Everyone knows what Facebook is and that it is built on the concept of connecting people together to create virtual communities. What people often don't realize is how much data these sites have about you.
A good example was exposed by Huffington Post in an article entitled "Facebook Can Predict With Scary Accuracy If Your Relationship Will Last".
If you doubt the power of data mining, read this Forbes article entitled "How Target Figured Out A Teen Girl Was Pregnant Before Her Father Did"
The security aspects of Facebook
Social Networking sites (like Facebook) thrive when user bases grow and user bases grow when there are strong repeated interactions among its members. These sites are sneaky and try to collect a treasure trove of data from you (directly or indirectly) without the user realizing it. As a user, you need to make a conscious decision about what you tell them and what you share on the site.
- Understand that you are not anonymous
- Understand that anything you post cannot be truly deleted and may be shared and reshared without your knowledge or consent
- Some organizations have privileged access to Facebook information which may come back to haunt you in the future (employment, travel, etc)
Regardless of how rosy you believe the world is, there are unfortunately a handful of bad people that use these sites to collect information about you with the intent to trick, deceive or do other bad things.
Predators could pretend to be someone else and use these sites to build cyber relationships to encourage you to meet them in person (could be dangerous). A bad actor could use information found on these sites to perform social engineering on you or to someone you know. Someone could user information about your location, hobbies, likes and dislikes to befriend people in your network and then use these relationships to coerce you.
What does Facebook know
Facebook knows more about you than you realize and remember that it doesn't expose everything. A small glimpse of what it knows can be seen in your personal ad preferences (click here).
Expand the sections and see some of the information Facebook has about you and actively uses to target ads.
Facebook self defense
Regardless of how many dangers these sites present, they are a fantastic way to stay in touch with friends and loved ones. It is this characteristic that keeps people coming back. So what can you do to protect yourself? It's time to develop Facebook-Foo:
- It's public - Regardless of the restrictions you place on your post, assume it is public. A friend can take a snapshot and repost it on Reddit. Even on snapchat, I could use a second device to take a picture of the screen and post the content without you knowing. Remember that anything you post can be public and you'll be much better off.
- Don't make it personal - Limit personal information as much as possible. Think before you post. Looking at your feed, people shouldn't be able to determine patterns (which coffee shop you visit every morning) or personal information (picture of your kids daycare). Remember that you want to protect your information from "friends" and also the social network itself. Every smartphone picture you post contains GPS location data. This data may not be shared by the site but is definitely used by the site to build a more complete profile about you.
- Stranger Danger - We tell kids to be weary of strangers but we neglect this good information when working online. Remember that anything can be fake online. In social engineering, we commonly copy the profile information of people and use it to make connections to targets. We steal information from LinkedIn, Facebook and any other sources to improve the chance you will connect with us.
- Check your settings - I recommend you periodically check your Facebook profile settings and the permissions you have granted apps to connect to your facebook profile. Most connected apps are fine but a nefarious one may use this authorization to steal your info and use it against you. I wrote an article in 2012 about a service that helps check your site permissions. The service may have changed but it is a good idea to perform this check every quarter.
- Be a skeptic - I see dozens of spammy fake posts every day on Facebook shared by friends. People share content without looking into the validity of the articles so be weary. An ounce of prevention is worth a pound of cure. Use fact checking sites like Snopes to validate claims before posting or sharing content.
- Use strong passwords - I recommend you use strong unique passwords for every site you register on. I wrote this 2013 article about how to use WolframAlpha to generate strong passwords and I still use this technique today. Generate strong unique passwords and keep it in a password manager like OnePassword or LastPass (which is almost free now).
- Keep your computer safe - For most users, I have started recommending the use of a Google Chromebook as their internet browsing device (or a smartphone or tablet). These devices are much more resilient to attacks and provide protection even if the user is less than diligent. IF you use a traditional computer (PC or Mac), make sure you keep your software updated, use a good antivirus and never run unknown third party software.If you receive a file and want to double check it before running it, use a site like VirusTotal to give yourself some peace of mind.
- Keep children safe - Talk to children about the dangers of social sites early and help them navigate this maze. They need to understand that anything they post will be with them for the rest of their lives. The internet does not have a delete key.