Safe Social Networking
You're connected to more people than you know, and that innocent photo of last night's party could harm you in ways you never imagined.
If one day you met a long-lost school friend while out shopping, for example, you might spend a few minutes catching up on each others’ lives, exchanging news about common friends, sharing a few laughs and recalling good times. You might exchange phone numbers or even joyously arrange a get-together at a future date. But you probably wouldn’t automatically start rattling off every detail of every place you’ve been and every new friend you’ve made in the last decade. Imagine now that instead of walking up to that friend you found his Facebook profile just by chance and sent him a message and invitation. You’ve most probably just handed him not only an entire summary of the activities of your life, but also access to your photos and videos, personal thoughts, group memberships, and list of other friends—and all this despite not knowing the first thing about what he’s been up to and who his friends are. A few days after he adds you, you see you have friend requests from a dozen other former classmates, none of whom you were particularly good friends with or would ever consider contacting yourself. They say your name pop up in their news feeds, since your old friend was on their lists. Now all of these semi-random acquaintances know you have an active Facebook profile, and you feel awkward about ignoring them… so you just click ‘Accept’.
Each one of them can now see every last detail about your life.
That one branch spawned a dozen branches, and each of those dozen could spawn another dozen. Like the roots of a tree, your online connections can quickly grow into a vast, overlapping, complicated network of interconnected strands, and you’ll quickly lose control over not only who you’re connected to, but who can steal your information to make your life miserable.
Subtle Dangers
Your photos could be copied, altered and reposted online. Your email address could be harvested by spammers. Your boss could frown on evidence of you partying late last night. Your ultra-conservative co-workers could shun you for things that are none of their business. Or your grandparents could one day mortify you by leaving comments on your friends’ updates! All of this is possible with social networks expanding from young, net-savvy users to anyone and everyone—and very few are happy to adjust.
MySpace, Facebook, Twitter, Hi5, Orkut, and dozens of other mainstream or niche social networks used to be vast, open playgrounds where people freely posted about the most intimate details of their lives. Today, doing anything like that is a pretty bad idea. There are a few major causes of concern: the fact that enormous corporations are building detailed databases and distilling your profile information into marketable slices is dangerous but abstract—you don’t worry about it that much because you can’t see it happening and you most probably can’t identify any incident that has disrupted your life as a result. One the other hand, information about you can be seen by strangers, your updates can make information about your movement visible to undesirable people, and you expose yourself to a huge amount of liability even with friends, family and coworkers.
The threat of stalkers is very real. One twenty-three year old from Mumbai who prefers to remain unnamed was repeatedly sent friendship requests on Facebook by a stranger over the course of several months. She didn’t know who the person was and kept declining. His profile had a film star’s photo and (misspelled) name, with no clue about how he might know her. They had no friends in common and his profile showed only 8 connections, implying the account had been created solely for the purpose of sending messages anonymously. The requests then started including remarks about her that included references to places she had recently visited, and at least one extremely vulgar comment about her partying and drinking. After frantically checking all her security settings to make sure her updates weren’t visible to strangers, she realized that photos tagged with her name were visible not only to friends, but also strangers tagged in the same photos and their friends! That meant any photos taken at parties where it’s impossible to know everyone, and which had been helpfully tagged by a friend, were visible to that friend’s friends too—which meant she had absolutely no idea how many people could see them and who they were! The girl eventually used Facebook’s flag feature to report abuse, but still has no idea whether the stranger was someone she’d ever met, or who might someday recognize her in public. The Indian police cybercrime cells are actively involved in tracking down such stalkers, you can always approach the one in or nearest to your city if you ever face a similar situation.
Another example, Aashish, was fresh out of college and settling in at his first traineeship with a financial consultancy. A week or so in, he recalls, one of his superiors made an offhanded remark about how he’d seen stress lead to drug use in extreme cases and that young people today seem to not be scared of drugs, all the while looking pointedly at him. He thought it was odd but dismissed the incident, but only found out months later that his boss had been shown printouts of a string of comments left on his Orkut profile by college mates making jokes about being inebriated. The company’s recruitment staff had recently made it a routine practice to scan the names on all resumes they processed through the most common social networks, presumably as a form of background checking. The suspicion hadn’t cost him the job in that case, but it had certainly colored his colleagues’ minds about him even before he’d had the chance to make a first impression.
