December 31, 2008

Facebook and Security issues – 8 Golden Rules

All social network platforms have by nature the embedded risk of getting your personal data stolen or misused. Copy & Paste is just too easy not to speak about digital “methods” for an automatic sniffling of personal data. It is a personal decision if one wants to post his data or not – I personally prefer seeing my posted data on the net rather than finding any surprises on Google posted by anyone else or related to an individual with the same name.

I believe however that it should be a human right that everyone has full control over his data and knows exactly who has the right to get legal access to them, including Facebook.

One of the major reasons of Facebook‘s success story is the wealth of applications users can easily add to their profile pages: Quizzes, little games, IQ tests, polls, etc. – there are thousands of these gadgets available. And once you have added an application, your friends are encouraged to add it too. Most of today’s users (at least 90% of my friends/contacts) do not avoid spamming and they send out a recommendation for every application they install. Facebook growth is currently around 100,000 users a week (!) and almost every one of them (including myself) has installed one of these applications.

I spent some time yesterday to have a look at the programming interface for Facebook. It’s not true that anyone with a basic understanding of web programming can write an application, but I have to admit that it is not too complicated. I was quite surprised to see that the self programmed applications have to run on your own server and not on the Facebook platform. Even though this is a quite modern approach with the benefit of an excellent workload balancing, it has the clear risk that data are leaving the Facebook platform and can easily be stored outside Facebook without the enduser really realizing this fact. I know that Facebook themselves teach their users to analyze very carefully which application to install, but let’s be honest, how many (especially non technically interested) users are influenced by these footnotes and hints?

The issue and the danger of this gadget applications are that you cannot know what they are doing in the background: whatever they might look like, in the background, they can collect personal data and most important those of your friends, storing them in an own database on an own server or sending them out by e-mailing them to a different server.

Everyone using social media should be aware of Facebook and Security issues and challenges.

When people add an application, unless they say otherwise (and again I bet that more than 99.9% of the users won’t decline), it is given access to most of the information in their profile. That includes information you have on your friends even if they think they have tight security settings.

Did you know that you were responsible for other people’s security?

I am not a guru programmer but I am developing programs as a hobby and even though I do not know about any application misusing data it seems easy — very easy — for an average developer to do so. Because the applications run on third-party servers, not run by Facebook – it is difficult for the company to check what is going on, whether anything has changed, and how long applications store data for and what they do with it. Facebook’s terms and conditions contain a warning that this could in theory happen, and offer the option to stop an application from accessing your details, many games and quizzes would not work if this option is engaged.

The only way we can see of completely protecting yourself from applications skimming information about you and your friends is to erase all the applications on your profile and opt not to use any applications in the future. If Facebook is right that they have efficient mechanisms in place to check for unusual behavior of an application, an insecure application can spread like a computer virus and it might be too late waiting for a detection by Facebook.

  1. Do not subscribe to social networks! 😉
  2. Assume that the personal information and photos you display will publicly be available and not just available to specific friends. Make your choice what to post based on this Golden Rule.
  3. Strong Passwords, always! – It may seem obvious but make sure you use a strong password for your account. Also, I suggest using a separate password for fast growing platforms like Facebook. The people who want to offend you are using successful platforms.
  4. Secure your birth date – Birth dates are often required to validate your identity. Under Profile, you can choose not to display your birthday – you should at least not post your year of birth.
  5. Privacy Profile Settings – I suggest setting the Profile Privacy > Basic to “only me” for items: Education Info, Work Info and Profile Privacy > Contact Information to “no one” for items: Mobile Phone, Land Phone, Current Address, Email. You may want to display your website address for advertising, but be than aware what further information you have already published on that platform.
  6. Privacy Application Settings
    Each Facebook application has similar settings to those of the Privacy settings. New applications are being added every day. Its difficult to define a set policy. However, I suggest you remove any unwanted applications and/or limit their settings as required. It might be very useful in future to have spend this extra time on carefully reviewing the rights you give to an application.
  7. Privacy Search Settings – Depending on your use of Facebook, you may not want to be publicly visible or you may want to limit what information is available to all users (i.e., your picture, friend list etc.). We recommend changing the search settings from “everyone” to “friends of friends”. You may also want not(!) to tick “view your friends list“.
  8. Privacy News Feed and Mini-Feed Settings
    Control which stories about you get published to your profile and to your friends.

Jeannot Muller

Entrepreneur, developer, author.

Click Here to Leave a Comment Below

Leave a Reply: