Social Networking
Maintaining privacy on social networks is much like hanging all your dirty laundry on a highway billboard—and then asking only your friends to look. While it’s possible to avoid sharing your life’s story with the entire world, it takes a lot of effort and is often contrary to the goals of the services you use. Remember: these services are free because they’re selling access to you.
Your private profile
The risk: Since the entire goal of social networking is to help you connect and communicate with other people, the privacy settings on most social networks default to Wide Open. They often stay that way, because many users don’t know how to adjust them.
How to protect yourself: The ease of customizing privacy settings varies by service. Twitter has just one option: On your Settings page, you can select your Tweet Privacy to protect your tweets (meaning that only people you approve can see them). At the other end of the spectrum are services like LinkedIn, which scatters its privacy settings across nine separate screens, and Facebook, whose supposedly simplified privacy settings span menus up to four layers deep.
No matter which service you use, it’s incumbent on you to find out where these settings live (Google is your friend in that regard). Once you find them, the most important settings to look for are:
- Who can read your profile;
- Who can see your posts and activities;
- What information is shared with external sites and businesses;
- Which applications can access your data;
- What information your friends can share about you;
- Who can see your pictures and/or location;
- Which sites integrate with your social network (for example, Facebook’s Like feature).
Most services allow you to control tiered privacy levels: one for friends (or immediate contacts); friends of friends (or second-degree contacts); third-parties; or everyone in the world.
On Facebook, you should also be sure to limit what your friends can share about you (under the hard-to-find Account > Privacy Settings > Apps and Websites > Info Accessible Through Your Friends), as that can potentially override other settings. Additionally, you should always keep an eye out for changes in the service’s privacy policies and adjust your settings accordingly.
Finally, consider what you put in your profile in the first place. There’s no rule that you have to provide all the information for which there’s a field. If you don’t want everyone to know how old you are, don’t fill in that birthday field. It’s possible to provide virtually no private information yet still use the service.
Public profile
The risk: Most services show the world a public profile, one that’s different from the one your network can see. But that public profile can still include some pretty private information.
How to protect yourself: Review your profile and see what information is public. Check your settings, then log out and look at your profile. Have a friend check from his or her account.
External applications
The risk: With your approval, most social networks allow access from external applications, third-party games, and third-party sites such as Twitter. Some of these apps require complete access to your account, including ongoing access to all of your activities, perhaps even your friends’ information.
How to protect yourself: Depending on the service and application, you may be able to control what such applications can access. Do you really need to give that snowball app access to all your photos and posts?
Your friends and you
The risk: You and your friends can be the biggest threat to your privacy. You may accidentally reveal too much about yourself by tweeting, posting, or updating without considering the consequences.
How to protect yourself: The first rule of social networking: Assume that everything you post is public and accessible to anyone forever. These networks are great for sharing and connecting, not so great for private communication. So think before you post. Leave the Twitter alone when you’re skipping work for a happy hour that the boss wasn’t invited to.
[Rich Mogull has worked in the security world for 17 years. He writes for TidBits and works as a security analyst through Securosis.com.]