There’s also the constant debate now about how to behave once you’ve added your parents to your contacts list! There’s no doubt that social networks are now growing fastest amongst middle-aged users, no longer the private space away from parents and relatives that they used to afford to the original college-aged users. Again, the abstract idea that strangers can see your status updates isn’t half as terrifying as the realization that parents and even distant relatives have been reading all about your social life! Hundreds of kids have started Facebook groups with names including “PARENTS INVADING FACEBOOK!!!”, “NO PARENTS ON FACEBOOK”, “Parents having facebook should definitely be illegal”, and “adults SHOULD NOT be on facebook ESPECIALLY YOUR PARENTS”. This wall post sums up the situation perfectly: “i keep deleting my mom but then she tells me to re- add her, or else i cant use the computer. Once I tried making a new account, but she found out about it. Now i can't swer, upload pictures, or talk about funny things that happened. and she tells me to do my homework. help me!!!!” Although some are supportive of their parents, they often find their own friends feel restricted or become uncomfortable with using Facebook to communicate once they realize the full contents of their own profiles can be supervised, thanks to the “friends of friends” visibility factor. Nineteen year old Delhi resident Radhika was left red-faced after her boyfriend’s mother gave her a stern lecture about drinking one day. Once again, the culprit was a Facebook photo gallery. “I wanted to run home and untag myself from every photo I’d ever been in, even if it meant my friends would never be able to find me. But the damage had already been done” she says. Others report being embarrassed when their parents leave comments on their photos and status updates, while the parents might only be trying to connect with kids away at college or too busy during the day. In fact, dealing with parents, teachers or bosses is very likely to be the first time a lot of users even think about restricting access to their personal profiles. One of the newest ways to be embarassed is to find screenshots of your interactions on blogs like myparentsjoinedfacebook.com and lamebook.com
The amount of information about you that’s just readily available to strangers is staggering, but the situation is actually getting even more dangerous. This month, Twitter will start the broad rollout of its location-aware services, including location-based timelines of user activity. On one hand, this will let people discover interesting users in their vicinities. On the other, it will allow your precise GPS coordinates to be mashed in with all your other information, telling people not only what you’re doing, but where you’re doing it. If you’re using Twitter on any recent smartphone, chances are your GPS coordinates have been transmitted along with your Tweets for a while already, but this hasn’t been displayed publicly. Compulsive Tweeters beware, your exact movements are being tracked, and Facebook is likely to follow this move anytime.
Where does all the information go?
In one word: advertising. Facebook serves ads to its users based on their activity and what it calculates will be relevant to them. Orkut data gets fed into the enormous mines of information that Google already has about its users. The good news is that most sites have been hounded about privacy enough that they have clearly stated policies about what data is retained, and what kind of metrics are shared with third parties (http://www.orkut.com/html/en-US/privacy.orkut.html, http://www.facebook.com/policy.php, and http://twitter.com/privacy). Of course all of this still requires users to use strong passwords, not share them with friends, and follow basic common security procedures.
Facebook was at the center of a controversy in the middle of last year when it emerged that advertisers had access to users’ profile photos. These were then used in ads, to demonstrate that a person’s friends were already fans or users of the product being advertised. Facebook officially termed this “abuse” and went on to ban others from doing this, though it itself still can provided that users don’t disable a particular setting. Third parties however retain the ability to send you tracking cookies to measure your response to ads. This is just one more reason you need to be well acquainted with your privacy page! Also note that external applications including your own mobile phone and other sites which let you sign in to update your profile, will have their own privacy policies and settings… some less benign than others.
