Facebook Privacy: Tightening Up?

facebook_privacyFacebook privacy has taken a step forward. Last week I wrote about Facebook Safety Tips, as privacy is becoming a key factor in the social networking world. Yesterday, Facebook announced that they would tighten up privacy in response to a set of recommendations made by the Canadian government (Facebook Privacy Announcement).

Here is the gist of the Facebook Privacy Changes that will be implemented in the next 12 months: Read more

Facebook Safety Tips to Stop Social Networking Hangovers

Social NetworkingFacebook safety has a direct correlation to your business’s bottom line.

Facebook, and social networking sites in general, are in an awkward stage between infancy and adulthood – mature in some ways, helpless in others. On the darker side of sites like Facebook, LinkedIn and Twitter, scammers and identity thieves are drooling at the sight of this unchecked data playground. In contrast, most social networkers are addicted to all of the friendships they are creating and renewing.

There is no denying that Facebook and other social networking sites have a very luring appeal.  You can sit in the comfort of your own home and suddenly have a thriving social life.  You can look up old friends, make new ones, build business relationships and create a profile for yourself that highlights only your talents and adventures while conveniently leaving out all your flaws and troubles.  It is easy to see why Facebook has acquired over 200 million users worldwide in just over five years. Which is why Facebook safety is still so immature: Facebook’s interface and functionality has grown faster than security can keep up.

Unfortunately, most people dive head first into this world of social connectedness without thinking through the ramifications of all the personal information that is now traveling at warp speed through cyberspace.  It’s like being served a delicious new drink at a party, one that you can’t possibly resist because it is so fun and tempting and EVERYONE is having one.  The downside? Nobody is thinking about the information hangover that comes from over-indulgence: what you put on the Internet STAYS on the internet, forever. And sometimes it shows up on the front page of the Wall Street Journal, in the hands of a prospective employer or your boss’s inbox. All of the personal information that is being posted on profiles — names, birth dates, kids’ names, photographs, pet’s names (and other password reminders), addresses, opinions on your company, your friends and your enemies — all of it serves as a one-stop shop for identity thieves.  It’s all right there in one neat little package and all a scammer has to do to access it is become your “friend”.

Follow these Five Facebook Safety Tips and save yourself the trouble…

5 Facebook Safety Tips

Facebook Safety Tip #1: If they’re not your friend, don’t pretend. Don’t accept friend requests unless you absolutely know who they are and that you would associate with them in person, just like real friends.

Facebook Safety Tip #2: Post only what you want made public. Be cautious about the personal information that you post on any social media site, as there is every chance in the world that it will spread beyond your original submission.  It may be fun to think that an old flame can contact you, but now scammers and thieves are clambering to access that personal information as well.

Facebook Safety Tip #3: Manage your privacy settings. Sixty percent of social network users are unaware of their default privacy settings. Facebook actually does a good job of explaining how to lock your privacy down (even if they don’t set up your account with good privacy settings by default). To make it easy for you, follow these steps:

  1. Spend 10 minutes reading the Facebook Privacy Policy. This is an education in social networking privacy issues. Once you have read through a privacy policy, you will never view your private information in the same way. At the point the privacy policy is putting you to sleep, move on to Step 2.
  2. Visit the Facebook Privacy Help Page. This explains how to minimize all of the possible personal information leakage that you just read about in the privacy policy. Once you understand this on one social networking site, it becomes second nature on most of the others. 
  3. Now it is time to customize your Facebook Privacy Settings so that only information you want shared, IS shared. This simple step will reduce your risk of identity theft dramatically.

Facebook Safety Tip #4: Keep Google Out. Unless you want all of your personal information indexed by Google and other search engines, restrict your profile so that it is not visible to these data-mining experts.

Facebook Safety Tip #5: Don’t unthinkingly respond to Friends in Distress. If you receive a post requesting money to help a friend out, do the smart thing and call them in person. Friend in Distress schemes are when a thief takes over someone else’s account and then makes a plea for financial help to all of your friends (who think that the post is coming from you). As with all matters of identity, verify the source.

Following these 5 Facebook Safety tips are a great way to prevent an information-sharing hangover.

The best way to protect you and your children from Online threats is to educate yourself about Facebook, Twitter, MySpace and other online social networking utilities.  We recently published the Facebook Safety Survival Guide (with Parents’ Guide to Online Safety) with that exact goal in mind. Social networking is immensely powerful and is here for the long run, but we must learn to harness and control it.

