- Twitter hopes to find and patch ways in which its algorithm can be exploited
A contest is being held by Twitter to see if hackers and researchers can find flaws in its image cropping algorithms, and prizes are to be given out to winning teams (see Engadget). Teams will have access to Twitter's image cropping code and model, which will allow them to find out if the algorithm is harmful (for instance, if it removes the image's subject).
A description of their findings and a dataset showing the issue will be required by those competing. After a report is submitted, Twitter will give points based on the nature of the harm, how it can potentially impact people, and more. In addition, a $ 1,000 prize will be awarded for the team that presents the most innovative and generative findings. Twitter users have suggested adding a zero to that amount, causing a stir. To give you a sense of the scale, Twitter would pay you $2,940 if you found a bug that lets you handle someone else's actions (like tweeting another person's message). The revenue from taking over someone's Twitter account would be $7,700 if you discovered an OAuth issue.
After allegations that the preview crops on Twitter were racially-biased, Twitter published a paper investigating how its image cropping algorithm was biased. The algorithm used by Twitter for cropping previews has mostly been phased out since then, but the algorithm is still used on desktop, and a cropping algorithm can be helpful to a company like Twitter.
A competition lets Twitter get feedback from the broader population, which is far more valuable than just algorithmic bias.The platform defines unintentional harms as those caused by a regular image posted by a "well-intentioned" user, while Twitter defines intentional harms as those caused by a malicious posting. Creating images that pose a risk of intentional harm is a problem that someone may exploit if they post malicious images. The company explains that the competition is separate from its bug bounties program - if you report an algorithmic bias to the company outside of the contest, it will strike your report as unsuitable and close it. Visit the competition's HackerOne page to see the rules, criteria, and more. Entries are accepted until August 6th at 11:59 pm PT, and the winners will be announced on August 9th at the Def Con AI Village.