Archive for May, 2010

Why Worry About Facebook Security?

Why Worry About Facebook Security?

As the number of Facebook users reaches nearly 375 million, personal security threats are becoming an increasing concern.  Social media and networking sites such as Facebook seem to be tweaking and updating applications faster than the average user can discern. And although many of the policies themselves have not been changed, the language and wording around them has been altered. Furthermore, enterprises such as Facebook are notorious for releasing information that is ambiguous, poorly worded and confusing. Users have much to be weary of.  With settings and controls that often lead the user on a multi-page search, Facebook’s cyber forum has become a “user beware” security challenge.

Remember these tips to remain secure in Facebook:

  • Be proactive about your security settings.
  • Set custom settings to each individual category/item.
  • Be diligent and go beyond the standard posted guidelines.
  • Group and edit your friends list.
  • Always save your changes.
  • Always opt out… many Facebook categories are set at a default and you must opt out in order to secure these particular settings.
  • Your Friends’ privacy settings will always default to the most restrictive friend list they have been placed in.

We have broken down Facebook privacy and security settings into four sections:

  1. What your Facebook applications share about you (Securing your applications)
  2. What your friends share about you
  3. Safeguarding your personal info
  4. What search engines share about you

Before we jump into these four topics, let’s take a quick primer on the Facebook security paradigm.

Security Paradigm

Your Facebook profile is made up of several components, each of which can be individually set to one of four privacy settings. These settings allow you to place varying levels of restrictions on who can see the information contained in your profile. Before we discuss the individual components of your profile, let’s take a minute to explain how each of the four privacy settings affect the security of your personal information.

Privacy setting pulldown

  • Everyone – Information can potentially be seen by any member of Facebook, even if they’re not in your friends list (this is the least secure setting).
  • Friends of Friends – Information can be seen by any Facebook who is not your friend, but with whom you share a mutual friend.
  • Friends – Information can only be seen by your own Facebook friends.
  • Customize – Information can only be seen by Facebook friends that you specifically allow. You can also use the Customize setting to restrict your information so that it can only be seen by you (this is the most secure setting).

1. What Your Facebook Applications Share About You

Most of Facebook’s built-in applications (Events, Gifts, Groups, Links, Notes, Photos, Video) have a default privacy setting of Everyone, meaning that any member of Facebook can see the information that the application shares about you. For instance, if your Events privacy setting is Everyone, then any member of Facebook is able to see that you’ve accepted an invitation to a Tea Party rally. Of course, you may not want anyone to know that you have extremist political views, so it’s important to learn how to put restrictions on the information that you share, and by whom it can be seen.

Changing the Privacy Settings of Your Facebook Applications
  1. Open the Account menu in the top right corner of your Facebook page and click  Application Settings.
  2. Click the Edit Settings link to the right of an application.
  3. Use the Privacy menu to select a level of privacy.
  4. To completely hide any information that the application can share, select Customize from the Privacy menu, and then select only me from the Make Visible to These People menu.
  5. Click the Save Setting button to confirm the change.

Additionally, you may wish to prevent the application from automatically posting information to your wall (e.g. “John Smith is attending a rally for the Tea Party”). To do this, click the ‘Additional Permissions’ link in the Edit Settings pop-up, and then un-check the box next to ‘Publish content to my wall’.

Publish to wall

 
Customize what Friends Can Share About You with Their Applications

Even though you’ve made changes to the privacy settings of your own applications, your friends can still share certain information about you through their own applications. To allow or disallow the sharing of certain information, follow these steps:

  1. Using the ‘account’ menu in the top-right corner, select Privacy Settings.
  2. Click the link to Applications and Websites on the Privacy Settings page.
  3. Click the Edit Settings button next to ‘What your friends can share about you’.
  4. Un-check any boxes next to information that you don’t want your friends to be able to share about you.

Friends can share about you 

Customize the Information That Can Be Seen on Application Dashboards

Certain third-party applications have centralized dashboards that allow other users of that application to see information about their friends. For example, popular games like Farmville will publish information about current status and scores, as well as recent activity.  Any of your friends who also use the application can see your recent activity from within the application. This might not sound like such a bad thing; heck, they’re only games, right?  But you might not want your friends to know that you were actually spending three hours playing Mafia Wars when you were supposedly “too busy” to help them move that day.  Here’s how to make sure that your application and game activity stays private:

  1. Using the ‘account’ menu in the top-right corner, select Privacy Settings.
  2. Click the link to Applications and Websites on the Privacy Settings page.
  3. Select the level of privacy you want with the menu next to ‘Activity on Applications and Games Dashboards’.
  4. To completely hide any information that the application dashboard can share, click the Customize option in the pull-down menu.
  5. From the ‘Custom Privacy’ menu, select only me from the ‘Make Visible to These People’ menu, and click the Save Setting button.

