Criminals and scammers love crowds. And in cyberspace, there’s no crowd bigger than the one found on Facebook. Currently numbering more than 500 million members, its no wonder this social network juggernaut has become the newSinCity of the net.
The good news is the fact that Facebook has recently made some changes on its user privacy and security controls. This gives Facebook users a lot more options to decide on how they share their information over the social network. The bad news is the fact that the controls are scattered, complicated and just plain confusing. Even worse is the fact that these recent changes have even removed some of the privacy options that were available before.
But as they say, some protection is better than no protection at all. So first things first, how do you go about optimizing your security and privacy settings within Facebook’s labyrinth of options and interfaces?
I. Users’ Guide to Facebook Profile Settings: Friend Lists, Chat and Wall
First and foremost are the settings not found on the account button drop down that have direct impact on your Facebook privacy and security. Optimizing these settings first will make it easier for you to optimize your account and privacy settings later on.
A. Friend Lists: At the core of your Facebook privacy and security are the friends you connect to over the social network. After all, this is your Facebook account’s weakest link. Remember, your privacy and security settings won’t count for much if you are lax on accepting just about any friend request. Left un-optimized, your privacy settings with regards to friends means that anyone in your friend list can see:
1. Your Wall Posts: Where a lot of personal information for identity theft can be mined.
2. Your Photos: Can also be used for identity theft, blackmail or data mining.
3. Your Profile information: Can be used to crack the passwords on your other online accounts and can be used to track you down.
4. Your Friend Lists: Can be used to harass you using your friends.
And many more.
Creating and classifying your friends into lists makes it easier for you to use the new granular type Facebook security settings. Here you can classify your Facebook friends under several groups such as Game friends, Workmates, High School Friends, Family, etc. In real life, we also classify our friends according to how much we trust them and share personal information with them accordingly. With Facebook’s new security features, you can do that and proceed to easily set privacy settings for each group/list.
This can be accessed through Account > Edit Friends > Friends > Create List
** On the Facebook Friend Finder
An important additional note in this section is the “friend finder” service of Facebook. You can usually see a little box on your profile page’s right-hand sidebar saying that several of your friends have already used this service to find new friends. You can also access this feature through the left hand sidebar when you click on the “edit friends” drop down.
Friend Finder basically pulls in your contact list from your existing email or instant messaging accounts and sends automatic friend requests to your contacts. Because you probably haven’t restricted your email contacts list to close friends or family, chances are there are going to be some oddballs [like that eBay or Amazon guy you contacted about a product] that’s going to receive an automatic friend request from you and this compromises your Facebook privacy and security. It’s best to avoid using this feature if you want to keep a close eye on who you connect with over the social network.
B. Wall Posts: There’s a lock symbol just beside the share button on your homepage or profile page. By clicking on this symbol, you can specify which group of people will be able to see a particular post. You can choose from among the available options: Everyone, Friends of Friends, Friends Only and Customize. The options are pretty straightforward except customize. Here, you can use the list you have just created to create status updates visible only to those groups that you want to see it.
This is especially useful for limiting the amount of sensitive information your other friends see on your wall or simply to avoid spamming your other Facebook connections. Do you really want your Facebook game buddies to see your children’s pictures and conversations about family problems for example? How about letting your employer see wall posts about work related rants?
C. Chat Settings:The chat window is being utilized more and more by scammers, so this Facebook feature should also optimized for security and privacy. The chat’s option and button will give you the ability to appear offline and the friends’ list will give you the ability to choose what groups/lists you appear online to and which groups/lists you will block. With this feature, you can limit your visibility on chat to trusted friends only making you less vulnerable to scams and spam.
To access Chat > Options and Chat > Friend Lists
D. Pages You’ve Liked: This may also be a good time to unlike some pages you’ve liked before but do not want to be affiliated with. Although you can hide your list of interests and pages from everyone or limit its visibility to your friends only, remember that Facebook’s new features do not give you the ability to control your recent activity from being posted on your wall. This means that if you’ve just posted a picture or message on “I hate Obama’s” wall or if you’ve liked a post there, this activity will be displayed automatically on your wall and will have to be removed manually. Remember, you can learn a lot about a person just by studying what pages he or she is interested in. This makes it easier to impersonate a person or to launch a socially engineered attack against the profile holder.
This can be accessed through your Profile > Info Link
II. Users’ Guide to Facebook Account Settings
This section offers you a host of options, but there are some elements that directly impact your Facebook security.
To Access: Account > Account Settings
A. Name/ Full alternate Name/username: Writing your maiden name here could be a security issue as some sites use you maiden name as answer to security questions. Also be careful of using your nickname or a generally used user name as a user name as it can lead to someone finding your other online accounts.
B. Email: Using a particularly important email address for this field can be dangerous in terms of Facebook security. This can lead to your email address being hacked or spammed in turn if your Facebook account is compromised. Consider using a separate email address for your Facebook account. (Gmail and Yahoo both offer free accounts)
C. Password: Likewise, using a Facebook password that is exactly the same as your email password or worse, online banking password is also a very, very bad security move. Use a completely different password for your Facebook account and use additional security elements like password length, incorporating special characters, numbers, etc.
