Share
The following primer will address the security and privacy settings both offered and seemingly excluded by Facebook. After reading, you should understand the basics for securing and controlling the privacy of your Facebook account, as well as a fundamental grasp of why proper privacy management on Facebook is important.
A guide to Facebook security and privacy. (IMG: J.Anderson)
Introduction:
Millions of people use Facebook, and as more and more people start to use the social networking portal, more and more criminals are using it as a valuable source of profit and information. Criminals are attracted to large groups, and social networking is a gold mine for infection vectors, if the criminal wants to spread Malware, or information gathering, if the criminal wants to buy and sell information.
Facebook has seen Malware attacks, which spread via malicious links or applications, Phishing scams, which again spread via applications and posted links, as well as common robbery, where people are tricked into sending money to someone pretending to be a friend. So how can you protect yourself on Facebook without limiting its usability?
Facebook has built-in privacy settings. These are designed to help you protect personal information and your account itself from crooks that are up to no good. However, the problem is that Facebook is still growing, and often new features come at the cost of security. Most Facebook users are aware of the basic privacy protections, but do not know how to manage the more advanced features.
Facebook has a decent help section, which explains many aspects to the privacy and security features. However, in some respects they are not overly detailed, which could be because they feel that overloading a user with too much information can be a bad thing, and if so, they would be correct. However, sometimes more information is better than partial information.
The overall reason proper privacy management is important is because of the information that is shared on Facebook. Personal details are written about without a second thought. Yet those same details, when pieced together bit by bit over time, can lead to an entire dossier on a person. Remember, if you post it online, it will stay there. So the note or update you wrote two or more years ago on Facebook, can be used down the line for something completely unexpected.
As an example, if someone wanted to impersonate you on Facebook, how hard would it be for them to gather enough information to guess a password? If they access your Facebook account by guessing the password, how many other sites are using that password?
Do you really want a stranger to know your top 25 movies, or random things about you? What kind of damage could be done if someone knows your full name, place of birth, current location, email address, family names, birthdates, schools attended, etc.? These are examples of information The Tech Herald recently collected simply by reading Notes posted by Facebook users, as discussed in a previous article.
The following pages will outline the various Facebook privacy settings, how they function, and both positive and negative aspects to them. If you want to skip around, the index below will help.
1: Basic Privacy Management2: Search Related Privacy Management3: News and Wall Privacy Management4: Application Privacy5: Miscellaneous Facebook Security and Privacy tips and tricks
Basic Privacy Management
When you are on the main page of your Facebook profile, you will see a settings option, which offers a dropdown menu for access to Account Settings, Privacy Settings, and Application Settings.
Clicking settings alone, will take you to the My Account menu and the Settings tab. More often than not, this is where users go to manage their privacy settings.
After that you will move to the privacy area, where you can select what privacy settings you want to control. In this section we will start with Profile.
The privacy options in the Profile section offer a decent level of control, but the actual options and the informative value of those options are lacking. For example, you can select the question mark next to the Profile setting and expect some explanation, but what you get is, “Use this control to decide who can see your profile information beyond the information available in search.”
There is no information on what it means to select Only Friends over Friends of Friends or My Networks and Friends. The help section on Facebook covers some of this, but not in any serious detail. The images below show the various options, including the available settings, and custom settings.
The image above, lists all the settings you can select for your profile. Everyone means literally that, anyone on Facebook can view your profile.
The My Networks and Friends option means that if you want your Facebook friends to view your profile they can. In addition, anyone in the same network as you will see your profile. A network can be a city, as it is in my case, as I belong to the Indianapolis network, a high school, or any professional or fan-based organization. Think carefully here, if you’re ok with everyone in a certain network having access to your profile, then this option will cause you no issues. If the idea that the entire network for Indianapolis, for example, can view your profile then you may want to avoid this option.
Friends of Friends, Facebook explains in their help section. However, to cover it here, it just means that your friends will see your profile, and their friends will too.
Lastly, you have the Only Friends option, meaning that only those you have added as a friend can see your profile.
