To facebook or not – 7 tips for risk management
The news from Cambridge Analytica has many people up in arms #DeleteFacebook has been a source of debate and discussion. But here is the thing – the horse has bolted. Although people impacted by Cambridge Analytica are slowly being informed (there are only 50 or so in Australia apparently, more info here and specifics about how to find out here), there is heaps of other information you have likely shared.
Your information is already out there, and pressure on facebook to change its practices is critical. So we don’t get another 14 years of Zuckerberg saying Sorry Not Sorry.
We believe, as many others do, that it is a vital organising and networking tool, and is particularly helpful for people in remote locations, those living with a disability or anxiety, chronic pain, or anything that keeps folks housebound… and for people to stay connected and network across borders. For some folks deleting facebook would cut them off from support networks.
Digital security is something most progressive organisations and activists are very bad at, let alone the general public. We too are learning as we go, however, we are getting better and are taking seriously our duty of care, as we train and support activists – to develop better practices. For more general resources on DIGITAL PRIVACY we have updated our resource collection.
We can all get better at this, and although it seems very overwhelming sometimes, there are organisations who have done a great job of breaking the information down and giving you support to improve your practices.
We would also welcome the progressive sector in Australia having more uncomfortable and in-depth discussions about how much data they gather on members and supporters, how easily hack-able it is, and what practices we could encourage in volunteers and organisers to protect privacy.
Obama’s campaign, long held up as the dream organising model, happily exploited big data, and pioneered some of the work, that has been since used for arguably illegal and dodgy activity.
To minimise access to your data, you should think about personal practices as well as digital tools. This is an extended piece from a workshop we recently did for student activists on digital security and we had a discussion on harm minimisation for facebook, well before the Cambridge story broke.
7 tips for facebook harm minimisation
- Understand what information they have on you. This article uncovers in dramatic detail, the level of information that facebook retains on users. If you are comfortable with everyone in your life being able to see this information you’d probably be quite unusual. They also usefully unpack Google’s data profile on users and give you basic points about how to moderate and delete some of your history.
- You may also wish to download the data to get a handle on how much info they have. Then freak out and want to delete your account! But be warned, we don’t know if its really deleted?
- Check your privacy settings. Schedule a security check for a regular time. Once a month. Have a look at the “view as” section. Info here
- Have a look through your friends list. Friends don’t let friends friend bad friends. Or something.
- Are they people you know in real life and have met? And if not, are they people you have good reason to trust and you get something from the relationship?
- Some people might like to apply the coffee/beer test… if you wouldn’t hang out with them in real life, why do they have access to some personal parts of yours?
- Do they have a practice of friending everyone? Could they be friends with someone who is using their profile to access information about you? Some signs of a “sock puppet” or a fake facebook profile include: little to no friends, extensive privacy settings, and little information or interaction or groups of accounts that have the same friends with similar characteristics. You can do a “reverse image search” to see if their profile and activity photos are stock photos or stolen from somewhere.
- One of the issues is that your friends could be exposing more information about you, than you yourself do. It’s also believed that facebook have “shadow” profiles set up on people who may not even be on facebook. The responsibility of your data can be out of your control if your friends give access to all their contact lists – so have a look at your friends list and if people have bad habits, perhaps discuss with them, or limit their ability to impact on your life. Read more about how your friends can expose you here
- Do not use facebook to sign into other accounts. You probably already have. Log into accounts through email. As a rule try not to put all eggs in one basket – basically, the more connected your data is, the more an incredibly detailed map of you can be built by companies and government. In the same vein, minimise your use of google and gmail, or opt out altogether. This is a whole new post, to come. Basically, silo your information as much as possible. Heck, you can even use tinder without them having access to your facebook these days! (And scarily these apps that can hold quite personal information on you have recently been shown to be very lax with highly personal health information such as HIV status, as this latest breach by Grindr shows)
- You can check out a project called “Data Selfie” that gives you an overview of what information facebook would find about you over time.
- Don’t do the quizzes. We have been saying this for a while, but recent information coming to light, shows how damaging this can be. And also, there will be a lot more that is not damaging, but just annoying… why give information about yourself, which is worth money, away to people for free… you are not just finding which Hogwarts house you are, what Game of Thrones character you will sleep with, or what cocktail describes your personality, you are allowing companies to steal personal data about you for profit.
- Don’t use messenger. There is a whole new level of privacy settings and access you are allowing facebook. There are secure messaging apps you might prefer to move to, such as Signal. You can also still access facebook messages by using the old fashioned basic interface. You simply type mbasic.facebook.com and you can still view messages on your phone.
- You can also check out some of the risks of allowing facebook further access to your phone settings, such as phone records – detailed here.
We are well aware that all of this can be extremely overwhelming, and we can get that way ourselves. Luckily, folks smarter than us have put together guides for stepping you through a range of digital tools. We point you to some here.
“The hard work begins now. Start questioning the tools, platforms and processes your organisation uses. Discover and share alternatives.”
MORE INFORMATION AND HOW TO’S
- Overview of how to do a facebook audit is here.
- Change your facebook settings go to Settings, and then Apps – platform use is explained here
- Mashable also explains how to disconnect apps here.
- Some other tips to “just be smarter on facebook”
Someone else explains how to set up a way to delete a large amount of your history, though who knows if that actually permanently deletes it from facebook servers, similarly to “deleting your account” – whilst it may not be easily found publicly, many believe the data is still stored.
Here are some other things we suggest:
- This is an awesome overall checklist and security assessment tool which was recently updated – check it out.
- Use a password manager. They make life so much easier as well. Lastpass and Dashlane are popular. Heads up that we tried Keepass as it wasn’t on the cloud but we found it glitchy -but your call. Latest reviews here.
- Have a (good) pin on your phone, not 1234 or your birthday or pets name
- Schedule a monthly time for security and maintenance – ensure your back ups are up to date, check security settings, clean out your online drives, update virus checkers etc … we are writing up a checklist we will add in here.
- Use alternatives to google where possible, and don’t link your other emails to google – more to come on “why google ain’t great”
- Protonmail is a popular encrypted email service or you can use other basic email services and lists such as rise up
- Sync is an online encrypted cloud storage that you can share folders and work in
- Vimeo is an alternative to youtube, but if necessary just view youtube with an unlinked gmail account – you can also wipe your history, and limit what people can see
- Use a Virtual Private Network. It stops the government from being able to track your data as easily. Check out EFF’s guide here.
- Encrypt your hard drive – to be honest, we struggled with this one – On certain versions of windows you can use bitlocker which is very easy, and Apple has an option for this, but the most popular go to for those who don’t have this option is “veracrypt” and we found it not super user friendly – but managed it!
- Lots of people suggest using two step verification – we don’t do this, as we prefer to limit giving out our phone number but many suggest it is a good idea.
More resources here.