Select language / زبان خود را انتخاب کنيد

Social Media Security

USEFUL TIPS FOR USING FACEBOOK, TWITTER & CO. MORE SECURELY

Web surveillance has become a huge and advanced industry. From governments and intelligence services, through companies and advertisers, to criminals and hackers, more people than your think are interested in the information you post and view on Facebook, Twitter and other so-called social networking media. Below are some tips to help you protect yourself, as much as possible, when using these platforms.

1. Don’t use your personal Facebook and Twitter account for political activity.

Why? Because if your account is monitored or hacked, not only will your personal life be exposed, but also that of your family and friends.

2. Don’t use your real name, your personal email account or picture for your political Facebook and Twitter accounts. It’s safer to use a new, separate email account that you only use for your this purpose.

Why? Because if your Facebook or Twitter account is monitored or hacked, and you are using the same personal details, including your email address, for things like banking and other things that involve sensitive information, then the damage could be much greater. If you live in a country where online activity is heavily monitored by the state, using your real name, your picture and other personal details, such as your place and date of birth, might simply be a recipe for being caught or profiled very quickly.

Note that your name, your profile an cover pictures, and your ‘networks’ on Facebook are treated as ‘public information’ accessible by anyone, so changing your privacy settings does not affect these three things.

Note also that Facebook’s Terms of Services include a policy on names, which prohibits those who join the platform from using pseudonyms. But many people do, of course. Just make sure the name you choose sounds like a real one.

IMPORTANT: It may be wise to get a whole new phone and a new phone number to use for your political Facebook, Twitter, etc., especially if you’re using smart phones to access them. Social media platforms are increasingly hassling people about their phone number and linking this to other things they do, whether for marketing or monitoring purposes. On the plus side, it is sometimes useful to provide a phone number because it helps secure and retrieve your account in case anything happens.

If you do provide a phone number, Facebook has a feature for enhanced login security called ‘Login Approval’ (in the ‘Security’ tab in ‘Account Settings’). This requires you to enter a code sent to you via a text message if Facebook did not recognise the device you (or someone else!) are using to log in. This is useful to prevent your account from being hacked. There are also other features in there, such as ‘Trusted Contacts’, to help you reclaim a hacked account or if you forget your password.

3. Use a strong password and change it every now and then. Don’t use the same password for Facebook and Twitter that you use for other things. And remember to always log out when you finish your session.

SEE OUR COMPUTER SECURITY TIPS FOR MORE ON PASSWORDS.

4. Use a browser (preferably Mozilla Firefox) to log into Facebook and Twitter, rather than using special FB or Twitter apps (e.g. on smart phones).

Why? Because apps save passwords and other private information; they sometimes don’t allow you to log out; and many do not seem to use a secure connection (see the next tip below). So if your phone is lost, stolen or confiscated, all this information will be potentially compromised.

Of course apps do make life easier, but you should only use them if you can be sure that their privacy and security settings are as good as your secure browsing settings.

SEE OUR ONLINE SECURITY TIPS FOR MORE ON SECURE BROWSING.

IMPORTANT: The best way to ensure that you are browsing the web ‘privately’, i.e. without widgets and plugins sharing your data with social networking sites, is to use two separate browsers, say Chrome and Firefox, for example. Use the first one for all general web surfing (after clearing all your cookies and logging out of all social networks on this browser) and use the second only for Facebook, Twitter and other social networks (again, after clearing all cookies first). Do not use the second browser for any other web surfing. Also, on your first browser install plugins like Disconnect, which blocks all widgets from connecting to common social networking sites.

5. Always use a secure connection to connect to Facebook, Twitter, etc. (i.e. URLs that start with HTTPS rather than HTTP).

SEE OUR ONLINE SECURITY TIPS FOR MORE ON THIS.

How? In your Facebook’s Security Settings, you will notice an option that allows you to enable ‘secure browsing’. By enabling it, all your activity on Facebook will be over an encrypted connection from now on. Twitter uses an encrypted connection by default.

IMPORTANT: You should definitely enable this feature if you are using Facebook on public computers, such as in libraries and internet cafés, or if you are using public wi-fi access points. Even if you are connecting from home, it’s a good idea to enable it anyway.

6. Use anonymous browsing to connect to Facebook and Twitter.

Why? Even if you have secured yourself against intruders eavesdropping on your connection, Facebook & co. may still know exactly who you are, where you are, and what you are doing on their platforms. And from experience, these companies can hardly be trusted with not sharing this information with other ‘interested parties’. (Remember when Yahoo handed over critical information on Chinese dissidents, including their IP addresses and the content of their emails, to the Chinese government, leading to their prolonged imprisonment?)

