Facebook

How to protect your private information from Facebook’s ‘creepy’ new open graph search

310670770_5f30fb24d0Are you sharing your telephone number on Facebook?

You might be and not even realize it.

A few months ago I signed up for Facebook’s Login Approvals, which required my mobile number. Instantly my number was added and set at my default setting.

If my general privacy setting were “Public”, my number could be one of the 2.5 million phone numbers that Brandon Copley recently harvested from Facebook using the site’s new Open Graph Search.

The app developer from Texas admits that users can use privacy settings to hide their number but still believes this is a violation of users’ trust.

“Facebook is denying its users the right to privacy by allowing our phone numbers to be publicly searchable as the default setting,” Copley told TechCrunch. “This means that anyone with my number knows my Facebook contact information.  I may have not told my future employer about my Facebook account, but if I called them on my cell phone they can now know how to find me on Facebook.”

To make sure your phone number isn’t public, go to your profile and click on “Update Info”. Click “Edit” next to your “Contact Information” then click on the audience icon and select the level of sharing you want. I chose “Only Me”.This isn’t the only privacy surprise you should expect as Facebook’s Open Graph Search begins rolling out to the site’s one billion users

The simplest way to make sure you’re only sharing what you want to share is to use our new Safe Profile Beta app, which scans your profile and lets you know how much you’re sharing and how to lock down your profile. But keep reading for more information about the search and how to prepare yourself.

Open Graph Search will definitely change the way people look at Facebook. You can sign up for the waiting list here: http://www.facebook.com/about/graphsearch

Your friends and their friends will be able to search your information in ways you may not expect. And this tool will likely become the “Google” of social—meaning people will go to it first to discover the people based on interests and location, which could get a bit “creepy.”

Some suggest this tool will make it easier for criminals to find information for phishing attacks or repressive governments to crack down on dissidents. You can see some examples of how married people who “like” prostitutes and government employees who “like” racism here: http://actualfacebookgraphsearches.tumblr.com/

However, the good news is that it’s restricted by your privacy settings most of your friends use Facebook pretty sanely, right?

“90% of users get the basics right and the other 10% are hopeless,” F-Secure Security Advisor Sean Sullivan told me. “When the 90% meets the 10%, de-friend the boneheads. Because soon they will reflect on you.”

Since you will not be able to opt out of Open Graph Search, you might want to take a few more steps to make sure you don’t end up on the bad end of a disturbing search made by a friend, family member or potential employer.

Here’s what to do now:

(If you’re one of the 90% of the Facebook users who gets how to use the site, you can skip to step three for tips that relate specifically to Graph Search.)

1. First of all, never post anything you wouldn’t want to end in your mom’s newsfeed.
This will save you from most embarrassment. This means, no pictures, videos or status updates you wouldn’t want to see on the cover of your hometown newspaper. If you do this, you’ll avoid most—but not all trouble that could result from being on Facebook or in its search.

2. Check your privacy settings and unfriend anyone who doesn’t seem to use the site responsibly
You can get fancy and restrict certain things to certain people, but Facebook’s basic privacy settings are “public” or “friends.” We recommend friends, unless you want to open your profile to end up in the search results of anyone in the world.

Find the lock near the upper right hand corner, click on it and select “See more settings” at the bottom of the menu that pops up.

Change every option for “Who can see my stuff?” and “Who can look me up?” pick “friends”.

3. Scrub you history
You can (and should) limit all of your old posts to just your friends. Once you do this, you cannot undo it. But you can go back and adjust each posts individually.

Click at the top right of any Facebook page and select Privacy Settings Find “Limit the audience for posts I’ve shared with friends of friends or Public?” and click Limit Past Posts. Click ”Limit Old Posts”.

4. Check your likes!
This is where Graph search gets “creepy.” Let’s say you liked a band three years ago or your competitor at work or a boy band as joke. Graph  Search doesn’t get the joke. What you’ve liked on Facebook is now much more important. And just as you unfriend anyone who worries, go through your likes and unlike any page you don’t want to be associated with. Unfortunately you need to do this page by page.

Go to your profile, click on “Likes.”

They’re organized chronically, so go back in time and unlike away.

5. Turn on “tag review” and take control of your wall.
The most annoying thing about Facebook is that people can tag you in photos you don’t want to be associated with. You can turn on “tag review” and prevent the photos from showing up to your friends but the tag will still be on the photo unless you “report/remove tag.”

Here’s how to turn on “tag review” so photos you don’t approve don’t show up on your profile.

Click on the wheel in the right-hand corner, click on your privacy settings and then click on Timeline and Tagging on the left menu.

