Social media privacy is more important than ever before. It is almost guaranteed you will be subject to a hacking or ransomware incident if you do not take appropriate action now. That is where this article can help.
Facebook and Twitter are huge for personal and business use today. In their infancy, platforms such as these were used simply for fun and keeping in touch with friends and family.
However, the sheer volume of personal data held by these companies today is huge. Millions of transactions, tweets, photos and videos are being uploaded, then shared, by Businesses, Influencers and every day users, all the time. This holds great value to marketers, advertisers and cyber criminals.
Cambridge Analytica used the personal information uploaded by over 50 million Facebook users to influence the social media narrative and therefore sway people's opinions leading up to the 2016 US election.
There was outrage when the scandal emerged in the public domain. It makes you wonder who else has your personal and sensitive information and what they are doing with it.
There is something fundamentally and ethically wrong with using private data in this way, when a select few can successfully wield such power to bend vast swathes of public opinion for their benefit.
It therefore makes sense to spend some time reviewing your social media privacy settings to minimize the risk of becoming a victim of cyber crime, and nefarious intentions like those of the now defunct Cambridge Analytica company.
Legislation, lawsuits, scandals and brand reputation has resulted in social media companies opening up their privacy settings to a certain extent, so they can now be controlled and changed by us, the customer.
However, the default settings are set to what the social media platform wants them to be, which suits their interests. One of the challenges for us is to actually find the important settings in the first place, so we can change them to what we want them to be.
Therefore, this article looks at social media risk in more detail, then focuses specifically on the key Facebook and Twitter privacy settings that, I think, should be changed to protect your privacy. We then look at other methods to protect our online privacy.
The most popular social media platforms have a heavy interest in tailoring their marketing strategies to your tastes and interests.
This allows for targeted advertisement campaigns by the publishers who pay the likes of Facebook and Twitter huge sums of money for their adverts to appear on their social media websites.
In addition, the sharing of our information between social media platforms enhances their profit margin as publishers adverts are seen by more people, and therefore increases what is known as the click-through rate (the number of people who click on an advert of interest).
Anecdote time. I was researching fake grass for our back garden because our attempts to grow real grass failed year on year. We're not bad gardeners, I don't think. I reckon it was the soil quality and the lack of sunlight because of the trees.
Anyway, after a few days of Google searches and reading of fake grass-related websites, I started to see adverts for fake grass in my Facebook feed. I never performed a single search for fake grass on Facebook. Coincidence? I think not.
It is in social media platform interest to ensure publishers and their adverts, games etc., are legitimate and free from hidden ads that redirect people to malware infected sites and so on. However, the world isn't perfect, and their defences are not 100% foolproof.
For example, cyber criminals can automate the setup of multiple social media accounts, called bots, that auto-create new posts and even follow or friend request people whenever you use specific words, phrases or terms.
A group of bots working together is called a botnet, and they form co-ordinated attacks, enticing people to interact. Ultimately, they aim to access your sensitive information by bombarding you with phishing e-mails or hack into your device to propagate their malware campaigns.
Do not accept Facebook friend requests from people you don't know. There is every chance that it is a bot account.
These account can be set up manually in less than 15 minutes. Imagine how many there are globally when the set-up is automated.
Data mining, or data scraping involves the collection of personal information accessible across multiple social media platforms and other sites where you enter personal information.
Research companies harvest and sell the information on to other companies (all legitimate?) who then use the aggregated data to target their advertisement campaigns. The issue here is the lack of consent from us to using our information for this specific purpose.
Other than locking down your social media privacy settings, there is little we can do individually to control this phenomenon.
All social media apps should be treated with caution. You simply do not know which apps are leaking your information and which are legitimate and are 'following the rules'.
For this reason alone, it is recommended that each time you use a new Facebook app, you should change your password. This often breaks or invalidates the access tokens that enable the backdoor data sharing techniques.
Access tokens are little pieces of software that securely holds your login details, access rights and of course particular uses within applications.
Applications actually leak your personal information during the installation process. Most people blindly accept the terms and conditions of use, then click 'Allow' or leave enabled options on their default settings for sharing or accessing personal information.
It is these decisions that passes on the access token to the application. At this point, some social media apps could be passing on your details to other advertisers and enabling their access to your data, photographs and even private messages.
You wouldn't have a clue that this is going on because you are not informed, and this is why social media privacy should be taken seriously.
In addition to the traditional phishing scams that are prevalent across the Internet, cyber criminals who breach or hack in to (social media) websites or their accounts, can then perform a technique called doxing. This is the illegal release of personal information in to the public domain.
There are many examples of where companies have an insufficient cyber security practices that result in the compromised data of their customers.
This is often down to a lack of protection of the databases that hold information such as names, addresses and backing details. The reasons vary, from inefficient patching strategies, to inadequate data encryption methods, to name but a few.
