Keep Social Media Sort of Private-ish - Take Control of Your Online Privacy (1.1) (2014)

Take Control of Your Online Privacy (1.1) (2014)

Keep Social Media Sort of Private-ish

At the risk of stating the obvious, social implies interaction with other people, which is somewhat at odds with privacy. On the Internet, it’s best to think of “social” as synonymous with “public” (even though that’s not necessarily true), because once you’ve shared something online—in any of a hundred senses of sharing—whoever you’ve shared it with can, in turn, share it with someone else.

As a result, the very best advice I can give you about privacy when it comes to social media is not to expect any, regardless of your privacy settings. You may imagine that the things you post or tweet are just between you and your friends (or “friends,” as the case may be), but that’s optimistic at best. Instead, assume anything you put online using social media—including chats and private messages on Facebook, direct messages on Twitter, and profile details such as your name, location, and date of birth—could be discovered by anyone in the world, and could be online forever. If you’re unwilling to make any of that information public, don’t share it in the first place.

However, there are still better and worse approaches to social media, and you should know how to protect yourself to the extent possible.

Understand the Privacy Risks of Social Media

Wait, didn’t we just cover that? Yes, any data you put online using any social network can potentially become public. I know you know that.

What I’d like to emphasize here is how that could be a problem for you.

As I mentioned early in this book, everyone from Local Villains to Big Data can easily find you on social media. You might be astonished how much private data could be culled from years of Facebook updates, tweets, LinkedIn updates, Instagram pictures, Yelp reviews, blog posts, and a long list of other social media activities.

It’s easy to discover not only basic facts about you and your family but also where you’ve been, who you hang out with, which causes you support, what your political and religious beliefs might be, and, perhaps most important of all, what sort of person you are. Even if no individual statement tells the story, the combined data from all these sites and services can do something akin to browser fingerprinting (see On a Web Server)—it can paint a vivid and precise picture of you. So…

· If you’re trying to get a job, a prospective employer may use social media to determine whether you’re likely to be trustworthy, polite, punctual, and loyal—and to see how you’ve behaved in other jobs.

· If you’re applying to a college or university, admissions officers may use online profiles to judge your seriousness and confirm any personal details you’ve submitted.

· If you’re dating, someone thinking about starting a relationship with you could also learn a lot about your tastes, biases, character, and history with previous partners.

· If you’re ever suspected of a crime, the police or prosecutor could scour social media for evidence of bad behavior—or a defense attorney could try to demonstrate a pattern of selflessness.

· If you ever run for political office…well, I hope you’re a saint, because anything you’ve ever said online can and will be used against you.

And those sorts of concerns merely involve the historical record. Day-to-day social media posts can also cause privacy problems:

· You mention on Twitter that you’re going on vacation (or just going to a concert), and burglars break into your house.

· You post geotagged pictures on Flickr that show your location and the time you took them—today, just after you called in sick to work.

· Your Facebook relationship status says “It’s complicated,” but your romantic interest didn’t think so.

I could go on, but you get the idea. The stakes when it comes to social media are much higher than you may imagine. Your social media history can win you—or cost you—a job, love, or even your freedom.

Check Your Privacy Settings

Every social media site and service has a privacy policy (see What about Privacy Policies?). You should read it, if only to be aware of how much data you’re inevitably giving away.

Beyond that, examine each account’s privacy settings. Some services offer very little privacy control—for example, your only real options for Twitter are to protect your tweets (meaning you must personally approve each follower, and those followers can’t retweet you—not a terribly engaging way to use the service, if you ask me) and to hide your physical location. Facebook has changed its privacy settings repeatedly. It currently offers more control (Figure 16), letting you limit who can see various categories of information (for example, everyone, only friends, or friends of friends)—but even limiting sharing to your friends is no guarantee that one of those friends won’t share it, or that a programming error or misbehaving app might not reveal it.

**Figure 16:** Facebook’s privacy settings are less detailed than many would prefer, but they’re better than nothing.

Figure 16: Facebook’s privacy settings are less detailed than many would prefer, but they’re better than nothing.

In other words, do pay attention to the settings and configure them as best you can, but don’t count on them. They aren’t foolproof.

