Posts

Facebook Privacy and Security Info Graphic

Thanks to Naomi Paton from BestComputerScienceSchools.net for sharing this Facebook Privacy Infographic!

Facebook_Privacy

 

Share this infographic on your site!
According to an early 2013 report from ComScore.com, Facebook still maintains the lead for American user engagement for a single web site — averaging a minute short of 6.75 hours per user in the month of Mar 2013. While this number is a decline from the same period in 2012 (with an average of nearly 7.25 hours per user), it’s obvious that American Facebook users spend a considerable amount of time on the site — more than any other social media site — revealing facts both mundane and interesting about their lives — facts that might be of interest to other people and companies, including those with ill intent.

In fact, according to a study by Alessandro Acquisti discussed in a TED Talk, American employers often judge job candidates who post to social media more harshly than equally skilled candidates who did not post — regardless of whether posts were negative or positive or not even relevant to the potential employer. How potential employers find your Facebook information about you is beyond  the scope of this article, but we do cover some relevant security and privacy statistics and offer some tips to guard yourself.

The Facebook Facts
Please note: All statistics below refer to U.S. Facebook users unless specifically indicated.

  • 1.26 — Number in billions of monthly active worldwide Facebook users  (as of  Oct 2013).
  • 83 — Number in millions of fake profiles (worldwide; as of late Jun 2013).
  • 7.5 — Approximate percentage of fake profiles (worldwide).
  • 128 — Number in millions of daily active Facebook users (mid Aug 2013)
  • 6 3/4 hours — Approximate average amount of time Facebook users spent on the site in Mar 2013.
  • 101 — Approximate number in millions of Facebook users on mobile devices (app and mobile web browsers).
  • 128 — Approximate total number in millions of Facebook users on both desktop computers and mobile devices.
  • 78 — Approximate percentage of Facebook users who access the site on a mobile device.
  • 76 — Percentage of smartphone market that Facebook reaches with their app (primarily) or via mobile web browsers.
  • 23 — Percentage of time spent on mobile apps that is attributed to Facebook use.
  • 303 — Approximate number of “friends” a Facebook user (12+ years old; worldwide) has in their network. This number varies significantly by age group. Research estimates have suggested numbers of 500+ for Facebook users in the 12-24 age range, but much less (low hundreds) for those in older age ranges.
  • 245 — The average number of friends that U.S. users have in their Facebook network, according to a Pew Research study in early 2012.
  • 600 — The approximate number of people that the average person knows overall (Facebook or otherwise), according to a New York Times report in early 2013. Note that other studies suggest a figure of 290.
  • 25 — Percentage of Facebook users (worldwide) who do not look at or ignore their Facebook privacy settings (according to a 2012 Velocity Digital report).
  • 71 — The number of countries whose individual governments made requests for user data to Facebook in the first six months of 2013.
  • 25.6 — The approximate total number in thousands (actual: 25,607) of requests for data made to Facebook by various world governments in that six-month period.
  • 11 — The number in thousands of data requests (minimum) that were made just by the U.S. government.  (U.S. data is reported as a range: 11,000-12,000.)
  • 43 — The approximate percentage (actual: 42.96) of all data requests made just by the U.S. government.
  • 38 — The approximate total number in thousands (actual: 37,954) of Facebook user accounts covered in those requests by all governments.
  • 20 — The number in thousands of Facebook account data requests (minimum) made just by the U.S. government.  (U.S. data is reported as a range: 20,000-21,000.)
  • 53 — The approximate percentage (actual: 52.70) of total account data requests made just by the U.S. government.
  • 2.5 — Number in billions of photos uploaded to Facebook in a single month in 2010
  • 30 — Percentage of photos in a study by Alessandro Aquisti in 2010 (taken of students on a college campus) that were identifiable by off-the-shelf facial recognition software. (Using data mining techniques, the researchers were also able to determine part of identified students’ Social Security numbers.)
  • 10 — Percentage of anonymous online dating profiles identified via facial recognition software in another study by Aquisti.
  • 43 — Percentage of employers (in a study of 2,100 hiring managers) who did not hire a job candidate after researching the latter’s social media profile.
  • 600 — Number in thousands of Facebook logins (worldwide) that are compromised daily (late Oct 2011).
  • 25 — Percentage of consumers whose online data has been breached who later become a victim of identity fraud.
  • 2.78 — Percentage of homes in the U.S. (1 in 36) that will likely be burgled in 2013, according to an FBI 2012 crime report — with or without the help of social media tracking.
  • 1,657 — Average loss in dollars per break-in.
  • 25 — Percentage of teens who claim to have been stalked on Facebook.
  • 55 — Percentage of teens who have given out personal info to strangers on Facebook.
  • 24 — Percentage of teens who have had compromising information made public without their permission.
  • 2.5 — Number of billions of new daily Facebook posts (worldwide).
  • 67 — Percentage of teen users who know how to hide their online activity from parents.
  • 10 — Percentage of children worldwide who experience cyberbullying.
  • 52 — Percentage of teens not telling parents about being cyberbullied.
  • 34 — Percentage of parents who check their children’s social network sites.

Top Five World Governments Requesting Facebook User Data
The following five countries made the most requests to Facebook in the first six months of 2013. (Note: United States data is reported in ranges. In the table below, only the minimum value of U.S. ranges is reported.)

