Thanks to the seismic boom in social networking, staying connected with family and friends is as simple as a few quick finger taps. Just don’t forget that a steady stream of updates, Likes and photos could end up revealing far more than you intend. Time for a quick refresher course on privacy settings.
Facebook. Instagram. Pinterest. Twitter. LinkedIn. Social networking has become second nature. Among the best-known options, Facebook is by far the most popular, but the others are seeing significant upticks in usage year over year. According to a 2014 TRUSTe report, 90% of consumers have privacy concerns when using social networks, and 45% of U.S. Internet users do not trust businesses with their personal information. Yet in 2012 the Pew Research Center found that only 38% of online adults are aware of ways to limit how much personal information websites can collect about them when they surf the Internet. Generally speaking, there are multiple mechanisms for protecting privacy—but it’s up to individual users to opt in to the highest levels of protection. Peace of mind requires taking action and continued vigilance, because things can change.
According to a Consumer Reports survey, 28% of Facebook users share all, or almost all, of their timeline posts with an audience wider than just their own friends—potentially expanding their exposure to thousands or more. The lock icon (in the blue band at the top of your profile, to the right of your name) provides shortcuts to control who has access to your activity, under the drop-down “Who can see my stuff?” To go back over past activities, click on the Activity Log, which clearly breaks down posts, Likes and tags. Hover over the audience icon to tailor access to individual posts. While you’re at it, go through the quickie (three-step) Privacy Checkup to double-check that you’re sharing only with people you want.
Selectively uploading and tagging photos is smart too. Instead of sharing every vacation picture you take without a second thought, choose just a few of the best. Minimizing the number of your snapshots floating around the Internet can actually safeguard your Social Security number—researchers at Carnegie Mellon University showed that hackers can figure out an individual’s SSN by combining face recognition technology with data-mining algorithms that pull personal information such as hometown and date of birth from public social network profiles. (Yes. Scary.)
Creepy but true: Sharing a picture of your cat can disclose the precise location of your house. Although “Add to Photo Map” is initially set to Off, the Instagram app remembers your last command and automatically stays on after you list a location, unless you go out of your way to slide it back to Off. Your images are flagged on the geolocation map, street names and all, with incredible accuracy—even if you don’t list a specific place. This means that if you’re not too picky about who follows you, a stranger can easily identify your abode.
To play it safe, set your profile to private. Revisit old photos to erase the location by reviewing the Photo Map (click on the ID icon, then the pushpin icon) and deselect the photos you wish to remove. Here’s how: Zoom on a specific place on the map (like your neighborhood), tap Edit on the top right, then on each photo to remove the geotag. This will permanently eliminate the photo’s location data but not the image itself.
Also important to bear in mind is that your privacy settings are unique to the individual social networks. In other words, a photo posted to your private Instagram will be visible to everyone if it’s posted to another of your social media accounts that is set to public.
The promise of Pinterest is the ability to easily curate images found around the web. Yet some pictures, such as of a high-end purse, have been known to lead to a survey scam promising a gift card reward for repinning the infected image. In 2012 members fell prey to a scheme that signed them up for unwanted mobile services. Remember, Pinterest is not about giveaways. The good news is Pinterest has resolved this example and it’s no longer an issue.
Nonetheless, you still need to be careful. For the utmost privacy, consider pinning to a Secret Board, which is visible only to you and people you invite. If you don’t invite anyone else, Secret Boards are for your eyes only. When you add a pin to a Secret Board, it doesn’t show up anywhere else on Pinterest. You can make the board public at any time, should you choose. (Think carefully before you do so, though—it can’t be undone.)
Cyberattacks are frequently linked to sensational news, like a celebrity scandal or blockbuster movie promotion, says Daniel Castro, vice president of the Information Technology and Innovation Foundation. Beware of tweets that sound scandalous and bark “watch now” commands, say, something like #KimKardashian makes her own #FiftyShadesofGrey film. Video here: ow.ly/url. These sites are usually corrupt streaming services that ask users to install Flash Player or YouTube updates (which are, in fact, data-mining Trojans, or fake programs that pose as legitimate software). Since Twitter links are often shortened (ow.ly or bit.ly), make sure you’re following reputable accounts—there’s no reason why CNN would have a dubious @ handle.
Twitter’s Vine, the six-second video- sharing service, is also subject to spam with unrelated sites promising you more followers in return for usernames and email addresses. Don’t let a popularity boost lead you into a trap. If you find yourself a constant spam target, use the built-in tools to report and delete it.
This is the one account members typically keep public—after all, its stated purpose is to create a digital professional network. But just because you’re among reputable colleagues, don’t let your guard down. Assuming that people on the network are all professionals can lead to a false sense of security, according to Aliah Wright, author of A Necessary Evil: Managing Employee Activity on Facebook, Twitter, LinkedIn...and the Hundreds of Other Social Media Sites. One scheme involved fake email notices that dropped malware onto users’ machines.
To avoid compromised links, be aware that legitimate email message alerts from LinkedIn contain a security footer with your name and professional headline, something a phishing email (illicit scam email) is unlikely to include. When in doubt, open a new browser window and go directly to LinkedIn.com to check your Inbox and verify the connection request or message, as legitimate emails from LinkedIn go to both your Inbox and the primary email account you’ve provided, if you choose. If you do click on something questionable, run a virus scan and change your password.