Select language / زبان خود را انتخاب کنيد

Social Media Security

USEFUL TIPS FOR USING FACEBOOK, TWITTER & CO. MORE SECURELY

Web surveillance has become a huge and advanced industry. From governments and intelligence services, through companies and advertisers, to criminals and hackers, more people than your think are interested in the information you post and view on Facebook, Twitter and other so-called social networking media. Below are some tips to help you protect yourself, as much as possible, when using these platforms.

1. Don’t use your personal Facebook and Twitter account for political activity.

Why? Because if your account is monitored or hacked, not only will your personal life be exposed, but also that of your family and friends.

2. Don’t use your real name, your personal email account or picture for your political Facebook and Twitter accounts. It’s safer to use a new, separate email account that you only use for your this purpose.

Why? Because if your Facebook or Twitter account is monitored or hacked, and you are using the same personal details, including your email address, for things like banking and other things that involve sensitive information, then the damage could be much greater. If you live in a country where online activity is heavily monitored by the state, using your real name, your picture and other personal details, such as your place and date of birth, might simply be a recipe for being caught or profiled very quickly.

Note that your name, your profile an cover pictures, and your ‘networks’ on Facebook are treated as ‘public information’ accessible by anyone, so changing your privacy settings does not affect these three things.

Note also that Facebook’s Terms of Services include a policy on names, which prohibits those who join the platform from using pseudonyms. But many people do, of course. Just make sure the name you choose sounds like a real one.

IMPORTANT: It may be wise to get a whole new phone and a new phone number to use for your political Facebook, Twitter, etc., especially if you’re using smart phones to access them. Social media platforms are increasingly hassling people about their phone number and linking this to other things they do, whether for marketing or monitoring purposes. On the plus side, it is sometimes useful to provide a phone number because it helps secure and retrieve your account in case anything happens.

If you do provide a phone number, Facebook has a feature for enhanced login security called ‘Login Approval’ (in the ‘Security’ tab in ‘Account Settings’). This requires you to enter a code sent to you via a text message if Facebook did not recognise the device you (or someone else!) are using to log in. This is useful to prevent your account from being hacked. There are also other features in there, such as ‘Trusted Contacts’, to help you reclaim a hacked account or if you forget your password.

3. Use a strong password and change it every now and then. Don’t use the same password for Facebook and Twitter that you use for other things. And remember to always log out when you finish your session.

SEE OUR COMPUTER SECURITY TIPS FOR MORE ON PASSWORDS.

4. Use a browser (preferably Mozilla Firefox) to log into Facebook and Twitter, rather than using special FB or Twitter apps (e.g. on smart phones).

Why? Because apps save passwords and other private information; they sometimes don’t allow you to log out; and many do not seem to use a secure connection (see the next tip below). So if your phone is lost, stolen or confiscated, all this information will be potentially compromised.

Of course apps do make life easier, but you should only use them if you can be sure that their privacy and security settings are as good as your secure browsing settings.

SEE OUR ONLINE SECURITY TIPS FOR MORE ON SECURE BROWSING.

IMPORTANT: The best way to ensure that you are browsing the web ‘privately’, i.e. without widgets and plugins sharing your data with social networking sites, is to use two separate browsers, say Chrome and Firefox, for example. Use the first one for all general web surfing (after clearing all your cookies and logging out of all social networks on this browser) and use the second only for Facebook, Twitter and other social networks (again, after clearing all cookies first). Do not use the second browser for any other web surfing. Also, on your first browser install plugins like Disconnect, which blocks all widgets from connecting to common social networking sites.

5. Always use a secure connection to connect to Facebook, Twitter, etc. (i.e. URLs that start with HTTPS rather than HTTP).

SEE OUR ONLINE SECURITY TIPS FOR MORE ON THIS.

How? In your Facebook’s Security Settings, you will notice an option that allows you to enable ‘secure browsing’. By enabling it, all your activity on Facebook will be over an encrypted connection from now on. Twitter uses an encrypted connection by default.

