Please scroll down for the Facebook chat with John Sileo on online privacy and identity-theft protection...
A billion people worldwide use Facebook to share details of their lives with their friends. Trouble is, they also might be unintentionally divulging matters they consider private—to friends…coworkers, clients and employers…marketing companies…and even to competitors, scammers and identity thieves.
Six ways Facebook could be compromising your private information and how to protect yourself…
1. The new Timeline format exposes your old mistakes. Timeline, introduced in late 2011, makes it easy for people to search back through your old Facebook posts, something that was very difficult to do in the past. That could expose private matters and embarrassing photos that you’ve long since forgotten posting.
What to do: To hide Timeline posts that you do not wish to be public, hold the cursor over the post, click the pencil icon that appears in the upper-right corner, then click “Hide from Timeline” or “Delete.”
2. Facebook apps steal personal details about you—even details that you specifically told Facebook you wished to keep private. Third-party apps are software applications available through Facebook but created by other companies. These include games and quizzes popular on Facebook such as FarmVille and Words with Friends, plus applications such as Skype, TripAdvisor and Yelp. Most Facebook apps are free—the companies that offer them make their money by harvesting personal details about users from their Facebook pages, then selling that information to advertisers.
Many apps collect only fairly innocuous information, such as age, hometown and gender, that probably is not secret. But others dig deep into Facebook data, even accessing information that you may have designated private, such as religious affiliation, political leanings and sexual orientation.
What to do: Read user agreements and privacy policies carefully to understand what information you are agreeing to share before signing up for any app. The free Internet tool Privacyscore is one way to evaluate the privacy policies of the apps you currently use (www.Facebook.com/privacyscore). You also can tighten privacy settings by clicking the lock icon in the upper-right-hand corner. Select “See More Settings,” then choose “Apps” from the left menu. Under “Apps You Use,” click “Edit” to see your privacy options.
3. Facebook “like” buttons spy on you—even when you don’t click on them. Each time you click a “like” button on a Web site, you broadcast your interest in a subject not just to your Facebook friends but also to Facebook and its advertising partners.
But if you’re a Facebook user and you visit a Web page that has a “like” button, Facebook will record that you visited that page even if you don’t click “like.” Facebook claims to keep Web-browsing habits private, but there’s no guarantee that the information won’t get out.
What to do: One way to prevent Facebook from knowing where you go online is to set your Web browser to block all cookies. Each browser has a different procedure for doing this, and you will have to re-enter your user ID and password each time you visit certain Web sites.
Alternatively, to eliminate cookies created during a specific browser session, you can use the “InPrivate Browsing” mode (Internet Explorer), “Incognito” mode (Google Chrome) or “Private Browsing” mode (Firefox and Safari).
There also are free plug-ins to stop Facebook from tracking you, such as Facebook Blocker (www.Webgraph.com/resources/facebookblocker).
4. “Social readers” tell your Facebook friends too much about your reading habits. Some sites, including The Washington Post and The Huffington Post, offer “social reader” Facebook tools. If you sign up for one, it will tell your Facebook friends what articles you read on the site.
Problem: The tools don’t share articles with your Facebook friends only when you click a “like” button—they share everything you read on the site.
What to do: If you’ve signed up for a social reader app, delete it. Click the lock icon in the upper-right-hand corner, select “See More Settings,” then choose “Apps” on the left. Locate the app, click the “X” and follow the directions to delete.
5. Photo and video tags can hurt you. They could let others see you in unflattering and unprofessional situations. If you work for a straight-laced employer or with conservative clients or you are in the job market, you already may realize that it’s unwise to post pictures of yourself in unprofessional and possibly embarrassing situations. But you may fail to consider that pictures that other people post of you also can hurt you.
A Facebook feature called photo tags has dramatically increased this risk. The tags make it easy for Facebook users to identify by name the people in photos they post, then link these photos to the Facebook pages of all users pictured.
What to do: Untag yourself from unflattering photos. Hold your cursor over the post, and click the pencil icon. Select “Report/Remove Tag,” then follow the directions to remove the tag. Enable review of all future photos you’re tagged in before they appear on your Timeline. Click the lock icon in the upper right, then “See More Settings” and select “Timeline and Tagging.” Then click “Edit” next to “Review posts friends tag you in before they appear on your Timeline,” and click “Enabled” on the drop-down menu.
6. Your Facebook friends—and those friends’ friends—may reveal too much about you. Even if you’re careful not to provide sensitive information about yourself on Facebook, those details could be exposed by the company you keep.
