Social Media

“Social Media” refers to websites and applications that provide a platform for users to share content and network in a virtual environment. For many people, these platforms have become ingrained in our daily lives. We gather in the virtual world to organize, discuss, share and entertain. Some may criticize these methods for preempting the need for face-to-face interpersonal discourse, but one thing is for sure; these methods and platforms are a pervasive part of modern culture.

No matter what the social implications, if we are going to use these tools, we should all know how to use them safely. 

Sharing is a double-edged sword. The benefit is that gives our friends and family a window into our lives. The cost is that it potentially allows strangers the same view. Are you willing to share your political views with potential employers?  How about your family vacation plans with potential home intruders?

Do not overshare

You may believe you are only sharing inside your trusted circle. Do you know who THOSE people are sharing with?  Tweets can be retweeted. Facebook posts can be shared, all possibly without your knowledge and certainly without your permission. Do not post anything you wouldn’t say in public, or wish to be repeated and magnified, indefinitely.  Always assume all social media will eventually become public information

Update privacy settings

Identity thieves regularly access your social media accounts to gain clues about your personal life that will help them gain access to more lucrative parts of your life, like your banking accounts. 

Below are some links for the privacy controls of popular social media platforms that will assist you in tailoring your privacy profile settings. We recommend that you only allow as much access as you are comfortable with and no more.

  • Facebook
  • Twitter
  • Instagram
  • LinkedIn
  • Snapchat
  • Other: Many social media platforms exist, and new ones become available frequently. Each should have a privacy center with instructions on how to restrict access to your shared content.

A word of caution, social media platforms often change privacy policies and settings without warning. While it is important to remain aware of these policies, you should always assume that you have forfeited your expectation of privacy with anything you share on a social media.  We recommend checking your account settings a few times a year to verify your settings are correct and take advantage of any additional sharing options that may have been recently added.

Review permissions, terms and conditions

Although consumers rarely take this step due to the large amount of verbiage in these clauses, it is an important piece to protecting your privacy. Learn more about privacy policies.

Social media permissions are what enable social media applications to integrate with other applications and devices.

Social media is ubiquitous. You often share a lot of personal information when interacting on social media. In addition, social media platforms are usually interconnected. Twitter, Facebook, Instagram, etc., all integrations with one another. If you combine these elements, you get a recipe for disaster: a user may have a lot of personal information available to the public in a lot of different places. Social media applications may access publicly available information (such as name, profile picture, cover photo, gender, networks, username and user ID). They may also be accessing data from the device itself and the network it is attached to such as:

  • Contact list/Call logs
  • GPS/Geolocation
  • IP address
  • Device type/ID
  • Carrier Information
  • Search History

Using this information, they can:

  • Begin to build a profile on a user and discern within a reasonable doubt where a person works, where they live, who their friends are, etc. Using this information.
  • Issue targeted-marketing campaigns based on demographic information gathered from social media.
  • Affect your life through social engineering, perhaps by stealing your identity or even worse.
  • Share information automatically across different applications and networks.

Another reason to be aware of Social Media Permissions is the fact that once information is exposed, it will be there forever. Divulging information to a party that was not intended to receive it is called oversharing. These instances can be tragic, hilarious, or both (if you aren’t the one who was oversharing!)

Example of a facebook post from a mom that shares embaressing information about her baby
Someday, Sarah will have to find a job (perhaps in public sanitation).

It is a fair assumption that everything posted on the internet will be around “forever.” Using the internet’s wayback machine (and similar tools), the public can see past versions of webpages. This means that even after something has been taken down (perhaps an embarrassing incident of oversharing), you should assume that the information, post or photo will remain online in some form or another. 

Therefore, being aware of and appropriately managing Social Media Permissions will help a user maintain their privacy and security.

Facebook is the perfect example of why managing social media permissions is important. Below (Figure 1) is a chart of which permissions are used by Facebook and the justification for each.

Android permissions (what you'll see on your Android

Examples of what [Facebook] use this permission for

Read your text messages (SMS or MMS)

If you add a phone number to your account, this allows [Facebook] to confirm your phone number automatically by finding the confirmation code that we send via text message.

Download files without notification

This allows [Facebook] to improve the app experience by pre-loading News Feed content.

Read/write your contacts

These permissions allow you to import your phone's contacts to Facebook and sync your Facebook contacts to your phone.

Add or modify calendar events and send email to guests without owners' knowledge

This allows you to see your Facebook events in your phone's calendar.

Read calendar events plus confidential information

This allows the app to show your calendar availability (based on your phone's calendar) when you're viewing an event on Facebook.

 

Stop and think about it: Is it possible that Facebook isn’t telling us everything? YES! This is not an exhaustive list, merely “Examples of what we [Facebook] use this permission for.”  It doesn’t take much imagination to see how giving permissions such as “Read calendar events plus confidential information” and “Download files without notification” can be used for nefarious purposes. Even assuming that Facebook did have users’ best interest in mind, do you want an app to have this much control and access on your phone or computer? This opens up vulnerabilities for cybercriminals to access all of these built-in “features.” 

The most important thing you can do to protect yourself is to limit app permissions. Applications should be configured to give them the lowest possible level access. Be aware of what the “default” settings and how to change them. 

Be aware of Social Media App Integrations

Have you ever had that friend who obsessed about a social media game called “BarnTown” and kept wanting you to login so that he could get 10 free sheep?! Hopefully not, because “Barntown” is a name that was made-up for this example (to protect the guilty). If you enable BarnTown, it is also able to read contact lists, messages, logs and view/change pictures from the user’s social media page. The developer then “farms” out the data to advertising companies, making a pretty penny!

Third party developers may create their own apps based on popular social media platforms. When users connect third party apps to their social media accounts, users are essentially granting those third parties access to their accounts. Those third party apps are now free to read messages, friend lists, activity, view pictures, etc. 

Third party applications don’t have the same privacy policy, user agreements, and security practices as the social media platform that they are built on. Secondly, the third party developers may have different values and ethics than the social media companies and might actively try to undermine your privacy. Therefore, the third party integration may have a lower level of application security than the social media app itself. 

Example of app integration settings page on Facebook
Example of Facebook integrations

 

It is a good idea to only allow third party integrations from sources that you use and trust. If you don’t use a third party app or game that ties into your social media, delete it!

If you are unsure of a company or app, it would probably be a good idea to do some research before allowing it to access all of the information on your social media account. Better yet, if there is any doubt, don’t install it!