What Does Facebook Know? Privacy and security tips for social media

With Mark Zuckerberg testifying before the United States Congress about the Facebook-Cambridge Analytica data breach, you may be wondering how safe your personal information is on social media. Tens of millions of Facebook users had their data harvested and used to help Donald J. Trump’s presidential campaign. Were you among them? To find out, log into your Facebook account and under “help,” enter “Cambridge Analytica” in the search field. Or click here.

If you want to know what Facebook knows about you, check out People are downloading their Facebook data and are horrified by what they’re finding. This will direct you to a Facebook personal data request. And, if you’re more technologically inclined, you can sort that data using open source code posted on GitHub here. 

It is, perhaps, surprising so many people are surprised that social media networks collect so much information from their users. The first step to protecting your privacy on social media is to assume you have none. Here are some other useful tips.

1. Create strong passwords and don’t re-use them

You have probably seen this tip more often than you care to, but before you roll your eyes, keep in mind that  Zuckerberg himself allegedly used the extremely weak password “dadada” on his Twitter, Instagram and LinkedIn accounts. And he was also a victim of the Cambridge Analytica breach.

What is a strong password? A mixture of upper and lower case letters, numbers and symbols, the longer the better. A different one for each account. And don’t store it on your computer. One hacker revealed he accessed a company’s social media accounts by searching an employee’s email.

While your IT team may force you to change your passwords monthly or even every three months, recent studies indicate that doing so may make it easier to hack into employee accounts as users become lazy. “Porsche1” becomes “Porsche2, Porsche3 etc.” As long as you choose a solid password to begin with, changing it every six months to a year should be safe.

2. Recognize scams

• Beware of phishing schemes and fake web site links. Hover over a link to check the actual URL before clicking.
• Beware fake accounts. Don’t accept requests from anyone you do not know personally.
• If you become aware of a scam, block the scammer and report them.
• Do not respond to those fun surveys that come through your social media newsfeed. Who cares which Harry Potter character is your dating twin?
• Do not respond to public posts that ask you to name your first pet, your first grade teacher, your favourite car etc. These are also typical security questions for everything from social media to banking.

Not sure if a web site or download is safe? Consider installing a free app like McAfee Web Advisor or Norton Safe Web to scan it for you first.

3. Review your privacy settings

These change continually, so keep an eye on your current settings. Just this week, LinkedIn changed its privacy settings to give users greater control over their data. These changes were intended to reflect a new European data protection law known as the General Data Protection Regulation (GDPR), which goes into effect later in May.

For starters,

• Don’t share your real birth date
• Choose the most restrictive settings: eg limit who can see your posts or search for you online.
• Opt out of sharing your information with third parties
• Don’t connect to other apps or web sites using your social media account
• Don’t allow apps to access your data

4. Share less 

• Turn off geotagging on photos
• Don’t “check in” or otherwise share your current location
• Fill in as little information as possible on your public profile
• Don’t include your personal email address or other identifying information
• Post fewer photos. Any image you post belongs to Facebook.

5. Beware human error

The most common way to hack into an account is to trick the owner into sharing information. And the easiest way for a hacker to find out your passwords is to ask you. If you receive a message or email which appears to be from someone you trust asking for your password, don’t respond right away. First confirm it isn’t fake and then use an alternative method to reply. Did your friend message you through your social media platform? Email his personal account. Did your sister email you? Text her back.

Sources:

Zuckerberg faces more Cambridge Analytica questions from Congress. Matthew Rosenberg and Gabriel J. X. Dance. New York Times, April 8, 2018.

Zuckerberg faces harder questions in second round of testimony. Ian Sherr, Abrar Al-Heeti, Erin Carson. CNet Magazine, April 11, 2018.

5 privacy & security risks of social media & how to prevent those. Souvik Banerjee. RS Web Solutions, January 12, 2018.

5 tips for social media security and privacy. Norton (Symantec).

Privacy Tip #133 My Students Teach Me. Lynn Foster Freedman. Data Privacy and Security Insider, April 5, 2018.

Note: This blog discusses general safety and security topics. It is not intended to provide comprehensive advice or guidance. In all matters of personal safety and security, We encourage readers to research topics in depth and consult a security professional about specific concerns..

‍