Country Minimum Requests Minimum Accts Requested
United States 11000 20000
India 3245 4144
United Kingdom 1975 2337
Germany 1886 2068
Italy 1705 2306

6 Threats to Your Privacy and Security
Using Facebook incorrectly can expose you to a number of threats. Here’s an incomplete list:

  1. Bullying — You think that your kids are safe at home from bullies? Unfortunately not, and some reports suggest that cyberbullied kids are 2-9 times more likely to commit suicide.
  2. Stalking — Let’s face it; there are lots of creeps out there and one of them may be  stalking you or your children — which is made easier by the fact that more than half of teens give up personal info to strangers on Facebook.
  3. Burglary — While the U.S. Bureau of Justice Statistics suggests home burglaries have declined since the 1970s, while make their efforts easier? Some burglars do monitor social media to determine which homes will be unoccupied for a long enough period for them to get what they want. Sometimes they do this by hacking accounts; other times they simple make friend requests to people who don’t know them. From there, it could be a simple matter of monitoring posts for location data and extended and absence.
  4. Identity theft — Are you revealing too much info in your Facebook profile? Potential victimizers can combine your Facebook profile info with your other social media profiles to get the data they need. Note that identity theft can happen to your children, too, and this might not be noticed until they’re 18 or older.
  5. Career compromise  – Given two equally qualified candidates, new research shows that if a potential employer checks social media profiles, they tend to have a bias against those who post anything to social media – regardless of the topic or tone; even worse if you say something compromising or have photos of questionable behavior. This may not be surprising given that while most U.S. universities and charities are on Facebook, the percentage of Fortune 500 companies with a Facebook page is considerably less (60% as of Jan 2012).
  6. Reputation damage — It might only take one tagged picture of you cutting loose, doing something one time that you wouldn’t normally do. If an acquaintance not in your Facebook network posts the picture, you might not even know about it — a potential problem if they’ve identified you in text.

Privacy and Security Features
Facebook founder Mark Zuckerberg — who in late 2013 spent an extra $30M buying four extra nearby homes to maintain his real-life privacy — has in the past openly indicated that “privacy is over” and that if he were starting Facebook anew that user information would be public by default. That was nearly three years ago and the company doesn’t seem to have swayed much from that goal. He has also made comments suggesting that Facebook users don’t care about privacy.  Despite this attitude, there are legitimate reasons to maintain your privacy on Facebook and there are ways to do so.
This is not a comprehensive list, but possibly two of the most under-utilized features are “private profile” and friend lists. New Facebook accounts used to be private by default but have since switched to public by default. You need to manually change that setting. As for friend lists, they’re the digital equivalent of social circles. Friends can fall into multiple lists or just one.

15 Things You Should Do To Maintain Privacy on Facebook
According to various reports, teens and adults are being turned down for work due to certain things they’ve posted on their social profiles. To see how potentially embarrassing indiscriminate posting can be, visit weknowwhatyouredoing.com.
Younger children are at risk, too, given the growing number of underage Facebook users. According to figures by the Crimes Against Children Research Center, children in the 10-13 age range are at most risk from online predators — that age group makes for 22% of targets.
Here are some tips for maintaining your privacy and keeping your profile socially acceptable, as well as for protecting your children if they use Facebook.

  1. Review your Facebook profile information to make sure that if you do have email addresses, employment history and phone numbers listed, that the information is only accessible by friends. Keep in mind that Facebook had a bug in June 2013 that caused the leak of email addresses and/or phone numbers of 6M users — not a large percentage of all users, but enough to potentially cause problems for those compromised. (If you have specific need to prevent someone from finding you, use an alias in your profile — and don’t post any photos of people associated with you. Better still, use a social media service that’s truly private.)
  2. Create friend lists. Name them according to social circles such as family, friends, friends of friends, colleagues, college-chums, teammates, etc. Put everyone in your network on one or more lists. Every time you add someone, assign them to one or more lists. Hide your friend lists to protect your friends, so that strangers cannot see to whom you are connected.
  3. When you post, use friend lists to control who sees your information. Set a default setting (e.g., Friends or Friends of Friends). If you want, you can change the viewability setting for a specific post either before (best practice) or after posting.
  4. Pay careful attention not only to what you are revealing about yourself in something you are about to post, but also look at the icon indicating who can see the post once it’s published. If you see a “globe” icon, that means your post will be public. Make a habit of checking this before posting.
  5. Review your recent posts and consider removing personal details in case you’ve over-shared.
  6. Make sure that your location is not being broadcast. This is especially important if you’re using Facebook on a mobile device. Turn off the location feature.
  7. If you use Facebook for work purposes, split your posts between your personal profile only available to friends and a “Personality/ Business” Page accessible publicly.
  8. Review your friends’ posts if they tag you. Review your comments on friends posts that might be controversial, in case they change their post’s status to Public. Cover your bases by using Google Alerts [http://www.google.com/alerts] to get email updates for your Facebook profile name, and then take action if necessary.
  9. Even if you keep your Facebook profile private, if you are using Facebook on a mobile device, be absolutely sure that you are using legitimate wi-fi networks and not “honey pots”. If you get on such a network by accident, change your password immediately. If your Facebook profile includes your email address, change your email password.
  10. Change your password regularly — once a month or more often — and don’t repeat any previous password for at least a few months — preferably never.
  11. Use different passwords for different websites and services. Try not to reuse your Facebook password anywhere else — especially for email addresses listed in your Facebook profile.
  12. Pay attention to any privacy setting changes that Facebook announces. You never know when they will affect you or your children.
  13. Make sure your profile name is unique. If there are other people with the same name as you, don’t take chances that your profiles might be confused by someone.
  14. Check your overall privacy settings on the Facebook Privacy Settings and Tools web page [https://www.facebook.com/settings/?tab=privacy].
  15. Check the settings on your photo albums. Each album and photo can have custom settings.

Check the Facebook Privacy page [https://www.facebook.com/help/445588775451827] for more details on privacy settings.

6 Additional Tips For Protecting Your Children
If you think your child will not join Facebook until they’re older, consider that an Oct 2013 study by Commonsense Media shows that 38% of children under 2 have used a mobile device (smartphone or tablet). By the age of 8, that number jumps to 72%. Kids are comfortable with mobile devices, so the chances of them joining a social media site such as Facebook as a mobile user increases. When you then consider that, as mentioned above, 10-13 year-olds make up 22% of the targets of online predators, and that there are millions of underage users, it’s better to guide your children into proper use of Facebook and other social media than to hope they’ll “be good” and not use such services.
In addition to the general tips above, here are some additional tips for protecting your Facebook-using children.