IMPORTANT: You should definitely enable this feature if you are using Facebook on public computers, such as in libraries and internet cafés, or if you are using public wi-fi access points. Even if you are connecting from home, it’s a good idea to enable it anyway.

6. Use anonymous browsing to connect to Facebook and Twitter.

Why? Even if you have secured yourself against intruders eavesdropping on your connection, Facebook & co. may still know exactly who you are, where you are, and what you are doing on their platforms. And from experience, these companies can hardly be trusted with not sharing this information with other ‘interested parties’. (Remember when Yahoo handed over critical information on Chinese dissidents, including their IP addresses and the content of their emails, to the Chinese government, leading to their prolonged imprisonment?)

In your Facebook’s Security Settings, you will notice, for example, that Facebook knows (and records) the geographical location from where you are logged in, based on your IP address, along with information about the device you are using to access your account (your web browser and operating system). You can see this in ‘Active Sessions’, the last field in the ‘Security Settings’ tab. If you download a copy of your Facebook data (which you should do regularly), you will find a log of all the locations from which you accessed your Facebook account. You can prevent Facebook from knowing this by using private or anonymous browsing.

SEE OUR ONLINE SECURITY TIPS FOR MORE ON ANONYMOUS BROWSING.

NOTE: The ‘Active Sessions’ feature is actually useful to check if anyone else has accessed your account. If you are not using Tor (as described in the above-mentioned anonymous browsing tip), you can check this field regularly to see if there have been any unusual locations or devices used to access your account that do not match yours (that probably means your account may have been hacked!). In this case, change your Facebook password and security questions immediately and notify all your Facebook contacts who may be at risk.

Whilst in there, delete all the previous sessions and enable ‘Login Notifications’, which notifies you, either by email or text message, whenever your account is accessed.

IMPORTANT: Note that if you use Tor or certain VPNs, Facebook may block you from your account because they may think it’s someone else trying to hack your account. If you really want to use them, it is recommended that you provide a phone number or other information to verify that it is you who is logging in.

7. Limit who can access your information on Facebook, Twitter, etc.

Why? Because privacy is security. Attitudes such as “But I don’t have anything to hide” ignore the fact that social networking platforms such as Facebook and Twitter are owned by massive private companies that make their money mainly by collecting information about users and selling it on to advertisers and God knows who. They also don’t really have any other guiding principles, so when a government or intelligence service cracks down on dissidents or targets someone using such platforms, these companies will often cave in and ‘collaborate’ in order to protect their commercial interests.

How? In your Facebook’s ‘Privacy Settings’: Set ‘Who can see my stuff’ to ‘Friends’; Limit the audience for your old posts; Set ‘Who can contact me’ to ‘Friends of friends’; Choose ‘Strict filtering’ for your messages; Set ‘Who can look me up?’ to ‘Friends’; and Turn off the option allowing search engines to link to your Timeline.

In the ‘Timeline and Tagging’ tab : Set ‘Who can add things to my timeline?’ and ‘Who can see things on my timeline?’ to ‘Friends’; Enable the ‘Review posts friends tag you in before they appear on your timeline?’ option; and View how your Timeline looks to the public and to your friends.

In the ‘Followers’ tab, set ‘Who Can Follow Me?’ to ‘Friends’ or ‘Friends of friends’, unless you want to enable other people (‘Everyone’) to follow your public posts (News Feed).

In the ‘Apps’ tab, turn the platform off completely. This will prevent apps from storing and using your Facebook information and activity. If the platform is turned on, make sure you untick all the things that other apps and sites use but you don’t want them to, and disable ‘Instant Personalization’ (this collects a lot of information of your Facebook activity).

In the ‘Ads’ tab, set the ‘Third Party Sites’ and ‘Ads and Friends’ sharing options to ‘No one’. This will prevent your Facebook information and activity from being used in ‘targeted advertising’.