Here are direct links to access the privacy settings for a few of the most popular social networks:

· Facebook

· Twitter

· Google+

· LinkedIn

· MySpace

Use Other Social Media Precautions

Apart from the obvious advice not to post anything on social networks that you’d mind being public, allow me to offer a few privacy tips:

· Limit your friend lists. Most people assume the more Facebook friends you have, the better. But if your list includes people you know only a little or not at all, you can’t think of them as friends—you can’t trust them to take care of your private data. Everyone has their own rules, but I wouldn’t want anyone to be a Facebook friend who I wouldn’t invite into my home for coffee.

The situation is different with Facebook pages, Google+ circles, Twitter followers, and other one-way relationships. You may think of these as being more private because you’re not required to friend or follow the other person, but that doesn’t stop them from reading everything you post about yourself. If you can’t control who sees your photos, videos, or updates, censor yourself accordingly.

· Don’t assume “private” messages really are. You can send messages on Facebook that function much like email messages, or have a live chat. You can send direct messages to another user on Twitter that don’t appear in your public timeline. And many other social networking sites also offer seemingly direct, seemingly private modes of communication with other members. But these messages aren’t sacrosanct. Site administrators may be able to read them, and can almost certainly provide them to anyone who showed up with a court order. And there have been cases where, due to a programming error or other security breach, the contents of such discussions leaked out.

· Don’t assume “secret” services really are. A whole category of services has recently sprung up that lets you share thoughts and feelings with other people anonymously with mobile apps such as Secret and Whisper. Unfortunately, as the Wall Street Journal’s Geoffrey A. Fowler pointed out in Psst, Secrets You Share Online Aren’t Always Safe, such apps can store and transmit enough information about you to give away your identity (and are subject to hacking and bugs, just like everything else).

· Limit apps. On Facebook and other sites that let you install apps, just say no. Although each app is different, some of them can read everything you write and spread your data around in ways you might dislike.

· Use HTTPS. On sites that support it (including all those listed above), use HTTPS to log in to prevent eavesdropping (see Browse Securely).

· Use good passwords. As I said in Protect Passwords and Credit Card Info, be sure to use passwords that can’t be guessed by human or machine. Long (think 14+ characters), random passwords are usually best way to go. And, if a site offers two-factor (or two-step) authentication, enable it (see the sidebar About Two-Factor Authentication, just ahead). That will greatly reduce the chance of your account being hacked. Be sure to keep those excellent passwords safe—don’t share them, and log out of your user account before letting someone else use your computer.

· Think carefully about pseudonyms. You may use an alias rather than your real name on Twitter, Tumblr, or other sites. Although pseudonyms like this can protect your privacy, they’re not impenetrable—so again, don’t stake anything critical on them. Furthermore, sometimes pseudonymity can work against you, as I describe in the sidebar When Privacy Hurts, ahead.

About Two-Factor Authentication

Two-factor authentication, sometimes known as two-step authentication, is when a site or service needs more than your username and password—it also needs another factor, which could be a physical token, a fingerprint scan, or any of numerous other options. One common implementation is to require a numeric code sent as a text message to your mobile phone or generated using a mobile app such as Google Authenticator.

Two-factor authentication is less convenient than using a password alone, but it drastically reduces the chances of an account being hacked, because the attacker would need both your password and your mobile device (or other factor).

When Privacy Hurts

For the most part, I assume more privacy is better than less. But there are counterexamples—situations in which you’ll be safer or happier with less privacy. For instance:

· If you try to get a reservation with Airbnb, the host may want evidence that you’re someone reasonable enough to invite into their home. Profiles with your real name and information about your real college, job, friends, and background could put someone at ease, while a fake profile (or none at all) could put them off.

· The same employers, insurers, lenders, and other institutions that could ding you for negative information in social media could reward you for positive information.

· New friends might feel more comfortable letting you into their lives if they can find out more about the real you online.

· If the police want to know where you were on the night of the 16th, you might be able to point them to exculpatory photos or tweets—but you better be able to prove they’re really yours!

I can’t make any blanket statements about what you should or shouldn’t keep private; I can only say, as I said before: privacy cuts both ways.