About a month ago, I was contacted by Marta who runs the fabulous fashion blog ‘With Love‘, and she asked me to do a blog post for her about online safety and women. I thought it was a great topic and readily agreed. I have my own blog called ‘Securityphile‘ where I talk about everything and anything related to online privacy, safety and identity.
When it comes to online safety, the most important thing to remember is protecting your personal information. Without any information available about you online, your safety is pretty much guaranteed right? Unfortunately that isn’t a reasonable solution. It’s a rather extreme and narrow view of trying to stay safe, especially in 2011. What needs to happen is there needs to be balance. Today, a lot of our daily activities revolve around the Internet, and it has become the norm. Friends, family, co-workers are all sharing photos, shopping for clothes, listening to music, paying bills, handing in school assignments, talking to friends, etc. etc. – all on the Internet. In order to do any of that, we are required to give up information about ourselves in order to use the services. Typically an email address and a password are required so you can identify yourself. If you are shopping, credit card information and an address are also required so that you can pay for and receive your purchases. That is it. Any other information requested is usually optional.
However, things start to get complicated when you start using sites like Facebook, Twitter , Foursquare, Youtube, or any other social networking related sites. In order to get any reasonable use out of them, you need to participate, but instead of paying for a product or service, you engage and socially interact with others. You end up providing content (which is really just personal information about yourself), and it usually comes in the form of text, images, video or location, all of it delivered to a combination of friends, family, co-workers, acquaintances or strangers. Your friends and family may get to know you better, but so do strangers and acquaintances. Is that something you are comfortable with? If you aren’t comfortable, one way you can control this is by enabling the privacy settings, this way, you know who and who isn’t seeing what you post. In Facebook, the settings are quite granular, but for Twitter, its an all or nothing privacy setting. The feature ‘block this person’ is helpful too! Whatever you use, I highly recommend using privacy settings to control who can see your personal information.
The deal is, the more information you give up, the more people get to know you. This can be a good and bad thing. While it can be good for family and friends, it’s usually a bad idea when it comes to strangers and acquaintances. Then again, I bet there are certain friends or family members that you wouldn’t want to share everything with either am I correct? Strangers will know what you look like, but you don’t know what they look like. You don’t know what their intentions are and you have no way of judging their character. You dont know if they’ve been previously convicted of a crime or are mentally unstable. I would say for the most part, people are generally nice, which is why we tend to let our guard down and trust people. But it also makes it quite difficult to pick out the scary people. It’s tough to judge people sometimes, and people change too. The trick is to find a balance where you can share enough information that lets you participate effectively, yet you don’t end up giving up too much that people can figure out what your daily routine is.
I came up with a list of things to avoid when engaging in an online public discussion:
- Your age
- Your birth year
- Marital status
- Where you work/go to school
- People you live with or if you live alone
- Expensive items like cameras or computer equipment, jewelry
- Your location, past, present and future (including vacations)
- Your home address and the area you live in
- Your main method of transportation (car or public transit)
- Names of Family members and their relation to you
While the individual pieces of information above may mean nothing on their own, when you combine them with other pieces of information taken from Twitter, Facebook or Foursquare, it can give anyone a deeper insight about yourself, knowledge that you normally might not divulge. When sharing information online, I recommend being vague when it comes to personal information. If you want to share personal info with people, use a non-public channel like email or instant messaging. This way, you control who you are sharing it with.
Its not just your physical safety that you have to worry about. You need to protect your identity online as well. If someone gains access to your personal accounts like email, Facebook or online banking account, they may blackmail you, steal financial information from you or from your place of work. They may choose to take over your accounts and impersonate you. I’ve seen it happen to many friends on Twitter and Facebook. Have you?
How to Protect Yourself
Test yourself by checking your Gmail or Facebook to see if your account has been accessed by someone else. I have seen friends on Twitter talk about how they discover their Facebook accounts are being accessed – from a different state or province. Checking Gmail and Facebook can tell you if your safety/identity has already been compromised. If it has change your password immediately! If you have your own domain name, make sure you have chosen the privacy option for your WHOIS record. Doing a WHOIS look up will tell you if you are unnecessarily exposing your home address, when you should be keeping it private.
More Important steps you should take to protect yourself online:
- Always use a different password for different accounts
- Change all of your passwords. Every 4 months
- Back up your data, documents, pictures, music on your computer and smart phone
- When using public, free wifi connections, use it only to browse for public information. Dont use it to check email, access Facebook, online banking,
- Same goes for public computers that are shared, you dont know what previous users have done to the computer
- Answers to secret questions shouldn’t be information you can figure out from Facebook or Twitter. This was how Sarah Palin’s email got hacked. (Its not a good idea to use the secret question ‘what is your mothers maiden name‘ when she is a friend on Facebook.)
