Almost everyone seems to be a member of Facebook, the most popular social site. However most of us do not care too much about the security aspect, because either we are shy to learn or just don't bother about the security aspects of the web.
| Name: Full / alternate name | Be careful | People often use this information to be found by their maiden name or nickname, making them easier to find. Keep in mind some sites use your maiden name (if applicable) as a security question for account access, so weigh this possibility before disclosing. | ||
| Username | Be careful | Don't use a nickname that will link you to other accounts you might wish to keep private; . Be sure it is different from your bank login username, for example. | ||
| Linked accounts | Be careful | Linked accounts include Google, MySpace and OpenID—use with caution to avoid overexposure. |
Basic Directory Information
Keep in mind that with the changes rolled out by Facebook in December 2009, certain information about you is now "Publicly Available Information" (PAI), meaning this information is public to any visitor to your profile. Facebook makes everyone disclose:- Full name
- Profile picture
- Gender
- Networks
From late 2009 to early 2010, Facebook had made pages (things you "like") and friend lists part of their "publicly available information;" however, as of May 2010, Facebook changed this and now allows you to make this information private once again. remember keep your personal details safe and do not make it public.
Privacy Settings: Basic Directory Information
Option | Recommended | Why? |
Search for me on Facebook | Be careful | The extremely paranoid may choose to set this option to "Friends only," though this setting makes search effectively useless. "Friends of Friends" or "Friends and Networks" are slightly more useful. |
Send me friend requests | "Friends of Friends" | As soon as you accept a friend request, your new friend has access to a wealth of information about you that they could potentially exploit. Make sure the people you add as friends are trustworthy and that you can verify their identity. |
Send me a message | "Only Friends" | Accepting a message from someone you do not know or trust leaves users vulnerable to socially engineered scams as well as basic phishing. Don't leave yourself open to this kind of attack. Disable messages from people you don't already know. |
See my friend list | "Only Friends" | Knowing who your friends are could really help out an identity theft, so we suggest making this friends-only at a minimum. Keep in mind that it's not just your own security you need to keep in mind—if a friend's account is compromised, a cybercriminal accessing their account can see your friend list. If this is a concern, set your friend list visibility to "Only Me." |
See my education and work | "Only Friends" (at most) | It may seem innocuous to call out your alma mater or where you grew up, but disclosing education and work information can be very valuable to someone trying to socially engineer a manipulative attack against you. |
See my current city and hometown | "Only Me"—though it's best to not enter this information at all | |
See my interests and other Pages | "Only Friends" (at most) | These are pages that you "like" or fill-in content areas where most people add personality to their profiles; however, they are rife with opportunity to disclose valuable personal information that can assist identity thieves. Additionally, many of these pages can be of a religious, political or personal nature that you might not want to disclose universally. If you are not comfortable with a potential future employer knowing this information, you should keep this information locked down to a friend level or even set to "Only Me." Be careful about what you reveal here. |
Sharing on Facebook — Customize Settings
Facebook presents a number of pre-set options to click for privacy settings: Everyone, Friends of Friends, Friends Only, Recommended and Custom. We do not recommend using Facebook's Recommended setting, which presents a large amount of sensitive information as public. Instead, choose the Custom option and click the "Customize settings" option in the menu.Once in the Customize Settings menu, in many cases the option to not show information to anyone—to select "Only Me," in other words—is not plainly visible. To make something visible to "Only Me," you have to select "Customize" from the drop-down menu and then choose "Only Me" from the pop-up window that appears.
