This paper describes a model of the flow of users between social media platforms and surface web pages to access jihadist content, which provides an approximate picture of the jihadist information ecosystem and how multiple platforms are used to disseminate content.
- The jihadist information ecosystem is a large and complex network, connecting a vast array of platforms across the surface and dark web.
- Despite claims to the contrary, jihadist content is widely accessible via mainstream social media and the surface web. As of 2019, while jihadists prefer to communicate with core supporters on Telegram, they also use Telegram to coordinate efforts to exploit (‘raid’ in their terms) other platforms to achieve greater reach and build resilience for the jihadi information ecosystem.
- Adopting a multiplatform communication paradigm (MCP) rather than focusing of individual platforms will be key to developing next-generation approaches to online disruption and content removal.
- This research built a model depicting the flow of internet traffic to content shared by jihadi groups. The model shows different online platforms fulfil different purposes for jihadist groups, and this makes their communications harder to disrupt. As a result, when developing disruption approaches it is essential to differentiate between how links to material are shared and where the specific content is actually stored online.
- While previously online jihadi activity was focused on posting content directly on major platforms, the research shows major platforms are now often used to share URLs instead to facilitate access to content stored elsewhere.
- The major platforms are therefore being used as ‘beacons’ directing users to the material. Over half of known sources of traffic in the data came from just three platforms – Facebook, Telegram and Twitter. At least 50% of the actual content captured in the model is then stored on specific websites run by jihadist or theologically aligned groups. As these are smaller and obscure servers this takes time to locate and remove.
- Major platforms search for jihadist content on their servers using techniques such as image hashing – but in many cases, these platforms are being used as ‘beacons’ to share URLs but the content itself is stored on other platforms. This makes the content much harder to detect by the original domain owner.
- Jihadist movements disseminate some of their content through texts, which tend to be uploaded to a different and diverse group of platforms from those used to store audio-visual content. Texts often remain undetected due to the majority being in Arabic and because PDFs or Microsoft Word documents can be uploaded via more platforms than audio-visual content.
- Jihadist networks also share a wide range of extremist Salafist documents. This type of content is often not removed due to the complexity of defining what is actually jihadi content as opposed to some extreme Salafist material. This type of content is at times endorsed, reshared and in some cases re-published with Daesh (also known as the Islamic State of Iraq and Syria, ISIS) media organisation logos but remains available.
Summary of Recommendations
As this research has highlighted jihadist organisations’ increasingly complex MCP, the recommendations focus on the steps needed to develop a new generation of approaches rather than specific ways to fine-tune the current ‘whack-a-mole’ disruption paradigm.
The technology sector should embrace a multiplatform approach in relation to URL and shortlink reporting at greater scale and develop a robust shared awareness of URLs/shortlinks leading to jihadist content across the full range of platforms. While some companies have already successfully deployed this approach, based on services provided by organisations, such as Human Cognition, the research shows many others could benefit if individual companies or the sector more broadly developed a mechanism to use these services effectively.
The tech sector and researchers should also focus on the functions of each platform within the ecosystem. This would facilitate targeted disruption strategies, as recognising how a platform is used within the overall effort to distribute extremist material and hate speech is key to enhancing disruption. Researchers should also factor platform function in the design of research projects.
The ability to penetrate digital networks where jihadist groups initially distribute new URLs will increase the speed of detection as it effectively creates an early warning system. Platform owners should develop or acquire an early warning system to detect new URLs and shortlinks that store or point to jihadist content, through infiltration of online jihadist networks or tracking of users sharing jihadist content, within the constraints of existing and proposed privacy legislation, and while ensuring duty of care to employees.
Technology companies and internet referral units should recruit analysts with Arabic language skills and knowledge of jihadist and extreme Salafist texts. Human verification processes alongside machine learning techniques should be considered best practice.
As governments propose new legislation on privacy protection (such as that in the EU) policymakers must ensure that their attempts to protect privacy and to encourage platforms to tackle extremist content are not contradictory. As governments threaten to fine tech companies for failing to remove content quickly from their platforms, they cannot continue to work with researchers who have been actively posting jihadist content on the same platforms.
Ali Fisher is Explorer of Extreme Realms at Human Cognition.
Nico Prucha is Chief Content Curator at Human Cognition.
Emily Winterbotham is a Senior Research Fellow in the National Security Studies programme at RUSI.
This research was made possible with financial support from GIFCT and data donated by Human Cognition.
Director, Terrorism and Conflict
Terrorism and Conflict