IMPORTANT: An important setting that is often overlooked (and is annoyingly hidden away in a confusing place!) is limiting who can see your Friends and Following lists. To change this, go to your Timeline (by clicking on your name in the top bar), then click on the ‘Friends’ link at the top of your friends box. Click the Edit button in the top corner (looks like a pencil) and select ‘Edit privacy’. Here, set all three options (who can see your friends list, the people and lists you follow, and people who follow you) to ‘Only me’.

Finally, go to your Timeline again (by clicking on your name in the top bar) and click on the ‘Update Info’ link on the cover photo. Set all the sharing options (by clicking the editing pencil button) of each section there to ‘Me only’, or to ‘Friends’ if you know and trust everyone on your friends list and want to share this information with them. But remember, if a friend’s FB account gets hacked, then the information that you thought was not public but only shared with friends might be compromised. The important thing is not to set any of these options to ‘Public’, especially the ‘Likes’ section, and to not display your personal details, such as your email address and date of birth, on your timeline. And obviously do not enter your real or complete address.

If you don’t want the photos you upload to Facebook to be publicly accessible, you have to change their visibility settings separately. Go to your Timesline, then click on the ‘Photos’ link under your cover picture. Click on the edit pencil icon and select ‘See Photos hidden from Timeline’. In there, you can change the visibility setting for each album or picture you have uploaded. It’s recommended to set them all to ‘Friends’, especially your personal/profile pictures.

Twitter has similar – though less complicated and confusing – privacy settings to the ones discussed above.

Remember: even if no one else but yourself can see your Facebook or Twitter information, Facebook and Twitter themselves still have access to it. You should not assume that they would never share it with governments and intelligence services if asked for it. History proves the opposite.

8. Liking and following pages:

The list of pages you are affiliated with on Facebook (by ‘liking’ them) is considered public information and is normally accessible to anyone, including people you are not friends with, advertisers and so on. But you can at least hide this information away so that it is not readily available to curious intruders.

Why? In countries where political repression and online surveillance are a big issue, being affiliated with a dissident Facebook page may put you at risk, or at least highlight you as a potential target.

How? The privacy and visibility settings of your public profile include settings for your ‘Likes’. Go to your Timeline (by clicking on your name in the top bar) and click on the ‘Update Info’ link on the cover photo. Click on the edit pencil icon in the top-right corner of the page and select ‘Manage Sections’. In the pop-up window, you can untick ‘Likes’, ‘Events’, ‘Groups’ and any other section that you do not want to show on your public profile page. For the sections that you do choose to show, you can change their privacy settings (who can view this type of information) by clicking the edit button for that section on your profile page and editing the ‘privacy settings’, as explained in the previous tip. For example, you can show your personal and family details only to your ‘close friends’, or hide it from certain friends that you can specify, or you can choose to make the information visible to ‘Only Me’, which is always the safest option.

To double-check what information others can see about you, click the ‘Preview my profile’ link to see what your profile looks like to your Facebook friends, the public and so on. There are also websites, such as Reclaim Privacy, that provide independent and open tools for scanning your Facebook privacy settings.

9. Think carefully before you post, like or share anything, especially about who should or shouldn’t see it.

How? You can now change the sharing or audience option on each individual Facebook post from a drop-down menu provided within the ‘Update Status’ box. When in doubt, use the ‘Preview my profile’ link on any privacy setting page to check how your information appears to others. The ‘Protected my Tweets’ feature in Twitter provides a similar – though not individualised – option. If enabled, your tweets will only be visible to your approved Twitter followers.

Likewise, think carefully about who you allow to become a ‘friend’ or a ‘follower’, because once you’ve accepted someone’s friendship request, they can access any information you’d set as viewable by your friends. Of course you can always remove friends and block people, but it’s better to be careful from the beginning.

