Surfing the web no longer a solo activity. Facebook, Twitter, and other social networks have quickly become an integral part of the online culture, and with them comes an array of serious threats to your privacy. In this article, I’ll identify some of the key dangers of social networking and offer a few easy steps that you can take to stay safe online. Social networking is built on the idea of sharing information openly and fostering a sense of community. Unfortunately, an online network of individuals who actively share their experiences and seek connections with other like-minded people can be easy prey for hackers engaged in social engineering and phishing attacks. It’s important to be aware of the threats and to use discretion in all of your online interactions.
Take Care Before You Share Online
For starters, even in an open community of sharing, you should observe commonsense boundaries. As President Obama warned students in his September address to schools, “be careful what you post on Facebook. Whatever you do, it will be pulled up again later somewhere in your life.” The core truth of that statement can be applied to any social networking site, and possibly to the Internet as a whole. As a general rule, refrain from posting things online that you will regret later. The odds are good that someone, someday, will stumble across it, and it may come back to haunt you— especially if you are planning to run for public office. If you think that abstaining from posting embarrassing or inflammatory comments online ruins the fun, you’re playing a dangerous game. Remember who your friends are, and know that a friend of a friend can be an enemy.
Don’t Lose Sight of Who Your Friends Are
When you write a Twitter tweet or post a Facebook status update, you have to keep your audience in mind. More and more these days, we hear stories about people who forgot that their boss was part of their network and then said things online that resulted in their being reprimanded or even fired. The adverse consequences of posting inappropriate on line comments have become so commonplace—at least anecdotally—that they have earned an entry in the Urban Dictionary: Facebook fired. Even announcing something as seemingly innocuous as “I’m bored” in a status up – date during work hours can have dire consequences if the wrong people see it. With services like Twitter, and with the recent changes to Facebook that permit any interested party to view and search your updates, you really have no way to hide.
Recognize the Visibility of Your Posts
You’ve thought it through, and you want to shout to the world how you feel about having to work overtime and during a weekend that you had earmarked for recreational activities. You have checked and double checked, and you’ve determined that your boss is not in your network, so you let loose on the keyboard and speak your mind. Unfortunately, you’re not home free (figuratively speaking) just yet. Being outside of your network, your boss can’t see your post directly, but if a Facebook friend who is connected with your boss comments on your status update—even just to say “I sympathize”— your boss may be able to click on the link through the friend and see your post. Go ahead, be social. Share your trials and tribulations with your growing network of adoring followers. But for your own safety, keep one essential rule in mind: Never post anything online that you wouldn’t be comfortable having everyone you know see—because eventually they probably will see it.
Define the Parameters of Your Privacy
Marrying privacy and social networking may seem terribly unintuitive. How can you be social and open, and yet protect your privacy? Well, just because you are choosing to share some information with a select group of people does not necessarily mean that you want to share everything with everyone, or that you are indifferent about whether the information you share is visible to all. Facebook, in particular, has drawn unwanted attention in connection with various privacy concerns. If you have used Facebook for a while, you may have noticed advertisements that incorporate your friends’ names or photos associated with them. Facebook does provide privacy controls for you to customize the types of information available to thirdparty applications. If you look at the Facebook Ads tab of the privacy controls, though, you’ll notice that it doesn’t give you any way to opt out of the internal Facebook Ads. Instead, it states (alarmingly) that “Facebook strives to create relevant and interesting advertisements to you and your friends.”
Approach Tattletale Quizzes With Caution
For many users, one of the primary attractions of Facebook is the virtually endless selection of games and quizzes. And part of their allure is their social aspect. In the advergames, you compete against your friends; through the quizzes, you learn more about them while being briefl y entertained. The ACLU exposed problems with how much information these quizzes and games share, however. Typically, when a Facebook user initiates a game or quiz, a notice pops up to declare that interacting with the application requires opening access to information; the notice also provides the user the opportunity to opt out and cancel, or to allow the access to continue. The permission page clearly informs the user up front that allowing “access will let [the application]pull your profile information, photos, your friends’ info, and other content that it requires to work.” Under the circumstances, you may wonder (as the ACLU has) why a game or quiz application would “require” access to your friends’ information in order to work.
Facebook Policy Concerns in Canada
Facebook’s privacy policies have run afoul of the Canadian government, too. Canada’s Privacy Commissioner has determined that those policies and practices violate Canadian privacy regulations, and has recommended various changes Facebook should make to comply with them. One of the commissioner’s biggest concerns involves the permanence of accounts and account data. Facebook offers users a way to disable or deactivate an account, but it doesn’t seem to provide a method for completely deleting an account. Photos and status updates might be available long after a user has shut down a Facebook profile. And like the ACLU, the Canadian government is unhappy about the amount of user information that Facebook shares with thirdparty application providers.
Exercise the Privacy Controls You Have
Although the concerns of the ACLU and the Canadian government run a little deeper, Facebook does offer privacy controls for restricting or denying access to information. Since Facebook is a social networking site designed for sharing information, many of the settings are open by default. It is up to you to access the Privacy Settings and configure the options as you see fit. For each available setting, you can choose to share information with Everyone, with My Networks and Friends, with Friends of Friends, or with Only Friends; if you prefer, you can customize the settings to finetune access further.
Beware of Hijacking and Phishing Scams
By its very nature, social networking is all about socializing, which means that users are more than usually disposed to let their guard down and share information. They come to the network to expand their professional connections, reestablish contact with old friends, and communicate in real time with pals and peers. And for predatory bad guys, launching social-engineering and phishing attacks in this convivial environment is like shooting fish in a barrel. Most people know not to respond to e-mail requests from exiled Nigerian royalty promising millions of dollars in return for help smuggling the money out of the country. (Anyone who doesn’t know better probably shouldn’t be on the Internet; such people are a danger to themselves and to others.) But what if a good friend from high school whom you haven’t seen in 18 years sends you a message on Facebook explaining how her wallet was stolen and her car broke down, and asks you to wire money to help her get home? You might be less suspicious than you should be. Attackers have figured out that family and friends are easy prey for sob stories of this type. Using other attacks or methods, they gain access to a Facebook account and hijack it. They change the password so that the legitimate owner can’t get back in, and then they proceed to reach out to the friends of the hijacked account and attempt to extort money such a Facebook message or e-mail plea, pick up the phone and call the person directly to confirm its legitimacy.
Don’t Let a Tiny URL Fool You
Another threat that has emerged recently as a result of social networking is the tiny-URL attack. Some URLs are very long and don’t work well in e-mail or in blog posts, creating a need for URLshortening services. In particular, Twitter, with its 140-character limit, has made the use of URL shortening services such as Bit.ly a virtual necessity. Unfortunately, attackers can exploit a shortened URL to lure users into accessing malicious Web sites. Since the shortened URL consists of a random collection of characters that are unrelated to the actual URL, users cannot easily determine whether it is legitimate or phony. TweetDeck, a very popular application for sending messages in Twitter, provides a ‘Show preview information for short URLs’ option, which offers some protection.
The preview window supplies details about the shortened URL, including the actual long URL that the link leads to. If you aren’t using TweetDeck for Twitter, or if you need to deal with shortened URLs on other sites and services, maintain a healthy dose of skepticism about what might lie behind the obfuscated address that a message points to.