  1. If your children are not on Facebook, agree to show them how at an agreed-upon age. Let them know early on what you will expect from them in terms of usage behavior. Better you introduce them and know they’re more likely to trust you as a “friend” if you teach them early and trust them.
  2. Implement usage schedules and rules for your children. E.g., can only post to Facebook between 7pm-9pm, from home, when a parent is home to monitor, if necessary.
  3. Discuss privacy and security with your kids and make sure that they understand what dangers lurk online. With underage Facebook profiles increasing in number, have this discussion as soon as possible.
  4. Require at least your under-age children to friend you (possibly using a joint family profile that one or more adults can use to monitor posts.) If you are not on Facebook and your children are, that’s a very good idea to join. Just don’t embarrass your kids with awkward comments on all of their posts.
  5. Review recent posts by your children and teach them to understand what is acceptable and what is not. Ask them to edit out any personal info as necessary. E.g., they may not realize they’re revealing too much when they post about an upcoming family vacation and how long you’ll be away.
  6. Ask your children to regularly submit a list of Facebook groups they’d like to join so you can review the groups.

Also make sure that your children are not doing any of the things in the following list.

10 Things You Shouldn’t Do on Facebook
It can be easy to forget how your security and privacy gets compromised on social media. Of course, if you’re doing “bad” things and posting about them, don’t expect to have your privacy maintained. Even if you’re just under suspicion of having done something illegal, Facebook and other social media sites give access to profiles to crime fighting and government agents in certain circumstances — which you cannot prevent. However, to keep other people from knowing your social business, here are tips for what not to do on Facebook

  1. Don’t use Klout.com and similar services if you want to maintain a private profile. It’s not clear in the Klout.com UI who can or cannot see your “Klout moments”, but given that your private FB posts do appear in Klout (because you had to have given permission in the first place), it’s probably not a good idea.
  2. Don’t use FB apps or mobile apps that “want to post for you” if you’re concerned.
  3. Don’t publicly post that you are away for an extended period of time or imply such — especially if your address is easy to find online or in the white pages.  Some U.S. insurance companies are changing policy rules to exclude claims if they can prove you revealed too much on social media and were burgled as a result.
  4. Don’t give away too much info about your current whereabouts. Turn off “location,” don’t mention you’re away and for how long. This includes multi-day conferences, even if you’re near by.
  5. Don’t publish your full home address contact details anywhere online, including your Facebook profile. If you have a home business, use a P.O. Box or use a service that gives you the equivalent of a physical suite number and signs for packages for you.
  6. Don’t post photos of your children, or at the least do not identify and tag them — especially under-age children.
  7. Don’t post or tag photos of your friends doing “questionable” things. Ask them to check with you as well before posting. Similarly, don’t post pictures of your bad habits. Make sure your friends are not doing so either. You would think all this would be commonsense, but friends of friends might be posting photos of you.
  8. Don’t post “insider information”, especially for publicly-traded companies. You might have family, friends or acquaintances that become sources of such information for you. Carefully consider what you’re revealing before posting about any company or the legal repercussions might be worse than losing a job.
  9. Don’t accept friend requests from people you don’t know – especially if they have very few friends in their profile. At least with LinkedIn, you know how they’re connected to you.
  10. Don’t use short, simple passwords. Use longer passwords, some uppercase letters mixed with lowercase letters, numbers and punctuation. Use multiple unrelated words if it makes it easier for you to remember. It’s particularly important to protect your account if re-use this password for other online services — especially common ones such as email addresses, banking, etc.

References :
Information for this article was collected from the following pages and web sites:

  1. http://arxiv.org/pdf/1111.4503v1.pdf
  2. http://www.asecurelife.com/burglary-statistics/
  3. http://www.bjs.gov/index.cfm?ty=tp&tid=321
  4. http://blog.bufferapp.com/10-surprising-social-media-statistics-that-will-make-you-rethink-your-strategy
  5. http://www.careerbuilder.com/share/aboutus/pressreleasesdetail.aspx?sd=6%2f26%2f2013&siteid=cbpr&sc_cmp1=cb_pr766_&id=pr766&ed=12%2f31%2f2013
  6. http://cola.unh.edu/ccrc
  7. http://www.commonsensemedia.org/
  8. http://www2.comscore.com/l/1552/gital-Future-in-Focus-2013-pdf/3dplfc [PDF; requires free signup]
  9. http://www.cooldailyinfographics.com/post/hashtag-etiquette
  10. http://www.cooldailyinfographics.com/post/how-burglars-are-using-social-media
  11. http://www.dazeinfo.com/2012/01/07/social-media-facts-figures-and-statistics-2012-infographic/
  12. http://dotcomplicated.co/content/2013/06/online_reputation/
  13. http://expandedramblings.com/index.php/by-the-numbers-17-amazing-facebook-stats/
  14. https://www.facebook.com/about/government_requests
  15. https://www.facebook.com/bookmarks/lists
  16. https://www.facebook.com/settings/?tab=privacy
  17. http://www.fbi.gov/about-us/cjis/ucr/crime-in-the-u.s/2012/crime-in-the-u.s.-2012
  18. http://www.go-gulf.com/blog/cyber-crime/
  19. http://www.heinz.cmu.edu/~acquisti/face-recognition-study-FAQ/
  20. http://www.huffingtonpost.com/2013/06/21/facebook-bug_n_3480739.html
  21. http://www.identitytheftassistance.org/pageview.php?cateid=47
  22. http://www.jonloomer.com/2012/01/06/facebook-timeline-privacy/
  23. http://www.marketingcharts.com/wp/direct/18-24-year-olds-on-facebook-boast-an-average-of-510-friends-28353/
  24. http://mashable.com/2011/10/28/facebook-600000-accounts-compromised/
  25. http://mashable.com/2013/10/28/children-under-2-mobile-media-study/
  26. http://www.michaelzimmer.org/2012/05/07/how-to-adjust-your-facebook-privacy-settings-2012/
  27. http://www.pewinternet.org/Reports/2012/Facebook-users.aspx
  28. http://readwrite.com/2010/01/09/facebooks_zuckerberg_says_the_age_of_privacy_is_ov#awesm=~olwXxqKGlnb9Ed
  29. http://sociallyactive.com/facebook-and-kids-a-parents-guide-to-facebook-privacy-and-security/
  30. http://www.statisticbrain.com/facebook-statistics/
  31. http://techcrunch.com/2013/08/13/facebook-mobile-user-count/
  32. http://blog.ted.com/2012/07/24/what-data-is-being-collected-on-you-some-shocking-info/
  33. http://blog.ted.com/2013/09/16/6-basic-tips-for-better-online-security-from-ted-speaker-james-lyne/
  34. http://blog.ted.com/2013/10/17/the-future-of-facial-recognition-7-fascinating-facts/
  35. http://www.ted.com/talks/alessandro_acquisti_why_privacy_matters.html
  36. http://www.ted.com/talks/james_lyne_everyday_cybercrime_and_what_you_can_do_about_it.html
  37. http://www.theatlanticwire.com/technology/2013/02/real-friends-vs-facebook-friends/62310/
  38. http://www.theparentszone.com/parenting/why-parents-hate-social-networking-sites/
  39. http://www.theverge.com/2013/9/29/4783702/the-faces-of-facebook-natalie-rojas
  40. http://www.wired.com/business/2010/04/report-facebook-ceo-mark-zuckerberg-doesnt-believe-in-privacy/

