3DSC Day 25: Social Media Privacy

Social Media Privacy

This week has focused on some privacy-centric aspects of security.  This is because security and privacy are integrally linked.  There can be no true security without privacy, and vice-versa.  Your social media is accessed and sold to advertisers and data aggregators.  It can indicate when you are at home and when you aren’t.  Location data can let others know where you live.  Information obtained through your Facebook page can be used to socially engineer you, one of your family members, or a customer service rep.  Today’s task will carry on with the privacy theme of this week by asking you to tighten up your social media privacy.  Some of this work can be done by adjusting settings.  However, privacy while participating in social networks mostly consists of modifying your behavior.

Realistic Best Practices:  The absolute best social media privacy practices are to delete your content and close your account(s).  I talked about some tools that can help with this in this post.  I understand that this will be an unacceptable proposition for most.  A more realistic approach for most is to limit the information you make available on social networks.  This will have a bigger impact to your social media privacy than settings will.  You can do this in several ways, all of which add up to much greater privacy and security:

  • Limit the information you upload.  Many use social networks as a way of staying in touch with friends and family, and I understand this.  However, you should reconsider the content you upload to a public audience.  Photos of your children, your home and the valuables in it, or the photos from the beach while you are on vacation may all make you a target.
  • Selectively remove information.  Take a look at your social media from an attacker’s point of view.  Is there information (including status updates, photos, lists of “friends”, Tweets, etc.) that you would not want a burglar, stalker, or unstable ex to see?  If so, you may want to start selectively deleting these items.  The less information that is on your page, the more private and secure you will be.
  • Adjust privacy settings.  Because there are literally hundreds of combinations of settings for Facebook alone, I am not going to go into specifics here.  However, resources like AdjustYourPrivacy can help.  AdjustYourPrivacy has direct links to the privacy settings of most social networks.  It can also allow you to view your Facebook and Google + accounts as they are seen by a complete stranger.  In general you should make your accounts as private as possible.  This won’t make it impossible (or even especially difficult) for someone with the right skills to view your content, but your account will no longer be the lowest-hanging fruit.
  • Restrict Mobile Apps.  If you use mobile social networking apps, limit the information they have access to (I talked about app permissions here).  In my opinion it is especially important to restrict location data which can reveal where you live, work, and frequent.  You may also want to limit access to your contacts,

Security Settings: You should also make sure to tend to each account’s security settings.  Most social networks allow passwords that are plenty long, even though few probably use long passwords.  You should also use two-factor authentication.  Two-factor is supported by some of the most popular social networks including Facebook, LinkedIn, Tumblr, and Twitter. Check https://twofactorauth.org to find out if your preferred network offers it.

Leave a Reply