D. Linked Accounts: Unless you want to compromise your other online accounts if your Facebook account gets hacked, it’s best to leave this option blank.
E. Privacy: This simply takes you to the privacy options page [which we will discuss later]
F. Account Security: This is actually a useful tool if you want to keep track of Facebook log-ins to your account from other computers. By checking the yes box, Facebook will send you an email notification every time your Facebook account is accessed from computers different from the one you have specified. You will also be able to see recent Facebook log in information on this section.
More recently, Facebook has also integrated an https function which enables data encryption while browsing on Facebook using unsecured internet connections. You can learn more about activating this feature here.
G. Download your Information: Here you can create a back-up of all the information posted on your Facebook profile. Because of the sensitive nature of the information contained in the download file, Facebook will require you to confirm your identity before allowing you to use this feature. Facebook will send an email to the address you have used during registration when you’re data is ready for download.
This is all the more reason why you should take all steps to secure your Facebook account as well as the connected email account. With this feature, it is now very easy for someone to have a copy of all your Facebook information with just one click.
F. Deactivate Account: Contrary to popular belief, deactivating your Facebook account does not mean that all your Facebook photos, connections, notes, etc are permanently erased from Facebook. Activating this feature will only mean that Facebook will make your profile hidden from all your connections until such time when you decide to reactivate it again.
Sometimes, Facebook users who thought they have already deleted their Facebook account receive emails from Facebook saying that their account has been reactivated. This means that someone else have been successful in cracking the account’s username and password.
To permanently delete your Facebook account, don’t use the deactivate account feature. You have to submit a request to Facebook using this link: https://www.facebook.com/help/contact.php?show_form=delete_account
Even then, your Facebook account will not be immediately deleted. Instead, your account will be first deactivated for 2 weeks, and if you DO NOT USE FACEBOOK IN ANY WAY during that time frame, that is when your account is permanently deleted.
F. Facebook Ads: One of the tabs in the account settings page. Here you are given the option of removing your profile from being used in third party application ads as well as Facebook ads shown to your friends. This is handy if you don’t want your Facebook friends knowing what ads you have liked or pages you have joined. Of course, you’ll also have to keep pages information private and do housekeeping on your wall’s recent activity.
III. Users’ Guide to Facebook’s Privacy Settings
The privacy settings in the account’s drop down menu give you the ability to control the amount of information you share within the Facebook network.
A. Basic Directory Information: the basic directory information is the first thing you will encounter in the Privacy setting’s page. By clicking on the view settings link, you will be taken to another page where you can customize the privacy settings presented below.
To Access: Account > Privacy Settings > View Settings [Connecting on Facebook/ A]
1. Search for me in Facebook: Who can search for you in Facebook? This can be set to everyone, friends of friends, friends only. Of course, if you want your Facebook network to be composed only of close friends, you can set this to friends only or friends of friends.
2. Send Me Friend Requests: The two options here are friends of friends and everyone. By setting this to everyone, you increase the possibility of unsavoury elements in Facebook connecting with you and harvesting your information. After all, users having pending friend requests with you will be able to see your public wall posts in their newsfeed. The drawback is the fact that friends who do not have immediate connections with you will not be able to send you a friend request.
3. Send Me Messages: Private messages are also one of the venues for the distribution of Facebook scams including phishing scams. You can choose to set this to Everyone, friends of friends and friends only.
4. See my Friends List: Options here are everyone, friends of friends, friends only and custom. By choosing the custom option, you can further restrict who can view your friends list to only you, hide your friends list from certain people or specify the people who can see your friends list. This is an important security option against identity theft as it does not give the scammer the information needed to connect with your friends using a fake account.
5. See my Education and Work: This information is dangerous in the hands of cyber criminals and can be used in identity theft and socially engineered attacks. Just like the previous example, you can set this option to everyone, friends of friends, friends only and custom.
6. See my Current City and Hometown: This is also one of those sensitive information that you should not post in Facebook or limit visibility to ‘only me’. This information can be used against you by stalkers, cyber criminals and online enemies. The options available to you here are the same as those for the education and work field.
7. See my Interests and Other Pages: This is another setting you might want to keep private or restricted to friends only. First and foremost, are you comfortable with potential employers coming across this information? Are there personal, religious or political pages/groups that you wouldn’t want your family or friends to know about? Moreover, having your interests and pages public will make it easy for identity thieves to know more about you.
Note that by default, your full name, profile picture, gender and networks are considered public information.
B. Sharing on Facebook
Just like the previous section, the sharing on Facebook section also gives you the ability to set the privacy of your information according to everyone, friend of friends, friends only and only me.
To Access: Account > Privacy Settings > Customize Settings [Sharing on Facebook / B]
Things I Share:
1. Posts by me: Here you can choose the default visibility of your wall posts, photos, notes, etc. You can also set it on a post per post basis. To be safe, you can set the default for this to friends only or friends falling under a particular list [custom option] and set otherwise for posts you may want to make public. Remember, things you share in your post can be used against you by scammers and through socially engineered attacks. Some Facebook scams and even burglaries are made possible because of the conversations posted on the wall of users.