In your Facebook’s Security Settings, you will notice, for example, that Facebook knows (and records) the geographical location from where you are logged in, based on your IP address, along with information about the device you are using to access your account (your web browser and operating system). You can see this in ‘Active Sessions’, the last field in the ‘Security Settings’ tab. If you download a copy of your Facebook data (which you should do regularly), you will find a log of all the locations from which you accessed your Facebook account. You can prevent Facebook from knowing this by using private or anonymous browsing.

SEE OUR ONLINE SECURITY TIPS FOR MORE ON ANONYMOUS BROWSING.

NOTE: The ‘Active Sessions’ feature is actually useful to check if anyone else has accessed your account. If you are not using Tor (as described in the above-mentioned anonymous browsing tip), you can check this field regularly to see if there have been any unusual locations or devices used to access your account that do not match yours (that probably means your account may have been hacked!). In this case, change your Facebook password and security questions immediately and notify all your Facebook contacts who may be at risk.

Whilst in there, delete all the previous sessions and enable ‘Login Notifications’, which notifies you, either by email or text message, whenever your account is accessed.

IMPORTANT: Note that if you use Tor or certain VPNs, Facebook may block you from your account because they may think it’s someone else trying to hack your account. If you really want to use them, it is recommended that you provide a phone number or other information to verify that it is you who is logging in.

7. Limit who can access your information on Facebook, Twitter, etc.

Why? Because privacy is security. Attitudes such as “But I don’t have anything to hide” ignore the fact that social networking platforms such as Facebook and Twitter are owned by massive private companies that make their money mainly by collecting information about users and selling it on to advertisers and God knows who. They also don’t really have any other guiding principles, so when a government or intelligence service cracks down on dissidents or targets someone using such platforms, these companies will often cave in and ‘collaborate’ in order to protect their commercial interests.

How? In your Facebook’s ‘Privacy Settings’: Set ‘Who can see my stuff’ to ‘Friends’; Limit the audience for your old posts; Set ‘Who can contact me’ to ‘Friends of friends’; Choose ‘Strict filtering’ for your messages; Set ‘Who can look me up?’ to ‘Friends’; and Turn off the option allowing search engines to link to your Timeline.

In the ‘Timeline and Tagging’ tab : Set ‘Who can add things to my timeline?’ and ‘Who can see things on my timeline?’ to ‘Friends’; Enable the ‘Review posts friends tag you in before they appear on your timeline?’ option; and View how your Timeline looks to the public and to your friends.

In the ‘Followers’ tab, set ‘Who Can Follow Me?’ to ‘Friends’ or ‘Friends of friends’, unless you want to enable other people (‘Everyone’) to follow your public posts (News Feed).

In the ‘Apps’ tab, turn the platform off completely. This will prevent apps from storing and using your Facebook information and activity. If the platform is turned on, make sure you untick all the things that other apps and sites use but you don’t want them to, and disable ‘Instant Personalization’ (this collects a lot of information of your Facebook activity).

In the ‘Ads’ tab, set the ‘Third Party Sites’ and ‘Ads and Friends’ sharing options to ‘No one’. This will prevent your Facebook information and activity from being used in ‘targeted advertising’.

IMPORTANT: An important setting that is often overlooked (and is annoyingly hidden away in a confusing place!) is limiting who can see your Friends and Following lists. To change this, go to your Timeline (by clicking on your name in the top bar), then click on the ‘Friends’ link at the top of your friends box. Click the Edit button in the top corner (looks like a pencil) and select ‘Edit privacy’. Here, set all three options (who can see your friends list, the people and lists you follow, and people who follow you) to ‘Only me’.

Finally, go to your Timeline again (by clicking on your name in the top bar) and click on the ‘Update Info’ link on the cover photo. Set all the sharing options (by clicking the editing pencil button) of each section there to ‘Me only’, or to ‘Friends’ if you know and trust everyone on your friends list and want to share this information with them. But remember, if a friend’s FB account gets hacked, then the information that you thought was not public but only shared with friends might be compromised. The important thing is not to set any of these options to ‘Public’, especially the ‘Likes’ section, and to not display your personal details, such as your email address and date of birth, on your timeline. And obviously do not enter your real or complete address.

If you don’t want the photos you upload to Facebook to be publicly accessible, you have to change their visibility settings separately. Go to your Timesline, then click on the ‘Photos’ link under your cover picture. Click on the edit pencil icon and select ‘See Photos hidden from Timeline’. In there, you can change the visibility setting for each album or picture you have uploaded. It’s recommended to set them all to ‘Friends’, especially your personal/profile pictures.

