Policy details

Change log

CHANGE LOG

Change log

Today

Current version

Mar 26, 2021
Dec 17, 2020
Oct 30, 2019

Policy Rationale

We recognize that the safety of our users includes the security of their personal information, accounts, profiles and other Facebook entities they may manage, as well as our products and services more broadly. Attempts to gather sensitive personal information or engage in unauthorized access by deceptive or invasive methods are harmful to the authentic, open and safe atmosphere that we want to foster. Therefore, we do not allow attempts to gather sensitive user information or engage in unauthorized access through the abuse of our platform, products, or services.

Do not:

Attempt to compromise user accounts, profiles, or other Facebook entities, abuse our products or services, gather sensitive information through deceptive means, or attempt to engage in unauthorized access, including:

  • Gaining access to accounts, profiles Facebook, Inc. entities, or user data other than your own through deceptive means or without explicit permission from the account, profile, or entity owner.
  • Encouraging or deceiving users to download or run files or programs that will compromise a user’s online or data security, including through malicious software or websites. Such files and programs will be deemed malicious software or "malware" if they harm or gain unauthorized access to a computer, device, or network.
  • Attempting to obtain, acquire or request another user’s login credentials or other sensitive information, whether explicitly or through deceptive means such as phishing (e.g. fake surveys designed to capture log-in info or links to fake login pages or impostor websites) or the use of malicious software or websites.
  • Publicly sharing your own or others’ login information, either on platform or through a third party service.
  • Creating, sharing or hosting malicious software including browser extensions and mobile applications, on or off the platform that put our users or products and services at risk.
  • Providing online infrastructure, including web hosting services, domain name system servers and ad networks that enables abusive links such that a majority of those links on Facebook or Instagram violate the spam or cybersecurity sections of the Community Standards.

Policy Rationale

We recognize that the safety of our users extends toincludes the security of their personal information and accounts and our services.accounts, profiles, and other Facebook entities they may manage, as well as our products and services more broadly. Attempts to gather sensitive personal information or engage in unauthorized access by deceptive or invasive methods are harmful to the authentic, open, and safe atmosphere that we want to foster, and can be used to compromise user accounts and our services. Therefore, we do not allow attempts to gather sensitive user information through or engage in unauthorized accessthe abuse of our platform and products., and products, or services.

Do not:

Attempt to compromise user accounts, profiles, or other Facebook entities, abuse our products or services, or gather sensitive information through unauthorizeddeceptive means,, or attempt to engage in unauthorized access,defined as:including:

  • Gaining access to any accounts , profiles, Facebook, Inc. entities, or user data other than your ownthrough deceptive means or without explicit permission from the account, profile, or entity owner.
  • Encouraging or deceiving users and entities to download or run files or programs that will compromise a user’s online or data security, including through malicious software or websites.. Such files and programs will be deemed malicious software or "malware" if they harm or gain unauthorized access to a computer, device, or network.
  • Attempting to obtain, acquireAcquiring or requesting another user’s login credentialsor other sensitive information, , whether explicitly or through deceptive means such as phishing (e.g. fake surveys designed to capture log-in info or links to fake login pages or impostor websites)or the use of malicious software or websites..
  • Attempting to obtain the sensitive information of others such as usernames, passwords, or other personal information, through deceptive means or the use of malicious software or websites.
  • Publicly sharing your own or others’ login information, either on platform or through a third party service.
  • Creating, sharing, or hosting malicious software or malicious browser extensions to compromise accounts or gain access to user data.
  • Creating, sharing, or hosting malicious software browser extensions and mobile applications, on or off platform that put our users or products and services at risk.
  • Providing online infrastructure, including Web Hosting Services, Domain Name System servers, and ad networks that enables abusive links such that a majority of those links on Facebook or Instagram violate the Spam or Cybersecurity sections of the Community Standards.

Section 19: Cybersecurity:

Policy Rationale

We recognize that the safety of our users extends to the security of their personal information. Attempts to gather sensitive personal information by deceptive or invasive methods are harmful to the authentic, open, and safe atmosphere that we want to foster. Therefore, we do not allow attempts to gather sensitive user information through the abuse of our platform and products.

