|
06.10
Protecting Your Personal Information on Facebook
By Dr. Wole Akpose
Social Networking is the new fad
of the twenty-first century, and Facebook has
become the face of social networking, globally,
with more than 400 million users. Last year,
however, the company received a great deal of
flack for unilaterally making changes to users'
privacy settings, which exposed users' "private"
information which had previously been hidden.
Recent upgrades to users' privacy settings allow
for more opt-outs and control over who can see
what, but there have also been security flaws in
the platform itself which have been exploited to
expose user information.
Those flaws have been fixed, but
the fact remains that sites like Facebook profit
by using your personal information to sell ad
space to advertisers. Any reasonable expectation
of privacy (in the traditional sense), must be
tempered by that reality. At a tech
conference in January, Facebook's 25-year-old
CEO Mark Zuckerberg declared that
people aren't all that
concerned with privacy any more.
This seems to be prevalent yet fundamental
assumption among popular sites like Facebook, Google and Twitter, who seem willing to push the
envelope to see how much money can be squeezed
out of your personal information. Of course, as long as
you are willing to share that information on
their sites in exchange for a free platform to
network and play, you may be giving tacit (even
explicit) approval to use your information as
they see fit — and lending credence to their
assumption that conventional social norms are
changing.
Beyond the information which is
supposedly "locked off," even a casual look
at most Facebook profiles can yield a wide
array
of information — a treasure trove for all sorts
of people, including identity thieves. Following are some tips for
minimizing the chances that would-be identity
thieves or other nefarious parties can harvest
your personal information from Facebook for use
in ways that you never intended.
-
Your Birthday -
Many people use birthdays as passwords or pin
numbers for various purposes: e-mail accounts,
bank accounts, debit card pin, network access,
home security code, and many others. But this
information is shared online in your Facebook
profile, accessible to the entire universe. The
immediate danger could be data trolls trolling
for information that could later be assembled
and used in identity scams and theft. More
likely, threats will come from people you know
or who know you and just could piece together
enough information from your Facebook page,
including birthdays, to compromise your security
and identity.
My advice is to never use
birthdays (yours, your relatives) for passwords, pin
numbers or as a security mechanism. It is always
a bad idea. Other institutions often use your
birthday as a security identifier (e.g., your
bank, school, your insurance company,
pharmacists, doctors office etc), so it is a bad
idea to share that information with the entire
universe on your Facebook page. If you must,
show only the month and date (make the identity
thieves do some work). But best yet, hide this
information and share it only with your friends
(skip the year part every time — those who must
know, already know it).
-
Anniversaries -
Like birth dates, many people use anniversaries
as security identifiers for some systems, at
least, but forget this when they choose to share
it on Facebook. Again, my advice is to not
use an anniversary as an identifier or security
mechanism for any system (not even those quaint
bank/online systems where your anniversary is
suggested as a security question). And skip it
on your Facebook page — it is visible to a
world of 6.5 billion people.
-
Family - It's kind
of nice that social networking sites ask you for
a gobble of information about yourself, allowing
you to identify your siblings, parents and other
family members. Great! But all that data could
come back to haunt you in the hands of an
identity thief, a stalker or anyone trying to
piece information about you together — without
your consent. With enough background
information, a social engineering scam is easier
to perpetrate as the scammers can more easily
fool others that they indeed are you. The more
they know, the more convincing they can be —
thereby jeopardizing any wall of security you
may assume you have built in the real world.
Facebook privacy controls are not granular
enough to limit who can see your family
information — which should really be limited to
people you have pre-screened to see it or people
you can trust. When Facebook was first
developed, it was for a bunch of college kids at
a single school (Harvard). It soon grew to
accommodate other college kids across the
country. In those early stages, you could assume
some level of trust. Not any more. Facebook is
now a global site, kind of a global mall. How
much of your personal business would you like to
share in a mall? Well think of that when you
advertise your family relationships on Facebook
or any other social networking site.
