. . .a long overdue update. . .
If you’re paying attention you’ll recall in Dec. 2013 I discussed a few reasons for getting off of Facebook (‘fb’) and that I was seriously considering that it’s time to do so. Fast forward 10 months. With most everyone (that I know at least) involved with fb to some degree these days, the natural question might be “why?”. I mean after all, who isn’t on fb these days?
If you’re online and tech savvy enough to have a fb presence you’re undoubtedly aware that news reports have been overflowing for well over a year regarding spying taking place on U.S. citizens by it’s own government. There have been wild and not-so-wild accusations levied against every popular web site or service being in cahoots with the NSA to spy on our every move. According to this article on Gizmodo
yet The Hill reports the NSA counters with
Of course we can believe the NSA. Over at The Wire they report
That sounds about right. At any rate, there is simply not the time or space to do a thorough examination of this topic in this post, so I plan to discuss it later. For now let’s focus on a more personal and immediate threat; identity theft. Identity theft is nothing new. Mortgages and loans and credit cards have been taken out falsely against the unsuspecting for decades now. What is new is it has become a far easier thing to do with the advent of online social sites such as fb. Let’s look at this point now.
Identity Theft
The sad thing is, most of us unsuspecting and trusting people have been duped under the guise of being social and sharing and being friendly and nice.
These days I think most people understand what identity theft is. Simply put, it is anyone other than you using your vital statistics (birth date, address, mother’s maiden name, etc.) to pose as you and either gain access to your existing financial account or create new accounts in your name. Prior to the explosion of social media (fb and the like) thieves would have to trick you into giving them this info say by sending you an email to go to a fake web site to “reset” your account that was presumably broken in to. Or perhaps they would call and assume the identity of your bank and request your info that way. They still use these tricks, because they still work. But social media has all but made these scams unnecessary. You see, social media has fueled the silent, inner narcissist in everyone to the point that everyone thinks they’re a star, and each insignificant morsel of trivial life must be broadcast for the world to hear, because after all, the world is dying to hear about the latest diaper change. I came close to falling for that myself for a while. After further reading and consideration I came to the understanding (realization?) that all of these bits of info spewed forth may seem random, but combined they paint a complete picture of all the details anyone might need to steal your identity. Which in reality, they didn’t steal anything but merely gathered all of the clues we have freely provided. Is your email address password, where all of your bank account info is sent to, your older child’s birthday and middle name? It’s probably on fb. Is one of your security questions your mother’s maiden name, or your cousin’s name, or your school mascot? Yeah, that’s on fb. How about your phone number? Your address? Do you broadcast that you’ve gone on vacation for a week, or at your favorite restaurant with your friend Zoey? You get the picture. Seems innocent enough, but it can all be used against you.
What does Facebook say about your information?
With any discussion about the Facebook terms as they apply to you and your personal information, it’s important to keep in mind two things; they really don’t want you to know what the full terms are so to find everything you need to dig a little; they keep changing them. As of this writing, in Sharing Your Content and Information we find the following (emphasis mine):
You own all of the content and information you post on Facebook, and you can control how it is shared through your privacy and application settings. In addition:
For content that is covered by intellectual property rights, like photos and videos (IP content), you specifically give us the following permission, subject to your privacy and application settings: you grant us a non-exclusive, transferable, sub-licensable, royalty-free, worldwide license to use any IP content that you post on or in connection with Facebook (IP License). This IP License ends when you delete your IP content or your account unless your content has been shared with others, and they have not deleted it.
When you delete IP content, it is deleted in a manner similar to emptying the recycle bin on a computer. However, you understand that removed content may persist in backup copies for a reasonable period of time (but will not be available to others).
What does this mean? If you are making your living by producing a creative work such as music, photography, painting, etc. and are posting any of your work on fb, they have unlimited distribution rights to your work and any profit they can make from it, and to use it however they see fit, until you delete it. It doesn’t matter if you have a copyright on your work, you agree that you are giving fb all rights to it. Additionally, after you delete it, if anyone else has posted it ot shared it, it’s not really deleted, and they still have all rights. And if no one shared it, they still have backup copies of it.