Example: A 2009 Massachusetts Institute of Technology study found it was possible to determine with great accuracy whether a man was gay. This was based on factors such as the percentage of his Facebook friends who were openly gay—even if this man did not disclose his sexual orientation himself.
If several of your Facebook friends list a potentially risky or unhealthy activity, such as smoking or bar hopping, among their interests—or include posts or pictures of themselves pursuing this interest—an insurer, college admissions officer, employer or potential employer might conclude that you likely enjoy this pursuit yourself.
What to do: Take a close look at the interests and activities mentioned by your Facebook friends. If more than a few of them discuss a dangerous hobby, glory in unprofessional behavior or are open about matters of sexual orientation or political or religious beliefs that you consider private, consider removing most or all of these people from your friends list or at least make your friends list private. Click your name in the upper right, then click “Friends,” then “Edit” and select “Only Me” from the drop-down menu.
Source: John Sileo, president of The Sileo Group, a Denver-based identity theft prevention consulting and education provider that has worked with the Department of Defense, the Federal Reserve Bank and many other clients. He speaks internationally about online privacy, social-media exposure and digital reputation. He is author of Privacy Means Profit: Prevent Identity Theft and Secure Your Bottom Line (Wiley). www.Sileo.com
|READER:||Is it safer to make bill payments through your online banking account versus logging into the Web site of the company that is billing you to make payments? (The online banking can take up to 7 to 10 days to process a payment, while a direct payment to a vendor's site is immediate.)|
|JOHN SILEO:||I prefer to log in to the bank and use its bill pay option. That way, only the bank has your information and when it sends out a check or ACH on your behalf, it is the bank's account number, not yours. But yes, you have to be a bit more prepared to do it.|
|READER:||If someone hacks my e-mail address and sends spam to people in my address book, is it enough to just change my password, or should I obtain a totally new e-mail address?|
|SILEO:||This is a hard question, as that address has forever been tainted and will often trigger the junk mail feature on the accounts of your acquaintances. If it's not a ton of trouble (I know it is), change the account, otherwise, change the password to something longer than 13 characters, usig alpha-numeric characters and symbols. Example: Th3H1ll$areAl!v3 (The Hills Are Alive). Easy to remember, tough to crack.|
|READER:||I heard that many smart phone apps, including many popular ones, actually have viruses embedded within them. How can I tell if an app is safe to download? What do I do to make sure my smart phone remains virus (and hacker) free?|
|SILEO:||Often times they are apps that mimic the real ones but that intercept all of your private information. My rule of thumb is to only load what you absolutely need, only use the approved app store (e.g. Apple) and change the privacy settings in your mobile phone to restrict the apps access to your contacts, etc.|
|READER:||Is it best not to shop at retailers that have announced they had breaches in security?|
|SILEO:||Actually, it's only after a retailer has had a breach that it starts to take the security precautions it should have taken in the first place. Over time, Target will be safer than most retailers. Isn't it ironic? That said, I am done with Target, at least with a credit card. It ended up losing data that was more than 10 years old - bad practice keeping that around for so long.|
|READER:||My daughter just today said someone gained access to her debit card account via her PayPal account. The bank had her file an "investigation" request and nothing more...shouldn't it change her account and/or her debit card before the person who has her information take more money from her--while they investigate? I don't understand them not being more proactive to protect her money!|
|SILEO:||ABSOLUTELY THE BANK SHOULD CHANGE HER ACCOUNT. If the bank doesn’t do that, find another bank. The chances of someone breaching the account again are very high.|
|READER:||I want to discontinue my Facebook account. How do I unsubscribe?|
|SILEO:||That is probably the most popular question I get these days, and I show you how to do it (without shooting yourself in the foot) here: http://www.sileo.com/how-do-i-delete-my-facebook-account/ 1. Backup your data. 2. Deactivate your account for a week or two first to see if you really want to live without it. 3. Alert your friend if you do decide to permanently delete your account. The intention is to protect your privacy, not anger your friends. 4. Delete your account.|
|READER:||What is the "safest" Web browser and which do you use?|
|SILEO:||I use two separate browsers - one for private and one for public. For private, I have built a much more secure browser using Firefox. There are a bunch of items you can lock down on a browser to make it safer. But of course, performance suffers. So, when I'm browsing non-private stuff like sports. I use the regular browser (I use Chrome). And when I get on my bank or other financial companies, I use my protected Firefox browser.|