 

Facebook_Privacy_thumb

 

John Sileo is an author and highly engaging speaker on internet privacy, identity theft and technology security. He is CEO of The Sileo Group, which helps organizations to protect the privacy that drives their profitability. His recent engagements include presentations at The Pentagon, Visa, Homeland Security and Northrop Grumman as well as media appearances on 60 MinutesAnderson Cooper and Fox Business. Contact him directly on 800.258.8076.

6 Ways Your Facebook Privacy Is Compromised | Sileo Group

One billion people worldwide use Facebook to share the details of their lives with their friends and may be unaware their Facebook Privacy could be compromised. Trouble is, they also might be unintentionally divulging matters they consider private to co-workers, clients and employers.

Worse yet, they may be sharing their privacy with marketing companies and even scammers, competitors and identity thieves. Luckily, with some Facebook privacy tips, you can help protect your account online.

Here are six ways Facebook could be compromising your private information and how to protect yourself:

Facebook Privacy

1.  The new Timeline format brings old lapses in judgment back to light. Timeline, introduced in late 2011, makes it easy for people to search back through your old Facebook posts, something that was very difficult to do in the past. That could expose private matters and embarrassing photos that you’ve long since forgotten posting.

What to do: Review every entry on your Facebook timeline. To hide those you do not wish to be public, hold the cursor over the post, click the pencil icon that appears in the upper right corner, select “Edit or remove” then “Hide from timeline.” Being able to “revise” your history gives you a second chance to eliminate over-sharing or posts made in poor taste.

Facebook Privacy2.  Facebook third-party app providers can harvest personal details about you—even those you specifically told Facebook you wished to be private. Third-party apps are software applications available through Facebook but actually created by other companies. These include games and quizzes popular on Facebook like FarmVille and Words with Friends, plus applications like Skype, TripAdvisor and Yelp. Most Facebook apps are free—the companies that produce them make their money by harvesting personal details about users from their Facebook pages, then selling that information to advertisers. In other words, you are paying for the right to use Facebook using the currency of your personal information.

Many apps collect only fairly innocuous information—things like age, hometown and gender that are probably not secret. But others dig deep into Facebook data, even accessing information specifically designated as private.

Example: A recent study found that several Facebook quiz game apps collected religious affiliations, political leanings and sexual orientations. Many Facebook apps also dig up personal info from our friends’ Facebook pages—even if those friends don’t use the apps. There’s no guarantee that the app providers will sufficiently safeguard our personal information and there are numerous instances where they have done just the opposite.

What to do: Read user agreements and privacy policies carefully to understand what information you are agreeing to share before signing up for any app. The free Internet tool Privacyscore is one way to evaluate the privacy policies of the apps you currently use (www.facebook.com/privacyscore), but remember that it is provided by the very company that is collecting all of your data. You also can tighten privacy settings. In “Facebook Privacy Settings,” scroll down to “Ads, Apps and Websites,” then click “Edit Settings.” Find “Apps You Use” and click “Edit Settings” again to see your privacy options. And be sure to delete any apps you don’t use. While you are in the privacy settings, take a spin around to find out other data you are sharing that might compromise your privacy.

Facebook Privacy3.  Facebook “like” buttons are spying on you—even when you don’t click them. Each time you click a “like” button on a Web site, you broadcast your interest in a subject not just to your Facebook friends but also to Facebook and its advertising partners.

Example: Repeatedly “like” articles in a publication with a specific political viewpoint, and Facebook advertisers might figure out how you vote.

Not clicking “like” buttons won’t free you from this invasion of privacy. If you’re a Facebook user and you visit a Webpage that has a “like” button, Facebook will record that you visited even if you don’t click “like.” Facebook claims to keep Web browsing habits private, but once information is collected, there’s no guarantee that it won’t get out.

Example: If an insurance company purchases this data, it might discover that someone applying for health coverage has visited Web pages about an expensive-to-treat medical disorder. The insurer might then find an excuse to deny this person coverage, or to raise their rates substantially.

