Tips for Facebook risk management

Brenda vs Facebook

The news from Cambridge Analytica in 2018 had many people up in arms: #DeleteFacebook was a big source of debate and discussion. We believe, as many others do, that Facebook is a vital organising and networking tool.

It is particularly helpful for people in remote locations, those living with a disability or anxiety, chronic pain, or anything that keeps folks housebound. It is also beneficial for people to stay connected and network across borders. For some folks, deleting facebook would cut them off from support networks. So let’s look at facebook risk management.

This is an extended piece from a workshop we recently did for student activists on digital security and we had a discussion on harm minimisation for facebook, well before the Cambridge story broke.

The horse has already bolted

Although people impacted by Cambridge Analytica are slowly being informed (there are only 50 or so in Australia apparently – more info here and specifics about how to find out here), there is heaps of other information you have likely shared. Your information is already out there. Pressure on facebook to change its practices is critical, so we don’t get another 14 years of Zuckerberg saying Sorry Not Sorry.

Digital security is something most progressive organisations and activists are very bad at, let alone the general public. We too are learning as we go. However, we are getting better and are taking seriously our duty of care, as we train and support activists to develop better practices.

See our resource collection for more general resources on DIGITAL PRIVACY.

Your social media practices

To minimise access to your data, you should think about personal practices as well as digital tools.

We can all get better at this, and although it seems very overwhelming sometimes, there are organisations who have done a great job of breaking the information down and giving you support to improve your practices.

We would also welcome the progressive sector in Australia having more uncomfortable and in-depth discussions about:

  • how much data they gather on members and supporters,
  • how easily hack-able it is, and
  • what practices we could encourage in volunteers and organisers to protect privacy.

Obama’s campaign, long held up as the dream organising model, happily exploited big data. It pioneered some of the work that has been since used for arguably illegal and dodgy activity.

7 tips for facebook harm minimisation

1. Understand what information they have on you

This article uncovers in dramatic detail the level of information that facebook retains on users. If you are comfortable with everyone in your life being able to see this information you’d probably be quite unusual. They also usefully unpack Google’s data profile on users and give you basic points about how to moderate and delete some of your history.

You may also wish to download the data to get a handle on how much info they have. Then freak out and want to delete your account! But be warned: we don’t know if it’s really deleted!

2. Check your privacy settings

Schedule a security check for a regular time.

  • Once a month.
  • Have a look at the “view as” section.
  • Info here (Updated on February, 2022)

3. Have a look through your friends list

Friends don’t let friends friend bad friends. Or something.

  • Are they people you know in real life and have met? And if not, are they people you have good reason to trust and you get something from the relationship?
  • Some people might like to apply the coffee/beer test… if you wouldn’t hang out with them in real life, why do they have access to some personal parts of yours?
  • Do they have a practice of friending everyone? Could they be friends with someone who is using their profile to access information about you? Some signs of a “sock puppet” or a fake facebook profile include: little to no friends, extensive privacy settings, and little information or interaction or groups of accounts that have the same friends with similar characteristics. You can do a “reverse image search” to see if their profile and activity photos are stock photos or stolen from somewhere.
  • Your friends could be exposing more information about you, than you yourself do. It’s also believed that facebook have “shadow” profiles set up on people who may not even be on facebook.  The responsibility of your data can be out of your control if your friends give access to all their contact lists – so have a look at your friends list and if people have bad habits, perhaps discuss with them, or limit their ability to impact on your life. Read more about how your friends can expose you here.

4. Do not use facebook to sign into other accounts

You probably already have. You can check out a project called “Data Selfie” that gives you an overview of what information facebook would find about you over time.

  • Log into accounts through email. As a rule try not to put all eggs in one basket – basically, the more connected your data is, the more an incredibly detailed map of you can be built by companies and government. 
  • In the same vein, minimise your use of google and gmail, or opt out altogether. This is a whole new post, to come.
  • Basically, silo your information as much as possible. Heck, you can even use tinder without them having access to your facebook these days! (And scarily these apps that can hold quite personal information on you have recently been shown to be very lax with highly personal health information such as HIV status, as this latest breach by Grindr shows)

5. Don’t do the quizzes

We have been saying this for a while, but recent information coming to light shows how damaging this can be. There will be a lot more that is not damaging, but just annoying.

Why give information about yourself, which is worth money, away to people for free?

You are not just finding which Hogwarts house you are, what Game of Thrones character you will sleep with, or what cocktail describes your personality, you are allowing companies to steal personal data about you for profit.

6. Don’t use messenger

There is a whole new level of privacy settings and access you are allowing facebook.

There are secure messaging apps you might prefer to move to, such as Signal.

You can also still access facebook messages by using the old fashioned basic interface. You simply type mbasic.facebook.com and you can still view messages on your phone.

7, Check your phone settings

You can also check out some of the risks of allowing facebook further access to your phone settings, such as phone records – detailed here.

More Information and How To’s

We are well aware that all of this can be extremely overwhelming, and we can get that way ourselves. Luckily, folks smarter than us have put together guides for stepping you through a range of digital tools. We point you to some here.

The good folk of Do gooder have suggested some overdue discussion in the Australian progressive movement about surveillance and responsibility, and Digital Rights Watch does great work in this space.

“The hard work begins now. Start questioning the tools, platforms and processes your organisation uses. Discover and share alternatives.”

Someone else explains how to set up a way to delete a large amount of your history, though who knows if that actually permanently deletes it from facebook servers! Similarly to “deleting your account”… whilst it may not be easily found publicly, many believe the data is still stored.

Here are some other things we suggest:

  • Use a password manager. They make life so much easier as well. Lastpass and Dashlane are popular.
    • Heads up that we tried Keepass as it wasn’t on the cloud but we found it glitchy.
    • Latest reviews here.
  • Have a (good) pin on your phone, not 1234 or your birthday or pets name
  • Schedule a monthly time for security and maintenance – ensure your back ups are up to date, check security settings, clean out your online drives, update virus checkers etc … we are writing up a checklist we will add in here.
  • Use alternatives to google where possible, and don’t link your other emails to google – more to come on “why google ain’t great”
    • Protonmail is a popular encrypted email service or you can use other basic email services and lists such as rise up
    • Sync is an online encrypted cloud storage that you can share folders and work in
    • Vimeo is an alternative to youtube, but if necessary just view youtube with an unlinked gmail account – you can also wipe your history, and limit what people can see
  • Use a Virtual Private Network. It stops the government from being able to track your data as easily. Check out EFF’s guide here.
  • Encrypt your hard drive. To be honest, we struggled with this one.
    • On certain versions of Windows you can use bitlocker which is very easy.
    • Apple has an option for this, but the most popular go-to for those who don’t have this option is “veracrypt”. We found it not super user friendly, but managed it!
  • Use two step verification – we don’t do this, as we prefer to limit giving out our phone number, but many suggest it is a good idea.
Security Planner is an awesome overall checklist and security assessment tool – check it out!

Leave a Reply