Twitter has similar – though less complicated and confusing – privacy settings to the ones discussed above.

Remember: even if no one else but yourself can see your Facebook or Twitter information, Facebook and Twitter themselves still have access to it. You should not assume that they would never share it with governments and intelligence services if asked for it. History proves the opposite.

8. Liking and following pages:

The list of pages you are affiliated with on Facebook (by ‘liking’ them) is considered public information and is normally accessible to anyone, including people you are not friends with, advertisers and so on. But you can at least hide this information away so that it is not readily available to curious intruders.

Why? In countries where political repression and online surveillance are a big issue, being affiliated with a dissident Facebook page may put you at risk, or at least highlight you as a potential target.

How? The privacy and visibility settings of your public profile include settings for your ‘Likes’. Go to your Timeline (by clicking on your name in the top bar) and click on the ‘Update Info’ link on the cover photo. Click on the edit pencil icon in the top-right corner of the page and select ‘Manage Sections’. In the pop-up window, you can untick ‘Likes’, ‘Events’, ‘Groups’ and any other section that you do not want to show on your public profile page. For the sections that you do choose to show, you can change their privacy settings (who can view this type of information) by clicking the edit button for that section on your profile page and editing the ‘privacy settings’, as explained in the previous tip. For example, you can show your personal and family details only to your ‘close friends’, or hide it from certain friends that you can specify, or you can choose to make the information visible to ‘Only Me’, which is always the safest option.

To double-check what information others can see about you, click the ‘Preview my profile’ link to see what your profile looks like to your Facebook friends, the public and so on. There are also websites, such as Reclaim Privacy, that provide independent and open tools for scanning your Facebook privacy settings.

9. Think carefully before you post, like or share anything, especially about who should or shouldn’t see it.

How? You can now change the sharing or audience option on each individual Facebook post from a drop-down menu provided within the ‘Update Status’ box. When in doubt, use the ‘Preview my profile’ link on any privacy setting page to check how your information appears to others. The ‘Protected my Tweets’ feature in Twitter provides a similar – though not individualised – option. If enabled, your tweets will only be visible to your approved Twitter followers.

Likewise, think carefully about who you allow to become a ‘friend’ or a ‘follower’, because once you’ve accepted someone’s friendship request, they can access any information you’d set as viewable by your friends. Of course you can always remove friends and block people, but it’s better to be careful from the beginning.

10. Make sure you know and understand what information Facebook, Twitter, etc. collect on you when you use them. You can do this by reading their privacy policies, as well as online privacy and security guides like this one.

For example, according to its latest privacy policy, Facebook collects information on you including your Facebook activities, such as adding a friend, creating a photo album, ‘liking’ other people’s posts or sharing links, pictures and videos. It also collects information on where you access Facebook from, with what sort of compute or cell phone, your exact location (your IP address), cookies, as well as information on other Facebook users who interact with you.

11. Logging in and out: Always remember to double-check that the web address (URL) you are using to log into Facebook, Twitter, etc. is the correct one (https://www.facebook.com, https://twitter.com), just in case you had been directed to a fake login page through a link (this is called ‘phishing’). And check there is an S or a lock sign at the beginning of the address bar (i.e. you are on an encrypted connection).

When you finish, always remember to log or sign out, rather than just closing the page or the web browser. If you want to be ultra sure that no one else can use your Facebook or Twitter account, you can deactivate your whole account each time you are finished with your session, then reactivate it next time you log in. You can do this from the ‘Security Settings’ page in Facebook, and in the general ‘Account Settings’ page in Twitter. Deactivation does not delete your account; it just removes your profile and the content associated it from Facebook or Twitter.

12. Prepare yourself for a world without Facebook and Twitter!

Your Facebook posts and Tweets, your contacts and everything else you do whilst using these platforms is stored on their servers, not yours. So if your account gets hacked one day, or is suspended for violating their terms and conditions, then you will find yourself having lost all that information. Well, unless you’ve backed it up!

How? In Facebook, on the ‘General Account Settings’ page, you can ‘download a copy of your Facebook data’. It’s recommended to do that on a regular basis. Similarly in Twitter, on the general account settings page, you can ‘request your Twitter archive’, which includes all your Tweets. There are also independent sites and programmes, such as SocialSafe and ArchiveBook, that do this.

More importantly, perhaps, you should not be totally dependent on these platforms in everything you do. Be prepared for a day when Facebook and Twitter are blocked, or simply the internet is cut off altogether. Would you stop doing political activism then or do you have alternative plans in place?

