As Facebook’s founder and CEO, Mark Zuckerberg, testifies before congress about various security issues on the social media platform, questions are being raised about online security. Along with the news of the Cambridge Analytica controversy, the knowledge that multi-billion dollar companies take our private data and either fail to protect it or outright sell it for profit makes users wonder, what can they do as an individual to protect themselves and their privacy? There are countless articles with different tips on how to protect yourself online. This article will serve as a brief overview of the how (and why) of social media protection, and five steps you can take immediately.
The simplest (if unrealistic) solution is total abstinence, because no one can steal or harvest data that was never posted. However, in 2018, this is becoming increasingly unlikely to be a workable solution, seeing as how connected our modern world is, to the point where some companies want your social media participation as a marketing tool. So, unless you’re able to completely “unplug,” you need to be protecting yourself and your data.
Step one: Be okay with inconvenience. We constantly give up our privacy in the name of convenience. It’s super convenient to connect Facebook Messenger to our texting app to have all our communications in one place, but surprise, if you’re an Android user, Facebook used a security loophole in Android’s software to collect all of your call and text data. Be wary when apps offer ease of accessibility by allowing “permissions” or by “linking” accounts. Often, we take these steps because it can save us a step or help us log in quickly, but we’re sacrificing the compartmentalization of our separate accounts and creating a Frankenstein monster of our private data that any part involved is able to see the whole (and that’s not even thinking about data breaches of companies with our data). Here’s a handing guide for handling app permissions from Popular Science.
Also, make unique and complex passwords for each separate account (and change them often). It’s so easy to have the same password for ten accounts, because who can remember all those different passwords? Putting up with a little inconvenience of having multiple complicated passwords can greatly protect our privacy. If your bank has a breach and your password is stolen, and it’s the same email/password combination that logs into your Facebook and email and even your “patient portal” for your medical center, you can unwittingly give out terrifying amounts of info with a single breach. When those companies make you change your password because of a possible breach, we often don’t make the connection that we need to change the login for other accounts we have using the same credentials.
Step Two: Delete anything and everything you don’t won’t everyone to see. This seems like common sense, but the recent axiom of “once it’s on the internet, it’s there forever” is coming back to haunt people as companies check applicant’s social media accounts, or politicians have to explain posts. So, maybe it’s not the worst idea to go back and delete past posts that you may not want the world to see. Although there’s no guarantee someone hasn’t archived it already, deleting it may help avoid problems in the future, and of course, think before you post from now on. Does the world really need to hear you call your boss most of the four-letter words?
There’s also a second part to this step, and that is to delete old accounts. Too often, we start an account on a social media platform or blog, post content, and abandon it. Maybe we didn’t have time to keep up with our angry political blog, or we got a new phone and just never put Instagram on it. No matter the why, the fact is that all of that content and data is out there. Go back and delete those blog posts, delete your unused Instagram account. It’s easy to keep in mind what your active Twitter or Facebook posts are, but those accounts you never use anymore? Who knows what future tragedy is waiting for you in the depths of your own past internet use.
Step Three: Turn off geotagging (geocaching/geotracking). This is something people notice (“How did Google know I’m in Dunkin’s Donuts?”) but rarely look into. The bottom line is, those crazy long terms and conditions none of us read (yet still agree to) give a terrifying amount of power to these companies. One of the legal permissions we give is the ability to use our device’s GPS technology to track our every movement. This can be useful, as we can program in our home address and work address and get quick directions without having to type in the physical address each time, and can even be used for things like finding your car in a parking lot. However, there is a dark side. Companies are using geo-tracking as a marketing tool, or in the case of Apple and Google, keeping records of where you go at all times. Turning it off for various apps can greatly improve your personal privacy in unexpectant ways (not to mention extend your battery life). For instance, did you know every picture you post on social media has the latitude/longitude coordinates of where the picture was taken? So, that picture of your meal you posted also gives the world your exact current location. Yikes.
Step Four: Limit your connections and interactions. Too often, people have 1,000 Facebook “friends,” or try to collect Twitter followers (“I’ve got 25,000 followers!”). The thing is, when you post something, every single one of those people have access. Whether it’s a picture showing a little more skin than usual or an angry post about your girlfriend making you mad, you are broadcasting your personal life to multitudes of people, mostly strangers. An easy fix for this is to greatly limit your connections and interactions. Don’t add co-workers, because they can see when you post about faking being sick to get out of work. Don’t add your extended family, who just post racist memes and spy on your friend’s pictures leaving creepy comments. Don’t add someone just because you took a class in high school with them eleven years ago. Social media can be controlled in this way, to only share with those you actually know (privacy settings help keep the posts from being shared outside of your approved audiences).
This can get complicated when you’re in a position of using social media to market yourself or your goods. For instance, if you’re a small business owner or an artist, protecting your privacy becomes a very difficult process when you’re simultaneously trying to purposely get more followers, more connections, more patrons on Patreon. Some people keep separate accounts, one for personal use (friends and family) and another for their business/art. When having these kind of public marketing accounts, it’s important to stay focused on what you’re putting out there, because there is no way of knowing who is looking (especially since the idea is to get as many eyeballs to see your content as possible). Yes, you have genuine fans and supporters, but there’s also Russian bot accounts and creepers and trolls galore peeping at all of your posts.
Step Five: Think of your social media as a whole, not as separate entities. When I was younger, I really loved a certain animated comedy show on TV. There was a very dedicated fan base that ran a forum (messaging board) for fans to talk about not only the show, but all aspects of life, whether personal, political, or completely unimportant banter. I was always very careful about what I posted, not wanting to give away any kind of real personal info. I went by a username, never giving my real name. I gave my state (Texas), but never my city. I gave my age and gender, but that was it. One day, in talking to someone on the site, he mentioned there was a cool thing happening in my city, which I had never said. I panicked and asked how he knew where I was located. I had told him my state, and in a completely different interaction mentioned how long a drive took to get to a certain beach. Knowing the area (or being able to google it), he was able to quickly deduce which city I lived in. He also found my Facebook account, because I once posted a link to a fundraiser I was involved with, which had my name attached. He knew my name and city, and then was able to find my social media. Luckily, he was not a bad person, and never used this information for nefarious purposes, but the incident opened my eyes to how seemingly unconnected posts over a long period of time can be connected by a person seeing them.
We tend to think about our Facebook and our Twitter and our Snapchat and our Instagram (etc.) as separate entities, separate venues for our various postings, but if someone has access (“follows”) you on multiple platforms, you can give away a staggering amount of information. The picture of your cat being a dork you shared on Facebook gave the coordinates to your home, your Instagram accounts shows you’re on vacation in Hawaii, and your funny tweet about never remembering if you locked the back door when you left for vacation all add up to a neatly wrapped gift for someone who wants to steal that brand new TV you showed off on Snapchat last month.
What all these steps boil down are two main points: First, be aware of what you’re posting, where it’s posted, and who is seeing it. Second, educate yourself on the complexities of the permissions and terms and conditions we so freely give to massive companies. It’s often quoted that “If you’re not paying for it, you are the product.” Keep that in mind and protect yourself, so we can hopefully feel completely safe posting Spongebob memes to our hearts’ content.