For as long as there have been data networks, people have exploited them to cause harm. The French mechanical telegraph system was subverted in 1834 in a bond-trading scam that went undetected for two years. Cold-callers run cons by telephone. The internet, with billions of users and unlimited processing power, is the most powerful network of all. It was bound to become the focus of wrongdoers. That does not mean it should be wrapped in red tape. Openness online is especially valuable because it allows “permissionless” innovation. Anyone can publish an article, upload a video or distribute a piece of software to a global audience. Freedom from the responsibilities that burdenother media companies has served as a boost for a nascent industry. But the days when the technology firms needed nurturing are long gone. In the past decade they have become the world’s most valuable companies. As their services have reached deeper into every aspect of everyday life, online activity has gained more potential to cause offline harm. For every Spotify there is a WannaCry. Technology firms complain that this combination of novelty and commercial success makes them a convenient target for politicians, some of whom seem to regard regulating the internet as a shortcut to solving complex social problems such as hate speech. Eager to protect their special status, technology firms have emphasised that online recruitment is only part of the terrorist threat. Besides, they say, they are platforms, not publishers, and that they cannot possibly monitor everything. Yet the firms can act when they want to. Before Edward Snowden exposed them in a huge leak in 2013, they quietly helped American and British intelligence monitor jihadists. Whenever advertisers withdraw business after their brands ended up alongside pornographic, violent or extremist material, they respond remarkably quickly. As with car accidents or cyber-attacks, perfect security is unattainable. But an approach based on “defence in depth”, combining technology, policy, education and human oversight, can minimise risk and harm. Often, commercial self-interest gives an incentive for the technology companies to act. Although fake news is popular and engaging, and provides opportunities to fill advertising slots, it is bad for the technology giants’ reputations. Accordingly, Google and Facebook are doing more to cut off fake-news sites from their advertising networks, build new tools to flag dubious stories and warn readers of them, and establish links with fact-checking organisations. When self-interest is not enough, governments can prod the firms to tighten up—as German lawmakers have, threatening huge fines. Under a voluntary agreement with European regulators, the big firms have set a target of reviewing (and, when appropriate, removing) within a day at least 50% of content flagged by users as hateful or xenophobic. The latest figures show that Facebook reviewed 58% of flagged items within a day, up from 50% in December. For Twitter, the figure was 39%, up from 24%. (YouTube’s score fell from 61% to 43%.)