IntroductionAs the sun is setting and I breathe some of the night time air I am inspired to write about Facebook. Yes, *the* Facebook, the third largest country if it were a physical place with boundaries under a common rule of law and government. When many people use a service such as this, it bears attention and especially when it comes to knowing about security and privacy (and our team at the Cyber Threat Analysis Center have written about Facebook plenty [tags + categories]). Chances are a person has an account with Facebook.com and chances are a person has studied and understood the various controls that Facebook provides to turn the dials on privacy and security settings for maximum comfort and desirability.
All bets aside, my goal is to step through those dials in this article. Feel free to comment and help make improvements, as has been done in my recent article on “No Chocolates for my Passwords Please!” Also, please click on any images which appear small to render the full size.
Privacy SettingsOnce logged into your account on Facebook, we visit from the upper right hand screen under "Account", the "Privacy Settings". Subsequent images and text are based around a framework or technique to activate if one's goals are to have pretty tight security and privacy (as much as can be) when keeping an account with Facebook. Use as a guide or model, and execute your own technique — hence your own mileage may vary (see free will). Be sure to check out "Controlling how you share", a resource at Facebook.
Notice that there are canned options to elect along the left hand side. These are common to Facebook and are found in almost all settings across the board. Better enumerated as:
- Friends of Friends
- Friends Only
This brings you to the "Things I Share" and other Sharing sections to be witnessed momentarily. Pay particular attention to "Posts by me", as Facebook announces your selection here is considered the "Default" behavior for Privacy when posting including status updates and photos.
Here, two groups are referenced called "Family" and "Family – Extended". Reference them as examples as a person may define their own. This is an exercise to show a person how settings may be customized.
Next we move to "Things Others Share" and "Contact Information".
Omitted from this screen are Email Address and Phone Number. However, such settings may look like thus:
See? Yielding to "Custom", one may better control their privacy requirements. Delving into "Custom" we see the following screens (I broke them up just for this article):
Options to Display, and Options to Hide.
Account > Privacy Settings > Customize Settings > Things I Share > Include me in "People Here Now" after I check inHere is a sample image of Places and Checking in, and the option to have a person be included. Pictures above has this disabled and is shown under "Things I Shared > Include me in 'People Here Now' after I check in".
Account > Privacy Settings > Customize Settings > Things Others Share > Photos and videos you're tagged in
Further information on this feature may be explored here.
Account > Privacy Settings > Customize Settings > Things Others Share > Suggest photos of me to friends
To learn more about this feature, click here. Notice, the option to disable is activated.
Account > Privacy Settings > Customize Settings > Things Others Share > Friends can check me in to PlacesPlaces? OK for more reading at Facebook on this topic, click here.
Account > Privacy Settings > Customize Settings > Things I Share > Edit privacy settings for existing photo albums and videosIf you have albums or photos, they may be grouped into a gallery display at this point. Simply adjust your settings as shown below, for Profile Pictures.
Now let us go Back to the Privacy Settings page and explore Applications and websites settings.
If a person has options displaying here for particular applications or games, one will see the kind of information such selections have access to on one's account.
Notice in this example the only option a person has is to "Remove" the "Posts to my Wall" selection. The others are required. "Access my basic information" shares everything one has made publicly available with the application.
Some extra options for applcations:
- Remove the application https://www.facebook.com/settings/?tab=applications
- Turn off all applications http://www.facebook.com/ajax/settings_page/platform_apps.php?optout=1 (link disabled)
Here are some further options for this section:
Account > Privacy Settings > Apps, Games and Websites > Instant PersonalizationNow we move onto "Instant Personalization", more information available here.
Notice, the option to "Enable" is on the bottom.
Account > Privacy Settings > Connecting on FacebookThen there is "Connecting on Facebook" settings, a quick overview in one place. Here is an example. Note, "Send you friend requests" cannot be further closed down from "Friends of Friends".