 

2. What Can Your Friends Share About You?

Tagging

On Facebook, anyone is allowed to tag his or her friends in their photos. Tagging associates your photos with your confirmed Facebook friends. Likewise, your friends are allowed to tag you in their photos. When someone has tagged you in one of their photos, the image will be displayed in your photo section.

While this sounds like a convenient way to share photos of you and your friends, it can have unforeseen negative consequences. For example, a long-lost college friend from your days at Gamma Delta Epsilon befriends you on Facebook. He proceeds to upload old photographs from all night parties that you would rather forget. If your friend tags you in his photos anyone allowed to view your Facebook page will be treated to some of your more embarrassing moments. This includes would be employers, your parents, or your children. You’ll have plenty of explaining to do after your significant other gets a glimpse of your wild side.
How do you mitigate such a disaster?

1. Untag yourself

Locate the offending picture in your Facebook photos section and click it. Under the photo click the remove tag link shown here:

remove_tag1

Not only will you be removed from the photo, the individual who tagged you will be unable to re-tag you in the image.

Unfortunately, you must do this for each tagged photo. Clearly there is a scalability problem here. If you have hundreds of photos that need untagging, you will definitely have your work cut out for you. This brings us to solution number two.

2. Change Your Photo and Video Privacy Settings

To prevent someone from seeing all photos or videos you have been tagged in, navigate to “Privacy Settings > Profile Information” and select the proper security level corresponding to ‘Photos and Videos of Me’.

photos_and_videos_of_me1

For example, if you simply want to keep your mother from seeing a photo, type her name in the dialog box under “Hide this from”:

custom_privacy_hide_from1

While others will still be able to enjoy images of you playing beer pong, your mother will be kept in ignorant bliss about where all her hard earned tuition money went.

Or if you simply want to block everyone from seeing photos you have been tagged in, simply select “Only Me” under “Make this visible to”:

custom_privacy_only_me1

Now you are completely safe from any user, be they friend, friend of friend, etc… from taking a gander the tagged photos of you.

Posting Graffiti On Your Wall

Your Facebook wall is where you and your friends can post thoughts, well wishes, and other pithy comments. Such a feature is just asking to be abused. You wouldn’t want a disgruntled friend to post an inappropriate remark on your wall, would you? This problem is easy enough to fix – simply uncheck the box Friends can post on my Wall under Privacy Settings > Profile Information.

allow_friends_to_post_on_wall1

This may seem a little drastic – now none of your friends will be allowed to leave or view messages. It might be better to surgically remove individuals from viewing posts made by others on your wall. Facebook allows you to do just that. Under Privacy Settings > Profile Information, you can control who can read Wall posts by your friends. Simply select those individuals, such as your family members or coworkers, whom you want to keep from reading your wall posts others leave for you.

posts_by_friends1

If worse comes to worse you can always hide all the posts on your wall, including your own, completely. Simply set the security setting to“Only Me on both ‘Posts by Friends’ and ‘Posts by Me’.

posts_by_me1

Instant Personalization

Facebook recently added a new feature called Instant Personalization. Third party web sites are allowed to view your public Facebook information when you visit those sites using your Facebook credentials. It’s simple enough to opt out of this program, simply edit the settings of “Instant Personalization Pilot Program” under Privacy Settings > Applications and Websites.

instant_personalization_1

You will be taken to a page that explains the instant personalization pilot program.  Checking the displayed box will opt you out of the program.

instant_personalization_2

Unfortunately our job isn’t finished. Websites participating in the instant personalization program will not be able to see your data directly when you visit their sites. However, if one of your friends visits these sites this feature can access that person’s friends list mining it for public information.

One solution would be to get as many of your friends as possible to opt out of this program. It’s a lofty goal and one that you’re likely not to reach. Alternatively, you can navigate to the Facebook pages of the participating sites and click the Block Application link underneath the profile picture.

block_application

Currently there are three third-party sites participating in the Instant Personalization program; Yelp, Docs.com, and Pandora.

