How to Save Face: 6 Tips for Safer Facebooking

1. Know what you’re getting into
Facebook is a business. It exists to take your online activity and turn it into revenue. Facebook will always be free. But there is a cost. You’re paying by being exposed to advertising and allowing limited disclosure of your online activity.

How limited? You could sit down for a while and read Facebook’s Privacy Policy. But you’ll probably need a few hours and some black coffee.

So here’s a short version: basically everything you post, every person you friend, every group you join will be made public to your “friends”, “friends of your friends” or “everyone”—depending on your privacy settings.

To you this may be simple. You assume that everything you’ve posted could be available to the whole world. Others are still learning. People have lost their jobs as a result of things they’ve posted on Facebook. And when this happens, the newly unemployed person will usually claim that s/he thought that the post was private.

So joining a social network is a leap of faith. On a social network, not only do you have to trust the site to follow its privacy policy, but you also have to trust your friends. Will they reveal your secrets? Will they pass on bad information and scams to you?

And, more importantly, you have to trust yourself to share the right things.

On Facebook, you are exposing your private life in ways you may not even realize. 79% of companies review an applicant’s online information (which is completely illegal in Finland but acceptable in most of the world). Your financial future could depend on how well your profile and your photos and friends list represent you. So think before you post—always.

2. Secure your PC
What does 500,000,000 people on one website look like? To cybercriminals, it looks like a gigantic, unsecured goldmine.

Online gangs and scammers are working twenty-four hours a day to exploit the trust we have for our online friends. Updated Internet security is a must before you use Facebook or any social site. In addition, you have to make certain that your PC is updated with the most recent application system software, which can be time-consuming. F-Secure’s free Health Check makes that easy.

3. Use a unique, strong password
‘Password’ is not a good password. Neither is ‘123456’ or your pet’s name or your name any information that is available publicly on your Facebook profile.

Creating a strong, complex password that you can remember is the key to keeping strangers out of your account. Here’s a simple password system we recommend. You should also use different passwords for your all of your various accounts, especially your email accounts, to keep one hack from becoming a total nightmare.

For extra protection, never let browser remember your password, and lock your PC when you step away from it—especially if you’re living with young children and/or parents and/or anyone, really.

4. Filter your friends
Facebook works overtime to connect you with as many people possible. When you first join, the site combs through your email account to suggest as many people as possible. Then as you use the site it will suggest more email contacts. Email someone new and Facebook will suggest that you become friends.

Run out of contacts, you’ll see friends of friends, brands you might like, your ex.

It’s a strange social dynamic. When see the person’s picture, it feels like this person wants to be your friend. But who knows? All you can be sure of is that Facebook wants you to be friends.

So ask yourself this: Does everyone you email need to be your Facebook friend?

Some people have found that their best friends in the real world make lousy Facebook friends. There are a lot of people who can find you who may not like reconnecting with. According to a recent survey, 70% of Facebook users avoided becoming friends with their bosses.

Maybe you want to limit Facebook to your friends and family and leave professional connections to Twitter and LinkedIn. There’s no perfect formula, but it’s important to have some filter, some limit on what you share with whom. How do you say no when someone you don’t want to offend makes a friend request? Facebook makes this easy. You can just ‘ignore’ the request. That’s a nice way to frame it!

Want to stop Facebook from combing through your email contacts? You can remove your contacts by clicking here. But if you’re using a Facebook app on your phone, first you’ll have to disable the Facebook synchronization feature on your phone.

Want to stop Facebook from suggesting you as a friend to others? Go to “Privacy Settings” click on “Settings” for “Basic Directory Information”.  When you get there, set “Search for me on Facebook” to “Friends Only”.

Always remember this: If anyone solicits you directly about money, assume it’s a scam. Ignore and defriend that profile immediately. An easy way to defriend someone is to go to their profile and scroll down the left column until you find “Remove from Friends”.

5. Click carefully
The biggest dangers on Facebook are the links that appear on your wall. With one bad click, you could end up on a site that attempts to serve you malware or scam you using phishing tactics. One, bad ‘like’ and you could end up spamming all of your friends. That’s why you have to remember that links are not your friends.

The most popular Facebook scams involve gift cards and hilarious videos and diet advice. So far most attacks on the site have been more annoying than harmful. But without vigilance, you can be sure that vicious scams and malware are heading your way.

The best antidote to bad links is Internet security with browsing protection. You can double-check any link before you click it by copying it (right-click on it in Windows) and pasting it into F-Secure’s free Browsing Protection.