Preen.me, a Tel Aviv-based platform used by social media influencers and suppliers for product promotion, was a victim of a data breach as a result of a ransomware attack in June 2020.
Hackers gained access to over 250, 000 influencers personal details such as their Facebook account names and friends lists, Twitter handles, home addresses, e-mail addresses, and even details such as eye colour and skin tone.
A few details were initially released on the dark web, then a few days later, another 100, 00 were released via PasteBin, a simple data sharing site. Eventually, all details were released. This is a classic doxing technique when ransoms are not paid (or paid, it doesn't matter, cyber criminals do what they want anyway).
It is fair to say that our personal information is just as important as money. We should therefore protect our information with the same vigour as we do our money. In the next section, we take a look at some ways we can do this.
Twitter is a near real-time information sharing platform. Short messages offering options, advice and information sharing, including links to articles, images and videos, are tweeted in their millions every day.
Conversations on topics ensue and the platform has inbuilt features such as the ability to send private messages to other Twitter users, and pull together tweets on given themes through the use of the hashtag.
The problem I have with Twitter is that tweets and responses can be reactionary when sent in the heat of the moment, and can be used to undertake sustained and coordinated attacks of harassment and abuse.
Below is a series of changes to your Twitter account settings that can improve your social media privacy standards.
As Twitter changes it settings over time, the path to the specific settings below can slightly change. I'll do what I can to update with the latest paths.
However, you may need to do a little sleuthing to find each setting. This is not a bad thing, as you will likely come across other aspects of Twitters' privacy settings that you may not be aware of, further improving your privacy.
Also, some paths and how settings are enabled or disabled differ slightly depending on if you are using a web browser or the app. The paths below apply to the Twitter website.
By default, everyone can communicate with anyone on Twitter. This is not always desirable.
Therefore, if you only want your trusted followers can see your Tweets, switch on Protect your Tweets by navigating to:-
Settings and Privacy > Privacy and Safety > Audience and Tagging.
Two Factor Authentication is a must to have any chance of protecting your social media privacy. In short, it enables two methods that must be completed before account access is granted. This could be a complex password and a text message to your mobile phone.
The something you know, something you are and something you have approach provides that additional layer of security that just might save your information from being compromised. To enable Two-factor authentication, navigate to:-
Settings and Privacy > Security and Account Access > Security > Two-factor Authentication.
Location tracking is popular for Influencers who are travelling, for example. Whilst this can be beneficial, it is not always prudent to advertise your location.
Why advertise the fact you are not at home, or even the fact you are at home, to potentially millions of random strangers?
To switch off your Location Information, navigate to:-
Settings and Privacy > Privacy and Safety > Location Information.
Do you want everyone who has ever known your e-mail address and phone number to have the ability to find you on Twitter? For some, the answer may be Yes.
However, when I think about all the accounts I've set up over the years with the same e-mail address, I would much rather not have this option enabled.
To switch off Discoverability options navigate to:-
Settings and Privacy > Privacy and Safety > Discoverability and Contacts.
There is a wide variety of information being uploaded and shared on Twitter. Some of this information could be offensive to you, or of a nature that you wouldn't want displayed on your timeline.
Remember, lots of hacking techniques are propagated through sensitive information. Preventing sensitive information from appearing on your timeline reduces your risk of exposure.
To disable sensitive content from appearing on your timeline, navigate to:-
Settings and Privacy > Privacy and Safety > Content you see.
Filters prevent low-quality content from appearing on your timeline, such as spammed tweets from bots, which again can contain links to malware infected sites, for example.
To switch on the Quality Filter, navigate to:-
Settings and Privacy > Notifications > Filters.
The suggestions here are just a select few. There are lots of other options to consider. For further information on Twitter privacy options, take a look at this article from PC Mag.
Next, we take a look at the social media privacy improvements we can make to our Facebook experiences.
Facebook is huge, with over 2 billion active users every month. What started out as a means of keeping in touch and interacting with friends and family, today it is a multi-billion dollar industry with a large business and publisher presence.
As we are finding with most, if not all social media platforms, games and advertisement campaigns are what fund these services and drive the huge profit margins they boast every year.
Facebook has had its fair share of problems over the years around data privacy, and is therefore one of not the most important platforms on which to improve your privacy settings.
As Facebook changes it settings over time, the path to the specific settings below can slightly change. I'll do what I can to update with the latest paths.
However, you may need to do a little sleuthing to find each setting. This is not a bad thing, as you will likely come across other aspects of Facebook's privacy settings that you may not be aware of, further improving your privacy.
Also, some paths and how settings are enabled or disabled differ slightly depending on if you are using a web browser or the app. The paths below apply to the Facebook app.
Some people have thousands of friends. When they like a post, the default setting is to inform you on your timeline. This is an incentive for you to click and engage with that post too. The same goes for what you like, too.
Whilst that can be beneficial, you cannot control what all of your friends are liking, just as Facebook cannot control all publisher ads and their potentially nefarious intentions.