 

3. Safeguarding Your Personal Information

Contact Information

As the social media phenomenon continues to expand, Facebook is quickly becoming a platform for any and all means of communication, from personal connections to business networking and everything in between. This ever expanding realm of social media is bridging the gap between friends, family, and colleagues, and evolving to suit the demands of a generation without borders. Facebook’s innovative design is transcending boundaries and bringing people closer together. It is an indispensible service .  However, most users don’t initially consider the ramifications of posting personal contact information such as email, birth date, or home town, and will often readily provide this information without a second thought; information that, in the wrong hands, could pose a significant threat to personal security.

To make your Contact information Private:

  1. Go to ‘Personal Profile’
  2. Click on Privacy Settings
  3. Click the Contact Information button
  4. Click Edit and set custom privacy settings for each item in your profile
  5. Click Save Changes
Privacy Settings – Personal Profile Information Essentials

These settings are listed under Personal Information and Posts on the Privacy Settings page. They are among the most basic and most important personal Profile informational settings.

  • About me
  • Personal Information
  • Birthday
  • Religious and Political Views
  • Family and Relationship
  • Education and Work
  • Photos (and Albums)
  • Postings (by you, friends, comments)

Again, set custom privacy settings for each category and click save changes. One must also note that Facebook considers certain criteria as Publicly Available Information (PAI) that will available to anyone that visits your Facebook page.  This information is defined as your:

  • Full Name
  • Profile Pictures
  • Networks
  • Current City
  • Gender
  • Pages you are a “fan” of
  • Friends  List

Some of these settings may be altered to some extent, such as the Friends List, but there is no way to completely opt out of disclosing any of this information.  Understanding your Friends List is an essential component to ensuring your privacy on Facebook, as your friends may easily share and pass along your information without your knowledge or consent.  The only way to prevent information sharing is to ‘group’ your friends accordingly. There are no limits or restrictions as to how you may differentiate your friends, just remember that you must manually set individual privacy tags to each.  This is a very important point to remember as the activity of your friends and contacts may have a significant impact upon who comes in contact with your personal information.

To set/separate your Friends List:

  • Go to Find Friends
  • Click the Friends button under Lists
  • Set individual tags to each contact

 

4. What Search Engines Can Share About You

Facebook’s default settings allow search engines to dig through and index your public Facebook information.  In addition to engines such as Bing and Google, user’s can also make use of Facebook’s built in search feature to hunt for information.

Facebook search results control what information is available about you when you are searched in Facebook. Your gender, current city, networks, friend list, and pages are considered public information and are always available for viewing. To restrict access to the rest of your pages, you can change this setting from the default setting (everyone) to Friends of Friends or Only Friends.

facebook_search2

Public search Results control what information from Facebook is available using internet search engines such as Bing, Yahoo, or Google.  This is set to ‘Allow’ by default and creates a Facebook page that shows your Name, Picture and Friends when your name is searched. Your Gender, Current City, Networks, Friend List, and Pages can also be displayed.

search_results_fixed

If you uncheck Allow you will receive a confirmation message, click Confirm. Search engines will be barred from indexing your personal data.

Blocking

In some unfortunate instances, you may want to block any and all information from specific individuals.  Blocking allows you to control who can contact you and post to your pages in Facebook.

block_people

Simply type their name in the “Person” dialog box click Block. Facebook will display all people listed with the specified name. Click Block next to the name(s) you wish to block.

Alternatively, you may block a user via their emails address.  Merely enter their name in the Email dialog box and click Block. This must an exact match and does not require you to select from a list.

Names of all people you have blocked will now appear on this page. To unblock just click remove.

Conclusion

Despite our best efforts, it is nearly impossible to eliminate all of the threats to personal security when using a social media giant such as Facebook. As updates are added, policies and rules are changed, and the network continues to grow and flourish, the best we can do is arm ourselves with knowledge, and get as familiar as we can with the tools and features that are the backbone of the structure.  Stay on top of your lists and settings and be aware the activity of your friends and contacts. Secure your personal information and be aware of any changes or updates. Always proceed with caution and never give out any sensitive information at will. Our safety and security is our own responsibility and should always be a priority.

Leave a Comment