Friday, July 17, 2009

How Safe is it to Use Facebook?

Despite a humble population of approximately 30 million people, Canadians have been the strongest supporters of Facebook. In recent months the balance may have tipped as other larger population bases came online. Additionally, Canada is a country that has a strong reputation for good governance. So it is significant when the Privacy Commissioner's office of Canada puts out a challenge to Facebook.

Initial report regarding complaint.

Facebook Controversy.

When you read these articles you will see that the complaints and requirements are reasonable and Facebook would do well to pay attention. As mentioned in one of the articles, the laws in Canada are very similar to Europe.

I expected to find many of my Canadian contacts on Facebook removing their pages this morning following wide coverage of this story. If you haven't given this issue much thought, this type of news report could be alarming.

See coverage from CBC's The National.

A few years back, while working in a research job for a major Canadian University, my personnel file was stolen. Soon thereafter someone lost one of the banking cheques I gave him. A month later Romanian mafia stole my wallet and credit card right under my nose. "Right. That's it", I thought. " The Eastern European mafia will have splattered my personal details, including my social insurance number, all over the Internet." I contacted my banks and placed extra security on my banking information. I also advised the credit bureaus. In fact, my own approach to privacy on the Internet has been relatively cautious, so in this regard I didn't make any changes.

For more information on cyber hackers and internet sleuths see a Doc Zone documentary on the topic.

You just might stay awake all night worrying, after watching this type of news show.

If I were to leave Facebook, or if Facebook decided to share my information with a Third Party, what exactly would they be sharing?

I haven't provided my phone number, place of residence, place of work, or main Email address. I always use "junk E-mail" accounts for such purposes. These are E-mail accounts that may attract junk mail. I don't care. They're not my primary address. All Facebook needs to know is that I'm 18 plus. Even then, I'm not sure that this is a requirement as many teenagers use Facebook. You will not see my date of birth on my information page.

As for content on my wall, if someone wants to try and "sink" me professionally or personally because I've shared some Martha Stewart recipes please, go ahead and make my day. I'd like to see how that initiative would go down.

If I were concerned that colleagues might use content on my FB page against me, I simply wouldn't connect to colleagues' pages.

On the other hand, I'm not going to put radical thoughts or socially provocative information on my site. I keep those conversations for face-to-face conversations.

If someone takes issue with the fact that I may have shared information supporting the anti human trafficking movement, for example, let that person try to use this information against me. I would appreciate the opportunity to promote the cause.

So in terms of sharing my information with third parties, or using information on my site against me, there isn't much juice as far as my profile is concerned.

As it currently stands, I know that if I want to fully erase my FB account, I would need to manually remove all entries before leaving FB. With the currently challenge coming from Canada, I expect the process will be tightened up. Any personal data such as birthdate would remain with FB it seems.

Until then, will I be unduly stressed about using FB? No. The benefits outweigh the concerns. We live in a time when people are so afraid to express themselves for fear of being targeted or "outed". I also grew up in a "hush hush" environment where I was cautioned from an early age to not have "loose lips". In my current daily life and humble existence, I disagree with that type of climate and will engage in any activity that challenges such a notion.

Ten Privacy Settings Every Facebook User Should Know

... previous posting that isn't about security concerns, but looks at how you can handle your profile:


Facebook Security and Privacy Tips

In addition to FB security tips (see below), here are a few security / privacy tips I've encountered.

- You've used the Internet long enough to be able to sniff out a scam. If you receive a FB mail from a friend that looks pre-packaged, sketchy and has no personal touches, chances are it's a scam. Don't click on the link. Press delete.

- If you are sharing links with friends, put enough personal touches in the content so that they know it's legitimate.

- If you suspect your non FB Email address list has been trolled and is sending out spam related to FB content, take action and investigate.

- Some FB ads lead to shifty pages that can have viruses. Unless you have a rock solid virus scan on your system, avoid clicking on FB ads.

- Do not accept friend requests from people you don't know unless there is a logical reason to do so. Consider giving that person a limited view of your profile.

- Avoid providing FB with your actual birthdate, primary Email address, phone numbers, place of residence and work.

- Read through every option under Settings. Make sure you understand what each option means.

- To prevent your image from being used in FB ads, click on Settings -> Privacy -> News Feed and Wall -> Facebook Ads -> Appearance in Facebook Ads. Select No One.

- Whenever you save something on FB - eg a Note - look for the click down option to choose who can see it. EG friends only or friends of friends. If you are not fond of your ex boyfriend and he is a friend of a friend, you will want to select "Only Friends". That way if your friend comments on your note, it won't be referenced on your ex's home page.

- Consider using the customize option more often. You may only want a handful of friends to see a photo album, for example.

- Learn how to customize who sees what on your wall. Does your whole University network need to have access to a specific photo album? How about friends of friends? Do you want everyone on your list to see your bridal shower photos? Do you want everyone on FB to see your friend list when they search out your name? Do you want your profile appearing on Google search? Do you want all your friends to see your status updates?

See the Facebook security page for more details:


The following tips are from the Facebook security page:


When we talk about security, we're talking about scams, viruses, and hacks that could infect your computer or your Facebook account and result in a lot of annoyance for you and your friends. When your login information is stolen, this is often known as phishing.