Account > Account SettingsWe are complete with what Facebook considers "Privacy Settings". Next we check out "Account Settings".
"Next" prompts a person to confirm a phone:
As has been written by CTAC's own Randy Abrams earlier this year, I bring it up again as this option does enable Facebook surfing encryption to help prevent attacks from applications like Firesheep. Facebook has a roadmap that ensures applications will migrate to HTTPS mode.
Further below on this Facebook page one will notice tracking of account activity. A person may spot any potential malicious activity.
Breaches can and do occur, and the only way to truly protect one's information is to not have it online. However, that does sort of defeat the purpose of social networking. Still, if a person wants to deactivate their account from Facebook, on the same page simply click "deactivate".
There exist two settings to potentially adjust:
- Edit third party ad settings
- Edit social ads setting
- A note about your photos https://www.facebook.com/terms.php
- Edit third part app settings https://www.facebook.com/editaccount.php?ads&pane=platform
- Social plugins http://developers.facebook.com/docs/plugins/
Account > Account Settings > Facebook Ads > Ads shown by third parties
Account > Account Settings > Facebook Ads > Edit social ads settingNotice the option is on the bottm. If enabled, advertisements will serve up your name as having "liked" something. If a person does not want their names showing up in ads, simple disable this entry.
To learn more:
- Social ads https://www.facebook.com/fba_whatsthis
- Help center https://www.facebook.com/help/?page=935
Notice the little "?" on the "New Password" line? Click it to reveal suggestions for a strong password:
Edit my Profilehttps://www.facebook.com/editaccount.php#!/editprofile.php
Checking into the Basic Information page, it is a person's choice to fill this data in or not. For maximum privacy, the recommendation is to keep it blank. Do you want other companies (or Facebook) to have enhanced information on you?
Similarly, the contact information (email addresses and websites are not depicted in this snapshot):
My WallRecall the default post setting earlier in this article? Here is where it comes into play on your new feed.
The lock icon next to Share shows the same common information referred to earlier. Reviewing:
Yes, that default setting has pretty large implications on your posting activity.
Public DirectoryAnd if a person does not want to remain private or be found on Facebook, simply visit this setting.
Search Engines will find you on Facebook's open directory, and other aggregation sites. Your information will be publicly available on these third party sites with no Facebook affiliation. Such sites run their own advertisements. One to take note of is Facepinch.com.
Another thing to be mindful of if a person has someone from their past making them feel uncomfortable, keeping your profile public and switching your privacy settings to "Everyone" may not be such a good thing. Our CEO Andrew Lee explores a particular scam under the title "Is your ‘stalker ex’ still creeping your Facebook page?"
Outlook Social Connector for FacebookAlthough not a feature directly available on www.Facebook.com, the Outlook Social Connector (OSC) for Facebook enables a person to tap into their social network from the site and view friend updates, posts, photos in a secured manner. The following image from the Office Blog shows how a person can tap into their social community right from Microsoft Outlook.
It also serves as a reminder that information you store online may be shared virtually anywhere and without your knowledge. Thus the purpose for this article to spread awareness and education.
Notice how "Michael" posted photos and they are made available right in the OSC. One can make application level adjustments on your Facebook settings referenced earlier under the Apps, Games and Websites section. Last year I enabled surveillance on my computer while testing the Outlook Social Connector and can confirm communications were secure. Perhaps in a future blog we shall explore the technical side of this.
Additional ReadingThis has been a walk through of lots of information. Some at a high level, and some diving a little deeper. In future articles (as in past), CTAC explores a knob here and a dial there to varying degrees on depth. It is my hope this blog article served its purpose as a model and a framework for having an account on Facebook. For further reading, please see:
SOCIAL-MEDIA Site FACEBOOK Is a Spammer's Dream - IMPORTANT POST for everyone who uses FACEBOOK!!
"Dislike" Button is the Latest Malware Scam on Facebook