What to do: One way to prevent Facebook from knowing where you go online is to set your Web browser to block all cookies. Each browser has a different procedure for doing this, and it will mean that you will have to re-enter your user ID and password each time you visit certain Web sites.

Another option is to browse the web in “InPrivate Browsing” mode (Internet Explorer), “Incognito” mode (Google Chrome) or “Private Browsing” mode (Firefox and Safari), which seems to be a less intrusive way to raise your privacy levels.

Less conveniently, you could log out of Facebook and select “delete all cookies” from your browser’s privacy settings before visiting Web sites you don’t want Facebook to know about. There are also free plug-ins available to prevent Facebook from tracking you around the Internet, such as Facebook Blocker (webgraph.com/resources/facebookblocker).

Facebook Privacy4.  Social readers” tell your Facebook friends too much about your reading habits. Some sites, including the Washington Post and England’s The Guardian, offer “Social Reader” Facebook tools. If you sign up for one, it will tell your Facebook friends what articles you read on the site, sparking interesting discussions.

The problem: excessive sharing. The tools don’t share articles with your Facebook friends only when you click a “like” button, they share everything you read on the site. Your Facebook friends likely will feel buried under a flood of shared articles, and you might be embarrassed by what the social reader tells your friends about your reading habits.

What to do: If you’ve signed up for a social reader app, delete it. In Facebook privacy settings, choose “Apps you use,” click “Edit Settings,” locate the social reader app, then click the “X” and follow the directions to delete.

Facebook Privacy5.  Photo and video tags let others see you in unflattering and unprofessional situations. If you work for a straight-laced employer, work with conservative clients or are in the job market, you may already realize that it’s unwise to post pictures of yourself in unprofessional and possibly embarrassing situations.

But you may fail to consider that pictures other people post of you can also hurt you.

A Facebook feature called photo tags has dramatically increased this risk. The tags make it easy for Facebook users to identify by name the people in photos they post—Facebook even helps make the IDs—then link these photos to the Facebook pages of all Facebook users pictured.

What to do: Untag yourself from unflattering photos by using the “remove” option on these posts. Arrange to review all future photos you’re tagged in before they appear on your Facebook Timeline by selecting “Timeline and Tagging” in Facebook’s Privacy Settings menu, clicking “Edit settings,” then enabling “Review posts friends tag you in before they appear on your timeline”. Better yet, ask your friends and family not to post pictures of you without your permission. Be sure to extend the same courtesy to them by asking whether or not they mind you tagging them in a photo.

Facebook Privacy6.  Our Facebook friends—and those friends’ friends—offer clues to our own interests and activities. Even if you’re careful not to provide sensitive information about yourself on Facebook, those details could be exposed by the company you keep.

Example: A 2009 MIT study found it was possible to determine with great accuracy whether a man was gay based on factors including the percentage of his Facebook friends who were openly gay—even if this man did not disclose his sexual orientation himself.

Sexual orientation isn’t the only potential privacy issue. If several of your Facebook friends list a potentially risky or unhealthy activity, such as motorcycling, cigar smoking or bar hopping among their interests—or include posts or pictures of themselves pursuing this interest—an insurer, college admissions officer, employer or potential employer might conclude that you likely enjoy this pursuit yourself.

What to do: Take a close look at the interests and activities mentioned by your Facebook friends on their pages. If more than a few of them discuss a dangerous hobby, glory in unprofessional behavior, or are open about matters of sexual orientation or political or religious belief that you consider private, it might be wise to either remove most or all of these people from your friends list, or at least make your friends list private. Click the “Friends” unit under the cover photo on your Facebook page, click “Edit,” then select “Only Me” from the drop-down menu.

Most of all, remember that Facebook and other social networking sites are social by nature, which means that they are designed to share information with others. The responsibility to protect your personal and private information doesn’t just fall on the social networks; it is also up to you.  Following these Facebook privacy tips can help you succeed in keeping your most personal information safe. 

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

“Clickjacking” and “Likejacking” – Be Aware!

, , ,

None of us wants to be part of a scam that allows links to be forwarded as if from a friend, invading their privacy and endangering their sensitive  information. It’s not always easy to avoid bad sites but by just being aware of the problem, you can become more adept. The following article is a summary of an original post By Rob Spiegel, E-Commerce Times.

In its on-going effort to mitigate spam activity, Facebook filed a lawsuit against a company that allegedly ran a “likejacking” operation. “We’re hopeful that this kind of pressure will deter large scale spammers and scammers,” said Facebook spokesperson Andrew Noyes. The state of Washington is also applying pressure, having mounted a similar lawsuit against the same company. Both suits were filed citing violation of the CAN-SPAM Act, which prohibits the sending of misleading electronic communications.  Facebook and Washington state filed federal lawsuits on Thursday against Adscend Media for “clickjacking,” a form of spamming that fools users into visiting advertising sites and divulging personal information.


“Likejacking” is similar; victims are tricked into using Facebook’s Like button to spread spam. Users believe links to spam sites are being sent to them by friends, and the advertiser collects money from clients for every user misdirected. A prominent example is the indictment in California of self-proclaimed “spam king” Sanford Wallace in August, Noyes said. “Two years ago, Facebook sued him, and a U.S. court ordered him to pay a (US)$711 million judgment. Now he faces serious jail time for this illegal conduct.” Facebook also secured a $360.5 million judgment against spammer Philip Porembski, said Noyes, which “followed an $873 million spam judgment in 2008 against Adam Guerbuez and Atlantis Blue Capital for sending sleazy messages to our users.” The Guerbuez judgment was the largest award ever under the CAN-SPAM Act, he noted.

