This post is the second in a series highlighting Bitly’s Trust & Safety (T&S) efforts. In our previous post, we introduced you to the scope and challenges of our work and who we are as a team. In this post, we dive deeper into who we are and how we think about trust and safety with Mavreen Smiel. Mavreen, a Senior Software Development Engineer in Test (SDET), is one of our most passionate trust and safety champions. She has been working at Bitly for three years and is based in New York City.
1. Tell us a bit about your role in T&S at Bitly.
I’m the SDET for Trust and Safety as well as Data Insights. This means I’m responsible for the quality and integrity of the systems the teams own. I primarily do this through testing, manually and automated, but also work with the teams to put processes and standards in place that help the other Engineers move fast without breaking things. In addition to testing, I’ll dig into our data and see what sort of new trends are popping up with malicious content.
2. What’s the most surprising thing about working on T&S at Bitly?
It’s no secret that bad actors try to mask their activity by hiding abusive URLs behind a shortened link, but what we discovered early on that surprised us is that, in many cases, these harmful URLs first make contact with the outside world when the shortened link is shared for the first time. Essentially, this means that we are often at the very beginning of the life cycle of an abusive URL. Detecting these abusive URLs’ evolution in real-time is fascinating and incredibly challenging to detect at this stage. This is a big part of why we’ve invested so heavily in our internal abuse detection technology.
3. What makes working on T&S at Bitly unique?
The scale! We have millions of users around the globe and enormous companies relying on Bitly so it’s both exciting and challenging.
4. Why do you work on T&S? How did you become a T&S expert? What keeps you motivated?
Trust and Safety is challenging in a lot of ways. It can be emotionally draining to see and read horrible things, but knowing I’m playing a small part in making the internet a little safer for our users and my teammates keeps me going.
As for how I got into Trust and Safety, it’s been quite the journey. As an undergraduate, I just happened to get slotted into a First Year Seminar about Islamic Governments and political movements in the Middle East. It fascinated me so much, that I ended up majoring in Islamic Studies. I had great professors who encouraged me to do advanced research and one even tutored me in my Farsi/Persian. I did my Master’s at the School of Oriental and African Studies, University of London, and I wrote my thesis on how jihadi propaganda spread on forums and social media (this was back in 2008!). After that, I had a brief stint in the US Navy, and I eventually found my way into tech as an engineer. I honestly never thought I’d be applying what I studied in school as an engineer now. In a way, it’s my dream job.
It’s hard to feel like an expert when new threats and technologies are always emerging. I like to think of it as having a 20-year head start.
5. What does T&S at Bitly mean to you?
It means respecting our users’ human rights to free expression and due process while making sure bad actors cannot exploit our system to cause harm.
6. What are some Bitly T&S stats that you’re particularly proud of?
We have more than 400 million encodes (that’s all of you shortening links) and billions of decodes (everyone clicking on a Bitly link) each month, and it generates a staggering amount of data. The coolest part is all of it runs through our system, which keeps millions of users safe every day.
7. What are some future T&S engineering projects you and your team want to be working on?
I have a long wishlist! One thing I’d love to expand on is how we handle malicious images and videos. We already have solid capabilities in place, but I’m always thinking of how we can expand on them—especially with Computer Vision. Also, I’m really interested in how we can better detect emerging patterns and new trends in malicious content in text.
8. What are the best practices for T&S when you’re online or on social media?
- Don’t reuse passwords between apps or sites and instead use a password manager. There are plenty of great free and paid versions for Windows, Mac, and Linux, as well as iOS and Android.
- Use two-factor authentication (2FA) where you can. As an example, when you enable 2FA with Bitly, it will add an additional layer of protection to your Bitly account by sending and requesting a one-time security code to your mobile device upon login.
- If someone sends you a Bitly link and you’re not sure what it is, copy and paste that link into your browser and add a plus sign ( + ) on the end (http://bit.ly/3yhwHjH+). Doing so will display a page that will show you the destination URL and give you some more information about it, and will also display a banner if we believe the link is potentially harmful. From there, you can decide if you want to click through to the destination URL.
- Be mindful of who you follow on social media. There are a lot of trolls (real people who bully or engage in antagonistic behavior online) and bots (automated accounts that mimic a real person) online, and they both want your attention. Both want to evoke strong emotions, like anger or sadness, about a topic or event and use that to harass or manipulate people. If you suspect you’re dealing with a troll or bot, the best thing for you to do is to block and report them immediately.
9. What do you enjoy doing in your spare time?
I love playing and watching ice hockey (I’m a big NY Rangers fan), and I’m learning to scuba dive.
10. Can you walk us through a day in your life?
One of the best parts of my job is that there isn’t really a typical day! Most of my teams are elsewhere in the US, so my day starts a bit later than most. I run a few morning meetings for the teams and then I’m off to the races. I will have code that needs to be tested, project documents that need to be reviewed and commented on, tests to write, and questions to answer from other teams. Also, I try to carve out time each day to think about the big picture and how my teams fit into that, not just in terms of Bitly but as a company with a global reach.
Conclusion
We hope you’ve enjoyed this peak behind the curtain into who we are and how we think about trust and safety. In our next post, we will be taking a deep dive into our internal abuse detection and mitigation technology. We are looking forward to walking you through the trust and safety journey a Bitly link takes from the moment it gets shortened on our platform to the moment an end user clicks on that shortened link!