06.10    

home |
About |
Contact Us |
Editorial Info |

IEEE-USA |
   feature   


06.10

Protecting Your Personal Information on Facebook

By Dr. Wole Akpose

Social Networking is the new fad of the twenty-first century, and Facebook has become the face of social networking, globally, with more than 400 million users. Last year, however, the company received a great deal of flack for unilaterally making changes to users' privacy settings, which exposed users' "private" information which had previously been hidden. Recent upgrades to users' privacy settings allow for more opt-outs and control over who can see what, but there have also been security flaws in the platform itself which have been exploited to  expose user information.

These screen captures from a Facebook account show some of the steps necessary to update your Facebook information.


Facebook Account Setting Form: Start here to make changes to your personal information

Facebook Personal Settings Page: Set name, email and "privacy" controls here

Facebook Privacy Setting main page

Facebook Privacy : Control level of access for information sharing

Those flaws have been fixed, but the fact remains that sites like Facebook profit by using your personal information to sell ad space to advertisers. Any reasonable expectation of privacy (in the traditional sense), must be tempered by that reality.  At a tech conference in January, Facebook's 25-year-old CEO Mark Zuckerberg declared that people aren't all that concerned with privacy any more. This seems to be prevalent yet fundamental assumption among popular sites like Facebook, Google and Twitter, who seem willing to push the envelope to see how much money can be squeezed out of your personal information. Of course, as long as you are willing to share that information on their sites in exchange for a free platform to network and play, you may be giving tacit (even explicit) approval to use your information as they see fit — and lending credence to their assumption that conventional social norms are changing.

Beyond the information which is supposedly "locked off," even a casual look at most Facebook profiles can yield a wide array of information — a treasure trove for all sorts of people, including identity thieves. Following are some tips for minimizing the chances that would-be identity thieves or other nefarious parties can harvest your personal information from Facebook for use in ways that you never intended.

  • Your Birthday - Many people use birthdays as passwords or pin numbers for various purposes: e-mail accounts, bank accounts, debit card pin, network access, home security code, and many others. But this information is shared online in your Facebook profile, accessible to the entire universe. The immediate danger could be data trolls trolling for information that could later be assembled and used in identity scams and theft. More likely, threats will come from people you know or who know you and just could piece together enough information from your Facebook page, including birthdays, to compromise your security and identity.

    My advice is to never use birthdays (yours, your relatives) for passwords, pin numbers or as a security mechanism. It is always a bad idea. Other institutions often use your birthday as a security identifier (e.g., your bank,  school, your insurance company, pharmacists, doctors office etc), so it is a bad idea to share that information with the entire universe on your Facebook page. If you must, show only the month and date (make the identity thieves do some work). But best yet, hide this information and share it only with your friends (skip the year part every time — those who must know, already know it).

  • Anniversaries - Like birth dates, many people use anniversaries as security identifiers for some systems, at least, but forget this when they choose to share it on Facebook. Again, my advice is to not use an anniversary as an identifier or security mechanism for any system (not even those quaint bank/online systems where your anniversary is suggested as a security question). And skip it on your Facebook page — it is visible to  a world of 6.5 billion people.

  • Family - It's kind of nice that social networking sites ask you for a gobble of information about yourself, allowing you to identify your siblings, parents and other family members. Great! But all that data could come back to haunt you in the hands of an identity thief, a stalker or anyone trying to piece information about you together — without your consent. With enough background information, a social engineering scam is easier to perpetrate as the scammers can more easily fool others that they indeed are you. The more they know, the more convincing they can be — thereby jeopardizing any wall of security you may assume you have built in the real world. Facebook privacy controls are not granular enough to limit who can see your family information — which should really be limited to people you have pre-screened to see it or people you can trust. When Facebook was first developed, it was for a bunch of college kids at a single school (Harvard). It soon grew to accommodate other college kids across the country. In those early stages, you could assume some level of trust. Not any more. Facebook is now a global site, kind of a global mall. How much of your personal business would you like to share in a mall? Well think of that when you advertise your family relationships on Facebook or any other social networking site.