We recognize that the safety of our users extends to the security of their personal information and accounts and our services. Attempts to gather sensitive personal information by deceptive or invasive methods are harmful to the authentic, open, and safe atmosphere that we want to foster, and can be used to compromise user accounts and our services. Therefore, we do not allow attempts to gather sensitive user information through the abuse of our platform and products.

Section 19: Cybersecurity (New):

Policy Rationale

We recognize that the safety of our users extends to the security of their personal information. Attempts to gather sensitive personal information by deceptive or invasive methods are harmful to the authentic, open, and safe atmosphere that we want to foster. Therefore, we do not allow attempts to gather sensitive user information through the abuse of our platform and products.

Do not:

Attempt to compromise user accounts or gather sensitive information through unauthorized means, defined as:

  • Gaining access to any account or user data other than your own without explicit permission from the account owner.
  • Encouraging or deceiving users and entities to download or run files or programs that will compromise a user’s online or data security. Such files and programs will be deemed malicious software or "malware" if they harm or gain unauthorized access to a computer, device, or network.
  • Acquiring or requesting another user’s login credentials, whether explicitly or through deceptive means such as phishing (e.g. fake surveys designed to capture log-in info or links to fake login pages or impostor websites).
  • Attempting to obtain the sensitive information of others such as usernames, passwords, or other personal information, through deceptive means or the use of malicious software or websites.
  • Publicly sharing your own or others’ login information on platform or through a third party service.
  • Creating, sharing, or hosting malicious software or malicious browser extensions to compromise accounts or gain access to user data.
  • Providing online infrastructure, including Web Hosting Services, Domain Name System servers, and ad networks that enables abusive links such that a majority of those links on Facebook or Instagram violate the Spam or Cybersecurity sections of the Community Standards.
User experiences

See some examples of what enforcement looks like for people on Facebook, such as: what it looks like to report something you don’t think should be on Facebook, to be told you’ve violated our Community Standards and to see a warning screen over certain content.

Note: We’re always improving, so what you see here may be slightly outdated compared to what we currently use.

Reporting
1
Universal entry point

We have an option to report, whether it’s on a post, a comment, a story, a message or something else.

2
Get started

We help people report things that they don’t think should be on our platform.

3
Select a problem

We ask people to tell us more about what’s wrong. This helps us send the report to the right place.

4
Report submitted

After these steps, we submit the report. We also lay out what people should expect next.

Post-report communication
1
Update via notifications

After we’ve reviewed the report, we’ll send the reporting user a notification.

2
More detail in the Support Inbox

We’ll share more details about our review decision in the Support Inbox. We’ll notify people that this information is there and send them a link to it.

3
Appeal option

If people think we got the decision wrong, they can request another review.

4
Post-appeal communication

We’ll send a final response after we’ve re-reviewed the content, again to the Support Inbox.

Takedown experience
1
Immediate notification

When someone posts something that violates our Community Standards, we’ll tell them.

2
Additional context

We’ll also address common misperceptions around enforcement.

3
Explain the policy

We’ll give people easy to understand explanations about why their content was removed.

4
Ask for input

After we’ve established the context for our decision and explained our policy, we’ll ask people what they'd like to do next, including letting us know if they think we made a mistake.

5
Tell us more

If people disagree with the decision, we’ll ask them to tell us more.

6
Set expectations

Here, we set expectations on what will happen next.

Warning screens
1
Warning screens in context

We cover certain content in News Feed and other surfaces, so people can choose whether to see it.

2
More information

In this example, we give more context on why we’ve covered the photo with more context from independent fact-checkers

Enforcement

We have the same policies around the world, for everyone on Facebook.

Review teams

Our global team of over 15,000 reviewers work every day to keep people on Facebook safe.

Stakeholder engagement

Outside experts, academics, NGOs and policymakers help inform the Facebook Community Standards.