John Sileo is the award-winning author of Stolen Lives, Privacy Means Profit and the Facebook Safety Survival Guide. His professional speaking clients include the Department of Defense, the FTC, FDIC, Pfizer, Prudential and hundreds of other organizations that care about their information privacy. Contact him directly on 800.258.8076.

Read more

Social Networking Sites Banned by Marines

According to the Christian Science Monitor and other reputable media sources, the marines have banned social networking sites, including Facebook and Twitter. Currently, the Pentagon is reviewing its entire policy on the use of social networking sites. Can you imagine the enemy discovering troop locations or military tactical data via social networking? Ironic timing, as just a few weeks ago I was delivering an identity theft speech at the Pentagon and recorded a short video about this problem.

Facebook Privacy & The Pentagon

The Christian Science Monitor ran the following quote from a memo distributed Tuesday to all Marines:

The very nature of [social networking sites] creates a larger attack and exploitation window, exposes unnecessary information to adversaries and provides an easy conduit for information leakage that puts [operational and communication security] personnel and the [Marine Corps network] at an elevated risk of compromise.

7 Hazards of Social Networking

Most of the risks of social networking fall into one of the following categories, which I call the 7 Hazards of Social Networking:

  1. Impersonation. Does the social networking account (e.g., Twitter Account) belong to the actual person or company it is representing? For example, if you look at the Twitter account @johnsileo, you will see that my name is used to send business to a gentleman who is also an identity theft speaker. My actual account is @john_sileo. Whether this is considered social networking squatting or social networking identity theft, it’s impersonation.
  2. Ownership. Who owns the data on the social networking sites’ servers? Do you own what you post on Facebook, what you email through GoogleMail or the financials you backup off-site on someone else’s servers? The fact that you don’t know should trouble you as much as it does me.
  3. Breach. How is your social networking site protecting your profile and posting data? Are they susceptible to bots like ZombieSmiles that allow hackers into your Facebook profile through Facebook’s own client interface? Is it easy for a hacker to post something or appeal to your friends as if the hacker is actually you (account takeover impersonation)?
  4. Fraud. Social networking is based in relationships of trust. You trust the people you befriend. Unfortunately, some studies suggest that 25% of the users accept friend requests from total strangers. This, along with account takeover impersonation, opens you up to “friend in distress” scams, information gathering and other forms of social networking fraud.
  5. Disclosure. We are far bolder and far less discretionary with what we share online versus what we share in person. This means we risk giving out information that, given a second thought, we didn’t want to. Think of the New York Times reporters who tweeted about a closed-door meeting where they discussed charging for online content.
  6. Human Error. Have you ever hit the button on an email that was meant to go to someone else? The same phenomenon happens on social networking sites, but the damage is exponential because of the medium – you might have just sent it to hundreds or thousands of followers or friends. I call this phenomenon Tweet Breach.
  7. Underestimation. Because social networking started out as a personal application and still has the flavor of being controlled by individuals (as opposed to corporations), we often underestimate the sheer destruction caused by mishandling this tool. I believe that this is what happened to the military. They originally underestimated the data leakage taking place in the social networking sphere and have since, wisely, begun to rethink their strategy.

Until we recognize that anything posted on the internet (especially if social networking is involved) is Public, Permanent and Admissible in court, we will continue to underestimate the hazards of social networking. Luckily, there are solutions to these hazards, some of which we will discuss in our Social Networking Webinar today.

John Sileo became America’s leading Identity Theft Speaker & Expert after he lost his business and more than $300,000 to identity theft and data breach. His clients include the Department of Defense, Pfizer and the FDIC. To further bulletproof yourself and your business, bring John in to speak at your next meeting or conference. Visit ThinkLikeASpy.com.

Facebook Privacy? Social Media Webinar…

Facebook-PrivacyIs there such a thing as Facebook Privacy? Or Twitter, LinkedIn or any other social networking/media sites? I’m not convinced that any of us really know the answer yet. I think we so-called privacy experts talk a big game, but the subject is still maturing, and definitely up for debate.
Who owns the data on Facebook? Who has access to the information stored in the Cloud? Are your Tweets admissible in court?
Join us in the debate as Mike Spinney of the Ponemon Institute and I host a seminar on Social Media’s Impact on Corporate Privacy next Thursday, August 13 from 9:00-9:45 a.m. Mountain Time. The Webinar is geared to anyone whose personal or business information is at risk of social media leakage. We’d love to hear your opinions, questions and comments.

