How to maintain your privacy on social media
Even the most privacy conscious individuals can be caught out by misconfigured accounts
The social media you’ve created is unique in the sense that it’s an expression of your personal identity, and is crafted in such a way that it’s unlike any other. This makes it one of the most valuable sources of data, therefore, for third-party companies.
Capturing this data would grant others insights into your habits, opinions, feelings, thoughts, tastes, who you interact with, what moves you, what makes you laugh or cry, what angers you, and what your mood might be at any point in time. There are so many insights others can glean from harvesting this data.
Given it’s widely free to use social media sites, the product, which forms the basis for monetisation, has often been this data. Platforms have relied on collecting personal data in order to inform other services, such as e-commerce. There have, however, long been anxieties over how much control other organisations might have over your posts, images, and videos, with the notion of user privacy a dominant force in the public consciousness over the last few years.
Many of the biggest social media sites have been embroiled in controversy in recent years, although it was the Cambridge Analytica scandal that served as the true watershed moment. Only after this incident – and the subsequent revelations – has the wider public, the industry, and regulators started to take privacy concerns seriously. There’s also a greater understanding of the value of personal data, and, therefore, the value of privacy.
People are aware now more than ever of the risks of engaging in social media, with a vast number of people sceptical over how these companies can handle their data, and whether they can be trusted to process data ethically. There’s also an expectation that personal data will leak eventually.
There are various steps that everyone can take, however, to limit some of the most unpalatable practices without needing to completely deactivate your account.
As the biggest social media site in the world, Facebook enjoys 2.9 billion monthly active users. Unsurprisingly, the platform has also faced the highest number of controversies, which include widespread scrutiny over how it handles user data.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
The site has faced numerous lawsuits and regulatory filings over the years, including a settlement with the Federal Trade Commission in 2011 after allegations the site deceived customers over privacy pledges.
The biggest controversy hit the company in March 2018, when Global Science Research was able to sell data belonging to 87 million users to political analysis firm Cambridge Analytica. The scale of the incident was fully understood when it emerged that just 270,000 users had engaged with an application and agreed for their data to be shared, but that Facebook API policies had allowed data from friends and family to also be collected as part of the sale.
However, Facebook's troubles did not end there. Just a few months later the company revealed that a system bug led to 14 million users having their default sharing status for posts set to Public'. A year later, data belonging to around 500 million users was found sitting on a publicly accessible AWS server.
How to improve your Facebook privacy
Given the size of Facebook, and the various tools, applications and features that have made their way to the platform over the years, the privacy section of its website can feel a little intimidating. However, one of the more useful tools the platform has introduced is the ability to download all the information that the company holds on you, which can be truly eye-opening
Going solo: What do you need to consider?
Sample our exclusive Business Briefing content
FREE DOWNLOAD
Facebook offers four profile settings to fine-tune what data you share with others, all of which can be accessed from the Settings menu. A Public' profile will share data with everyone, including sites that are able to access Facebook's APIs. A Private' account will only share posts with your friends, the Custom' setting allows you to select specific users to share posts with, and the Only Me' setting will mean that only you will see your posts.
There's also a much deeper set of tools available in the Privacy' section of the settings. Here you're able to choose who can see your profile data, your future and past posts, the people and pages you follow, friend requests, friends lists, as well as decide whether you want search engines to link to your profile. It's also possible to set up a Timeline review process, where you're able to check through any photos and posts you're tagged in before they appear on your profile.
One of the newer options is the ability to limit whether Facebook is able to automatically run facial recognition technology on your photos and videos.
Facebook also allows you to control what access advertisers have to your data, including turning it off entirely. To do this, simply access the security section of the Settings menu, and disable third-party application access. Before you do, though, it's worth taking a look through the list of what personal data is currently being accessed by third-party apps - some of these might surprise you.
Alongside Facebook and Instagram, Twitter has become widely recognised as one of the leading social media platforms in the West, particularly for current events and news. It's because of this that people are often surprised that it only attracts approximately 321 million users per month as of 2018.
