Member-only story
Debugger
How to Stop ‘God Mode’ Abuse
Making ‘ghost user’ tools safer for customers starts with changing the frameworks that most apps and services are built on
You might think that as long as you keep your password safe, you’re the only person who can access your online accounts. But Facebook, Twitter, and the majority of tech companies build “user impersonation” tools into their software that allow their employees to peer inside of any account — and act as though they’ve logged into that account — without the owner ever knowing. These tools are generally accepted by engineers as common practice and rarely disclosed to users.
Often called “impersonate mode,” “ghost user,” or “proxy user,” they allow customer service representatives to see a service through a user’s account in order to diagnose errors and help engineers build better products by showing them how they work inside real users’ accounts.
But this type of internal tool can be abused. Most famously, Uber employees used the app’s “God mode” to track the movements of everyone from politicians to ex-girlfriends. Lyft provided similar tools, which were also abused by employees. And Ring recently fired employees for watching customer videos, which they easily could have found using a user impersonation…