The other big thing today is real-time search. Bing and Google News users might already have noticed Twitter posts popping up in their search results, and being constantly refreshed even as the results page lies open. Real-time updates are the latest search frontier, and everyone wants to get in on the action. Your social networks will be partnering with more and more search engines in order to be more relevant—already huge proportions of the world get their news first from Twitter, and use it to further spread updates that the mainstream press might take hours to catch up on. Who knows where your Tweets will end up next?
Social applications and games, the most popular example of which is Farmville, also have a field day with your information. Everytime you use an app, you authorize it to access your profile information including your location, date of birth, and friends list. These are used to spam your friends with messages aimed at bringing them into the fold as well. Eventually, unethical apps prompt users to either divulge more information—which is then outside the scope of any host network’s privacy policy—or pay money using real-world credit cards in order to advance to a higher level. Quizzes are similarly dangerous; most have very little point anyway and spit out utterly arbitrary results, but somewhere down the line lure users with “offers” or “rewards”, which are only thinly-veiled scams. Applications have already been banned because of this, but the amount of money coming in is hard to ignore.
As always, users have to beware of phishing scams. Your social networking profile information is so valuable that elaborate fake sites are set up, and users are sent emails tricking them into typing their usernames and passwords onto them. Once anyone with malicious intent has your account credentials, they will not only steal all your information but try to con everyone on your friends list as well, by sending out messages disguised as you. With such scams being quite widespread, every network is now forced to actively monitor for suspicious activity and mass spamming. It looks like they're getting better at nipping these attacks in the bud now. In late 2009, a worm called Koobface started doing the rounds. This one was particularly strong, and became known for its deliberate targeting of social networks, most famously MySpace and Facebook.
How to strike a balance
The reason that social networks are successful is simply that their users are comfortable with sharing information about themselves. They can build circles of trust for their personal interactions, and usually begin with no inhibitions about discussing anything. As soon as that comfort level is gone, the whole concept begins to unravel. People start to feel uncomfortable about sharing any kind of information and put up walls around themselves just like they would do offline.
First of all, remember this: it’s perfectly okay to decline a friend request! It’s far better to be safe than sorry, and there are ways to deal with those who might be offended. Every user needs to be familiar with their networks’ security settings—or they might find everything is open to the public! Facebook’s own founder, Mark Zuckerberg, was caught unawares when his private photos became visible, so let that serve as a lesson. Set your privacy, and keep checking to make sure policies haven’t been altered by the site—which actually happens quite often.
The next step, also quite simple, is to set up groups or lists of friends. The exact terminology varies by network, but the controls can usually be found in the Security settings. Lists should allow you to define access privileges for everyone in them. So if you absolutely cannot decline a friend request but don’t want the person in question to see every last detail in your life, edit the list so its members can see only what you allow. You can group people by the amount of distance you want to maintain with them, such as co-workers, acquaintances, friends who have drifted apart, family and relatives, etc. Beware that opening up any part of your profile to “Everyone” will also make it visible to search engines and those who don’t even have Facebook accounts will be able to see them. “Everyone” is now the default setting for many parts of your profile. You also have a handy “Restricted Profile” list by default, which basically locks members down into a windowless world. You can still customize this list’s settings, but it’s a great way to add people to your list while keeping them blind to your activities and interactions.
While creating a photo gallery or even a single status update on Facebook, you can now choose which sets of people should be able to see it, over and above the default rules you create in the security settings. You’ll need to keep track of who is in which group and check in from time to time to make sure that this is the best arrangement for you.
Comb through the settings thoroughly. You’ll find options for sharing your behavior tracks with outside partners, or publishing information about your activities. Check all Facebook applications thoroughly, especially the free games! Chances are they are only interested in scraping information from your account to profit on advertising or spam. There’s still no surefire way to tell how long these sites will retain your information once they have it.
The simple fact is that every added security measure makes the sites less and less appealing. You alone can decide how much of your life is open season for the general public. Just be aware that in this day and age, no one’s a stranger. Things you post online can come back to bite you in unimagined ways even years down the line.