The image below, is what you see if you select the customize option. As you can see, there is no real customization. You can select the same options as you can from the drop down. However, if you wanted to pick and chose the network access, you can select Some of My Networks, and exclude others.
It should be noted, that the customization option for the Profile setting is the only one in this section that will not allow you to pick certain people on Facebook to exclude form viewing information. The Basic Info, Personal Info, Status and Links, Photos and Videos Tagged of You, Friends, Wall Posts, Education Info, and Work Info each allow this option. Moreover, the options side from Customize will mean the same thing throughout the privacy setting choices on Facebook’s network.
While in the privacy options for your profile, a tab offers the ability to control contact information.
Some of the options are the same as before, Only Friends, Customize with the option to exclude, My Networks and Friends, and Friends of Friends. Missing is the option for Everyone, and in its place is No One, meaning the information entered will never be shown.
What options to select
When it comes to selecting the optimum settings for profile related privacy, everyone will be different. The trick is to know what information you have already posted to your profile, and how comfortable you are with people viewing it. You should never post personal and sensitive information to Facebook, and what information that you do post should always be considered before published. Does anyone really need to know your maiden name or the street you grew up on?
If you notice in the images, I selected the Only Friends option for all of my settings. The exception is My Networks and Friends for Website under contact information. I’ve also selected the checkbox that will permit only those added as a friend to post to my wall.
Now, none of these privacy settings will matter if you are in a race to collect the most friends. You should be cautious when adding friends at will, and the best bet is to add those who you know or knew at one time personally, and if a friend of theirs offers something that interests you (personality or information for example), consider adding them as well.
Search Related Privacy Management
Search privacy on Facebook is covered in the Facebook help section, but again, the assumption that every user will read that section isn’t a good one to make. Like the Profile privacy section, the options in the Search are basic, but missing some informative values, which would explain just what the user is doing here.
As you can see in the image above, I have allowed the option for Everyone to search for me through Facebook’s search options. I’ve also allowed a public search listing, meaning you can see me if you searched on Google for example.
You can select Everyone, meaning anyone registered on Facebook, My Networks and Friends of Friends, My Networks and Friends, Only Friends, or Customize, as options when setting Search privacy options.
The Customize option here, will not allow you to exclude anyone, so you will only get the custom options mentioned in the Profile privacy settings. My Networks and Friends of Friends is also a new option, and means that anyone in the same Network as you and the friends of those you have added as a friend will see you in search results.
The content checkboxes are important here, as they determine the level of privacy. I’ve selected the options to only allow my image, and an add as friend link to appear when I am listed in search results.
When it comes to what options to select, you should consider if you even want to appear in searches.
The default setting is for Everyone to find you in searches, this also includes the recommended feature, where you are recommended to people. If everyone is selected, then you will appear in searches and as a person who is likely recommended to others.
To stop this, change the setting to Only Friends, and make sure to uncheck everything under the Search Result Content heading. Friends will always be able to find you in search, as they should since you added them.
If you do not mind that you will appear in search results or recommended listings, then you can leave the visibility set to Everyone, and select profile picture and friend link as the two check boxes.
The public search listing is entirely optional, if you want to avoid being listed in the search engines, uncheck this option.
News and Wall Privacy Management
When it comes to the privacy of the information that is displayed on the news feeds and wall of your Facebook account, the News feed and Wall privacy settings are simple to follow.
Here you will pick what types of random information is displayed on your news feed and wall. Depending on who has access to see this information, determined by the profile privacy settings, you can granularly limit the information listed. You can see an example of the recent activity information in the image below.
The options you select here are entirely up to you. Removing any of the options means that the activity referenced is simply withheld from your news feed. Moreover, they will not appear on the highlights area of your friends’ profile.
Application Privacy
On Facebook, there are thousands of applications to use. Some are quizzes, some give gifts, some are games and sadly, some are completely malicious. When you or a friend uses an application, you will grant it access to almost everything on your profile. Adding to this, the developers of applications on Facebook have no privacy policy enforcement to keep them inline. All that is required is that they follow Facebook’s Terms of Service and Acceptable Use Policy.