10. Make sure you know and understand what information Facebook, Twitter, etc. collect on you when you use them. You can do this by reading their privacy policies, as well as online privacy and security guides like this one.

For example, according to its latest privacy policy, Facebook collects information on you including your Facebook activities, such as adding a friend, creating a photo album, ‘liking’ other people’s posts or sharing links, pictures and videos. It also collects information on where you access Facebook from, with what sort of compute or cell phone, your exact location (your IP address), cookies, as well as information on other Facebook users who interact with you.

11. Logging in and out: Always remember to double-check that the web address (URL) you are using to log into Facebook, Twitter, etc. is the correct one (https://www.facebook.com, https://twitter.com), just in case you had been directed to a fake login page through a link (this is called ‘phishing’). And check there is an S or a lock sign at the beginning of the address bar (i.e. you are on an encrypted connection).

When you finish, always remember to log or sign out, rather than just closing the page or the web browser. If you want to be ultra sure that no one else can use your Facebook or Twitter account, you can deactivate your whole account each time you are finished with your session, then reactivate it next time you log in. You can do this from the ‘Security Settings’ page in Facebook, and in the general ‘Account Settings’ page in Twitter. Deactivation does not delete your account; it just removes your profile and the content associated it from Facebook or Twitter.

12. Prepare yourself for a world without Facebook and Twitter!

Your Facebook posts and Tweets, your contacts and everything else you do whilst using these platforms is stored on their servers, not yours. So if your account gets hacked one day, or is suspended for violating their terms and conditions, then you will find yourself having lost all that information. Well, unless you’ve backed it up!

How? In Facebook, on the ‘General Account Settings’ page, you can ‘download a copy of your Facebook data’. It’s recommended to do that on a regular basis. Similarly in Twitter, on the general account settings page, you can ‘request your Twitter archive’, which includes all your Tweets. There are also independent sites and programmes, such as SocialSafe and ArchiveBook, that do this.

More importantly, perhaps, you should not be totally dependent on these platforms in everything you do. Be prepared for a day when Facebook and Twitter are blocked, or simply the internet is cut off altogether. Would you stop doing political activism then or do you have alternative plans in place?

 

Further reading:

– ‘How to Protect Your Private Information on Facebook’: http://www.wikihow.com/Protect-Your-Private-Information-on-Facebook

– ‘Facebook Security Best Practices’: http://www.sophos.com/en-us/security-news-trends/best-practices/facebook.aspx

– ‘How to organize on Facebook securely’: http://www.movements.org/how-to/entry/organize-on-facebook-securely/

– ‘Facebook Privacy Toolbox’: https://socialsourcecommons.org/toolbox/show/2176

– Also check Facebook’s and Twitter’s own ‘safety tools’, e.g. https://www.facebook.com/safety/tools/

 

 

Daily Beast article based on Naame Shaam’s report: ‘Will Iran Sell Out Al Qaeda for Nukes?’

Daily Beast article based on Naame Shaam’s report: ‘Will Iran Sell Out Al Qaeda for Nukes?’

A Daily Beast article on 25 September 2014, based on Naame Shaam’s forthcoming report on ‘Iran in Syria’. Quote: “Naame Shaam has produced a 105-page report on Iran’s mischief inside Syria and its ties to al Qaeda, al Nusra, and ISIS. Al Qaeda and ISIS are under […]

Read more

New global campaign to end indiscriminate bombing of civilians in Syria

New global campaign to end indiscriminate bombing of civilians in Syria

A global coalition of over 130 human rights organisations and NGOs have launched a campaign to pressure world leaders to “act now to end bombing of Syrian civilians.” In February 2014, the UN Security Council demanded that indiscriminate attacks in Syria are stopped and promised to take […]

Read more

Evidence suggests Sepah Pasdaran may have played role in 2013 Ghouta chemical attack in Syria

Evidence suggests Sepah Pasdaran may have played role in 2013 Ghouta chemical attack in Syria

