The other day, one of our kids asked if they could have a Facebook account. “But everyone else has got one and they keep asking me to join!”, was the response to my inevitable answer. Kids are different from employees (or are they?), but the naivety with which many use social networking sites makes the average IT security officer cringe.
While the Business world is trying to work out how to grapple with the Social Networking phenomenon, with a range of responses from a total ban to embracing them as a marketing tool, the landscape of social networking is shifting underneath our feet. Businesses are trying to evaluate the risks of popular networking sites, seeing where the boundaries lie, trying to fit the obvious security scares into the IT landscape.
LinkedIn has long been the staple of the business professional, allowing contacts to be made and maintained, while treading carefully and tastefully in leveraging the network for business. There are countless sites and books that help with the process of doing this the right way, and a stringently enforced etiquette that mostly keeps the rubbish away. Monetizing the LinkedIn user base has never been a problem because it was always part of the design and an accepted approach to the business.
At the other end of the spectrum, Facebook launched without much of a clue on monetizing, grew like mad, and is now trying to tame the beast and rearrange the mess to turn it into something that pays. In the process, the underlying precept that what you put on Facebook belongs to them, not you, is coming as a surprise to many.
Facebook’s ever-changing privacy policy and endless maze of privacy settings mean that only one in four of its 400 million users try and tune to restrict the flow of data. They recently had a serious information security leak through the chat facility, and a bug that was secretly adding apps to your profile. Other privacy issues abound, such as publishing your interests, even if they’re private. Facebook’s cavalier approach to users’ privacy through policies and faults is resulting in a growing disquiet and backlash, with articles, posts and even a FTC submission that calls for many of the changes recently made to be reverted.
Twitter seems to sit somewhere in the middle, though a recent article showed that it is used in over 85% of cases to publish news – as a news aggregator it works well. Some people are amazed by twitter’s success, but it appears to be growing up as a business tool with a proper business focus, for example allowing the purchase of ‘promoted tweets.’ When combined with its purpose of spreading news that people want in the public domain anyway, they really seem to be on to something.
An opinion piece, comparing privacy settings and features of Facebook and Linkedin, had Linkedin marginally in front, but not by a huge amount, which is worrying when you consider the woeful score Facebook got. Of all the various public sites, only Google seems to have the transparency of where your data made visible (whether you look is another story) – check out the Dashboard to see what data you’re giving to them.
The true danger of information leaks on social networking sites is only just starting to show, and you’re going to want to revisit the way you use social networking sites. My recommendations are as follows, and they are as applicable to LinkedIn as to Twitter & Facebook.
Don’t:
- make announcements about where you’re going
- fill in details about your date of birth, star sign, photos or other personal details
- add Interests, because these have to be links now, and are therefore public to all
- put up photos of your family, your house, your kids
Do:
- remove all your personal data
- promote your business or cause through your friend networks
- keep the personal posts to a minimum
- un-tag yourself from photos when you get tagged in them
- send direct messages or even private emails, rather than comments or wall posts
- watch out what you ‘like’ – if you don’t want the general public to know
And as far as kids having a Facebook page goes, the answer is going to remain “No way!” until a few things change radically over there.
Update: After reading this article I got even more concerned about Facebook. But I figured, instead of running away, I would refine my privacy settings.
As an example, here’s what I did, broken down by privacy section. Some of the default settings here are eye-opening. If you think this minefield of settings is tricky for someone partially Internet-savvy, imagine how shy the regular user is going to be, even if they know they exist.
- Profile Information: set everything to Only Friends, also allowed Friends to post to my wall; edited individual photo albums, changing all except profile pictures to Only Friends. There are pictures of friends in these photos, some of them tagged. I don’t want their photo and name getting into the wrong hands.
- Contact Information: Hometown and Add me as a Friend are set to Friends of Friends; everything else (though there is no address or other private data in there) is Only Friends.
- Applications and websites: Edited What your friends can share about you to ensure I’m comfortable with the information that’s checkboxed being completely public and even stored anywhere on the Internet; set Activity on applications and games dashboards to Only Friends; then went in made sure the instant personalisation pilot is turned off.
- Search: Set Facebook Search Results to Friends of Friends. It means random people can’t find me on Facebook, but so what? Went in and clicked Preview my profile to see what my profile looks like to non-friends. For Public Search Results, I’m happy with the preview information going public, so I left it checked.
I have seen some interesting studies conducted on the attitudes of Gen X’s vs Y’s when it comes to default privacy settings. I wish I could find the link.
IIRC, the X’s are far more security conscious usually forming a gated social information base with carefully selected public data releases. The Y’s by default do the opposite releasing all information and selected the individual items to lock down.
I don’t think it’s worthwhile applying a “right” or “wrong” to any of it. It just simply IS. As the Y’s become more of a business power-base this sort of thing will be the norm.
Whereas now it might be considering sociable to have after-work drinks, in the future it may be considering rude or not taking part in work culture if you aren’t sharing all your information across social networks. I’d rather release a potentially risque photograph on facebook than get hammered at work drinks.
The business culture grown from the industrial and atomic age is coming to an end, the Y’s will adapt this to service their own need for interaction.
It’s all just a realisation of Warhol-esque portents, a paradigm shift where everyone’s privacy means nothing that they all search for their 15 minutes of fame. The documentary “We live in public” is a great example of an “art” experiment dealing with the complete loss of privacy. Very interesting viewing.
Hi Anthony,
Nice article. Nice and clear, but how many people follow any of these precautions. I’ll be sending a link of this article to a few people I know that definitely have no clue.