Prevention is your best cure. Realize the more sensational or strange or generic a link is, the more likely it is to be malicious. Again, links are not your friends. Apply the same caution you’ve learned to use when you’re checking email to checking Facebook. And just because your friend or family linked something, doesn’t mean you have to click on it.

6. Don’t rely on Facebook to protect your privacy
The whole point of Facebook is to “connect and share with the people in your life.” But there’s a point, for nearly everyone, where all the connecting and sharing can be too much—especially as your information becomes increasingly available to people who aren’t necessarily “in your life.”

So whenever you use Facebook, you have to ask yourself two things: Who do I want to see what I’m doing? And how would I feel if the whole world saw this?

There’s no technical tool to stop your friends from sharing your information. But Facebook does offer you the tools to control who sees your activity. That’s why you need to get to know your privacy settings.

Start at “Account”> “Privacy Settings”. Then click on “Settings” for “Basic Directory Information” . This is where you decide who can find you and what they’ll see when they do.

You get to decide.  How easy do you want to make it to find you on Facebook? Which is more important to you: privacy or connection.

If you’re more interested in connection, select “Everyone” for the top three settings “Search for me on Facebook”, “Send me a friend request” and “Send me a message”. Then consider making all the other settings “Friends Only”. This will encourage people to become your friend, and it gives you more power over your information.

Next you can click back to “Privacy Settings” and set how you share on Facebook.

You can go with the preset options or customize each category individually.

Your safest bet is “Friends Only.” You may want to want to open your activity to “Friends of Friends”; however, there is certain information that you should not make available to “Everyone”. This includes your birthday, your email address and IM, your phone number and address, political and religious beliefs and your family and relationships.

Why? All of this information may be public somewhere else, like a phone book, but you’re simply making too much identifiable information public in one easily accessible place. There may not be enough there for true identity theft, but you are giving a stranger enough information to pose as you online convincingly, which could be a problem if some potential employer or date is checking out your online presence.

You may also want to uncheck the box that says “Let friends of people tagged in my photos and posts see them.” This way you won’t unintentionally draw attention to an image one of your friends may not want others to see.

If you’re very interested in your privacy, you should continue and edit your Application and Website Settings.

Here you should do two things. 1) Remove any applications you aren’t using.  2) Click on “Turn off all platform applications”. Then you can select which applications you don’t ever want to show up on your wall ever again. That’s right. You can say goodbye to FarmVille forever, if you want to.

You can also turn off all platform applications, which will keep your friends from automatically sharing your information with the applications they’re using. Not a bad idea.

Next you can click on “Game and application activity”. Click “Customize” and select “Only Me” to keep all of your Game and application activity to yourself, which is a good idea if you’re friends with people (read: co-workers) who may judge how you spend your time.

After that, take a look at “Info accessible through your friends”.  Here you’ll see all the information that is available to the applications your friends decide to use. That’s right, your friends share all this information automatically with the applications they use.

Once you see that screen, you may want to go back to “Turn off all platform applications”. Why not turn it off until you have a good reason to turn it on?

Now we’re at “Instant Personalization”, which is controversial because Facebook opted all of its users into it. Of course, it warned everyone through an update to its Privacy Policy, but you probably didn’t take the time or coffee needed to figure that out.

So what does Instant Personalization do? It shares your information with three Facebook partner sites: Docs, Yelp and Pandora. Could more partners be added? Yes. Could you just opt out of one or two? Yes. Just click on Docs, Yelp or Pandora and then click on “Block Application.”

Again, unless you know you want to share information with these sites, it’s a good idea to opt out for now.

If you made it this far, you will be rewarded. We are now at, perhaps, the most important Facebook privacy setting: “Public Search”.

You probably heard how recently the information of over 100 million Facebook users was made available for download. All of that information was public before a security researcher took it and turned it into one downloadable file. Those 100 million Facebook users probably had enabled public search.

This is where get to decide if the whole world can find your Facebook profile and information. With one click, your profile could become the top result of a Google search for your name. If you want to avoid disclosure of your information to the world, you may want to start by limiting who can search for you. I recommend that you do not click the box to “Enable public search”.

So those are the tools Facebook gives you to protect your information. They’re complex, and that’s probably on purpose. Facebook is not shy about encouraging it’s users to share and share and share. That’s why you have to remember that Facebook (and your friends) can’t share anything you don’t post to the site.

So be careful not to post anything that can be used against you. This includes travel plans and itineraries,  complaints about bosses, co-workers and customers, company secrets, threats… Has anyone actually had a home robbed after posting plans on Facebook? Yes, indeed.