  • Relationships - Facebook has become a de facto dating site, as it allows users to disclose their relationship status, meet, chat, play group games, plan meetups, etc., all at no extra cost. But it also exposes users to stalkers and those who may want to do them harm. And unfortunately, when you share too much information, you expose yourself more than in normal everyday interactions — and to people you may never have met otherwise.  So, think twice before announcing online every time you fall in love, sleep with someone, break up, and so on. And more importantly, watch how you discuss these relationships, and what crumbs of information you leave behind. You never know who is reading your profile online — again, there are potentially 6.5 billion eyes (no, 13 billion eyes) out there.

  • Friends - Yes, connecting with friends is what Facebook is really about and what it has almost become synonymous with. You friend and unfriend people on Facebook. Well, watch your friending practice. You may be friending strategically for business or related reasons, making it important to watch what you do and what information you share; or you could friend for real, as in the way you make friends in real life. In either case, try to ascertain that you indeed have a good reason to be making these friends. Sure politicians and celebrity have a good reason to have a million fan friends. That is what they do for a living and they often have protective services to keep away unwanted overtures; and they usually hire professionals to either write for them or vet what they are saying. (Yes, I know some politicians act like kids online, but they still have professional protective services.) When you go online and make friends with every Tom, Dick, and Nancy out there, you are exposing yourself, your well being, your privacy, and sometimes your loved ones to risks you may not clearly understand. So, avoid becoming friends with everyone on the globe. Be a discerning friender online.

  • Pictures  -  They say a picture is worth a thousand words. And that is why you need to watch what your online pictures are saying about you, your friends and acquaintances, and your family and loved ones. Again, remember that Facebook is a accessible to everyone — it is not your local fan club or church.

    Facebook is really not the place to make a fool of yourself or display embarrassing images of yourself. If you are not proud of a picture when you are sober, do not post it online. Many Gen Y-ers are learning this lesson the hard way as they discover that, yes, recruiters have Facebook profiles, too. Also, consider a scenario where a smart criminal picks your picture, your name, your work place, job title, your location and forges your work ID. Tada! Now you see what identity theft looks like. Ok, sure, identity thieves have many other online locations to mine data on you, but why make their job easier by collecting all that information for them on your Facebook profile? And then allow some third-party application access to your profile? Now a robot can do all the work and the criminals can just sit back and wait for the harvests. Ok, the idea is not that you stop sharing your pictures (and I become the party pooper). No, the idea is that you be careful who you share your pictures with and what pictures you post online in the first place. And since Facebook does not provide you with a granular enough mechanism to manage who can see your photos, always post with caution.

  • Walls - Yes, the fabulous Facebook Wall is where you leave comments and others post comments about or for you. Well, not all those comments are flattering and not all are discrete, either. Imagine how much you can learn about someone just by reading the content of their Facebook Wall. Yes, you can determine a great deal about a person by visiting their wall. But it was never meant to be that way — at least that was not what people bargained for when they opened up their Facebook page. But that is the reality of using Facebook — unless you choose to be discrete about what information is available on or to your Facebook Wall.

    You can determine who posts to your Facebook Wall, delete messages from your Facebook Wall, moderate messages on your Facebook Wall or simply avoid using that feature of Facebook altogether. But Facebook wouldn't be Facebook without the Wall — so deleting is your best bet. And remember that mood message (what's on your mind)? It can quickly boomerang on you if you are a real tell-all. It is not always a great idea to tell the entire universe what's on your mind. Most people will not share their innermost thoughts at their most vulnerable moments with a room full of people. But in the "privacy" of their mobile phone or computer, they divulge all. So, after telling the universe about your most recent tryst, take some time to delete it as soon as possible.

  • Messages and Chats - Many of the recent flaps over Facebook have stemmed from the inadvertent exposure of "private" chat sessions, which resulted from a security flaw in the privacy settings (it has since been "fixed"). It would be prudent to operate under the assumption that nothing on Facebook is private, that if you keep a record on Facebook, it may be accessible to individuals to whom you have not expressly granted permission. Yes, you may want to "message" often or occasionally on Facebook, but deleting those messages after you are done with the conversation (both sent and received versions of the message) will help minimize your footprint. Of course, as long as any party to the conversation retains a version of the conversation, the conversation remains intact on Facebook — and possibly open to future exposure. So, never post or send messages on Facebook you would like to keep truly private. Your chat session may also fall into the wrong hands.