The sheer amount of data collected by an application on Facebook was shocking when it was first demonstrated to us here at The Tech Herald, thanks to a demo from the ACLU. If an application developer wanted, they can harvest everything on your profile, and even if you have all the privacy options selected.
According to the ACLU, "Even if you have your profile information and content set to 'private', quizzes can see almost everything that you share with your friends on Facebook. This includes your politics and religion, embarassing photos, comments you leave on your friends' Wall, etc.
Addressing the pricacy aspect in detail, the ACLU added, “Although Facebook’s Terms of Service require that applications limit the collection and use of information, enforcing terms like these is really difficult.”
“That means that random developers who choose to ignore the Terms of Service could potentially sweep up vast amount of personal information about you and your friends... This is a major privacy hole, and Facebook needs to take stronger steps to address this problem than just writing a sentence in a rarely-read document.”
Take the quiz and see for yourself when you have a moment.
http://apps.facebook.com/aclunc_privacy_quiz/
The image below shows exactly what information is shared by default. In the list, you see Basic Info, which is “…your birthday, sex, hometown, political views, and when you last updated your profile,” according to Facebook.
All of this information about your profile is sent through the Facebook API, which application developers use to interact with your Facebook account. Aside from deselecting each of them on their own, if you are using any of the default applications that were included when you registered your account, you cannot opt out of this information sharing.
For further privacy, you have the ability to block access to Facebook Connect and Beacon Websites, which are other means of using the Facebook API, and in some cases will report on what you are doing outside of Facebook and post this information to your profile.
Since all of the checked options are available to any application developer, you should uncheck any option that you are uncomfortable with. Even if it means all of them. In the end the choice is yours.
In addition, you should be skeptical about random applications overall. Some are known and highly legit applications, such as any one of the popular games played on Facebook.
However, these applications can have flaws, as demonstrated during the Month of Facebook Bugs, where one researcher has posted vulnerabilities in several applications. Some of these flaws can lead to malicious actions against your system, such as Malware infections, or they can lead to information disclosure, where your personal details are just handed over without your knowledge.
Miscellaneous Facebook Security and Privacy tips and tricks
When you use Facebook, in addition to the privacy settings mentioned in this primer, there are some other things to consider.
As you access Facebook.com from home, a coffee shop, or the office, use https instead of http when entering the URL. This will add an extra layer or protection, and since the SSL certificate is an EV (Extended Validation) one, you will know you are on Facebook.com by the fact that the address bar in the browser will change colors.
When clicking on links that are reported to belong to Facebook, never go by looks alone. Always ensure that the URL is www.facebook.com and not something that looks like Facebook.com.cn. The entire Facebook platform will only run from facebook.com and never from a sub-domain or within another domains directory, such as random-malicious-domain.com/Facebook.
Under the Settings menu we discussed earlier, check the Applications Settings regularly and clean out those you’re not using. You can remove them by clicking the ‘X’ next to the application name. There is a dropdown with the option to view Granted Additional Permissions; this is the view you would want to use to clean out old applications.
When posting photos or notes, check the permissions levels and ensure that they are aligned with your profile privacy settings. This means if your profile is set to Only Friends, setting a photo of yourself or a note to Everyone, will allow those who are not friends to view them.
Change your Facebook password often, and never use a password that is close to or an exact match of a password used for financial transactions online (PayPal, banking, Google checkout, etc.), nor should the password be the same as any email account.
When it comes to the secret question, pick a phrase that no one would know, something that cannot be guessed, and use it as the answer. In short, lie and say that the name of your first pet was “river rats in a showboat on the Mississippi” as an example.
Under the Privacy settings menu, you have the option to block users on Facebook. This is a handy way to deal with stalkers, harassment, and Spammers. This is in addition to actually reporting the person to Facebook at abuse@facebook.com.
Interested in a more interactive TTH? Join our Facebook Group Want regular updates from The Tech Herald? Follow us on Twitter
Advertising
Comment on this Story