|READER:||I've been reading about bitcoins. Is it a legitimate currency? Would you recommend using them?|
|SILEO:||While there are a lot of supporters of bitcoins (mostly drug users and criminals who want to launder money), I am not one of them. Remember when they said that Cabbage Patch Kids would be worth a fortune in 10 years (or Pet Rocks, or Furbies)? Well, the bitcoin will be worth about as much.|
|READER:||Can you give us some of the best ways we can protect our self from identity theft?|
|SILEO:||Some of the most popular suggestions from my book, Privacy Means Profit (Wiley) include Freezing Your Credit (more here: http://www.sileo.com/2) and Opting out of Junk Mail (http://www.sileo.com/1). I also recommend you take your Social Security Card out of your purse or wallet and only take it when you need it.|
|READER:||I did use my bank card at Target right before Christmas. My bank sent me a new bank card, and I changed my password. Is there anything else I should do?|
|SILEO:||Just make sure that the new bank card that the bank sent you has a totally different number. Also, I highly recommend using a credit card rather than a debit card because the debit card connects directly to your bank account and is easy to hack. Here is a bunch more information on the Target breach and my suggestions: http://www.sileo.com/blog/?s=target%20data%20breach...|
|READER:||I've heard about Web browsers such as 'Tor' that would allow me to browse the Web anonymously--and more securely. Are there different risks to my computer's security than if I were to use a traditional browser such as Safari or Google Chrome?|
|SILEO:||Tor is actually not a browser, but a program that hides your IP address (makes it look like it's coming from another country). This is great for people who want to avoid the Great Firewall of China or to mask their behavior (usually Spamming), but it does little to keep you anonymous. For that, I like software like Cocoon or IDRadar.com.|
|READER:||How safe is Facebook? I understand that when you post photos, comments, etc, they are public (or rather, in my case public to my Facebook 'friends' only), but if I were to use the message feature to provide phone numbers, lets say, how public is that?|
|SILEO:||Facebook is, by definition, SOCIAL MEDIA, so you should have NO expectation of privacy for anything you share through the site. You can limit it a bit with the privacy and security settings, but in the end, Facebook will find a way to share it even though you have chosen not to. Facebook Privacy and security cannot be taken for granted. Remember, you can choose to share nothing, but as long as you are connected to friends who haven't changed their settings, THEY will be sharing your deeper information (even though they don't know it). To answer How Safe is Facebook, I will let you know that I can physically locate the average Facebook user (even if I'm not a friend) in less than 60 minutes based on the trail of information breadcrumbs that they leave behind. For those people who have spent at least 60 minutes in their privacy and security settings and limit their profile to basic information, it takes vastly longer. But 95% of users never change their defaults.|
|READER:||I've heard that some U.S. credit card issuers are thinking of switching from the traditional swipe-and-sign cards to the chip-and-pin technology that is common in Europe and Asia. Would this improve security?|
|SILEO:||Yes, let's hope they do switch. By no means is it a perfect technology, but in the first five years in Britain, it lowered credit card fraud by more than 70%. You see, it's so easy to replicate the magnetic strip on the back of the card, but much harder to clone a digital chip and also have the PIN or password. I am totally behind this technology.|
|READER:||I've been hearing about apps to transfer money quickly and easily such as Venmo. Are these services safe? If not, what is the most secure way to transfer money to friends or family members?|
|SILEO:||I do not use my mobile phone or iPad for any financial transactions at this point, as they are so compromised by rogue apps (discussed elsewhere in this chat). I use the old fashioned method and get on my laptop or give the bank a call. Much more work, much safer. In 2-3 years, these apps will be safe because the mobile operating systems will have done a better job locking down the important apps and locking out the rogue apps.|
|READER:||When I enter a commerce site on my computer these days, the browser, or perhaps my computer, asks me if I'd like to save my password, so that the next time I visit the site from the same computer device, I will not have to enter it. I normally answer no. Is it safe to answer yes?|
|SILEO:||I don't like to use the password keychains, as they are called, that are in the browser. They are so easy to hack. I prefer to use a program like 1Password so that they are well encrypted, and so that you are forced to use long, strong and varied passwords.|
|SILEO:||One question that hasn't come up that is SO important is how to keep hackers out of your online accounts (bank, investment, dropbox, gmail, etc.). There is a simple answer called two factor authentication (it's not as scary as it sounds), and you can watch a quick video on how it works here: http://www.sileo.com/two-factor-authentication/.|