Twitter has taken steps to protect user privacy over the years. A Do Not Track' option was introduced in 2012 that allowed users to block a website's attempts to access their cookies, and following a string of high-profile account hacks in 2013, two-factor authentication was also added.
However, this hasn't prevented privacy controversies from popping up on the platform, although the majority of these have been the result of lapses in security. The platform famously became the victim of a cross-site scripting worm in 2010, with users having their browsers infected by malicious scripts when they hovered over blacked-out sections of tweets. This resulted in a spree of invasive pop-ups and adverts for pornographic websites appearing when trying to access the platform.
In May 2018 the company warned users to change their passwords after an internal log was discovered containing unhashed user passwords.
A year later, the company said it had discovered a bug that accidentally released location data from iOS devices to a third-party advertiser, although it said that no data had been retained.
How to improve your Twitter privacy
All Twitter accounts can be set to either Private' or Public', which greatly affects how your account interacts with other users.
With Private accounts, you can only send tweets to approved followers, and any previous tweets sent while your account was set to Public will be hidden. This will also strip your tweets from Google search.
If you're still worried, you can tweak your account even more by clicking Settings and Privacy' from your Twitter homepage. From here you can access your Privacy and safety' options, including the ability to protect your tweets and make them only viewable to approved followers.
From here you can also control how your account is tagged in photos, how people are able to find your account, and how much Twitter is able to personalise your feed based on your data. It's possible to turn off all personalised adverts from this menu, which includes the removal of tracking data so that adverts can't target you based on your location.
Even though LinkedIn positions itself as the professional, more grown-up version of social media, it's still not without its fair share of privacy controversies.
Sitting at around 310 active monthly users, the Microsoft-owned platform has championed the idea of the gated-access approach', where users are only allowed to "connect" with other contacts if they have a direct connection, either through existing contacts or by being referred. This in itself provides an additional layer of privacy that isn't afforded by most other social networks.
However, the company has faced a number of complaints over the years, most of which question the platform's uncanny ability to recommend potential connections, people that it should have no knowledge. While the exact algorithm behind the platform is rather nebulous, the company has been called out for specific breaches of data protection laws.
In one of its earliest incidents, the company was criticised in 2012 for its poor security practices that resulted in the theft of around 6.4 million unhashed user passwords. These accounts were also later distributed across the dark web in 2016.
In 2018, a report into LinkedIn's practices in the six months immediately prior to the enactment of GDPR revealed that the company had obtained almost 18 million email addresses belonging to people who were not LinkedIn members in order to deliver targetted Facebook adverts. The investigation by the Irish Data Protection Commission was "amicably resolved" in the end, and all we know that LinkedIn introduced a number of changes to prevent similar data misuse in the future. We also do not know how LinkedIn secured the emails in the first place.
How to improve your LinkedIn privacy
Unlike other social platforms, LinkedIn users are actively encouraged to share as much information about themselves as possible in order to maximise the likelihood of securing work and professional relationships. Because of this, maintaining an effective profile while also keeping your information protected is a difficult balance to strike.
However, the platform also offers a host of menu tweaks that let you tailor what is shown on your profile through its Privacy and Settings page. Users are able to turn off activity broadcasts whenever changes are made to their profile, as well as change how much information is visible to others. By default, your photo, name, number of connections, the industry you're in and your region will all be visible to strangers, however, it's possible to make your profile anonymous.
It's also possible to tweak who is able to view your profile photo, with the option of either only first-degree connections, your network connections or all LinkedIn members. You can also tweak whether connections can see your email address on your profile, and turn off your active status so that people are unable to tell if you're online.
When it comes to advertisements, you can control what appears on your feed in the Ads' section. You can opt-out of having your profile data used to personalise promoted jobs and adverts on the platform, and you can also limit what data can be collected from your activity feed, such as location data and demographics.
Dale Walker is a contributor specializing in cybersecurity, data protection, and IT regulations. He was the former managing editor at ITPro, as well as its sibling sites CloudPro and ChannelPro. He spent a number of years reporting for ITPro from numerous domestic and international events, including IBM, Red Hat, Google, and has been a regular reporter for Microsoft's various yearly showcases, including Ignite.