Digging a little deeper we find the fb Data Use Policy. In this long-winded legal gobbledegook we get a little more info on this policy:
While you are allowing us to use the information we receive about you, you always own all of your information.
and
We store data for as long as it is necessary to provide products and services to you and others, including those described above. Typically, information associated with your account will be kept until your account is deleted. For certain categories of data, we may also tell you about specific data retention practices. We may enable access to public information that has been shared through our services.
and
When you delete your account, it is permanently deleted from Facebook. It typically takes about one month to delete an account, but some information may remain in backup copies and logs for up to 90 days. You should only delete your account if you are sure you never want to reactivate it. Certain information is needed to provide you with services, so we only delete this information after you delete your account. Some of the things you do on Facebook aren’t stored in your account, like posting to a group or sending someone a message (where your friend may still have a message you sent, even after you delete your account). That information remains after you delete your account.
So, they reiterate on yet a second page that anything you post that is shared outside of your fb page, remains on their site and is theirs to use however they see fit. And of course fb is all about sharing isn’t it? So while technically (or legally) you may always “own” your intellectual property, but since you agreed to the fb terms, and posted it on fb, and someone shared it, you have granted them unlimited license to use your intellectual property however they see fit. This doesn’t just hurt artists, but it also extends to ANY information you have posted and has been shared by anyone, or in a group, or private message.
Going back to Sharing Your Content and Information, the gross injustice continues:
When you use an application, the application may ask for your permission to access your content and information as well as content and information that others have shared with you. We require applications to respect your privacy, and your agreement with that application will control how the application can use, store, and transfer that content and information. (To learn more about Platform, including how you can control what information other people may share with applications, read our Data Use Policy and Platform Page.)
When you publish content or information using the Public setting, it means that you are allowing everyone, including people off of Facebook, to access and use that information, and to associate it with you (i.e., your name and profile picture).
Applications = Apps = games and groups and anything you use to make your fb experience more fun. This is also called Platform. What does fb say about Platform? Looking again at Data Use Policy we find this (emphasis mine):
About Facebook Platform
Facebook Platform (or simply Platform) refers to the way we help you share your information with the games, applications, and websites you and your friends use. Facebook Platform also lets you bring your friends with you, so you can connect with them off Facebook. In these two ways, Facebook Platform helps you make your experiences on the web more personalized and social.
Remember that these games, applications and websites are created and maintained by other businesses and developers who are not part of, or controlled by, Facebook, so you should always make sure to read their terms of service and privacy policies to understand how they treat your data.
Controlling what information you share with applications
When you connect with a game, application or website – such as by going to a game, logging in to a website using your Facebook account, or adding an app to your timeline – we give the game, application, or website (sometimes referred to as just “applications” or “apps”) your basic info (we sometimes call this your “public profile”), which includes your User ID and your public information. We also give them your friends’ User IDs (also called your friend list) as part of your basic info.
Not only do you need to pay close attention to the fb terms, but you also need to pay attention to the terms of ANY application you use, and chose to “share” your posts with. Are you also issuing each business that runs an app a free use license to your content as well? It doesn’t take long before your work or information is spread freely about the web, and you’ve given all of these entities free use of it, just because you “shared” on fb. Who is the greatest identity thief in the room?
Looking further at Data Use Policy, way down at the bottom under the heading Some other things you need to know, you can find this:
Responding to legal requests and preventing harm
We may access, preserve and share your information in response to a legal request (like a search warrant, court order or subpoena) if we have a good faith belief that the law requires us to do so. This may include responding to legal requests from jurisdictions outside of the United States where we have a good faith belief that the response is required by law in that jurisdiction, affects users in that jurisdiction, and is consistent with internationally recognized standards. We may also access, preserve and share information when we have a good faith belief it is necessary to: detect, prevent and address fraud and other illegal activity; to protect ourselves, you and others, including as part of investigations; or to prevent death or imminent bodily harm.Information we receive about you, including financial transaction data related to purchases made with Facebook, may be accessed, processed and retained for an extended period of time when it is the subject of a legal request or obligation, governmental investigation, or investigations concerning possible violations of our terms or policies, or otherwise to prevent harm. We also may retain information from accounts disabled for violations of our terms for at least a year to prevent repeat abuse or other violations of our terms.
