Are you ready for the new Facebook Timeline?
Since the winter of 2011, Facebook has been slowly rolling out its new profile look to the nearly one billion people who use the world’s largest social network.
Facebook has indicated every user will be forced to move over to the new profile look called Timeline. All Facebook brand pages now have the look but Facebook is still rolling it out to profiles. (To get it now, go here and click “Get it Now.”) Some will be annoyed by this change, of course. They’ll note that the old profiles worked and there are some unforeseen consequences that raise privacy issues. This inevitable when Facebook makes changes that affect so many people.
But the world’s largest network seemed to learn a valuable lesson from its vanquished competitors Friendster and MySpace: change happens. Unless they continually give users fresh new social experiences, their users will move on.
The Timeline is definitely new. Looking at the Timeline from a social media security and privacy perspective alone, I say that the new Timeline and the updated privacy settings Facebook put in place in late 2011 are both improvements.
The average Facebook user is “friends” with well over 100 people. Add that to the 100 pages more users like and you have an account that is out of hand. Sensing this, Facebook has made it easier than ever to unlike the people and pages you no longer wish to connect with.
The rollout of the Timeline gives you the perfect opportunity to take control of your Facebook and edit your account. (It also gives you a space to post a cool cover photo, which is completely optional.)
Here’s what you need to do now:
1. Decide if you want to hit the “reset button”.
The goal of Timeline is to make your life story available to as many people as you are willing to share it with. Facebook has reduced its privacy options to three levels.
They’ve eliminate “Friends of Friends”, which leaves some of your posts in a limbo. To make up for this, they’ve added what I call the “reset button”. You can with one click turn all of your past public and “Friends of Friends” posts into “Friends Only”. If you do this, you can reverse it. You’ll have to adjust each post or picture individually.
If you are a privacy minded person, hitting this button is a great idea and a great way to start your new Timeline. To do this:
a. Go to the arrow in the upper right corner and select “Privacy Settings”.
b. Next to “Limit the Audience for Past Posts” click “Manage Past Post Visibility”.
c.Then click “Limit Past Posts”.
2. Audit your Friends.
The best way to get a better news feed free of spam and distractions is to only people who share content you’re interested in.
Now that you have the Timeline, you can access your friends list easier than ever. Best of all: by simply scrolling over their images, you can unlike anyone quickly. Here’s how:
a. Go to your Timeline and click on your Friends navigation.
b. Put your mouse over any of your Friends’ names. This box will come up.
c. Put your mouse over the “Friends” box.
c. You can choose “Unfriend” or if you don’t want the person to have any idea you don’t want his or her updates, just click on “Show in News Feed”. This will automatically unsubscribe you from their updates. You can get pretty granular about which updates you want. This makes your Facebook life infinitely more complicated.
Facebook is simplest when you think of friending as an all or nothing thing. Either you want to stay in touch with someone or you don’t. If you don’t, unfriending is the best bet.
Go through your entire Friends list and get rid of anyone you don’t want to be in contact with. You can always go back and friend someone again if you make a mistake.
3. Audit your “Likes”
Unfortunately, Facebook does not make it so easy to stop following the pages you’ve liked.
Click on the Likes button. If the page happens to fit into the categories of music, books, movies or television, you can easily put your mouse over the page name, then the “Liked” button and choose unlike.
If you want to unlike any of the other pages you’ve liked, you have to scroll down the Likes page. There you’ll see the pages you’ve liked listed by the year you liked them. To unlike these pages, you have to open them in a new tab and click and the “Like” button there. Then click unlike. This process can take a long time.
Why did Facebook make it so easy to unlike friends and not pages? You probably would guess, as I have, that they’re doing businesses a service. The ads business buy on Facebook often use people who like a page to target their friends. Facebook is a business and this is a design that helps that business more than it helps you. Still, it’s worth taking a look at the pages you’ve liked to decide which you want to get rid of.
4. Audit your apps
Facebook’s new Timeline aims to make the music and media you consume part of your profile. For this reason, some apps—such as Spotify and Goodreads—have the ability to post directly on your Timeline.
Apps, like most software, come with terms and conditions most people skip over. Often, we have no idea how much access an app has to our private data. That’s why it’s always a good time to edit your apps to get rid of ANY that you are not using. Here’s how to do it.
a. In the upper right corner of your Facebook page, click on the arrow
b. Select “Privacy Settings”.
c. Scroll down to “Apps and Websites” and click on “Edit Settings”.
d. Under “Apps You Use” click on “Remove unwanted or spammy apps.”
e. Click the little blue x on the far right for any app you do not use.