Most people want to allow friends to post on your wall but if protecting your images is your priority, you may want to make it available only for you. Either way, it’s a good idea to select “friends” for “Who can see what others post on your timeline?” This will prevent strangers or even potential mates or employers happening to catch your page right as a friend posted some hilariously sick image on your timeline.

We recommend you turn on “Review posts friends tag you in before they appear on your timeline?” This won’t stop your friends from tagging you in something embarrassing but it will stop it from showing up on your wall if they do.

We definitely recommend you enable “Review tags people add to your own posts before the tags appear on Facebook?” This so called tag review will keep you from being in ridiculous tagged pictures or posts that show up in search results. Instead of just popping up on your wall the posts will show up in your activity log where you can approve a tag or asked for it to be removed. To get to your “Activity Log” to approve your tags, go to your profile by clicking on your name on the top navigation. Then click on “Activity Log”

Here’s a Facebook video on how to “report/remove” photos or videos you don’t want to be tagged in.

6. If you want to prevent your friends and family from being associated from you, hide them.
On your profile/timeline page, click “Friends”. In the new screen you’ll see an edit button.

Select “Only Me”.

To hide your family, click “About” below your name, work, school and hometown on your timeline. Under “Relationships and Family” select “Edit” and select “Only Me.”

7.       If this is too much work, consider moving somewhere you’ll have lots of privacy—Google+.

[Photo by Milica Sekulic]

More posts from this topic

Privacy principles 1

Your privacy is our pride, part 1 of 3 – the fundaments

The whole world is waking up to a new reality. Privacy used to be a fundamental human right that we took for granted. Technically it still is, but the global Internet has made it easy to violate this right. Too easy as there is proof that many states and companies violate it extensively and blatantly. There’s many motives for this. Technical feasibility, commercial benefits, diplomatic and political advantages, fear of terrorism and last but not least, peoples’ lack of awareness. The incentives to violate our privacy will not go away, but peoples’ awareness is certainly increasing. This is obvious now in the post-Snowden era. Customers start to ask how their service- and software providers guard their privacy, and make purchase decisions based on that. Protecting our customers’ data has been F-Secure’s mission for more than 25 years. That’s why we are very worried about the current situation, and eager to raise awareness about it. But raising awareness is not enough. We also need to get our act together and make sure our own offering isn’t violating your privacy. It’s by the way a surprisingly complex task that affect all functions in a company. That’s why we have published nine privacy principles that guide our work to guard your privacy. Let’s walk through the first 3 in this post. Stay tuned, the rest will be covered soon.   WE RESPECT YOUR RIGHT TO PRIVACY This is really the fundament of it all. Our goal is to provide you with products and services that create some value for you, but this is never done by violating your privacy. Quite the opposite, guarding your privacy is a central goal in many products. Many companies market “free” services, where the customer in reality pay by letting the provider utilize personal information. F-Secure is NOT one of them. YOUR CONTENT BELONGS TO YOU We handle your data in many ways, either by apps on your own device or uploaded to our services. But no matter how we get in touch with it, it is still YOUR data. We have no right to utilize it for our own purposes and we do not reserve such rights in legal-jargon user agreements that nobody reads or understands. YOU DECIDE HOW MUCH YOU SHARE WITH US Your data, or data about you, may become accessible to us in several ways. You may upload it to our servers yourself. In this case it’s obvious that you are in full control of what data you transfer. Our products may also collect data to improve the service we offer, but you can opt out from much of this. Only a small part of the collected data is mandatory and not controlled by you. In short, we apply a strict minimalistic policy to automatic data uploads. We only fetch data if it’s needed to improve the service, we anonymize data when possible and we let you opt out if the data isn’t absolutely necessary. That’s 3 fundamental privacy principles in our set of totally nine. Stay tuned, we will present the rest shortly.   Safe surfing, Micke  

