Wednesday, January 19, 2011

Privacy and Facebook

facebooklogo

I am sure many of us use Facebook almost daily. We use it to upload pictures, update people on our activities, find new ‘friends’ etc. But of course there is always the risk of our information falling into the wrong hands. Hence we have privacy.

But, the question is how good is the privacy on Facebook. Take a look at this article here. The supervisor of the guy who got fired saw these pictures via his colleagues. Let us take a deeper look into to the current Facebook privacy options page.

account

Currently we can receive a notification if someone accesses our Facebook account. However to do so we have to first provide a hand phone number or email.

anotherdefault

In this picture we see the default settings on Facebook when you first create the account. As you can see, all of the features are set so that everyone can see your information, even sensitive ones like your current city/town, friends list and even all your activities. Do we really want everybody to see all our information right away?

And yet if we want to fully utilize Facebook such as using applications etc., we always have to agree to give away some of out personal information although it may not be necessary for the application itself.

Allowation

farmville

These are typical applications on Facebook and in order to use them you MUST provide your information as they have listed. However when you use the applications itself, this information is rarely used and hence the company may be able to collect them to use for other purposes. Many of these ‘collection of information’ leads to spam, excessive advertisements and the like reaching our emails and phones.

The issue with privacy that often arises in Facebook is mainly due to the fact that hardly anyone actually reads the privacy policy. Here is an excerpt from the terms and conditions with regards to using Facebook.

lol

Although it is ideal that we do not want our personal information to be leaked to anybody, the first term in the Registration and Account Security state that “You will not provide any false information on Facebook…”. This means that when creating an account your are FORCED to put your personal information right away. An example of this would be your name, birthday, email and for mobile users their mobile number. Also I have highlighted 3 terms which are also compromising privacy.

First of all, people can still lie about their age. My cousin who is currently 5 years old managed to create his own Facebook account without much help. Of course he only plays the games while under adult supervision.

Secondly, there is no way to enforce this term unless some outsider physically prevents the sex offender from creating an account.

Thirdly updating your particulars is also basically telling people more about yourself. Updating is reconfirming.

Finally there is this feature which allows you to download your information right off Facebook.downloadinfo

Although this is convenient, it also means that now, on your computer, there is a single file that contains your personal information that you have put on Facebook. Only this time, people do not even have to search for it as they can just get the file from your computer.

As you can see privacy in Facebook, although there are measures you can put in place, there are plenty of holes in the ‘armour’ that is privacy. That is why we see plenty of cases of people getting fired just because they post things on Facebook that they are not supposed to. The latest issue was the ease of getting hand phone numbers.

Prank call anyone?

 

Nowadays, people tend to add others despite not knowing them personally as they want to network more or they play the same games on Facebook etc. However many people do use Facebook mobile as it is very convenient. This however publicly displays their hand phone numbers for the whole world to see.

Alright well after reading this very long post you might be thinking, “Wow, Facebook is not safe at all”. Well you are probably right. As a student taking Cyber & Digital Security, I have the opportunity to learn on how some cyber crimes are committed. One very common cyber crime associated with online social networking sites is identity theft whereby a person gathers all your information to the point that they can pass off to be you. Identity theft convicts have used this information to obtain loans and steal credit information just by posing as someone who was careless with their information.

Even I, your average user can just go to your Facebook profile, take your picture, your name, your address, telephone number and date of birth and pretend to be you if you put that information on Facebook.

Well of course the lesson to be learnt here is be careful what you post online. Privacy settings will only get you so far. But nothing online is out of reach from anyone. Here are some ways to prevent your privacy from breached on face book:

1. Don’t be stupid and post your sensitive personal information online. This includes IC numbers, phone numbers, exact addresses, bank accounts and anything you feel that nobody else should know or needs to know. If I get your phone number be prepared for a million prank calls. And if you post your bank account number, don’t expect money to be put IN.

2. Scan your computer regular for key loggers and viruses. Very often, people unwittingly download key loggers and Trojan horses and other viruses. These malicious programs can track what you type and will send it back to the hacker. Doing online banking while there is a key logger in your computer is tantamount to committing financial suicide. You might as well shout to the world your bank account username and password. Same goes for Facebook. Don’t want random posts to end up on your wall? Scan your computer.