The European Union is preparing a new data protection package. It is making headlines because there are plans to raise the age limit for digital consent from 13 to 16 years. This has sometimes been describes as the age limit for joining social media. To be precise, member states could choose their age limit within this range. Younger kids would need parental consent for creating an account in social media and similar networks. We can probably agree that minors’ use of the internet can be problematic. But is an age limit really the right way to go? It’s easy to think of potential problems when children and teenagers start using social media. The platforms are powerful communication tools, for good and bad. Cyberbullying. Grooming. Inappropriate content. Unwanted marketing. Getting addicted. Stealing time and attention from homework or other hobbies. And perhaps most important. Social media often becomes a sphere of freedom, a world totally insulated from the parents and their silly rules. In social media you can choose your contacts. There’s no function that enables parents to check what the kids are doing, unless they accept their parents as friends. And the parents are often on totally different services. Facebook is quickly becoming the boring place where mom and granny hangs out. Youngsters tend to be on Instagram, WhatsApp, Snapchat, Periscope or whatnot instead. But is restricting their access to social media the right thing to do? What do we achieve by requiring parental consent before they sign up? This would mean that parents, in theory, have a chance to prevent their children from being on social media. And that’s good, right? Well, this is a flawed logic in several ways. First, it’s easy to lie about your age. Social media in generic has very poor authentication mechanisms for people signing up. They are not verifying your true identity, and can’t verify your age either. Kids learn very quickly that signing up just requires some simple math. Subtract 16, or whatever, from the current year when asked for year of birth. The other problem is that parental consent requirements don’t give parents a real choice. Electronic communication is becoming a cornerstone in our way to interact with other people. It can’t be stressed enough how important it is for our children to learn the rules and skills of this new world. Preventing kids from participating in the community where all their friends are could isolate them, and potentially cause more harm than the dark side of social media. What we need isn’t age limits and parental consent. It’s better control of the content our children are dealing with and tools for parents to follow what they are doing. Social media is currently designed for adults and everyone have tools to protect their privacy. But the same tools become a problem when children join, as they also prevent parents from keeping an eye on their offspring. Parental consent becomes significant when the social media platforms start to recognize parent-child relationships. New accounts for children under a specified age could mandatorily be linked to an adult’s account. The adult would have some level of visibility into what the child is doing, but maybe not full visibility. Metadata, like whom the child is communicating with, would be a good start. Remember that children deserve s certain level of privacy too. Parents could of course still neglect their responsibilities, but they would at least have a tool if they want to keep an eye on how their kids are doing online. And then we still have the problem with the lack of age verification. All this is naturally in vain if the kids can sign up as adults. On top of that, children’s social media preferences are very volatile. They do not stay loyally on one service all the time. Having proper parent-child relationships in one service is not enough, it need to be the norm on all services. So we are still very far from a social media world that really takes parents’ and children’s needs into account. Just demanding parental consent when kids are signing up does not really do much good. It’s of course nice to see EU take some baby steps towards a safer net for our children. But this is unfortunately an area where baby steps isn’t enough. We need a couple of giant leaps as soon as possible. Safe surfing, Micke Image by skyseeker
We are all sad about what’s happened in Paris last Friday. It’s said that the terrorist attacks have changed the world. That is no doubt true, and one aspect of that is how social media becomes more important in situations like this. Facebook has deployed two functions that help people deal with this kind of crisis. The Safety Check feature collects info about people in the area of a disaster, and if they are safe or not. This feature was initially created for natural disasters. Facebook received criticism for using it in Paris but not for the Beirut bombings a day earlier. It turned out that their explanation is quite good. Beirut made them think if the feature should be used for terror attacks as well, and they were ready to change the policy when Paris happened. The other feature lets you use a temporary profile picture with some appropriate overlay, the tricolor in this case. This is a nice and easy way to show sympathy. And it became popular very quickly, at least among my friends. The downside is however that it seemed so popular that those without a tricolor were sticking out. Some people started asking them why they aren’t supporting the victims in Paris? The whole thing has lost part of its meaning when it goes that far. We can’t know anymore who genuinely supports France and who changed the picture because of the social pressure. I changed my picture too. And it was interesting to see how the feature was implemented. The Facebook app for iOS 9 launched a wizard that let me make a picture with the tricolor overlay. Either by snapping a new selfie or using one of my previous profile pictures. I guess the latter is what most people want to do. But Facebook’s wizard requires permissions to use the camera and refuses to start until the user has given that permission. Even if you just want to modify an existing picture. Even more spooky. The wizard also asked for permission to use the microphone when I first run it. That is, needless to say, totally unnecessary when creating a profile picture. And Facebook has been accused of misusing audio data. It’s doubtful if they really do, but the only sure thing is that they don’t