I know what you’re thinking. All this nonsense on the news about Facebook and people’s data is nothing to do with you. You don’t do enough on Facebook for there to be enough data on you to be able to manipulate you and the way you vote.
I know how it feels to be overwhelmed with news reports about data being given away, about Zuckerberg answering ridiculous questions from politicians in the US, and about a company you had never heard of before a few weeks ago – Cambridge Analytica. What has any of this got to do with you?
Well, actually, quite a lot. I did a quick audit of accounts on Facebook and found that most of the ones that I looked at showed me enough to be able to socially engineer a way into the majority of the accounts that I looked at. I’m in no way an expert, but someone who has done a lot of research for the novel that I am writing. I can spot ways that social engineering can be done. I can also see how small amounts of information can be used to develop a working psychological profile on the account holder. I can also see how these small amounts of information can be compared to other account holders to build up a picture of sections of society. It can easily be done, even by an amateur investigative journalist like me. So, imagine what a company with masses of resources can do. You think you’re safe? Believe me, you’re not.
An example of how easy it is to harvest data…
The above post has had a phenomenal amount of comments and shares despite it being an obvious tool to mine for people’s data. As many commenters put, this post can give people one of the answers to the most common security questions that people set for account security. It is also one of the most common security questions for bank account security.
I did a little investigation myself by seeing how much I could find out about someone who had commented on the post. I found a substantial amount of data that I could use to socially engineer my way into the person’s life. He had seemed to try to keep his account private, but hadn’t updated his privacy settings in quite some time. Not only did I find out where he went to school, I also found out the level of education that he got up to. I found out where he lived and where he grew up. I found out names of friends he grew up with, names of teachers that had taught him, the names of pets, and information about his toddler son. Looking at his reviews and check-ins, I found out places he had been – either regularly or as a one-off. I found out his job and his employment history, as well as names of colleagues. I even found out what road he lives on. With this amount of data, I could setup a fake account and socially engineer my way into this guy’s life. This is just information I got by clicking on his name under the comments to the above post and then clicking on the freely accessible information from his profile. Oh, and I should mention, this was someone who was finding it frustrating that people would give away their data so easily under this post. He didn’t actually post his primary school name. I found that elsewhere on his profile. This suggests that even those who think they are safe and are being smart online, are just as likely to be giving away vast amounts of data without even realising it.
Quizzes and Apps
It isn’t just the posts that we comment on and share that can be used to harvest your information. The Cambridge Analytica story involves the use of quizzes and apps on Facebook to develop a working psychological profile of users and to use this to manipulate portions of society to vote a certain way.
Quizzes and apps are still being used on Facebook today. The ones used by Cambridge Analytica – and other data companies embroiled within this issue – have been taken down, or at least those known about. However, there are still a large number of ‘personality’ related quizzes being used. I saw one earlier “What Lost character are you?”. These quizzes are used to build up a ‘personality type’ that, as discussed, can be used to build up a psychological profile to be used to give an average idea of portions of society. When you embark upon these quizzes, you usually give away your consent to use your data without you even really knowing you had done so.
“I’m not racist but…”
There are so many posts out there that can give information as to your political beliefs. Not only that, but these posts are designed to get you to share them because you would feel like the outsider not to share it.
Nobody is offended by the Union Flag. There have been minor instances where flags have been advised to be removed, but this has been all flags and due to the potential of hooliganism and violence in areas where football matches have triggered such violence. There has also been misunderstandings where tenancy rules have forbidden anything on windows or any alterations to buildings without the landlord’s prior permission, and where this has been enforced with requests for flags to be taken down. Nothing to do with being offended, but rather it just being against tenancy rules. However, these minor unrelated instances are used by groups like Britain First and UKIP to rile up the xenophobic feelings within certain sectors of society and try to convince people that there are those out there who have immigrated to the UK and who are offended by the flag. This is simply untrue, but by playing on the fears of these sections of society, they can encourage the sharing of such posts as the one above. This gives the pages of groups who do such a thing a legitimacy and a mandate to continue. Not only that, but by commenting on or by sharing such a post, you have shown that you can be easily manipulated by right-wing views. And, this is how you can be manipulated into voting a certain way during elections and referendums.
I know what you’re thinking: “I’m not racist”. I also know that there’s something that follows that, “but…”. I used to hear it a lot when I was canvassing for elections. If you don’t believe yourself to be racist or prejudiced in any shape or form, then I politely request that you stop commenting on, and sharing, such posts as the one above.
So, how can I stay safe on Facebook?
I’ve been preparing a list of advisory measures that my parents can take to make sure their Facebook is as secure as it can be and for them to stop engaging with posts that can be used against them. I am going to post this list below. This isn’t an exhaustive list, but rather the foundations of how to secure your Facebook account. Keep alert, keep aware, and keep actively securing your data.
General rules to stay safe on Facebook
Do not comment under any post that is from a public page if you do not know the source. This is especially important if:
- The post instructs you to comment with some sort of personal information;
- The post says that 1% (or similar percentage) won’t comment or share;
- The post is xenophobic, Islamophobic, homophobic, racist or generally prejudicial in any shape or form;
- The post is trying to get you to post with details about when/where you grew up.
Do not share any post from any unknown source. This is especially important if the post matches any of the above mentioned criteria.
Do not take part in ANY quizzes on Facebook or Apps associated with Facebook.
Do not play ANY games on Facebook or games associated with Facebook.
You MUST go through the settings on your Facebook account to make your account is as secure as possible:
- Turn on two-factor authentication;
- Turn on alerts about unrecognised logins;
- Turn on the ‘trusted contacts’ option by adding your close relatives or trusted friends to be sent a code if you find yourself locked out;
- Only allow friends to see your future posts;
- Limit the audience for posts you’ve shared with friends of friends or public;
- Make sure only friends of friends can send friend requests;
- Change the setting to make sure only you can see your friends list;
- Make sure only friends can look you up with your email address and phone number;
- Make sure you cannot be seen on search engines;
- Make sure only friends can post on your timeline;
- Make sure only you can see what others post on your Facebook;
- Make sure only you see posts that you’re tagged in on your timeline;
- Turn on the reviews option for being tagged.
Setup your Ad Preferences (under ‘settings’) to make sure you’re sharing only the data you want to the audiences you approve. You can also hide certain ad topics (alcohol, pregnancy, etc).