Security isn't just an issue on Facebook, but all over the web, which is why it's important to be aware online, and to learn how to protect your accounts and your computer.

Here are some ways to be smart and aware on Facebook:

If a link or message seems weird, don't click on it. This is true of all spam—whether a chain letter, an ad, or a phishing scam. If it seems weird for an old friend to write on your Wall and post a link, that friend may have gotten phished. Let the person know, and don't click on links you don't trust.

Be aware of where you enter your password. Just because a page on the Internet looks like Facebook, it doesn't mean it is. Learn to tell the difference between a good link and a bad one.

Report any spam or abuse you see on discussion boards and Walls. Those report links are there for a reason. The sooner we find spam, the sooner we can remove it and eliminate spammers from the site.

Don't use the same password on Facebook that you use in other places on the web. If you do this, phishers or hackers who gain access to one of your accounts will easily be able to access your others too. You might find yourself locked out of your email and even your bank account.

Never share your password with anyone. Don't do it. Facebook will never ask for your password through any form of communication. If someone pretending to be a Facebook employee asks you for it, don't give it out, and report the person immediately.

Don't click on links or open attachments in suspicious emails. Fake emails can be very convincing, and hackers can spoof the "From:" address so the email looks like it's from Facebook. If the email looks weird, don't trust it, and delete it from your inbox.

Add a security question. If your account ever does get stolen, you might need this to prove your identity to Facebook. If you haven't already done so, you can add a security question from the "Account Settings" page.

Security Threats

Look out for fake emails that look like they came from Facebook. These emails may include false notifications for things like friend requests, messages, events, photos, and videos. Sometimes, they also include links to false Facebook pages that attempt to steal your login information or prompt you to download malware. Never click on links in suspicious emails, and if you do accidentally download malware, follow the instructions on the "Resources" tab to clean up your computer.

Photo/Video Spam
Be wary of Wall posts or messages claiming there's a photo or video of you on another site. These are usually phishing sites made to look like Facebook or sites that prompt you to download malware. These sites may also ask you to create a new account in the hope that you’ll use the same login and password that you use for Facebook. Once you've created an account, the spammer will use your login info to try to access your Facebook account, and will then spam all of your friends with the same message. This is another good reason to use unique logins and passwords for the sites you access on the Internet.

419 Scam
Watch out for messages from friends claiming to be stranded and asking for money. These messages are typically sent by scammers who have taken over the friend's account. If you have received or sent a message like this, please contact us so that we can make sure your and your friends’ accounts are secure.

The Koobface Worm
If your account has been used to send spam, and you think your computer is infected with the "Koobface" worm or another virus, please visit one of the online anti-virus scanners from the Helpful Links list, and reset your password.

False Chain Letter
Watch out for messages claiming that Facebook is becoming overpopulated and suggesting that accounts will be deleted. This message is false and did not come from Mark Zuckerberg or Facebook. It can be safely disregarded and deleted.


New Tools to Secure a Compromised AccountShare

by Jake Brill

In our continued battle against cyber criminals, one of the biggest challenges we face is helping people whose accounts have been compromised by spammers understand how it happened and how to fix the problem. The vast majority of people who use Facebook have never experienced a security problem. For the small number who do, knowing how to fight back is key.

It can be an embarrassing experience to log in to Facebook to find that unauthorized messages have been sent from your account and then face questions from friends who have received spam from you.

We've spent the last few months improving the way to guide people through the process of regaining access to their account after it's been compromised and used to send spam. Currently, we send emails explaining what happened and provide links to remedy the situation. Now we're moving towards a new model that also involves clear and simple steps taken within Facebook itself. In doing so, we can ensure that the person logging in is the true owner of the account, thereby preventing hackers from using it to send spam in the future.

Going forward, we'll continue to send a notification email to the tiny percentage of people whose Facebook accounts have been compromised. What's new is that when these people try to access the site, they'll first see a page explaining what happened, as shown below.

Next, they'll go through a quick verification process to ensure that they're the legitimate owner of the account in question. Finally, we'll help them pick a new, secure password and refer them to the Facebook Security Page, which includes helpful tips and information on how to be safe on Facebook and across the Internet.

This new change will help us not only fight spam, but also spread the word about security on Facebook. In the coming months, we'll be rolling out similar processes to address the different threats people may face. Our teams are working hard to make sure you never experience a security issue on Facebook, and in the rare case that you do, we're committed to making the process of regaining control of your account easy and informative.

Stumble Upon Toolbar

1 comment:

Alexis said...


I apologize to be off from your post's main topic, but I noticed you mentioned spreading info on the anti-trafficking movement.

As a fellow advocate, I really encourage you and anyone interested in the subject to read The Slave Next Door: Human Trafficking and Slavery in America Today. It’s a very powerful book that dissects the existence of modern slavery in the U.S. through first-hand accounts and shows us how to act against this awful reality. The authors are Kevin Bales, President of Free the Slaves, and Ron Soodalter a Historian and Folklorist. is a great place to learn more too.