Facebook Privacy and Security Issues
Many people have a Facebook presence. Unfortunately, it becomes a place where they share everything about their status, location, family photos and so on. There are privacy settings to ensure you do not announce your birthday and location, and share photos to the entire Facebook community, such as friends-of-friends or the public. That means that a friend of a friend can access your information. All you need is one "friend" of yours who is overly "promiscuous" in accepting Facebook friend requests (which may be from fake or scam accounts) and they now have a way of looking into the photos you intended for your immediate friends and family.
Do you really want pictures of your children on the internet, available for anyone to see? Or your trip to the Caribbean dressed in your bikini, or sipping an alcoholic beverage on a cruise looking a bit wasted? You have to ask yourself whether that is an image you want there forever. Facebook has not been transparent when it comes to photo-management after deletion. Only recently we found out they have kept your photos for years after you "deleted" them, so that anyone who had the original URL to the photo could still view it, even though it wasn't on your page anymore.
Facebook liability also relies on your "friends" privacy. If they are not careful they can share with you Facebook apps (some of which invade your privacy even more), or they may tag you in photos that they take (which you do not approve of them uploading), or they may wish you Happy Birthday by posting a big fat message to your Wall, after you tried so hard to not publicize it. Therefore, your entire privacy on Facebook is really only as good as it's weakest link which happens to be your other Facebook friends.
Security leaks have occurred on all of the popular social-media websites. LinkedIn had a hacker that was able to steal millions of usernames and passwords recently. Facebook apps are common that try to convince you to share access to all of your private information. Even "phishing" attacks try to convince you to sign in to Facebook or Twitter because somebody posted something "that you have to see if negative about you", in order to entice you to disclose your login/password information to a fake site. It all seems innocent at first. Why would anyone want access to your Facebook or Twitter account? However, often these are used to penetrate further into your online identify and breach more and more vital accounts, including email and banking. It can also be used to socially-engineer attacks on your friends... like "help please sent me money, I am stuck in the airport and lost my wallet".
Monetization and Increasing Privacy Invasion
As most of these start-ups become public for-profit companies, there is increasing pressure by shareholders to "monetize" or build a profitable business from the social-media content. Facebook, Twitter and others are using your information (which is the only asset they "own" and can generate revenue from) to share with 3rd parties in order to direct advertisements or other information to specific users, hoping they will see it and purchase their products. Industries are notorious for invading your privacy first, asking questions later. It often takes lobby groups and lawsuits to instigate "Codes of Conduct" to force ethical changes on Wall Street. When there are billions to be made from your information, there is no rule that won't be broken and then covered up.
Twitter and Photo Location
Facebook, Twitter and Instagram are some of the most popular smartphone apps available. Because smartphones contain GPS, many of these apps now allow you to "tag" an image with your GPS coordinate (geotagging). This is a useful feature in some cases, however it can be a disaster when using it for social media sites. Wikitude is a geolocation-centric "augmented reality" browser, displaying information based on it's proximity to your location, including Instagram and Twitter postings. With a simple browse in Wikitude, you can find all the Twitter users and Instagram users in your vicinity. Run into any residential neighbourhood and you will find countless teenagers using their smartphone to tweet profanities, messages to boyfriends, relationship issues, pictures of themselves "hanging out" or in the bathroom showing off a new outfit, and so on. This is all because they have location-settings of their smartphone apps set to ON, which embeds their location within their social information.
Recently, awareness of this feature became popularized by a website which scanned Twitter for messages with the word "home" and location data, to bring attention to the fact that people are unknowingly telling the entire world where they live. Many Instagram photos share their location and you can use services to display all photos within your neighbourhood. This is a major concern especially due to possible sexual predators, stalkers and other criminals who can use this type of social media to their advantage. An answer to this could come from a form of GPS "blurring" which would randomize or add a "fudge-factor" to all GPS coordinates from social-media sites. That way, if you are in a residential neighbourhood, your location cannot be pinpointed down to the nearest meter but instead within 100 meters which could overlap a dozen or more houses.
Tools for Thieves
Some people post Facebook updates when they are on vacation. They will even post photos. If they have location GPS set to on, their photos will be tagged and you will see they are presently in another part of the world enjoying their vacation. However, their older photos (which are also easily viewed within their account) may also have location data mapping to their home. Thieves could then see that a person is away on vacation and using this information, track back to their home and go on a rampage. Online phonebooks can be used to do searches for persons and return a specific address, so if the Facebook user is using their real name as a username (which is often the case) it becomes relatively easy to track them down, stake out their house for a few days while viewing their status online, and find the opportune moment to break in.
How to Protect Yourself
1. Turn location information OFF for all apps on your smartphone
2. Do not post photos of yourself, your children or friends
- Do post photos of inanimate objects, scenery, gardens, animals
- Do post links to things that may be interesting to you
3. Do not update your status to indicate you are away or on vacation
- If you do share this, share it after you get home
- Share photos of scenery and where you've been, but not with you in it
- If you share photos of you, make sure you are fully clothed
4. Do not tweet anything you wouldn't want your grandmother to hear
- Avoid profanities
- Avoid anything controversial
5. Keep it professional
- If you have hobbies or interests, post information on that
- Be sure it is nothing you could be embarrassed about
For example, my blog contains mostly high-tech related news. I am a hobbyist Blackberry developer and tech-tinkerer. I do garden a bit for fun as well, and have composed music. My entire social-media presence is geared towards:
1. Sharing my music
2. Technical/electronics hobbyist news
3. Gardening photos
I avoid as much as possible sharing photos that have identifiable faces or people. I have set my Facebook privacy settings to be as restrictive as possible. I have all of my location settings OFF. All of these hobbies are something I would gladly talk about to children or grandmothers. None are an embarrassment. In fact, I am proud of my hobbies. My professional life is distinctly separate but I have no problems if my clients and people I work for see my Facebook, Twitter postings, Youtube videos and listen to my music. If this information was printed in tomorrows newspaper, I wouldn't care and probably nobody else would either.
Rules to live by: Make sure your online presence can stand up to scrutiny if you decide to run for an election, and wouldn't mind sharing with people of all ages, races and political persuasions. If at all in doubt, don't even bother with social-media. It is a mine-field both personally and for business use which has to be carefully navigated.