Social media risks and how to protect yourself online

With all the information we give the social networks, the more information they have about us, to hold and use as they please. People are becoming more aware of social media risks, but what risks are there?

We are not just uploading more of our lives on the internet; we’re also spending more and more of our days consuming, sharing and commenting on social media platforms. Naturally, risks related to social media are increasing. The goal of this post is not to make you stop using social media, or the Internet for that matter. Being smart online, especially if it’s part of your job, is only possible if you know about the risks and how to limit them.

Hacked Social Media Accounts

Getting your Social Media accounts hacked is increasingly common and probably one of the most significant social media risks. It happens to both large corporations (HBO, PlayStation) and people with small personal accounts. A hacker is anyone from an ex-partner who can guess your password or a previous employee who made a copy of the password lists before they left, to professionals with more advanced methods.

But how significant is the risk? Facebook said in 2011 that 0,06% of all logins on the platform was “compromised”, and during that time the platform had about 1 billion logins each day, so that is 600 000 problematic logins every day. Google reports that 20% of social accounts are compromised “at some point”. I would never have guessed that 1 in 5 accounts would be compromised, that’s a lot of sad users.

What can you do to prevent it?

  1. Use secure passwords and different passwords on every service you use. I recommend using 1password to make your life with secure passwords less of a hassle.
  2. Use two-factor authentication to make sure that it’s harder for someone to log in even if they have your password.
  3. Avoid browsing (especially logging in to) social media accounts on public wi-fi, the techniques for snooping around and waiting your login credentials are getting more advanced.
  4. Never give account or page credentials to someone who contacts you directly, not even people who say they work with customer service for the social media itself, or that they are your colleagues.
  5. Never download apps, especially not apps that want’s give permissions to post on your behalf.

Social Profiling

Social Profiling is when someone uses the information on your social media accounts to create an opinion about you or “measure you” based on your interactions or influence on social media. This is typical behaviour today, both from employers and the people you’re dating.

Around 43 percent of businesses used information online when they’re decided not to hire someone. And 40 percent use social media when they screen candidates. Sure, this is a significant number, but your life online shows only a small part of you as a person. And if you don’t have a social media profile, or if your “influence score” is low, apparently you’re less worthy of an employer.

What can you do about it

It is hard to do anything about the behaviour of potential employers and Tinder dates. However, you can make sure to know what those searches will say about you, and you can adapt what comes up.

  1. Use the incognito search mode to search for yourself online to see what comes up.
  2. Remove pictures that are sketchy, strange or that someone can use in an entirely different context
  3. Use the “view as” setting on Facebook, to understand how your profile looks to the public. Make sure that potential employers can see only the best information about you.

Cyberstalking

Although cyberstalking might feel as bad as any stalking, it’s a bit different when it happens online. It’s not uncommon that it’s combined with offline and real-time stalking as well.

There are some differences between “traditional” stalking and cyberstalking. While traditional stalking often happens to women, cyberstalking is affecting men 40 percent of the time. One other difference is the stalker. Often, it’s an ex-partner or someone with a connection to the victim doing “traditional” stalking, while cyberstalking is widely done by complete strangers.

The fact that it is so easy to collect information about someone online is probably behind the significant increase in cyberstalking. A cyberstalker can use information about your geolocation, and this is automatically turned on for most smartphones. And it is rather easy to follow your life and regularly see where you are if you use apps like Swarm, check in on Facebook or tag your photos with Instagram.

What can you do about it?

  1. Turn off the automatic use of geolocations.
  2. Don’t actively check in with Facebook, geotag your images on Instagram or use apps like Swarm
  3. Limit the information you share on Facebook and other platforms so that it is only available for your friends

Third party information sharing

Many websites add cookies to your device when you visit them. Most cookies role is to find returning users to improve your online experience or keep track of users to improve their service. The problem is, however, that some cookies can crawl and follow you on other websites. Therefore, they can get a detailed view of your online behaviours.

Many services you opt-in to use, like Facebook and Google, record a rather significant amount of what you do. They are tracking your activity when you use their service online. This is everything from messages and comments, what you share, and for how long you looked at an individual piece of content.

They can then sell all this data about you to either another company or as part of their advertising services. You will, unfortunately, have microscopic say about who’s buying your information and for what causes they can use the data.

What can you do about it?