Affiliates
We may share information we receive with businesses that are legally part of the same group of companies that Facebook is part of, or that become part of that group (often these companies are called affiliates). Likewise, our affiliates may share information with us as well. This sharing is done in compliance with applicable laws including where such applicable laws require consent. We and our affiliates may use shared information to help provide, understand, and improve our services and their own services.Service Providers
We give your information to the people and companies that help us provide, understand and improve the services we offer. For example, we may use outside vendors to help host our website, serve photos and videos, process payments, analyze data, conduct and publish research, measure the effectiveness of ads, or provide search results. In some cases we provide the service jointly with another company, such as the Facebook Marketplace. In all of these cases our partners must agree to only use your information consistent with the agreement we enter into with them, as well as this Data Use Policy.
Just so you understand who else is getting your information other than the government, “Affiliates” = anyone doing business with fb, and “Service Providers” = anyone fb contracts services from such as an internet provider, accounting firm, etc.
There’s more to read. MUCH more. I recommend you inform yourself and read these terms. The sad thing is, most of us unsuspecting and trusting people have been duped under the guise of being social and sharing and being friendly and nice.
What to do?
First and most important, you must purge from your mind the all-to-common assumption of “these things only happen to other people” and accept that you could very well be the next target. Accept that the terms for using fb allows them to make you the next target. Second, and far more difficult to do, delete all of this information from prying and thieving eyes.
It’s entirely possible the damage may already be done and that your personal data you’ve shared online has already been compiled by now, yet there’s a chance it hasn’t. Either way, it’s time to purge your personal data. Do this whether you are deleting your account or just wanting to scale back on your fb presence. If you chose to stay on fb beware the potential consequences.
BUT. . . isn’t this removing the social from social networking? Won’t this make my family angry and offended? Isn’t this extreme? We can answer YES to these and other questions. We can also choose to attempt to keep our identities as safe from being stolen as possible. Let’s be real here, thieves could care less if your family is offended or not. They just want your cash, and to be able to get credit in your name. Now that online social networking is continually targeted by criminals it has outlived it’s usefulness and is no longer safe as we’ve all been told. Let’s go back to seeing our family and friends in person to socialize. Like the “old days” of say, the year 2000 or so.
What To Remove And How?
Before you start you may wish to download a copy of your fb data. To do that go to the General Account Settings and click the “Download a copy” link at the bottom.
Start with the most critical data, most of which is found in the “About” tab. Go to the “About” tab on your fb page. Click on “Family and Relationships”. Hover your cursor over each individual listed there, and click on the “x” to remove. You’re not un-friending them, just un-linking them as being related to you. Click confirm and work your way through the list. This process of clicking the “x” to remove and confirming is the same through the “About” tab section. Once you’re finished here, continue through all other sections here, especially “Work and Education” and “Places You’ve Lived”. Remove it all. Under “Contact and Basic Info” remove your address, phone number, web sites, etc. You must keep at least one email address but make sure it’s set to viewable by “Only Me” and “Hidden from Timeline”. If you want to really thwart attempts on identity theft strongly consider changing your birth date and year to something other than what is true. Also make sure anything under “Details About You” contains no references to any of the previously mentioned info.
Now let’s go through your account security settings and tighten that up. Start at Security Settings and make sure you have “Login Notifications” set to send you an email if someone else tries to log in to your account.
Now click on the Privacy tab. Set “Who can see your future posts?” as “Friends”. Now click Edit for “Limit the audience for posts you’ve shared with friends of friends or Public?”, ignore the warning and click the “Limit Old Posts” button, and then the “Confirm” button. Yes, this changes all of your public posts to friends only. But the idea is to limit who can see anything related to you. Next set “Do you want other search engines to link to your timeline?” to “No”. The “Who can look me up” settings on this tab should be set to “Friends”. The remaining options set how ever you desire.