Below are some of the other options under this section. You can set their visibility to everyone, friends of friends, friends only and your own custom setting using your friend lists. Remember though that most of the information below is best set to friends only or ‘only me’ as they can be used against you and could provide scammers information about your personal life. This goes especially for family and relationships, religious and political views, birthday, email address, phone number and home address.
2. Family and Relationships: Can be used to see who the people close to you are.
3. Bio and Favorite Quotations: Best set to friends only as this could be used by someone impersonating you to scam your friends.
4. Website: If you have a website or blog you want to advertise on your profile - put it here, otherwise you might want to set it to friends only.
5. Religious and Political Views: Do you want your potential employer to see this?
6. Birthday: This can be used for identity theft or to steal your Facebook account.
7. Places I Check into: Unless you’re a salesman or a businessman who needs this feature, this is best set to “only me”. Remember the website pleaserobme.com which advertised the names of people who were not home and thus susceptible to burglars?
8. Include me in People Here Now after I Check In: In line with the warning above, this is best left unchecked.
9. Photos/ Videos Album Privacy Settings: A Recent Privacy Upgrade on this section is the added ability of Facebook users to set privacy settings for existing photo albums and videos. Here you can restrict photo and video access and views to select friend lists such as close friends and family.
Things Others Share:
1. Photos and Videos I’m Tagged In: Could reveal sensitive information and thus best set to “only me”. An employee was fired because of a picture where she has been tagged showed her tattoo. You also have the option to untag yourself from any photo you think might be embarrassing.
2. Can Comment on Posts: The minimum setting you might want for this is friends only unless you use your FB profile for networking. Setting this feature to “only me” will prevent your friends from writing on your wall and commenting on your posts.
3. Friends can Post on my Wall: Enabling this setting makes your account vulnerable to scams through friends who had their accounts compromised or hijacked though. So be wary if you see friends posting weird links on your wall.
4. Can see Wall posts by Friends: Do you want others to see your conversations with your friends? This is best customized to include only your close friends. After all, you don’t want your gaming buddies to see your personal discussions right?
5. Friends can Check me in to Places: Best set to disabled.
6. Contact Information:
7. Email Addresses and IM: Again, making this information public will put your other online accounts at risk should your Facebook account be hacked.
8. Phone Numbers and Address: Do you want to make this information available to people you don’t know or applications made by companies you don’t know anything about? You should set this to ‘only me’ or not input any information at all.
C. Applications, Games and Websites
To Access: Account > Privacy Settings > Edit your Settings [ Apps, Games and Websites ]
Here you can set limits to how applications, games and websites interact with your Facebook profile.
1. Apps you Use: This part shows you a list of applications or games you are using or have used in the past. Be sure to remove applications that you’re not using anymore or those that you don’t recognize. Moreover, be sure to check application permissions to make sure that you are not giving away info that is not required to run the application.
To edit the settings on this feature, you can click on the edit settings button or the “Remove unwanted or spammy apps” link. Clicking these will, in turn, bring up this page:
Notice that the application above has requested for more than the minimum required permission to run the app. Additional privileges requested by the particular application are post to my wall, access posts in my news feed, access my data anytime and even access Facebook chat!
When you click on the “see details” link, you will be able to see the most recent information mined by a particular application. An example is posted below:
To remove an application, just click on the “x” button right next to the “edit settings” button.
2. Info Accessible through Your Friends: Here you can restrict information that applications your friends are using can pull from your account. This makes your Facebook account vulnerable to scams / identity theft through security lax friends. A recommended setting for this is to uncheck every box.
3. Game and Application Activity: You can use this to limit those who can view your recent game activity to friends who play the same game. Would you like your boss to see that you’ve been playing Farmville during office hours? This is best customized to appear on just your game buddies’ walls [assuming you have created a friend list for game buddies]
4. Instant Personalization: Instant personalization means that Facebook shares your information with partner sites like Yelp, Docs and Pandora. While having this option activated makes for a richer experience on these sites, this could also provide a backdoor for security breaches. After all, it was on the news recently that the Yelps website was compromised.
5. Public Search: Enabling this means that your Facebook profile appears in search engine results when your name is typed. Unless you have a good reason for wanting this, it’s best to disable this option.
D. Blocked Lists: Here, you can block users or applications from seeing, contacting you or getting information from you in Facebook.
To Access: Account > Privacy Settings > Edit your Lists [Blocked Lists / D ]
1. Blocked Users: You can input either the names or the email addresses of people you want to block.
2. Blocked Application Invites: Here you can block application invites from certain friends. This is a good move especially if certain friends have a history of their Facebook accounts being hacked or to restrict application invites to trusted friends only.
3. Block Event Invites: Same as above, only this one is for blocking event invites.
Facebook’s privacy and security features might not be perfect but setting them to the optimum will drastically reduce your chances of having a bad experience on this social networking site. Many people have already fallen victim to Facebook scams and have learned this basic lesson the hard way. Don’t be the next victim!