3. Check your privacy settings on Facebook. Do NOT just leave everything as it is. Go through the options an make sure you understand it. The ‘contact us’ link is not there for show. Here are my settings.

settings

Being an avid ‘gamer’ in Facebook (yes I am a geek. Sue me.), I add people whom I do not really know. Hence I have a list for these people and I make sure that they cannot see anything on my profile other than my name and my profile picture.

4. Final tip from me. This is actually directly from the Google Chrome browser. When you open an ‘incognito mode’ browser it gives you the following warning:

Google

This warning is UNIVERSAL i.e you always observe it. Believe it or not, many times the reason accounts get hacked are due to people standing behind you looking over your shoulder, peeping and memorizing your username and your super complicated password. Why do you think all the uncles and aunties at the atm cover the whole keypad when typing? They are protecting their privacy!

So if you ignored all the above advise at least follow this one. Privacy is something that Facebook can provide. But you too have a part to play. Do not just blatantly display everything for the world to see and expect it to be private. It doesn’t work that way.

If after reading all that you are still confused on how to change your privacy settings, this video will give you an idea.

All you need to know

Well that all there is to privacy and Facebook. Hopefully you guys have learnt a thing or two about privacy and how to use your Facebook account safely and also how to use the internet safely. Of course do take everything with a pinch of salt. Do not be overly paranoid or you will find you cannot use Facebook with a peace of mind. =D

References:
Mr Mike Myint (My BITS teacher)
Google News
TechCrunch (eu.techcrunch.com)
Cyberinsecure (cyberinsecure.com/Facebook-album-privacy-exploit/)

Comment question: What forms of new media do you think are in need of better Privacy measures?

17 comments:

Anonymous said...

wowowwewow test test one 2 4 as anon.


This is Adeeb.

Hi everyone please please please TRY to read the whole thing or at least the highlightey parts :D

GamerGeek said...

Such a long blog. Hard to SCAN through the whole thing. Thanks for agreeing to my blog that any social networking sites or the internet for that matter is a dangerous weapon. There is no longer privacy or personal space forged. I think rarely identity thefts happen in Singapore but it is one thing to look out for. The world is a dangerous place. - Gerard Ong (Comment on my blog would you?)

Zenoex said...

I agree that posting personal information on facebook may be dangerous but some people post fake personal information on facebook. There was once i wanted to add my friends email on msn so i went to his facebook checked out his email and add him. 6 days later, there was no reply, so i called him and he told me that the email on facebook was a unused email that he have. His main email was some thing else. - Rui Yong

Eileen_T03 said...

As gerard has said, it was very chunky and could be more concise.

Anyway it was a informative post, also i believe changing the font to a less 'computer-like' one would help.

I believe there that privacy is and will be a growing concern, even our best friend, Google, has been found illegally capturing information sources(albeit providing the information for the rest of the public).

I have no doubt that it is only a matter of time before a movement of privacy auditing will propogate thoughout all the countries. I only wonder which country would be first

Blogscapes said...

An informative post, albeit longer than expected. Still, I would expect all readers to read through the entire post.

You have educated us on the privacy flaws in Facebook and how to better protect our accounts. It's useful that you share your personal experience and use screenshots to exemplify what you are saying. There are a few links to articles you have read. What about sharing with us more of your research, such as the articles/sites you have read on the issue?

Thushara said...

It s quiet long..........
I think facebook privacy settings or anyother social network's privacy settings we can't take into grant. Using our actual may be not very safe in a social networkling site...but i think they are asking our private information to avoid making a lot of fake profiles,in the new facebook when you are sending a freind request to people they are sending message saying that " Do you know this person?'

Anyway we cannot fully deprive ourselves from using facebook,but it is good to be aware of how their privacy policy works.

And i think every social network site has to improve their privacy policies to protect their consumers...we hope for a better change in future.

Adeeb said...

Hi guys, for all those of you who said its too long, teacher asked you all to read the whole to thing anyway so ha! :P

Also at the very bottom there is the comment question. Ty and answer yeah.

@GamerGeek
This may be true. In singapore they have many checks in place to ensure identity theft doesn not occur. However in other countries the security is more lax due to the larger larger citizen number i.e. more data to keep track of.