Evidence suggests Sepah Pasdaran may have played role in 2013 Ghouta chemical attack in Syria Naame Shaam calls for international investigations to examine possible complicity of Sepah Qods chief Qassem Soleimani Tehran/Damascus, 19 August 2014 – On the first anniversary of the Ghouta chemical attack in Syria, […]

Read more

Petition demanding international investigation and trial of perpetrators of Ghouta chemical massacre, including Sepah Pasdaran

Petition demanding international investigation and trial of perpetrators of Ghouta chemical massacre, including Sepah Pasdaran

Naame Shaam has co-signed this petition, which appeals to the International Criminal Court  prosecutor Fatou Bensoud to conduct investigations into the 2013 chemical gas attack in al-Ghouta, Syria, and refer those responsible to the International Criminal Court, “starting from the head of the [Syrian] regime and ending […]

Read more

Extension of Iran nuclear talks ‘a license for continued bloodshed’ in Syria, Iraq, Lebanon and Palestine

Extension of Iran nuclear talks ‘a license for continued bloodshed’ in Syria, Iraq, Lebanon and Palestine

Tehran/Damascus/Beirut, 21 July 2014 – The decision on Sunday to extend nuclear negotiations between Iran and the P5+1 powers is effectively granting the Iranian regime a free license to carry on with its murderous adventures in Syria, Iraq, Lebanon and Palestine, the campaign group Naame Shaam said […]

Read more

Naame Shaam: UN Security Council resolution on limited aid access to Syria ‘toothless’

Naame Shaam: UN Security Council resolution on limited aid access to Syria ‘toothless’ Syrian opposition should pressure allies to propose another resolution under Chapter VII Tehran/Damascus, 14 July 2014 – Today’s UN Security Council resolution authorising aid access to rebel-held areas in Syria is “toothless,” the campaign […]

Read more

Forget the Syrian army, it’s all Iranian Basij now

Forget the Syrian army, it’s all Iranian Basij now

A senior Sepah Pasdaran commander has made yet another embarrassing revelation about the extent of the Iranian regime’s military involvement in Syria. Brig. Gen. Hossein Hamedani, who oversees the operations of Sepah Pasdaran (The Iranian Revolutionary Guards) in Syria, claimed in a recent speech that Basij forces […]

Read more

Naame Shaam calls on US and European foreign ministries to link talks on Iran’s nuclear programme with human rights situation in Iran and Iran’s involvement in Syria, Iraq and Lebanon

Naame Shaam calls on US and European foreign ministries to link talks on Iran’s nuclear programme with human rights situation in Iran and Iran’s involvement in Syria, Iraq and Lebanon

Tehran/Damascus/Beirut, 7 July 2014 – The campaign group Naame Shaam today appealed to four of the P5+1 powers to link their negotiations with Iran about the latter’s nuclear programme with the human rights situation in Iran and with the role of the Iranian regime in Syria, Iraq and […]

Read more

Open letter to foreign ministers: Link nuclear talks with Iran’s role in Sryia, Iraq and Lebanon

Open letter to foreign ministers: Link nuclear talks with Iran’s role in Sryia, Iraq and Lebanon

Open letter from Naame Shaam to the foreign ministries and embassies in Vienna and Geneva of the US, France, UK and Germany – four of the P5+1 powers negotiating with Iran about its nuclear programme   Tehran/Damascus/Beirut, 7 July 2014   Your Excellency, US Secretary of State […]

Read more

Broad coalition opposes UK decision to re-establish ties with Iranian regime

Broad coalition opposes UK decision to re-establish ties with Iranian regime

Naame Shaam was among a group of Iranian, Arab and Western activists and groups who published an open letter in the Guardian newspaper on 26 June 2014, criticising the British government’s decision to reestablish diplomatic ties with the Iranian regime. Below is the full text of the […]

Read more
Page 6 of 28« First...45678...20...Last »