3DSC Day 25: Social Media Privacy

Social Media Privacy

This week has focused on some privacy-centric aspects of security.  This is because security and privacy are integrally linked.  There can be no true security without privacy, and vice-versa.  Your social media is accessed and sold to advertisers and data aggregators.  It can indicate when you are at home and when you aren’t.  Location data can let others know where you live.  Information obtained through your Facebook page can be used to socially engineer you, one of your family members, or a customer service rep.  Today’s task will carry on with the privacy theme of this week by asking you to tighten up your social media privacy.  Some of this work can be done by adjusting settings.  However, privacy while participating in social networks mostly consists of modifying your behavior.

Realistic Best Practices:  The absolute best social media privacy practices are to delete your content and close your account(s).  I talked about some tools that can help with this in this post.  I understand that this will be an unacceptable proposition for most.  A more realistic approach for most is to limit the information you make available on social networks.  This will have a bigger impact to your social media privacy than settings will.  You can do this in several ways, all of which add up to much greater privacy and security:

  • Limit the information you upload.  Many use social networks as a way of staying in touch with friends and family, and I understand this.  However, you should reconsider the content you upload to a public audience.  Photos of your children, your home and the valuables in it, or the photos from the beach while you are on vacation may all make you a target.
  • Selectively remove information.  Take a look at your social media from an attacker’s point of view.  Is there information (including status updates, photos, lists of “friends”, Tweets, etc.) that you would not want a burglar, stalker, or unstable ex to see?  If so, you may want to start selectively deleting these items.  The less information that is on your page, the more private and secure you will be.
  • Adjust privacy settings.  Because there are literally hundreds of combinations of settings for Facebook alone, I am not going to go into specifics here.  However, resources like AdjustYourPrivacy can help.  AdjustYourPrivacy has direct links to the privacy settings of most social networks.  It can also allow you to view your Facebook and Google + accounts as they are seen by a complete stranger.  In general you should make your accounts as private as possible.  This won’t make it impossible (or even especially difficult) for someone with the right skills to view your content, but your account will no longer be the lowest-hanging fruit.
  • Restrict Mobile Apps.  If you use mobile social networking apps, limit the information they have access to (I talked about app permissions here).  In my opinion it is especially important to restrict location data which can reveal where you live, work, and frequent.  You may also want to limit access to your contacts,

Security Settings: You should also make sure to tend to each account’s security settings.  Most social networks allow passwords that are plenty long, even though few probably use long passwords.  You should also use two-factor authentication.  Two-factor is supported by some of the most popular social networks including Facebook, LinkedIn, Tumblr, and Twitter. Check https://twofactorauth.org to find out if your preferred network offers it.

2 thoughts on “3DSC Day 25: Social Media Privacy”

  1. Does it elevate my profile if I DONT have a Facebook? I just never got around to the bandwagon, now I feel like a tool if create one. However, I hate the stigma that I’m trying to be “off the grid” because I don’t have a profile. What do you think the social norm is now? What does it look like?

    Also I’ve seen plenty of people begin using pseudonyms on their accounts, particularly friends who are in Law Enforcement of Military. Once rumors and (some) real accounts of ISIS encouraging Lone-Wolf style attacks on US Service members (http://www.snopes.com/politics/military/homeaddress.asp), people immediately changed their true name and removed personal details.

    I think its a great personal policy.

    1. Gabriel,

      I think the level of profile elevation depends on your age. If you are in your late-30s and up (or early twenties and below) it probably doesn’t look that out of place to NOT have a Facebook profile. Also, do the benefits outweight the potential for profile elevation? If your photos are already all over the internet, it probably doesn’t matter much if you are careful with the information you post. However, if you are already fairly private a Facebook profile can be risky. I’m sure there are photos of my on Facebook but you can’t find them because you don’t know what I look like, and the poster can’t tag me in them because I don’t have a profile. Sure, I can un-tag photos, but that requires a lot of work. And even if I un-tag them it’s too late as far as Facebook itself is concerned – they won’t forget who is in that photo.


Leave a Reply

Your email address will not be published.