if you deny Facebook microphone access. But that was probably a temporary glitch, I was not able to reproduce the mic request when resetting everything and running the wizard again. Your new profile picture may be temporary, but any rights you grant the Facebook app are permanent. I’m not saying that this is a sinister plot to get more data about you, it may be just sloppy programming. But it is anyway an excellent reminder about how important the app permissions are. We should learn to become more critical when granting, or denying, rights like this. This is the case for any app, but especially Facebook as its whole business model is based on scooping up data about us users. Time for an app permission check. On your iOS device, go to Settings and Privacy. Here you can see the categories of info that an app can request. Go through them and think critically about if a certain app really needs its permissions to provide value to you. Check Facebook's camera and microphone permissions if you have used the temporary profile picture feature. And one last thing. Make it a habit to check the privacy settings now and then. [caption id="attachment_8637" align="aligncenter" width="169"] This is how far you get unless you agree to grant Facebook camera access.[/caption] [caption id="attachment_8638" align="aligncenter" width="169"] The Settings, Privacy page. Under each category you find the apps that have requested access, and can select if the request is granted or denied.[/caption] Safe surfing, Micke PS. The temporary profile picture function is BTW simpler in Facebook's web interface. You just see your current profile picture with the overlay. You can pan and zoom before saving. I like that approach much more. Photo by Markus Nikander and iPhone screen captures
Open up your favorite web site and you can see what this is about right away. There are in many cases two options, an ordinary log-in and “Log in with Facebook”. Have you been using the Facebook option? It is quite convenient, isn’t it? I was talking to a journalist about privacy a while ago. One of the hints that ended up in the final story was that it isn’t necessary a good idea to link your other accounts to Facebook. And that raised questions. Some people have wondered why it is so, and pointed out that we at F-Secure also provide that option in our portal for F-Secure SAFE, MY SAFE. So let’s take a closer look. Is it good, bad or ugly? Here’s the important points: Facebook acts like an authentication service in this scenario. One single password opens the door to many services. This is indeed convenient and reduces the need to remember a lot of different passwords. But you should use different passwords on every service to reduce the damage if a password is leaked. That could happen for example in a phishing scam. Using Facebook’s log-in everywhere is putting all your eggs in the same basket. The worst thing you can do is to use the same user ID and password on all your sites, but *not* the Facebook function. A leak in any of them could give the attackers access to all your systems. Using the Facebook login instead is in this case a way to *improve* security. Facebook's servers are well secured, a leak from them is highly unlikely. It may reveal private info from Facebook to the other service unnecessarily. Most of us just click OK when Facebook asks for permission to give data to the other service, without thinking about what we really approve. Facebook will get yet another sensor to profile you. They will know that you use a certain service, when and how often you use it, and on what kind of device and where in the world you are when using it. Most people are on Facebook under their real name, but you may want to use other services more anonymously. If you don’t want it to be publicly known that you use a particular service, then you shouldn’t use your real-name Facebook account to log in. Remember that privacy on-line is not just about how much private data you reveal. It’s also very much about whom you reveal it to and how fragmented your digital footprint is. Preventing different services from consolidating your data improves your privacy. So should I use this feature at all? Maybe, it depends. There are some downsides, but it's a convenient way to log in, that can’t be denied. But first, the security-savvy approach is to instead use separate strong passwords on every site and a password manager. It’s a little bit of work when you set it up, but it is really the most secure approach. Don't use Facebook log-in for critical services. Those are sites containing sensitive information or where you make payments. They always deserve a strong unique password. But there's also a large number of sites that aren't that critical. Your on-line newspaper for example. If crooks get your Facebook password then your compromised newspaper account will be the smallest of your problems. Go ahead and use Facebook log-in for those if you find it convenient, but keep in mind the privacy concerns listed above. It's all about how picky you are about privacy. And don’t forget to review the permissions you have givens to apps and sites in Facebook. Go to Settings / Apps and you see the list of approved apps. Remove anything that sounds fishy, that you can’t remember approving or that you aren’t using frequently. Don’t be afraid to remove too much. The worst thing that can happen is that an app or site stops working and asks you to give it Facebook permissions again. Open all remaining apps and review what permissions they have. Think about what they do for you and if they really need all their permissions. Fix the permissions if needed. To wrap up. The Facebook log-in feature is not a security problem. Facebook's security system is solid and your security is not in jeopardy if you use it. But I still recommend separate passwords for the critical sites. The question marks are on the privacy front instead. Linking sites together contributes to forming a more comprehensive digital footprint. It's up to you to decide how worried you are about it. With this info you should be able to make an educated decision about where Facebook log-in can and can't be used. [caption id="attachment_8629" align="aligncenter" width="266"] Jamendo's permissions in Facebook. This is the basic permissions most well-behaving apps/sites ask for. If the site asks for more, consider carefully if it really is needed.[/caption] Safe surfing, Micke Images by C_osett and Facebook screen capture