 

Further reading:

– ‘How to Protect Your Private Information on Facebook’: http://www.wikihow.com/Protect-Your-Private-Information-on-Facebook

– ‘Facebook Security Best Practices’: http://www.sophos.com/en-us/security-news-trends/best-practices/facebook.aspx

– ‘How to organize on Facebook securely’: http://www.movements.org/how-to/entry/organize-on-facebook-securely/

– ‘Facebook Privacy Toolbox’: https://socialsourcecommons.org/toolbox/show/2176

– Also check Facebook’s and Twitter’s own ‘safety tools’, e.g. https://www.facebook.com/safety/tools/

 

 

As the world celebrates Press Freedom Day, tens of Syrian journalists languish in prison

As the world celebrates Press Freedom Day, tens of Syrian journalists languish in prison

May 3rd marked the World Press Freedom Day. As the world celebrated this important day for journalism, tens of Syrian media workers and citizen-journalists continued to be incarcerated in Syrian regime prisons, almost forgotten by the rest of the world. Since the early days of the Syrian […]

Read more

One year on the al-Bayda and Banyas massacres: Who’s ultimately responsible?

One year on the al-Bayda and Banyas massacres: Who’s ultimately responsible?

This week marks the first anniversary of the al-Bayda and Baniyas massacres, where Syrian regime forces executed at least 248 unarmed civilians with cold blood. The executions were one of the first and deadliest instances of mass murder since the start of the Syrian revolution in March […]

Read more

60% of old Aleppo completely destroyed

60% of old Aleppo completely destroyed

More than 60% of the old city of Aleppo has been completely destroyed by the Syrian regime’s air strikes and barrel bombs. That’s 2,000 years of history wiped out, thanks to Ayatollah Khamenei’s adventure in Syria.          

Read more

Kasab: How Armenians fell for Syrian regime propaganda

Kasab: How Armenians fell for Syrian regime propaganda

Dozens of Armenians held a demonstration in front of the UN mission in Tehran on 16 April 2014. They were protesting against alleged massacres committed by Syrian rebels against the Armenian residents of the northern town of Kasab in March 2014. [1] Similar protests had been held […]

Read more

Obama: Syria is bleeding Iran

Obama: Syria is bleeding Iran

Even Obama has got it: “I’m always darkly amused by this notion that somehow Iran has won in Syria. I mean, you hear sometimes people saying, “They’re winning in Syria.” And you say, “This was their one friend in the Arab world, a member of the Arab […]

Read more

Leaked documents confirm Syrian regime’s infiltration of Al-Qaeda offshoot

Leaked documents confirm Syrian regime’s infiltration of Al-Qaeda offshoot

2,500 trained Shia ‘volunteers’ ready to join ISIS and other ‘Sunni’ terrorist groups   Internal Syrian state security documents leaked to the media have provided further proof that some Islamist terrorist groups fighting in Syria, particularly the Al-Qaeda offshoot the Islamic State in Iraq and Sham (ISIS), […]

Read more

Revealed: Hezbollah fighters sent to Syria are trained in Iran

Revealed: Hezbollah fighters sent to Syria are trained in Iran

Hezbollah fighter: ‘We lead the way in battle and train Syrian soldiers’ A recent report by the news agency AFP, based on interviews with Hezbollah Lebanon members, reveals details of the training programmes that the group’s fighters undergo before going to fight in Syria: “Initial training for […]

Read more

Hezbollah is ‘hiding’ its Syria martyrs’ corpses to not admit greater losses

A big number of [corpses of] Hezbollah members who were killed in al-Qusayr are still in corpse refrigerators and Hezbollah cannot take them out. It is important to distinguish between the Shia and Hezbollah, because many honourable [Shiites] are opposed to Hezbollah and strongly refuse to send […]

Read more

Posters of Hezbollah’s Syria ‘martyrs’ fill Beirut streets

Posters of Hezbollah’s Syria ‘martyrs’ fill Beirut streets

Naame Shaam’s correspondent in Beirut had a little tour of several predominately Shia districts in the Lebanese capital last week. In one area, near the Amiliyeh school, within just 20 meters he saw posters of three Hezbolah and one Amal ‘martyrs’ who had died in Syria. Local […]

Read more

Why Bashar al-Assad’s elections are a ‘cruel joke’

Why Bashar al-Assad’s elections are a ‘cruel joke’

As the Syrian regime announced its plans to hold presidential elections in June 2014, the Huffington Post published a good summary of why this is “another cruel joke played on Syria’s suffering population.” The five reasons listed by Eline Gordts’ article, which was published on 21 April […]

Read more
Page 11 of 28« First...910111213...20...Last »