There are a million things you shouldn’t post. And you are the only person who can decide what you SHOULD share with Facebook and the world. So choose wisely.

Bonus tip: Use Facebook’s one true security feature
Facebook’s one true security feature is simple but powerful. Facebook will inform you anytime any new device accesses your account. That means if some PC or smartphone you’ve never used before logs into your account, Facebook will email you.

To turn this feature on, go to “Account Settings”. Then select “Account Security”.

Just click “Yes ” and then “Submit”.

Now, what do you do if you find out that someone beside you accessed your account? Change your password immediately. On the “Account Settings” page find “Password” and click “change”.

OK. That’s all I know about making Facebook safer a place for you and your friends. For ongoing tips you can follow F-Secure on Facebook. Do you have any tips to add?

More posts from this topic

FB archive

Your digital memories – will they vanish or persist?

If you like sailing and tall ships, I can recommend this podcast about Pam Bitterman’s book Sailing to the far horizon. It’s a great story about the last years of the community-operated ship Sofia, covering both a lot of happy sailing and the ship’s sad end in the early eighties. But this is not about hippies on a ship, it’s about how we record and remember our lives. In the podcast Pam tells us how the book was made possible by her parents saving her letters home. Perhaps they had a hunch that this story will be written down one day. Going on to state that e-mails and phone calls wouldn’t have been saved that way. That’s a very interesting point that should make us think. At least it made me think about what we will remember about our lives in, say, twenty years? We collect more info about what we are doing than ever before. We shoot digital pictures all the time and post status updates on Facebook. We are telling the world where we are, what we are doing and what we feel. Maybe in a way that is shallower than letters home, but we sample our lives at a very granular rate. The real question is however how persistent this data is? If we later realize we have experienced something unique enough to write a book about, have our digital life left enough traces to support us? Pam wrote the book about Sofia some twenty years later. A twenty year old paper is still young, but that’s an eternity in the digital world. Will you still be on the same social media service? Do you still have the same account or have you lost it. Does the service even exist? And what about your e-mails, have you saved them? How are your digital photos archived? You may even have cleaned up yourself to fit everything into a cheaper cloud account. Here’s something to keep in mind about retaining your digital life. Realize the value of your personal records. You may fail to see the value in single Facebook posts, but they may still form a valuable wholeness. If you save it you can choose to use it or not in the future. If you lose it you have no choice. Make sure you don’t lose access to your mail, social media and cloud storage accounts. That would force you to start fresh, which usually means data loss. Always register a secondary mail address in the services. That will help you recover if you forget the password. Use a password manager to avoid losing the password in the first place. Redundancy is your friend. Do not store important data in a single location. The ideal strategy is to store your files both on a local computer and in a cloud account. It provides redundancy and also stores data in several geographically separated locations. This is easy with younited because you can set it to automatically back up selected folders. Mail accounts have limited capacity and you can’t keep stuff forever. Don’t delete your correspondence. Check your mail client instead for a function that archives your mail to local storage. Check your social media service for a way to download a copy of your stuff. In Facebook you can currently find this function under Settings / General. It’s good to do this regularly, and you should at least do it if you plan to close your account and go elsewhere. Migrate your data when switching to a new computer or another cloud service. It might be tricky and take some time, but it is worth it. Do not see it as a great opportunity to start fresh and get rid of "old junk". If you are somewhat serious about digital photography, you should get familiar with DAM. That means Digital Asset Management. This book is a good start. Pam did not have a book in mind when she crossed the Pacific. But she was lucky and her parents helped her retain the memories. You will not be that lucky. Don’t expect your friends on Facebook to archive posts for you, you have to do it yourself. You may not think you’ll ever need the stuff, just like Pam couldn’t see the book coming when onboard Sofia. But you never know what plans the future has for you. When you least expect it, you might find yourself in a developing adventure. Make yourself a favor and don’t lose any digital memories. Safe surfing, Micke  

Oct 13, 2014
BY Micke
WP_20141003_09_44_53_Raw

On Ello you’re not a product, you’re a feature.