Oct 23, 2014
BY 
FBI

No, we do not need to carry black boxes

The recent statements from FBI director James Comey is yet another example of the authorities’ opportunistic approach to surveillance. He dislikes the fact that mobile operating systems from Google and Apple now come with strong encryption for data stored on the device. This security feature is naturally essential when you lose your device or if you are a potential espionage target. But the authorities do not like it as it makes investigations harder. What he said was basically that there should be a method for authorities to access data in mobile devices with a proper warrant. This would be needed to effectively fight crime. Going on to list some hated crime types, murder, child abuse, terrorism and so on. And yes, this might at first sound OK. Until you start thinking about it. Let’s translate Comey’s statement into ordinary non-obfuscated English. This is what he really said: “I, James Comey, director of FBI, want every person world-wide to carry a tracking device at all times. This device shall collect the owner’s electronic communications and be able to open cloud services where data is stored. The content of these tracking devices shall on request be made available to the US authorities. We don’t care if this weakens your security, and you shouldn’t care because our goals are more important than your privacy.” Yes, that’s what we are talking about here. The “tracking devices” are of course our mobile phones and other digital gadgets. Our digital lives are already accurate mirrors of our actual lives. Our gadgets do not only contain actual data, they are also a gate to the cloud services because they store passwords. Granting FBI access to mobile devices does not only reveal data on the device. It also opens up all the user’s cloud services, regardless of if they are within US jurisdiction or not. In short. Comey want to put a black box in the pocket of every citizen world-wide. Black boxes that record flight data and communications are justified in cockpits, not in ordinary peoples’ private lives. But wait. What if they really could solve crimes this way? Yes, there would probably be a handful of cases where data gathered this way is crucial. At least enough to make fancy PR and publically show how important it is for the authorities to have access to private data. But even proposing weakening the security of commonly and globally used operating systems is a sign of gross negligence against peoples’ right to security and privacy. The risk is magnitudes bigger than the upside. Comey was diffuse when talking about examples of cases solved using device data. But the history is full of cases solved *without* data from smart devices. Well, just a decade ago we didn’t even have this kind of tracking devices. And the police did succeed in catching murderers and other criminals despite that. You can also today select to not use a smartphone, and thus drop the FBI-tracker. That is your right and you do not break any laws by doing so. Many security-aware criminals are probably operating this way, and many more would if Comey gets what he wants. So it’s very obvious that the FBI must have capability to investigate crime even without turning every phone into a black box. Comey’s proposal is just purely opportunistic, he wants this data because it exists. Not because he really needs it.   Safe surfing, Micke    

Oct 17, 2014
BY 
CITIZENFOUR_1

Nothing to hide, nothing to fear: How Britain has sleepwalked into a surveillance state

The issue of mass government surveillance may have taken a back seat to other headlines lately, but the new Edward Snowden documentary is bringing it to light once more. CITIZENFOUR, the Laura Poitras film documenting the moments Edward Snowden handed over classified documents detailing the mass indiscriminate and illegal invasions of privacy by the US's National Security Agency, is getting rave reviews ahead of its world premiere. The film is already prescreening in the UK, and along with that, F-Secure's UK office is publishing a research report that highlights the growing concern of the public - specifically, the British public - with mass surveillance. The ‘Nothing to Hide, Nothing to Fear?’ report centers on the concern about surveillance being undertaken by the British government on its own people, as well as foreign nationals. The concerns are justified, as Snowden himself in recent comments warned that the British Government is even worse than its American counterparts, since the founding fathers of the US enshrined in law certain rights which the Brits – with no written constitution – cannot claim. Research* commissioned for the report shows that 86% of Brits do not agree with mass surveillance. Snowden’s leaks last year highlighted the extent to which Western intelligence agencies are snooping on the general populace, including their emails, phone calls, web searches, social media interactions and geo-location. And when you consider the fact that the UK has 5.9 million closed-circuit TV cameras (one for every 11 people, as opposed to one informant per 65 people in the Stasi-controlled East German state), the extent to which Britain has fallen into being a surveillance state becomes shockingly clear. The UK government, of course, insists that indiscriminate surveillance will protect national security. However, the UK's Regulation of Investigatory Powers Act (RIPA) contravenes Article 12 of the Human Rights Act: “No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence.” “We are in unchartered territory and we appear to have sleepwalked here,” said Allen Scott, managing director of F-Secure UK & Ireland. “Little by little, our rights to privacy have been eroded and many people don’t even realise the extent to which they are being monitored. This isn’t targeted surveillance of suspected criminals and terrorists – this is monitoring the lives of the population as a whole.” With the future use of this data uncertain, the British people are showing their concerns. The research showed that 78% of respondents are concerned with the consequences of having their data tracked. This concern will only increase as more privacy-infringing schemes pervade UK government departments, offering up more personal data for GCHQ, the British intelligence agency, to use. Be sure to check out CITIZENFOUR once it hits your part of the world. And if you're in the UK, you can be among the first to see it – see pre-screening venues here: https://citizenfourfilm.com/   READ THE REPORT: Nothing to Hide, Nothing to Fear?   See more of what Brits think about surveillance in our infographic:       *Research conducted by Vital Research & Statistics on behalf of F-Secure. 2,000 adult respondents. 10-13th October 2014.    

Oct 17, 2014