- Google yourself and create alerts whenever your name appears online
- Keep your operating system updated, even if its MAC OS X
- Use anti virus
I also spoke to some female friends to get their perspectives about online security and to understand how they protect themselves. All of them have a presence online, typically its a combination of a blog, Facebook, Twitter, Youtube etc. etc., all of which they incorporate into their regular, daily lives. I was quite surprised to hear they haven’t had any major issues with being harassed, stalked or had their identities stolen. When I delved further into the issue, it turns out everyone already practiced some form of safety routine. I was quite impressed by their knowledge and the various methods they used to protect their privacy. They use updated anti virus, update their operating systems on a regular basis, change their passwords or keep them in a safe location. Almost everyone I spoke to have set up separate email addresses, one for strangers and acquaintances and the other is for family and friends. Most importantly, they censor themselves and are careful about the content they post online. I am proud of my friends!
At the end of the day, it’s really up to you to decide what to share and what not to share and to whom. Its the type of information and the amount that you share online that affects your safety. Always think about what you are about to say online, you might forget what you said 2 years ago, but the Internet won’t. Always keep in mind that the information you post online can be interpreted differently by different people. Being online can make you closer to friends and family and when used properly, it can keep strangers and acquaintances at an arms length.
I recently saw a post on Twitter where someone extolled their love for the password manager software they use. They also mentioned the information that was stored in it, the type of information that is the secret sauce to a person’s identity: user names, passwords and banking information.
While I think the use of password management software isn’t entirely a bad idea (as long as you have other defenses in place), I do believe it’s a bad idea announcing WHAT YOU USE to store the recipe for your secret sauce, particularly when it’s on a social networking website, for everyone to see. That’s akin to announcing to the whole world the name and model number of the safe I use at home, what’s stored inside and where it is. But I’m still using a safe, so I’m secure right? No!
Posting critical information like that to a social networking website will make you a likelier target for hackers. It will be easy for them to build a profile of people based on their blog, Twitter and Facebook accounts, then plan a social engineering attack. The attack may come in the form of gaining your trust, then sending you a malicious file for you to execute. A general search of 1Password or Keepass on Twitter, will show you lots of users who are using the software.
While the secret sauce maybe encrypted, if a computer is infected with a trojan horse that has key logging features, the encryption no longer protects you and it becomes a moot point. If you don’t keep your operating system up to date, use anti-virus and a firewall that just makes you even more susceptible to your secret sauce being revealed.
The other question to ask yourself is, where do you store this information? Is that encrypted file on a laptop or desktop? What if the laptop is lost or stolen? Hopefully there is a back up. And a back up of that back up.
Rule of thumb: The more information you reveal about your computer’s defenses, the more vulnerable you become.
What concerns me, is how easily this lack of knowledge is spread via Twitter, and it will give people who aren’t as technically savvy, the wrong idea. I can guarante a lot of people will try out the password manager but forget to do everything else, like update their browser, anti-virus, operating system and install a firewall. If that’s the case, they will have all their eggs in one basket, and be ripe for the picking.
I’m not really big a fan of Facebook. The public display of their eroding privacy policies have left me with a bad taste that only enforces my general mistrust of corporations.
Since many people either don’t feel that way or are just completely unaware of what is happening with Facebook, I still feel the need to discuss security or privacy issues that affect it.
Within Facebook, there is a new option for you to enable ‘Account Security’. I recommend that you enable it immediately if you use Facebook. The feature allows you to be notified when your account is accessed from a computer that has not been registered. While its not a bulletproof measure, its a step in the right direction.
You will need to log in and log out of Facebook after you enable the feature so that you can register your device, be it smart phone, laptop, etc. When you access ‘Account Security’ you will see a list of registered computers.
It’s likely this feature came about after a Facebook board member fell victim to a phishing attempt.
Take note that, if your email account uses the same password as your Facebook account, then the hacker accessing your account can delete the email out of your inbox before it gets to you. Another good reason to use different passwords.
The article goes on to discuss the results of a survey conducted by the Pew Internet & American Life Project regarding reputation management and social media. One conclusion that was drawn was that 18-29 year olds were the least likely group to trust social networking sites.
On one hand, I understand the need to manage one’s own reputation online. People must protect themselves from people that feel the need to discriminate or gossip, have loose lips or become judgemental about things that don’t concern them.
On the other, I find it disappointing that people have to resort to censoring themselves and monitor everything they do, just to ‘fit in’, wherever it might be. It sounds a lot like high school, but I think it’s actually the other way around: high school is a lot like life.
At the end of the day, I do believe that if pictures, blogs or personal information are freely accessible on the Internet, it’s fair game for any one to view it.
That is why people must protect themselves.
This is what I suggest:
- Google yourself to see what content “your name” is associated with.
- Continually monitor your name by creating ‘Google Alerts’ that are sent via email or RSS
- Create an extra account on Facebook for professional (work) use only, separating if from your personal life.
