Spam User IconPoor Facebook. The social networking site is facing a wave of spam and is making seirous efforts to tackle it, including joining industry-wide efforts to fight it. Yet at the same time it appears that its “People You May Know” algorithm could be inadvertently aiding and abetting the spread of spam. Oh dear.

A blog post by Sean at anti-virus firm F-Secure details his discovery that the people recommended to him in the “People You May Know” box were spam accounts. The name Elma Fewell, one of the two recommended profiles, yielded quite a few doppelgängers when he did a search. Looking at incremental Facebook IDs turned up even more. All of the accounts were created on Wednesday, August 11.

F-Secure found several names being used for spam accounts. They all had profile pictures of attractive young women, possibly Ukrainian models according to a reverse image search. Some of the spam links included “A deal you just can’t refuse!”, “Check this out!” and “Do not pay for a new iphone 4, get one for free one for no cost!”.

The links led to a LiveJournal page with an iPhone 4 bait ad. When the author clicked through he found he was redirected to play Berlin-based Frogster’s Bounty Bay Online game. He gave Frogster the benefit of the doubt for what its marketing affiliates were doing and said the German office of F-Secure would let them know.

The F-Secure blog post suggests that Facebook must be using algorithms based on profile search history for its “People You May Know” recommendations. If true, this doesn’t seem like a very sensible approach to me. I want the recommendations to be about people I may actually know so basing it on some sort of friends of friends algorithm would make more sense. Twitter is where I follow people I don’t know but I try to keep Facebook personal.

Certainly the F-Secure suggestion of being able to periodically purge your search history like you can on Google and in browsers would be a good move. One search for the word “iPhone” shouldn’t mean you are recommended spam accounts forever more.

I’ve reached out to Facebook to see if they have any comment on this and will update the story if they do.

UPDATE: A Facebook spokesman has responded with details of how the site detects and removes spam profiles. He said that the algorithm for ‘People You May Know’ did not involve search history but was constantly being tweaked for best results.

“Profiles that are created under a false identity or that attempt to trick people into taking a certain action violate our policies, and we have a large team of professional investigators who remove these when we detect them or they’re reported to us by the people who use Facebook,” the spokesman said.

“We also have technical systems in place to flag and block potential fake profiles based on signals like name and anomalous site activity. Profiles that send lots of messages to non-friends, for example, or whose friend requests are ignored at a high rate, are marked as suspect and either automatically blocked or disabled, or put into a queue for further review.”

He added: “Our “Suggestions” feature uses a variety of factors to determine which people who are already on Facebook a specific person might want to connect with. It does not use search history. We’re constantly refining and improving our features and systems, including this one, to provide the best possible experience for the people who use Facebook.”