@Zenoex
I feel that the multiple account issue isn't really such a big deal however the worse cases are those where people try and copy you. My friend, she had a stalker. With my help(its a long story) i found out who she was and at the same time got the account removed. I also blocked for her the email's and all the connections to the person. Food for thought.

@Eileen thanks for the input. Read about the google thing. But I guess its good for their business. Its hard to find the perfect balance between scurity and privacy. BYW try your luck with the acer people. Sometimes they don't even put the sticker.

@Mrs Lim
Its hard for me to post links because most of my infor came from personal experiences and mr mike. I read the articles below and many more but they are usually about the same one exploit too.

@Thushara
I know about that feature. Previously it was way more strict as you had to have mutual friends before you could add them. This led to new account creators unable to add people easily. The only way was to use email addresses. Like I said take everything with a pinch of salt. Being overly worried about privacy is being paranoid.

Sherwin.L said...

I think it's up to you what you want to post on facebook as you should jolly well know that this information would be shown to all who have access to your profile. I don't see the point in people complaining about stolen information when they themselves have put that information there.

That aside, I think this post could be a little more concise :P

Isaac said...

Privacy can either be a good or bad thing.
Let's start off with the good. Good because you don't want specific people to see what you post (say on Facebook).

BUT IT CAN be bad as well. What if the person posted about suicide or something depressing which only allows their friends AND NOT their family to see?
The family will be oblivious to the situation and there won't be any support given.

And if we're afraid to show people what we want to post, THEN WHY ADD THE PERSON ON FACEBOOK IN THE FIRST PLACE?

Royston Yap said...

as it says nothing is perfect, so that may apply for facebook, i suppose? Well, despite the privacy issues about facebook, we still see many people using it, I would think that most of us are alright with the privacy issue pertaining to facebook.

as for the friend list, I would agree to isaac's comment on why do you add the person if you're afraid to leak off your personal information? but to me i find that it is, normal to add the people you know, rather than the people you don't. And i suppose for most of us, we do not, accept some annonymous friend request? If that is so, there is not much need for us to worry about others who misuse your information.

yibing said...

First thing first, delete all your friend whom you do not know in person. Reduce your personal information to the minimum or even better not to put any. Less pictures uploaded to prevent people from knowing your kind of life.

There's limit to what the privacy can do so the best way to prevent information leak is not to use any social networking site.

MAKI said...

I agree that privacy is important. It will be scary if you provide all your personal information in facebook and strangers who don't know you get to see your personal particulars and they will know where you live and stuffs like that, when you don't even know the person in reality.

That's a case whereby stalking takes place and girls in particular will be the victims.

Low Wei Jie said...

I have a question:why would anyone put their I/c or bank account on facebook in the first place when facebook does not really ask for it...does it?(note:the first tip)
And if you are a gamer, then you should create 2 accounts:one for personal where you add only people you know, and the other for games, where you add all your gaming 'friends'

Anonymous said...

I agree with WeiJie. I feel in the world of the new media. Our security is compromised more easily than normal especially when it comes to money. -- JingYuan

Unknown said...

Privacy is good. facebook has really stepped up in their privacy feature. Alot of my friends are using it now. they customise their privacy settings so only certain people can see their walls. I myself dont select 'everyone', only 'friends of friends' for privacy features. and I do agree with weijie also about private information. even when terms and agreement said that you have to give accurate info, I dont. unless if its a trusting website like banks when im doing e-banking.

Yan Peng said...

I think that Facebook should have better privacy control. There is one application which makes one's contact number being revealed. I saw it on Facebook. The application name is something like 'Who wants my phone number' and i think the application will steal the person's telephone number.

Imagine this kind of application surfaces on Facebook. How dangerous can it be? What I feel is that if you want to use social network website, do not give 100% true information. We will never know when the website will betray you.

Ann Ann Chin said...

Never rely on technology too much, because even if the Facebook is complete secure, there are technology abusers out there who will try to exploit the weaknesses of Facebook to retrieve sensitive information. Hence I agree with your first solution.

I also think that Facebook should implement some sort of strict enforcement regarding the proper use of Facebook. For example, ban accounts of person who use Facebook for evil purposes.

PS: Your APA referencing is good, but your scannability needs to be improved.