- Get your name as a domain name. If you have a common name, you may be mixed up with someone else. Get it before someone else does.
- Check your friend’s social networking photo albums to see if they have any photos of you that could be considered ‘inappropriate’ (your friends may not have strict privacy settings)
- Review your privacy settings on all social networking sites and lock them down if necessary. Remember to test it out to see what it looks like.
- Think about what you want to say before posting it as a comment on social networking sites, discussion forums or news articles. Could your comments be used against you in the future?
I enjoyed this quote from the article…
Stefanie Juell, a 28-year-old in Westchester County, N.Y., has become increasingly aware of this. So she recently opened an extra Facebook account after her supervisor and people she’d met through work started to friend her on her personal account.
“You don’t exactly want to reject your supervisor,” she says. “Nor do you want him or her to see everything that your friends write on your wall or the pictures that people tag of you.”
As a site note, Googling yourself use to be referred to as ‘ego surfing’. CNN also reported about the same Pew Internet report but it wasn’t as extensive as the Toronto Star article that I posted.
Money lending companies are looking up customers seeking loans on Facebook, Twitter etc. to check their status updates and see if there are any indications of risk to lending that person money. i.e. Facebook status: still job hunting
“If I go on Facebook or Twitter and see information that doesn’t match, it could indicate something is wrong,” said Rob Garcia, senior director of product strategy at Lending Club, a peer-to-peer lending network based in Redwood City, Calif.
My opinion is, if the information is available on the Internet, it is fair game, unfortunate as that may sound.
This is probably the best quote from this article…
“There is no such thing as a free Facebook account,” he said. “You don’t pay to use it, but you give up privacy in exchange for using its service. The way Facebook makes its money is by selling its user’s information.”
People choose to post whatever they feel like at that moment in time on the Internet. You just never know, how that information may be used against you later on.
More than 100,000 Websites have added Facebook’s new social plug-ins, an initiative designed to make the Web less of an anonymous experience. The intent is to allow trusted sites the ability to instantly recognize a Facebook user the moment he uses the service by leveraging the details of his profile. Those who opt to log into their profiles from a trusted site can not only access feeds and friend details, but can also tag and identify the content they’re interested in.
The article also talks about a mall based in London, England is looking to integrate a piece of software called ‘Fashion Detector’ with social networks to create a new ‘shopping experience’. The mobile version of this application is what troubles me…
Following the browser-based version of the Fashion Detector will be a mobile app that will allow users to simply snap a photo of someone on the street and have their handbag or boots identified.
I’m surprised that this is moving forward, especially for a European country. Typically the privacy laws are much more strict compared to the US. It will be interesting to see how fast and how far this service will go.
So, if some guy or girl, who happens to like what I wear, may try to take my picture, either surreptitiously or directly ask me? What if I say no, what then? If they do get my picture, no doubt the image will be stored on their phone and most likely uploaded to Facebook and ‘Fashion Detector’. NO THANK YOU. Our images, pictures of you and me, will now be stored for who knows how long and who knows what they will do with the picture, by random people we don’t even know? NO THANK YOU.
I can just see it now, older men trying to snap pictures of younger women, using the excuse that they are taking a picture because they are wearing something their daughter/wife/girlfriend might like. Where is the line drawn?
And yet, I could see this succeeding – unfortunately, all in the name of fashion. As demonstrated by Facebook, people are easily hooked into giving up and FORGETTING about their personal privacy as long as they feel they are getting something out of it.
I’m going to talk about a little pet peeve of mine, as it was related to privacy I thought this would be a good place to post this.
To show you I’m not entirely about bashing Facebook, I’m going to talk about a feature that I’m glad Facebook has FINALLY added.
It’s the ability to control who can see your friends list. That means…
NO MORE FRIEND LIST CREEPING.
Friend list creeping is when someone you may or may not know, depending on how you’ve configured Facebook, who goes through your list of friends and starts adding them arbitrarily, even if they don’t know the person. I can only assume it’s either to increase their own friend count, add hot girls (I know its happened to others as the same thing has happened to them and we’ve complained in unison) or some other mysterious reason that is beyond me.
I discovered someone I recently added had creeped my friend list.
Unfortunately Facebook didn’t have the feature to prevent people from doing that at the time my friend list was creeped. Or else I would have blocked them as soon as I added them.
Now I can pick who can see my friend list and who can’t.
A little too late with the feature Facebook. I guess I was wrong in that I wasn’t going to bash them. Oh well.
To control who can see your friends list, go to Account -> Privacy Settings -> under Basic Directory Information, go to View Settings -> See my friend list
This web based tool helps you determine what level your privacy settings have been set to in Facebook. I haven’t used this myself, so I can’t verify the authenticity of this tool. I’m pretty confident that I’ve locked down and restricted everything in my Facebook account by myself so I don’t need to use it.
To be 100% sure, create another Facebook account and search your name and see what comes up.