Therefore, if you want to keep your interest and post like private, at least, change the social interactions settings by navigating to:-
Settings and Privacy > Settings > Ad Preferences > Ad Settings > Social Interactions.
Search engines such as Google index your Facebook profile, so anyone can perform a search and bring up your profile and all that you are currently sharing.
I have disabled this option on my personal Facebook profile, but I do have it enabled on my eComputerZ business suite profile.
To change this setting, navigate to:-
Settings and Privacy > Settings > Privacy Settings > Do you want search engines outside Facebook to link to your profile?
Two factor authentication is a must, especially on Facebook. In my personal life, I see far too many posts stating their accounts have been hacked. I was even a victim before I enabled 2fA.
When you set up (and you will if you haven't already, right?) you will be surprised how often you get a text message prompting you to enter the random access code to approve authentication to your account. This is the hackers and their malware, bots and other techniques in action, trying to hack in to your account. 2fA help prevent this from happening.
To enable two-factor authentication, go to:-
Settings and Privacy > Settings > Security and login > Use two-factor authentication.
Have you ever create a web account and then subsequently logged in to that account using the 'authenticate with Facebook' option?
Did you know when you do this, it gives those companies access to your Facebook data, and in some cases the option to share your activity on their websites with Facebook?
How do you think companies such as Cambridge Analytica harvested large amounts of data?
Eventually, Facebook opened up their privacy settings to give you the option to change your Facebook interaction with third parties and disable their tracking capabilities.
To turn off Apps, websites and games, go to:-
Settings and Privacy > Settings > Apps and Websites > Apps, Websites and Games
Ever been automatically tagged in a Facebook photo or video? This is down to the rather impressive face recognition algorithm, which we used to only see on futuristic sci-fi films.
I'm not certain I want my facial recognition data held by a company that cannot be trusted to keep this data safe. What about you?
To switch the face recognition feature off, navigate to:-
Settings and Privacy > Settings > Face Recognition > Do you want Facebook to be able to recognize you in photos and videos?
Facebook uses your location to target ads, news and services from your local area, or the area you happen to be in, for example, when on holiday.
If you don't want Facebook to know your location, disable location services and history by navigating to:-
Settings and Privacy > Settings > Location > Location services / Location history
Facebook is constantly monitoring your online activity, and the websites linked to your Facebook profile and monitoring your activity on the Facebook platform.
The Off-Facebook activity options allows you to disconnect your Facebook profile from your account. This not only reduces Facebook's capability of sending your tailored adverts, it also reduces other websites from monitoring your activity.
However, if you turn off this option, you may need to sort out login details to other web accounts that were previously dependent on your Facebook login details.
Settings and Privacy > Settings > Off-Facebook Activity > Clear History.
Also navigate to Settings and Privacy > Settings > Off-Facebook Activity > Manage your off-facebook activity to see the other apps and websites that have monitored your Facebook activity.
There are lots of other privacy settings that are worth reviewing on Facebook. I suggest you take the time to do so.
The Complete Guide to Facebook Privacy Settings is an excellent resource for more settings to review and amend.
In the next section, we review additional steps you can take to protect your social media privacy.
Below is a collection of hints and tips to help improve your social media privacy standards. These steps sit outside of specific setting changes discussed above, and I think they are worth the effort.
On social media sites, understand what happens when you post a message or upload a video. Who will see it, who can comment on it, will others in the photo be automatically tagged in it?
In addition to facial recognition, photos can reveal too much information about you and your family.
For example, what could be gleaned from a photo of your family by a cyber criminal if that image includes a road name, school name, house name or number? It may not take too much sleuthing to track you and your family members down.
Consider using a free photo manipulation tool to blur or erase certain landmarks and personal information on show in photographs.
Also, aim to minimize the personal information you upload and share. This ranges from your date of birth and home address, to topics such as your political persuasion or current workplace. This is key data used by cyber criminals to perform identity theft and targets ads.
Finally, avoid the usual clickbait articles on social media sites, general websites and within apps. You know the ones, for example, "You won't believe what they look like now", or "When you see where they are living now is heartbreaking".
They are all tailored to elicit clicks and promote their interests, and just maybe send you down the rabbit hole of malware infections that commandeer your personal information and compromise your social media privacy.
I know there is a lot to take in. This article is quite lengthy, but all the content is both relevant and important.
What it does underline is the impact of social media on our society. For me, there is a lot of good that comes from social media, such as an awareness of important topics and what is going on across the world. Also, the opportunity for businesses can never be underestimated.
However, as we have seen, there is a darker underbelly to social media platforms, and having an awareness of this, and the steps you can take to reduce the risks, is critical to the quality of your social media privacy.
To round off, I've included this article on the privacy setting to review for Instagram. This platform has rapidly increased in popularity; therefore, it needs to be treated with the respect it deserves.
Thank you for taking the time to read through this article. I hope it has proven to be useful.