognized experts, a transparent method for the independent verification of Andy Stone’s email,” its interest in making further disclosures is waning.
“Meta has made wild claims about the evidence The Wire has made public, in the hope that we will feel obliged to seek and publish further information that could be more easily traced back,” its statement said. “We are not prepared to play this game any further.”
The idea that Meta had granted a politician the right to remove Instagram posts at will — in some cases, minutes after they were posted — is an extraordinary claim. But rather than back that claim up with extraordinary evidence, what The Wire has mustered so far has mostly served to undermine confidence in its original report.
One reason this story has been so confusing to report is that its details seemingly cannot be reconciled without embracing a conspiracy theory: that multiple people conspired to hoax The Wire; that one or more persons within The Wire committed the hoax themselves; or that multiple people within Meta conspired to falsely accuse a publication of fabricating documents.
Trust in Meta is generally low, but even The Wire has not been able to offer a theory for why the company would lie about a Workplace instance being faked to support its claims. Publications around the world, including this one, regularly report on documents leaked from inside Meta, and the company often confirms their authenticity and offers comment upon them. When the XCheck program was initially revealed by the Journal, Meta’s comms team had plenty to say about how it worked, and to deny that its existence is as problematic as some critics said. But it never denied that the program existed.
That leaves us wondering whether the hoax came from a politically motivated party outside The Wire or from people with unknown motivations inside it. Perhaps we will know someday. In the meantime, The Wire told us it remains in touch with its Meta sources and plans to continue reporting on the company.
Assuming there has been a deception here, it will sting for several reasons, beginning with a blow to the credibility of one of India’s more well respected independent publishers. But another is that, whatever may be going on between the BJP and social platforms, India really is pressuring social networks to remove more satire and dissent.
Since the early days of the COVID-19 pandemic, the country has been ordering Meta and others to remove hundreds of posts critical of the government — and is doing so in the open, without the benefit of any secret XCheck program. Twitter sued the country in July amid mounting requests to remove posts that appear to go beyond the government’s legal authority.
It would be a tragedy if, in an effort to prove something that was already obviously true, someone felt compelled to offer a lie in support of it. That the BJP is putting pressure on social networks to do its bidding is no secret. The party has done so brazenly, in the open — and it’s in this respect that, compared to The Wire’s bewildering presentation of events, the truth is scarier than the apparent fiction.