    So, why bother to delete anything, you ask? Because if it is not active on Facebook, it is only a matter of time before it ages out of even the largest internet cache and you only need to worry about Facebook backups.

  • Other Applications - Facebook's success lies in the myriad of Facebook Apps people can "install" and permit access to their profile. The problem is what happens to all that data? Information on your Wall, chat sessions, and information you share within those applications could end up on third-party servers without your knowledge or express consent. And now you can truly forget about privacy. So to protect yourself, pay attention to the privacy disclosure offered by third-party applications, and use all third-party applications with care. Sure, Facebook started out as a free service, but it is now a money making venture. Your information is valuable to Company X, and they feel no shame in selling it to the highest bidder — including pictures, comments and/or messages.

  • Clean Up After yourself - So, what can you do to ameliorate some of the aforementioned concerns? First, follow this simple rule of thumb that applies to Facebook and other online sites where you maintain a public profile: clean up after yourself.  Sure, the internet and all its various applications and sites is a great place to learn, discover, play and do much more. But it is also a great collector of data about the things you do, and also a great aggregator of all that vast information collected about you. And guess what, the aggregated data is analyzed and parsed for all sorts of patterns to develop complex profiles about you — maybe stuff you don't know about yourself that the Big Brother is  monitoring. The best way to protect yourself is to clean up after yourself. Watch what little breadcrumbs you leave behind. Delete information you no longer need. Avoid posting data you never have to post in the first place, and be civil with your chats and comments. Stop pretending that Facebook is a private chat room (it isn't) or that your Facebook profile is only available to your friends  (no 13 billion eyes, remember?). Of course, deleting information from your Facebook page — including from your Wall, from third-party applications, from your message box and from your profile (including pictures after they have served their purpose) — does not guarantee that the information will not later come back to haunt you, but it does give you a fighting chance.

    Facebook, and other sites store your data and index them to your profile. They also have a backup policy that often ends up keeping the most current data about each index (of course there are tiers of backups and sometimes data is moved off into alternative storage for analysis and other needs). This practice ensures that if your delete data, that fact ultimately gets propagated, and in time, most of the data you deleted ultimately gets deleted from backup servers. The half life of the deleted data is a function of the data retention practice (not just policy) of the organization. Google used to have a data retention practice of forever. Today, they have pared that down to 18 months, and even promised to let you delete whatever you do not need. However, if you are a pack rat who believes that you must keep all conversations, all Wall postings, all pictures and every comment ever made of you or by you on your Facebook page — well, then, don't say I didn't warn you!

Facebook has come a long way from its heady days as a mere schoolyard online village square. But, not unlike the Internet itself, it suffered from a flawed beginning, and a even more flawed assumption about who has a right to privacy and who doesn't. Ultimately, it is your responsibility to understand the privacy policies of sites you frequent, and to take the steps necessary to protect your privacy online.

And for those who are considering ditching Facebook, don't forget to first delete all the content of your profile before you deactivate your account. If you do not delete the content, and merely change your privacy settings to "allow none," all that deactivating will have been in vain.  Facebook accounts are forever — but the data you delete may be gone at some point. So before you deactivate Facebook, remember to delete, delete, delete.

Back

 


Opinions expressed in this article are the author's and do not necessarily reflect those of IEEE or IEEE-USA.

Dr. Wole Akpose is the Membership Development Chair for Region 2 and a member of the IEEE ITC&O and the Individual Benefit and Services Committee. He is the founder of HNT Solutions, a technology consulting company and a technology manager and occasional faculty member at Morgan State University.

Comments may be submitted to todaysengineer@ieee.org.


Copyright © 2010 IEEE

 search archive

 

reader feedback
  search by date
also in this issue
Why Copyright Still Matters to Today's Tech Pros
Cogent Communicator: Communicating When We’re Annoyed
Disney Imagineers Help Revitalize Student Professional Awareness Activities
S&T Policy Briefs: Highlights from July & August
Your Engineering Heritage: The Long Road to Consumer Virtual Reality, Part II
World Bytes: World War I: 100 Years Later
Tech News Digest: August 2014