-
Relationships -
Facebook has become a de facto dating site, as
it allows users to disclose their relationship
status, meet, chat, play group games, plan
meetups, etc., all at no extra cost. But it also
exposes users to stalkers and those who may want
to do them harm. And unfortunately, when you
share too much information, you expose yourself
more than in normal everyday interactions — and
to people you may never have met otherwise. So,
think twice before announcing online every time
you fall in love, sleep with someone, break up,
and so on. And more importantly, watch how you
discuss these relationships, and what crumbs of
information you leave behind. You never know who
is reading your profile online — again, there
are potentially 6.5 billion eyes (no, 13 billion
eyes) out there.
-
Friends - Yes,
connecting with friends is what Facebook is
really about and what it has almost become
synonymous with. You friend and unfriend people on Facebook. Well, watch
your friending practice. You may be friending
strategically for business or related reasons,
making it important to watch what you do and
what information you share; or you could friend for
real, as in the way you make friends in real
life. In either case, try to ascertain that you indeed have a
good reason to be making these friends. Sure
politicians and celebrity have a good reason to
have a million fan friends. That is what they
do for a living and they often have protective
services to keep away unwanted overtures; and
they usually hire professionals to either write
for them or vet what they are saying. (Yes, I
know some politicians act like kids online, but
they still have professional protective
services.) When you go online and make friends
with every Tom, Dick, and Nancy out there, you
are exposing yourself, your well being, your
privacy, and sometimes your loved ones to risks
you may not clearly understand. So, avoid
becoming friends with everyone on the globe. Be a discerning friender online.
-
Pictures - They
say a picture is worth a thousand words. And
that is why you need to watch what your online pictures
are saying about you, your friends and
acquaintances, and your family and loved ones. Again, remember that Facebook is a
accessible to everyone — it is not your local
fan club or church.
Facebook is really not the place
to make a fool of yourself or display
embarrassing images of yourself. If you are not
proud of a picture when you are sober, do not post it
online. Many Gen Y-ers are learning this lesson
the hard way as they discover that, yes,
recruiters have Facebook profiles, too. Also,
consider a scenario where a smart criminal picks
your picture, your name, your work place, job
title, your location and forges your work ID.
Tada! Now you see what identity theft looks
like. Ok, sure, identity thieves have many other
online locations to mine data on you, but why make their job easier by collecting
all that information for them on your Facebook
profile? And then allow some third-party
application access to your profile? Now a robot
can do all the work and the criminals can just
sit back and wait for the harvests. Ok, the idea
is not that you stop sharing your pictures (and
I become the party pooper). No, the idea is that
you be careful who you share your pictures with
and what pictures you post online in the first
place. And since Facebook does not provide you
with a granular enough mechanism to manage who
can see your photos, always post with caution.
-
Walls - Yes, the
fabulous Facebook Wall is where you leave
comments and others post comments about or for
you. Well, not all those comments are flattering
and not all are discrete, either. Imagine how
much you can learn about someone just by reading
the content of their Facebook Wall. Yes, you can
determine a great deal about a person by
visiting their wall. But it was never meant to
be that way — at least that was not what people
bargained for when they opened up their Facebook
page. But that is the reality of using Facebook
— unless you choose to be discrete about what
information is available on or to your Facebook
Wall.
You can determine who
posts to your Facebook Wall, delete messages
from your Facebook Wall, moderate messages on
your Facebook Wall or simply avoid using that
feature of Facebook altogether. But Facebook
wouldn't be Facebook without the Wall — so
deleting is your best bet. And remember that
mood message (what's on your mind)? It can
quickly boomerang on you if you are a real
tell-all. It is not always a great idea to
tell the entire universe what's on your
mind. Most people will not share their
innermost thoughts at their most vulnerable
moments with a room full of people. But in
the "privacy" of their mobile phone or
computer, they divulge all. So, after
telling the universe about your most recent
tryst, take some time to delete it as soon
as possible.
-
Messages and Chats - Many
of the recent flaps over Facebook have
stemmed from the
inadvertent exposure of "private"
chat sessions,
which resulted from a security flaw in the
privacy settings (it has since been "fixed").
It would be prudent to operate under the
assumption that nothing on Facebook is private,
that if you
keep a record on Facebook, it may
be accessible to individuals to whom you have
not expressly granted permission. Yes, you may
want to "message" often or occasionally on Facebook,
but
deleting those messages after you are done with the
conversation (both sent and received versions of
the message) will help minimize your footprint.