Most of us have some kind of relationship with Facebook. We either love it, hate it or ignore it. Some of us are hooked. Some have found new opportunities, and many have got themselves into a mess on Facebook. Some are worry-free and totally open while others are deeply concerned about privacy. But we probably all agree that Facebook has changed our lives or at least impacted our ways to communicate. Facebook has showed that social media is an important tool for both business and private affairs. Facebook was in the right place at the right time to become the de-facto standard for social media. But the success of Facebook is also what makes it scary. Imagine the power you have if you know everything about everyone in the civilized world. And on top of that with quite loose legislation about what you can do with that data. Ok, everything and everyone are exaggerations, but not too far from the truth. Others have tried to challenge Facebook, but no one has succeeded so far. One reason is that social media automatically is monopolizing. The most important selection criteria is where your friends are, and that drives everyone into one common service. The fact that even Google failed with Google+, despite their huge resources and a ready user base from services like Gmail, just underlines how solid Facebook’s position is. Ello is the latest challenger and they certainly have an interesting approach. Ello tries to hit Facebook straight in its weakest point and provide a service that respect user integrity. They may lack the resources of Google, but they can be credible in this area. The choice between Facebook and Google is like a rock and a hard place for the privacy minded, but Ello is different. Their manifesto says it all. Will Ello survive and will they be the David that finally defeats Goliath? Ello is in a very early phase and they certainly have a very long way to go. But remember that their success depends on you too. You may not be a product on Ello, but you are certainly a feature. The main feature, actually. The team can only provide a framework for our social interactions. But people to be social with is absolutely crucial for any social network. So Ello’s raise or fall is mostly in our hands now. They need enough pioneers to make it a vibrant society. The development team can make the service fail, but they can only create potential for success. Ello needs you to materialize that potential. So what’s my honest opinion about Ello? The fact that the service is based on privacy and integrity is good. We need a social media service like this. But there are also many open questions and dark clouds on Ello’s sky. People have complained about its usability. And yes, usability is quite weird in many ways. It’s also very obvious that Ello is too premature to be a tool for non-technical users. Now in October 2014, I would personally only invite people who are used to beta software. But both usability and the technical quality can be fixed, it just takes more work from the team. A bigger question mark is however the future business model of Ello. On Facebook you’re a product and that’s what pays for the “free” service. But how is Ello going to strike a balance between privacy and funding the operation? This is one of the big challenges. Another is if the privacy-promise really is enough? Many of us are already privacy-aware, but the vast majority is still quite clueless. What Ello needs is either a big increase in privacy awareness or something clever that Facebook doesn’t provide and can’t copy quickly. It may seem futile for a small startup to challenge Facebook. But keep in mind that Facebook was small too once in the beginning. Facebook showed us that we need social media. Perhaps Ello can show us that we need social media with integrity. But anyway, you are among those who decide Ello’s future by either signing up or ignoring it.   Safe surfing, @Micke-fi on Ello   Picture: ello.co screen capture

Oct 3, 2014
BY Micke
bash

Shellshock only concerns server admins – WRONG

Yet another high-profile vulnerability in the headlines, Shellshock. This one could be a big issue. The crap could really hit the fan big time if someone creates a worm that infects servers, and that is possible. But the situation seems to be brighter for us ordinary users. The affected component is the Unix/Linux command shell Bash, which is only used by nerdy admins. It is present in Macs as well, but they seem to be unaffected. Linux-based Android does not use Bash and Windows is a totally different world. So we ordinary users can relax and forget about this one. We are not affected. Right? WRONG! Where is your cloud content stored? What kind of software is used to protect your login and password, credit card number, your mail correspondence, your social media updates and all other personal info you store in web-based systems? Exactly. A significant part of that may be on systems that are vulnerable to Shellshock, and that makes you vulnerable. The best protection against vulnerabilities on your own devices is to make sure the automatic update services are enabled and working. That is like outsourcing the worries to professionals, they will create and distribute fixes when vulnerabilities are found. But what about the servers? You have no way to affect how they are managed, and you don’t even know if the services you use are affected. Is there anything you can do? Yes, but only indirectly. This issue is an excellent reminder of some very basic security principles. We have repeated them over and over, but they deserve to be repeated once again now. You can’t control how your web service providers manage their servers, but you can choose which providers you trust. Prefer services that are managed professionally. Remember that you always can, and should, demand more from services you pay for. Never reuse your password on different services. This will not prevent intrusions, but it will limit the damage when someone breaks into the system. You may still be hurt by a Shellshock-based intrusion even if you do this, but the risk should be small and the damage limited. Anyway, you know you have done your part, and its bad luck if an incident hurts you despite that. Safe surfing, Micke   PS. The best way to evaluate a service provider’s security practices is to see how they deal with security incidents. It tells a lot about their attitude, which is crucial in all security work. An incident is bad, but a swift, accurate and open response is very good.   Addition on September 30th. Contrary to what's stated above, Mac computers seem to be affected and Apple has released a patch. It's of course important to keep your device patched, but this does not really affect the main point of this article. Your cloud content is valuable and part of that may be on vulnerable servers.  

Sep 26, 2014
BY Micke