Clickjacking is a programming technique that employs a seemingly innocent button to trick users into visiting sites unintentionally. Likejacking is a similar technique that utilizes Facebook’s Like button. The technique is also referred to as “UI redressing.” Clickjacking is “quite well understood,” Roger Kay, founder and principal of Endpoint Technologies, told the E-Commerce Times. “It is used by both legit and illegit programs.” Both clickjacking and likejacking are designed to trick users.

“When someone browsing clicks on a site, the site can execute arbitrary code in the browser,” said Kay. “It can set a cookie, say, for Amazon (Nasdaq: AMZN), or do more nefarious things, like inject malware designed to call other malware later.” Clickjacking has been prevalent for years, and likejacking has become similarly entrenched. Many users of Facebook have likely experienced it in the form of a product-related message that seemed to be from a friend. “The use of the technique is widespread,” said Kay. “Consumers need to use better judgment about which links they click on.”

Links can be forwarded as if from friends, and some come-ons are pitched just right to get around the user’s suspicions he noted.”If you’re the target of a spear phish, then the attack is tailored to you,” said Kay. “So, avoiding bad sites becomes a kind of ninja art everyone must learn.”

 

John Sileo is an award-winning author and international speaker on the dark art of deception (identity theft, data privacy, social media manipulation) and its polar opposite, the powerful use of trust, to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply performance by building a culture of deep trust. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his Keynote Presentation or watch him on Anderson Cooper60 Minutes or Fox Business1.800.258.8076.

7 Steps to Stem Facebook Privacy Bleeding

, , ,

Why You Should Share Facebook Privacy Settings with Friends

A true friend does more than just post updates about their conquests on your wall. They share information with you that makes your life better, even if it isn’t exactly what you want to hear. And you do the same for them. But are your friends unwittingly sharing too much information about you with others (strangers, advertisers, app developers, scammers)? Probably. For example, if they (or you) haven’t customized your privacy settings lately, you are giving Facebook permission to:

  • Publish your name, photo, birth date, hometown and friend list to everyone?
  • Indirectly share your restricted data with outsiders through your friends?
  • Let your friends check you in to embarrassing locations where you aren’t?
  • Post your Likes as advertisements on friends’ walls using your name?
  • Authorize Google to index, access and share your information on the web?

Taking simple steps will make a significant difference. Start with the 7 Facebook Privacy Settings below and ask your friends to do the same. It benefits their privacy and yours. The video to the left quickly walks you through how to get to each level of privacy setting. If the video is too small for you to see the pointer, simply click on the four arrows in the bottom right-hand corner of the video viewer (to the right of the YouTube logo) to view in full-screen mode. For better resolution, use the drop down menu to switch to 720 HD.

7 Facebook Privacy Settings to Share with Your Friends

  1. Hide Your Hometown, Friends & Interests from Strangers. You may want every last soul on Facebook to know who your friends are, but your friends might not appreciate being part of your popularity contest. And believe me, you don’t want outsiders knowing where you live, where you were born and what interests you. To block people other than your friends from seeing your these items, in the upper right hand corner of your home Facebook screen once you are logged in, click Account>>Privacy Settings. Then go to View Settings (under Connecting on Facebook). Set See your friend list, See your current city and hometown, See your education & work and See your likes, activities and other connections to Friends Only. You can even block everyone, including friends, from seeing these personal tidbits by clicking on the Everyone button, selecting Customize and choosing Only Me.
  2. Restrict (or alter) Your Personally Identifying Information (PII). Facebook PII includes your Birthday, Address, Email, IM Screen Name and Phone Numbers. With just your name, birthdate and hometown, a scammer can easily recreate your Social Security number, steal your identity, or rob your home while you’re on vacation. My recommendation is to leave these fields blank in the first place (where possible) or fill them with partial or inaccurate information (make up a birthdate that is close to yours but not exact. Please note this may be in violation of Facebook’s user policy.). Either way, you should also limit others from accessing your PII. Click on Account>>Privacy Settings and then Customize Settings (towards the bottom of the sharing grid – look for the tiny pencil). Each drop down box to the right allows you to Customize your setting for that item. Using the Customize option, set Birthday (under Things I share) and Address, IM Screen Name, Email, Phone Numbers (under Contact information) to Only Me. Consider setting Religious and political views and Interested in to Only Me or Friends Only as well. The primary way a social engineer (information con artist) exploits you is by understanding what interests you. 
  3. Stop Broadcasting Your Whereabouts in Places. Like the popular application Foursquare, Facebook Places allows you to check in to real-world locations and share your whereabouts with friends (so that burglars know exactly when to rob you). There are two relevant settings regarding Places. First of all, you should limit which users can see which places you can check in to. Click on Account>>Privacy Settings and then Customize Settings (see the first video for direction). Set Places you check in to (under Things I share) to Only Me (using the Customize feature) if you want to disable Places or to Friends Only if you want your friends to know your location. In a very strange default setting, Facebook allows your friends to check you in to places (e.g., a friend checks you in to a strip club while you are at the library). To turn this off, on the same screen, click on Edit Settings next to Friends can check me in to Places (under Things others share). In the drop down menu, choose Disabled and click Okay.
  4. Limit How Your Photos & Videos are Shared. If you allow everyone to see photos or videos in which you are tagged (the default), anyone can post a compromising photo of you (friend or otherwise) and then share it with the world by tagging you in the photo. This can lead to some very embarrassing situations (you’d never post the pictures taken at the bachelorette party, but the scorned bridesmaid just might). There are two settings you need to change to fix this. First, click on Account>>Privacy Settings and then Customize Settings (find the pencil). Click on Edit Settings next to Photos and videos you are tagged in (under Things others share). Change the drop down menu to Customize and change the setting to Only Me if you don’t want others to see your tagged photos or to Friends Only if you want your friends to see the tagged photos. Click Save Settings. Then, in respect for your friends, make sure you aren’t accidentally allowing their friends to see photos in which you tag them. To do this, go to Account>>Privacy Settings. Towards the bottom of the page (above the pencil) is a check box that says Let friends of people tagged in my photos and posts see them. Uncheck this box. 
  5. Restrict Google and Apps from Mining Your Identity. By default, Facebook allows search engines like Google and applications (apps) like Farmville access to certain personal information. After all, Facebook is in the business of inventorying your identity and then selling it to vendors and advertisers. To regulate how much is shared, click Account>>Privacy Settings and then Edit your settings (under Apps and Websites in the bottom left-hand corner). First, go to Public search and Edit Settings. Unclick the Enable public search check box to keep the search engines out of your profile. If you use your Facebook profile for business and want to be searchable, leave public search enabled. Next, go to Apps you use and click Edit Settings. Review and Edit every app that has access to your private information or delete the access entirely. Having all of your social networking profiles connected and using Facebook as a centralized login for convenience is a recipe for privacy disaster.
  6. Limit What’s Accessible Through Your Friends. No matter how tightly you lock your privacy down in Facebook, if you don’t restrict what strangers, vendors, advertisers and Friends of Friends can see through your friends, you have done very little to actually protect yourself. Here’s how to limit what your friends can share (knowingly or unknowingly). First, click Account>>Privacy Settings and then Edit your settings (under Apps and Websites in the bottom left-hand corner). Next to Info accessible through your friends, click Edit Settings. You will see an entire list of data that can be accessed through your friends Facebook page, EVEN IF THE SAME INFORMATION ISN’T ACCESSIBLE THROUGH YOUR PAGE (because you customized your privacy settings in steps 1-5). This is quite possibly the most devious aspect of Facebook. I only have two or three items checked here – those pieces of information that I wouldn’t mind seeing on the front cover of USA Today. That is how public these bits of data become if you allow your friends to share them. 
  7. Turn On Your Account Security Features. Facebook has several built-in security features (turned off by default) that make your social networking a safer virtual world. Click on Account>>Account Settings and then Security (left column). First, under Secure Browsing (https), check the box next to Browse Facebook on a secure connection (https) whenever possible. The gives you bank-like security when accessing your Facebook pages. Under Login Notifications: When an unrecognized computer or device tries to access my account, check the box next to Send me an email. That way, if someone gains unauthorized access to your Facebook account on a non-registered computer (your computers and phones will be registered), Facebook automatically locks the user out. If you don’t mind sharing your mobile phone number with Facebook (I don’t share my # with them), you can implement Facebook Addictiona third security feature. Under Login Approvals: When an unrecognized computer or device tries to access my account, check the box next to Require me to enter a security code sent to my phone.