  1. Take a look at your Facebook Ad Preferences. Remove the things they’ve collected about you that you don’t want Facebook to use when they show you ads.
  2. Opt out of Facebook’s tracking and ads program. Choose “no” for both “Ads based on my use of websites and apps” and “Ads on apps and websites off of the Facebook Companies.”
  3. Opt out from being tracked by companies in the Digital Advertising Alliance. To opt out from all the participating companies, click on “Choose all companies.”
  4. Install Privacy Badger from the Electronic Frontier Foundation (EFF). “Privacy Badger is a browser add-on that stops advertisers and other third-party trackers from secretly tracking where you go and what pages you look at on the web.”

Warrantless searches

Warrantless searches are searches performed without a court-ordered “search warrant” and is the most common type of search conducted by law enforcement. According to Katz v. United States (389 U.S. 347), courts determined in 1967 (long before the age of social media) that if a person willingly makes information public is not protected by the Fourth Amendment and, therefore, it requires no warrant.

Information such as direct messages that you want to keep private is often interpreted by the law as not being “private” since there is no guarantee that the person receiving the message will keep it secret. The NSA has also worked with Facebook, Google, Apple and other tech companies through the Prism program. Part of this is sharing of user data such as emails, search history, instant messages and transferred files.

What can you do about it?

It is possible to do warrantless searches and record information since all our online activities are out in the open. The best thing to do is, therefore, to “hide” your actions.

  1. Use a VPN (preferably with double encryption and “no logs” policy) on both your phone, your computer and all other devices
  2. Use an end-to-end encrypted application for instant messages
  3. Meet up in person when you have to discuss sensitive information

Social media risks, some last thoughts

Make sure to check that you have decent security related to your social media. It might not seem like a significant risk to you now, but keeping certain things out of the public eye (or the Google Search) is not stupid, it’s smart.

The costs for getting your accounts compromised are pretty high, and it is not easy to get compromised accounts back if they get hacked. Most of the proactive suggestions in this article, to cut your social media risks, is probably possible to fix. That is perhaps time very well spent.


Two-factor authentication for beginners

Databases will always get hacked. Passwords will sometimes get into the wrong hands. You should, therefore, make sure to have a system that reduces the damage a leaked password can create. Two-factor authentication is a way to decrease the risk related to living life online.

I’ve realised that few people working with the internet and its services as primary business tools do not know about this technology. Even fewer people use it. That is why you are now reading this blog post…

How does two-factor authentication work?

Two-factor authentication adds an extra layer of security on top of your username and password combination. It makes it harder for a hacker to get access to your account even if they know (or break) your password. For someone to get access to your account they need either your phone or some other “key” to log in. The service use the phone or key to verify that the person logging in is the legitimate owner of the account.

When you log in to an account it will ask for a code you get from an app in your phone, or through text message. Some prefer to add a USB-key with a button that you press to authenticate the login. There are multiple solutions and you should pick what feels easiest for you.

It’s actually the same solutions that many banks use. They give you a physical card with codes, or a small digital device providing you with codes when you press some numbers. You need your login details and your specific code, to use your bank online or through the phone. This is to make sure the bank know that you are you.

When should you use two-factor authentication?

You should basically activate two-factor authentication, 2FA, for every service where it’s possible. To find out if a service offers two-factor authentication you can use a service called Two Factor Auth (2FA). It lists most online services and links to the set-up documentation for each one of them.

You should activate two-factor authentication for at least: E-mail, Facebook, Twitter, Dropbox. All places where you have sensitive personal information, such as your bank and health-related accounts, should have 2FA activated and everything work-related should also have maximum security. When it comes to work accounts, the damage would be large, not just for you, but also for your employer.

But it’s such a hassle…

The hassle setting up two-factor authentication is worth it. Just compare it to the trouble you will have to go through if someone finds their way into your accounts. Sometimes it’s hard just to take down a hacked social media account. And if someone has access to your email they can easily reset other passwords creating, even more, damage.

I was once able to prevent a login attempt from somewhere in Asia because I had two-factor authentication. Someone knew my password and I got an e-mail about the login attempt but since they didn’t have my phone they couldn’t access the account. Instead, I could log in and change my password, keeping them out of my account.

Anything else?

Well, while we’re at it: You should also use a password manager, like 1Password, to make sure all your passwords are secure, i.e. long, complicated and used only for one account. It’s a pain to move into a password manager and change all your passwords, but you should do it TODAY. It further reduces the risk of some stranger getting access to your account.