Of course, as long as any party to the
conversation retains a version of the
conversation, the conversation remains intact on Facebook — and
possibly open to future exposure. So,
never post or send messages on Facebook you
would like to keep truly private. Your chat
session may also fall into the wrong hands.
So, why bother to delete anything,
you ask? Because if it is not active on Facebook, it is
only a matter of time before it ages
out of even the largest internet cache and you
only need to worry about Facebook backups.
-
Other Applications
- Facebook's success lies in the myriad of
Facebook Apps people can "install" and permit
access to their profile. The problem is what happens to all that
data? Information on your Wall, chat sessions,
and information you share within those
applications could end up on third-party
servers without your knowledge or express
consent. And now you can truly forget about
privacy. So to protect yourself, pay attention
to the privacy disclosure offered by third-party
applications, and use all third-party
applications with care. Sure, Facebook started
out as a free service, but it is now a money
making venture. Your information is valuable to
Company X, and they feel no shame in selling
it
to the highest bidder — including pictures, comments
and/or messages.
-
Clean Up After yourself - So,
what can you do to ameliorate some of the
aforementioned concerns? First, follow this simple
rule of thumb that applies to Facebook and other
online sites where you maintain a public
profile: clean up after yourself. Sure,
the internet and all its various applications
and sites is a great place to learn, discover,
play and do much more. But it is also a great
collector of data about the things you do, and
also a great aggregator of all that vast
information collected about you. And guess what,
the aggregated data is analyzed and parsed for
all sorts of patterns to develop complex
profiles about you — maybe stuff you don't know
about yourself that the Big Brother is
monitoring. The best way to protect yourself
is to clean up after yourself. Watch what little
breadcrumbs you leave behind. Delete information
you no longer need. Avoid posting data you never
have to post in the first place, and be civil
with your chats and comments. Stop pretending
that Facebook is a private chat room (it isn't)
or that your Facebook profile is only available
to your friends (no 13 billion eyes,
remember?). Of course, deleting
information from your Facebook page — including
from your Wall, from third-party applications,
from your message box and from your profile (including pictures after they have served their
purpose) — does not
guarantee that the information will not later
come back to haunt you, but it does give you a
fighting chance.
Facebook, and other sites store
your data and index them to your profile. They
also have a backup policy that often ends up
keeping the most current data about each index
(of course there are tiers of backups and
sometimes data is moved off into alternative
storage for analysis and other needs). This
practice ensures that if your delete data, that
fact ultimately gets propagated, and in time,
most of the data you deleted ultimately gets deleted
from backup servers. The half life of the deleted data is a
function of the data retention practice (not
just policy) of the organization. Google used
to have a data retention practice of forever.
Today, they have pared that down to 18 months, and
even promised to let you delete whatever you do
not need. However, if you are a pack rat
who believes that you must keep all conversations, all
Wall postings, all pictures and every comment
ever made of you or by you on your Facebook page
— well, then, don't say I didn't warn you!
Facebook has come a long way
from its heady days as a mere schoolyard online
village square. But, not unlike the Internet
itself, it suffered from a flawed beginning, and a even more
flawed assumption about who has a right to
privacy and who doesn't. Ultimately, it is your
responsibility to understand the privacy
policies of sites you frequent, and to take the
steps necessary to protect your privacy online.
And for those who are considering ditching Facebook, don't
forget to first delete all the content of your
profile before you deactivate your account. If you do not
delete the content, and merely change your privacy
settings to "allow none," all that deactivating
will have been in vain. Facebook accounts
are forever — but the data you delete may be
gone at some point. So before you deactivate
Facebook,
remember to delete, delete, delete.
Opinions expressed in this article are the
author's and do not necessarily reflect those of
IEEE or IEEE-USA.
Dr. Wole Akpose is the Membership Development
Chair for Region 2 and a member of the IEEE
ITC&O and the Individual Benefit and Services
Committee. He is the founder of HNT Solutions, a
technology consulting company and a technology
manager and occasional faculty member at Morgan
State University.
Comments may be submitted to
todaysengineer@ieee.org.
|