If you just took these first 7 Steps to protect your Facebook privacy – congratulations – your profile and data are more secure than 99% of the Facebook population. Now it’s your turn to be a good friend – pass this on to someone you care about, and ask them to spend a few minutes protecting themselves. It’s a win-win for everyone.

John Sileo is the award-winning author of Privacy Means Profit and a keynote speaker on social media privacy, identity theft prevention and manipulation jujitsu. His clients include the Department of Defense, Blue Cross, Pfizer and Homeland Security. Learn more at www.ThinkLikeASpy.com or contact him directly on 800.258.8076.

Facebook Apps Leaking Your Information

A report was recently published claiming that nearly 100,000 Facebook apps have been leaking  access codes belonging to millions of users’ profiles. Symantec released the report and said that an app security flaw may have given apps and other third parties access to users’  profiles. Facebook maintains that they have no evidence of this occurring.

In their report, Symantec wrote:

We estimate that as of April 2011, close to 100,000 applications were enabling this leakage. We estimate that over the years, hundreds of thousands of applications may have inadvertently leaked millions of access tokens to third parties.

These “access tokens” help apps interact with your profile.They are most often used to post updates from the application to your wall. When you add the applications to your profile you, as the Facebook user, is giving the apps access to your information by accepting their conditions.  According to the investigation, these tokens were included in URLs sent to the application host and were then sent to advertisers and analytics platforms. If the recipient recognized the codes (meaning they have to be qualified to read and write HTML code), they could gain access to the user’s wall’s and profile.

It was announced on Tuesday that the flaw has been fixed by Facebook, but I still recommend that you change your password. And don’t just change it every time Facebook experiences a breach, but every few months. By keeping all of your passwords current and original, you are decreasing the chances that you will be hacked and that your accounts (financial, social, and otherwise) will be compromised.

John Sileo is one of America’s leading Social Networking Security Speakers. You can learn more about Facebook Safety and how to protect yourself online here. His clients include the Department of Defense, Pfizer and the FDIC. To learn more about having him speak at your next meeting or conference, contact him by email or on 800.258.8076.

Facebook Nigerian Scam Costs Victim $300,000+

,

At this point, we are all pretty used to the classic Nigerian Scam. Someone who is recently wealthy needs your help to gain access to the funds. They will let you keep $1 million if you will simply send them your bank account number so he can transfer $30 million to you. Its a dream come true to most!

What happens when that same scam is used on Facebook by one of your friends, by someone you trust? The results can be disastrous. One woman was scammed out of $366,000 because she felt sorry for the scammer’s sob story. The woman contacted the local authorities after realizing she had been conned by her Facebook “friend”. Police arrested six male suspects in Kepong, all allegedly connected to the Facebook scam: two Nigerians, two Bangladeshis, and two Malaysians. Investigators only managed to recover $5,000 in cash of the victim’s money, although they also seized 18 ATM cards, seven cell phones, and a laptop.

At least in this case the men were apprehended. In most scams of this nature there is no chance of finding the scammers and the money is long gone. Even when one of your Facebook friends asks you for something (money, help, information), your first reaction should be healthy skepticism. Verify that what they are saying is true (call them before sending money). Often times, a thief will take over a friend’s account or create a false account in order to gain your trust and eventually, your money.