Now go to the Timeline and Tagging tab. Here you can limit “Who can add things to my timeline” if you desire, I choose not to. Under “Who can see things on my timeline?”, set both “Who can see posts you’ve been tagged in on your timeline?” and “Who can see what others post on your timeline?” to “Friends”. Under “How can I manage tags people add and tagging suggestions?” set both “When you’re tagged in a post, who do you want to add to the audience if they aren’t already in it?” and “Who sees tag suggestions when photos that look like you are uploaded?” to “Friends”
Head over to the Apps tab and give serious review of all of the apps listed here. If any app is not important to you or you don’t use it regularly, remove it. If you’d prefer to disable apps altogether go to the bottom of the page and change the “Apps, Websites and Plugins” setting from “Enabled” to “Disabled”. Doing so will also get rid of all of those annoying invitations from apps that your friends send you. I have mine enabled for one app only, the twitter app, so that my twitter posts will be posted on fb as well. I’m not sure how long I will continue with that. Next set “Instant Personalization” to “Disabled” and “Old Versions of Facebook for Mobile” to Only Me/Friends/Close Friends. As for “Apps Others Use”, recall how fb shares your information with apps and the apps friends use? Click on this “Edit” button, un-check every single box and click the “Save” button.
This pretty well sums up the fb Settings you need to be on top of.
After tightening up the info you share to friends only, it’s now time to weed out your friends list. I realize this is a huge and difficult step for many, but you really need to be honest with yourself and make sure all of your fb “friends” are people you really know and dump the rest. Ask yourself, do I know this individual personally, or am I “friends” with them because it gets me a high friends count and makes me look important? Most of us have a really small circle of people who are true friends. Do you know this fb “friend” so well that you’d trust them with your credit card? Would you give them the keys to your house? Would you send your child off with them? If the answer is no, “un-friend” them.
Next up, seriously consider removing and un-liking your favorite movies, music, sports teams and books. If you have “liked” you’re bank, you’re credit card provider, you’re investor, in short- any financial services provider, un-like them all. Un-like your employer. Remove pet names. I know, it seems extreme, and it’s difficult to destroy your legacy and all of that time you’ve put in to it, but this is really necessary to be as safe as possible in social media. But why? All of this data can be compiled and used to identify you all over the internet. Most web sites have security questions that, in the event you can’t remember your password or you’re using a different computer the web site doesn’t “recognize”, verify you are who you claim to be by asking one of these security questions. Such as “where did you go to high school” or “what’s your mother’s maiden name” or “what’s your pet’s name”, etc. In many cases the info you have on fb answers some if not all of these questions. And once you’re located on other web sites, you’re vulnerable to having your identity stolen or your accounts broken in to. Consider also removing photographs that can tie you with family and friends and places. Photo and facial recognition software is getting really good at being able to pick you out of a crowd and connect you to numerous web sites.
If after reading all of this and doing your own digging you decide you just need to delete your account, head over to this page to get the job done.
Wrapping Things Up
Are you exhausted? I sure am. It’s a huge task to lock down your fb info once you realize you have entirely too much on there. Pat yourself on the back for taking huge steps in securing your identity. Chances are fb is where your greatest purge needed to take place, however, there’s no time to rest. Facebook is only one of many sites you may need to purge from, including but not limited to LinkdIn, MySpace, Pinterest, dating sites . . . it’s a long list. I recently discovered a web site that will help you in deleting your many social accounts, or even just a few. justdelete.me maintains links to many social sites direct account deletion pages, or to information pages on how to delete your account. It looks quite interesting and I will be taking a close look at it. If you do let me know what your experience with it is.
So, am I off fb? I have done a purge, but I haven’t deleted my account just yet. I am considering deleting my current account and starting over with a new account with a minimal amount of info on it. That way any artistic things I’ve ignorantly posted along the way, will eventually revert back to my control completely. Not that there’s anything to be made from any of it, but why give it away to fb to market and profit from?
Lastly, I apologize for the delay in getting this posted. It’s taken a very long time to compile all of this and present it in some sort of understandable way.
References
Thanks to Martin Rýznar, DiS for the No fb image.
The NSA Has Impersonated Facebook To Spread Malware by Adam Clark Estes on Gizmodo
NSA: We didn’t pose as Facebook by Julian Hattem on The Hill
How Google and Facebook May Help with the NSA and PRISM by Connor Simpson on The Wire
Facebook Sharing Your Content and Information
Facebook Data Use Policy
Leave a comment, or trackback from your own site.