Things I Share
Option | Recommended | Why? |
Posts by me (default setting) | "Only Friends" | Personal information can be published on your wall by yourself and others, therefore it is unwise for it to be viewable by the wider Facebook community. For this reason, you should not allow networks to view your wall. Posts you make to your wall can now vary in security on a post-by-post basis (see the "Status updates and posted items" section), but we recommend you set the default option to "Only Friends." |
Family | "Friends Only" | With information you choose to disclose on Facebook, even if you lock down your profile to entirely Friends Only, you have to remember that there's always a chance that one of your friends may have their account compromised. Information about your family, relationships and interests are rich targets for someone socially engineering an attack against you. |
Relationships | ||
Interested in and looking for | ||
Bio and favorite quotations | ||
Website | "Only Friends" (at most) | Publishing your personal website address is less of a privacy risk than revealing other contact information, providing other private information is not listed on the personal website itself. |
Religious and political views | "Only Friends" | This information may be sensitive, depending on what you have posted. Unless you want a potential employer knowing this information, be careful what you post and who you allow to see it. |
Birthday | "Only Me"—though it's best to not enter this information at all | As this is key information in identifying you, not only should you not show your birthday, you should not enter your birth date information into Facebook at all. Should your account be compromised—or worse, should there be a Facebook data breach—you do not want this information falling into the wrong hands. |
Edit album privacy for existing photos | "Friends only" for all albums | Your privacy settings for "Photos and videos I'm tagged in" and your photo albums are not linked, meaning you need to set your album privacy separately from your general photo settings. Just as with your photo and video tags, don't share your albums with anyone outside of your friends. |
Things others share
Option | Recommended | Why? |
Photos and Videos of Me | "Only Friends" (at most) | Photos, videos, posts and comments should only be shared with friends, not with wider networks on Facebook. If pictures or posts may be posted that you think may be embarrassing to you in the future, then tag this option to say only you can view them and ask yourself what can be done to prevent such material being uploaded onto the internet in future. If you are not comfortable with material appearing on your resume or job application, don't post it online. If a friend's account is compromised and you have Wall postings enabled to friends, this leaves you open for a potential phishing attack. Most people enjoy the interactivity that friend Wall posts provide, but always be wary of any links friends may post to your wall (especially if the message doesn't sound like something they'd normally write). |
Can comment on posts (Includes status updates, friends' Wall posts, and photos) | ||
Friends can post on my Wall | ||
Can see Wall posts by friends |
Contact information
Option | Recommended | Why? |
Mobile phone | "Only Me" | Users completing their profile on Facebook should ask themselves whether it is appropriate or necessary to tell other Facebook users their contact details. Facebook allows users to opt-out of entering this personal information, and as Facebook allows friends to contact each other via Facebook it's not necessary to know someone's real address or phone number. If they really are a friend they should know where you live and what your phone number is! And if a friend really can't remember they can always contact you via Facebook and ask you. It's then up to the user to decide whether they feel comfortable sharing that information, and if their friend has a valid reason for asking. Remember: It is not necessary to post your email address on Facebook as you can send a message to friends with the Facebook system itself. |
Other phone | ||
Address | ||
IM screen name | ||
Email address(es) |
Applications and Websites settings
Facebook provides users with powerful controls to protect themselves online, but it's up to individuals to check and ensure that appropriate settings are in place. Facebook makes a point of saying on their guide to privacy that they "do not give—and have never given—anyone's data or personally identifiable information to advertisers."Facebook does, however, allow third-party applications to access information that you make public. And any information you share through with friends can be shared to applications as well—should you choose to allow it. As noted below, we recommend that you do not.
Privacy Settings: Applications, Games and Websites
Option | Recommended | Why? |
What you're using | Check and remove any applications you're no longer using and/or are unfamiliar with | Facebook now gives users an easy way to remove applications from their profile, and remember that applications can be anything from games to quizzes to website giveaways. You'd be surprised how quickly the list of applications you're using can grow! Remove any that don't look familiar to you or that you're no longer using. Any application you use has access to your information and provides a potential avenue for your information to be leaked or stolen. Reduce this risk by reducing the number of applications you use. |
Game and application activity | "Friends Only" at a minimum, consider making a custom group | This option is more of an etiquette issue than anything else. If you have a group of friends that you play games with, consider creating a custom group just for them so only they can see your game-related posts and requests. |
Info accessible through your friends | Uncheck everything | Checking any option on this list allows an application that a friend uses—one that you might not even use—to access that information about you. In general, the less you have under your control, the more vulnerable your information. |
Instant personalization | Make sure it is unchecked | This is an opt-in option to have Facebook partner websites (like Yelp, Pandora and Microsoft Docs) pull your Facebook information and enable greater customization and sharing options. Though these sites are 'trusted partners' of Facebook, they add a layer of risk to your information. Double-check this page and ensure that instant personalization is not checked. |
Public search | Make sure it is unchecked | It is recommended that you disable this option. If it is enabled then it allows search engines to index your information in addition to letting people find you on Facebook using an external search engine. There is no benefit to this, as you will only be linking up with people who are on Facebook. And remember, once your profile has been indexed by a search engine, you lose control over that information and over how long it can be seen. |
Status updates and posted items
Facebook now allows you to vary the privacy of what you post to your profile, item-by-item. This added flexibility means you can even restrict visibility of what you post to specific sub-groups of friends.The default security option for anything you post to your wall—status updates, wall photos, videos, or shared links for example—is set in your Profile Information privacy page under "Posts by me." If you choose to change the setting of a posted item, all you need to do is click the lock icon and select the new security option you'd like to use.
Note that Facebook will notify you that your selection is different from your default option—but only the first time. After that point, be careful that the items you post to your profile are only visible to the right people!
Facebook Chat
Only confirmed friends should be able to contact you through Facebook Chat; however, we recommend staying offline from Chat unless there is a legitimate reason why someone would need to know you are online.Be advised that are several examples of scams run through Facebook Chat—a seemingly innocuous message from a friend in trouble could be a hacker who compromised your friend's account in hopes of exploiting it for large sums of cash.
0 comments:
Post a Comment