John Sileo trains organizations on how to keep employees from falling for fraud based on data they have posted on Facebook. His clients include the Department of Defense, Pfizer, Homeland Security, FDIC, FTC, Federal Reserve Bank, Blue Cross Blue Shield and hundreds of corporations and organizations of all sizes. Learn more about his high-content financial speeches.

Facebook Can Use Your Photos in Their Ads Without Permission

, ,

Did you know that Facebook can use photos you post on the site in advertisements targeted on the right (advertising) side of your contact’s profile?

Unless you customize your privacy settings, Facebook can share just about anything you post with just about everyone. Using your intellectual property for their financial gain is not a new Facebook issue, but one that should be revisited due to recent Facebook Privacy changes. Here’s the funny part: you gave Facebook the right to use any of your content in any way they see fit when you signed up for your account and didn’t read the user agreement. If you visit the Facebook Statement of Rights page you will see the following:

You own all of the content and information you post on Facebook, and you can control how it is shared through your privacy and application settings. In addition:

  1. For content that is covered by intellectual property rights, like photos and videos (“IP content”), you specifically give us the following permission, subject to your privacy and application settings: you grant us a non-exclusive, transferable, sub-licensable, royalty-free, worldwide license to use any IP content that you post on or in connection with Facebook (“IP License”). This IP License ends when you delete your IP content or your account unless your content has been shared with others, and they have not deleted it.
  2. When you delete IP content, it is deleted in a manner similar to emptying the recycle bin on a computer. However, you understand that removed content may persist in backup copies for a reasonable period of time (but will not be available to others).
  3. When you use an application, your content and information is shared with the application.  We require applications to respect your privacy, and your agreement with that application will control how the application can use, store, and transfer that content and information.  (To learn more about Platform, read our Privacy Policy and Platform Page.)
  4. When you publish content or information using the “everyone” setting, it means that you are allowing everyone, including people off of Facebook, to access and use that information, and to associate it with you (i.e., your name and profile picture).
  5. We always appreciate your feedback or other suggestions about Facebook, but you understand that we may use them without any obligation to compensate you for them (just as you have no obligation to offer them).

Make sure you customize your privacy settings so that you are sharing your data at a level comfortable to you. One place you may not realize you need to check is Facebook Ads. When you visit your Account Settings page the last tab on the right is Facebook Ads. By clicking on it you can adjust your settings  — after you read their pop up on not selling your information. Where is says “Allow ads on platform pages to show my information to” and “Show my social actions in Facebook Ads to” Check No One. This gives you just a bit more control over what Facebook can share about you and your profile.

As it states above,  information you delete from your Facebook may not be permanently deleted. Just know that once something hits the internet it is there for good. Posts, pictures, videos and comments on social networking site are public, permanent and exploitable.

Facebook Safety: New HTTPS Facebook Settings

, ,

Facebook has announced that they will be rolling out a new security feature that will add full HTTPS support to the site. The new secure site uses the same underlying technology that banks use to keep your communications out of the reach of potential hackers. While many people don’t have this feature yet and mine just showed up today, eventually all users should have the capability.

To enable HTTPS, log into your Facebook account and at the top right go into Account -> Account Settings.

Once there, scroll all the way to the bottom and click “change” next to Account Security.

The following screen should pop up. Check the box under Secure Browsing. You can also check “send me an email” (or a text message to your cell phone, which I don’t advise giving to Facebook) so that if someone tries to log into your account from a new computer, Facebook will immediately alert you. This is a good way to find out fast if your account has been hacked.

How to Keep Your Facebook Secure by Enabling HTTPS

Facebook rolled out these secure settings to make Facebook seem safer, but like many of their security changes, they are turned off by default. You must go in and manually change the feature to gain the added security.

But HTTPS isn’t a cure-all for Facebook Safety. The real trouble arrives when you click on an App or quiz  that contains malware. Since you are giving permission for the App to install, you have just let the enemy in the back door. Stay away from Apps, Quizzes and Questionnaires from unknown sources. The malware allows a hacker to transport you off of the secure HTTPS site and onto a page where they can hack into your account. The higher your Privacy Settings are, the safer you are.

Two New Facebook Scams:

  1. An email is sent to users saying that their Facebook account is being used to send spam, and that their password has been changed. They are told to open the attachment to find their new password. The attachment includes a Microsoft Word icon and even opens Word when you click to make you think its legitimate. In addition, the attachment opens all of the computer system’s communication ports and connects to mail services in an attempt to send spam.
  2. Users are sent an instant message that contains a link, that when clicked, takes over the person’s Facebook account and locks them out. A message is displayed when they try to log in saying that their account has been suspended. In order to reactivate the account, they must complete a questionnaire (it even promises prizes for doing so).

Even  with the latest security changes in Facebook, users will always be the targets for spam, viruses and malware. Pass this onto friends and family so that everyone can be a little bit safer while online.

Click Here to learn more about protecting yourself online and on Facebook.

John Sileo is an information survival expert whose clients include the Department of Defense, Pfizer, Homeland Security, FDIC, FTC, Federal Reserve Bank, Blue Cross Blue Shield and hundreds of corporations and organizations of all sizes. He is the author of Privacy Means Profit and earns his keep delivering highly motivational identity theft speeches.

Identity Theft of Social Security Numbers Using Facebook

, , ,

This recent video from Yahoo shows how easy it is for identity thieves to steal Social Security numbers just by using the information you share online. If you share your birthdate, name, and hometown in your Facebook profile, you are already at risk.

Click Here to learn more about protecting yourself online and on Facebook.

John Sileo is an information survival expert whose clients include the Department of Defense, Pfizer, Homeland Security, FDIC, FTC, Federal Reserve Bank, Blue Cross Blue Shield and hundreds of corporations and organizations of all sizes. He is the author of Privacy Means Profit and earns his keep delivering highly motivational identity theft speeches.