The format will be casual and we will be discussing the following topics (time permitting):

  • The Rise of Online Social Networking as a Business Tool
  • Is Facebook Privacy a Myth?
  • Examples of Corporate Privacy Breach by Social Media
  • Personal and Professional Consequences
  • Risks vs. Rewards of Social Media
  • Developing a Proactive Social Media Strategy
  • Q&A Session

To register for the Webinar, please visit:


I look forward to having you participate.

Facebook Privacy?

Tweet Breach: 140 Characters of Destruction

tweet-breachLike a wounded, cornered Doberman, I was irrational and reactive.

My blog was down, non-existent. When you earn your keep by communicating ideas, like I do as a professional speaker, any threat to the distribution of those ideas raises the peach fuzz on the back of your neck. After days of being unable to reach my webmaster by office phone, cell phone, SMS text, instant message or email, I dialed up the pressure on him to respond. I turned to the powerful and influential world of social media…

I tweeted him. Publicly.

@johnswebguy Where in the name of Google Earth are you? Why won’t you contact me? [poetic license applied to save face]

140 characters that delivered the impact of a rabid canine. Yes, there was obvious anger in my words, but they were transformed into a venomous rant in the hands of others. Those reading it from the outside could feel the rage I felt at having been cornered without a backup plan. Unfortunately, in my anger, I didn’t make it a direct tweet (a private communication that only the recipient could see), so anyone following these hyper-succinct mini-blogs could view my dirty laundry and fill in the blanks with any back-story they liked. And fill in they did.

In the ensuing minutes, my tweet was re-tweeted (sent out to a mass number of recipients), screen shot (digitally captured to be preserved forever in all its glory) and used as an example as why others shouldn’t do business with my webmaster. I had never even considered ending my relationship with my webmaster, so driving his customers away was the last thing on my mind.

I just wanted to know where he was!

In that instant, dumbfounded with regret, I understood the power of social media to communicate, influence and destroy. Destroy personal reputations. Destroy brand identity. Destroy profit margins, relationships and open communication. As I hit the enter button, I thought I was tossing a snowball, but quickly discovered it had the potential to become an all-out avalanche. For all of its brevity, the words we publish on Twitter or Facebook can be misinterpreted, read as gospel or spread like the plague. It can be very difficult to separate emotion from fact in 140 characters.

My webmaster contacted me from the hospital; he had just gotten out of surgery. Fortunately, I deleted the tweet before it went totally global, explained my mistake to my followers, apologized to my webmaster and got down to resuscitating my blog (when he had recovered from surgery).

Explaining what I had done to someone the following day, I used a term that has stuck in subsequent conversations — tweet breach. Here is my current working definition of tweet breach:

tweet•breach n. 1. Accidentally or intentionally exposing data through social media or other Web 2.0 applications (e.g., Twitter, Facebook, LinkedIn, Wikipedia, Second Life, blog posts, webmail, text messaging, instant messaging, etc.) that would otherwise have remained acceptably private, confidential, anonymous or otherwise properly controlled by the owner or agent responsible for the information. 2. Self-inflicted tweet breech (common) is the act of accidentally or reactively releasing one’s own private information without thinking through the consequences.

Examples: a) posting an individual’s personally identifying information (phone number, credit card account, social security number, etc.) without their consent, knowledge and understanding; b) posting someone’s physical whereabouts, personal history or confidential information without their agreement; c) improperly revealing proprietary corporate information such as intellectual capital, corporate financials, business processes, deal secrets, organizational structure or other sensitive commercial data; d) improperly using social media as a tool of leverage, extortion (if you don’t do this, I will…), or revenge (posting sordid details about your ex, dirty laundry about your former employer, etc.).

I learned so much as a product of my experience that it will provide materials for years to come. Let me share a few of the many fundamental takeaways that you should keep in mind both personally and professionally:

  1. Posting is Public. This seems so obvious, but it is constantly overlooked. When you post (I use the term post to encompass tweeting, blogging, commenting, writing on a wall, publishing to a website, and certain types of texting, instant messaging, etc.), you are making the information available to everyone on the internet (unless you somehow restrict access).In-person relationships are often subtle. For example, you probably wouldn’t tell the same joke to your young child as you would your closest friend. You wouldn’t tell your boss about a successful job interview with another company in the same way that you would tell your sister. But when you post these items online, you are collapsing those layers of distinction, or access, into a one-dimensional view. Everyone has equal and identical access to your joke and your job news, whether you want them to or not. Denial and misunderstanding of this basic principle, that posting is public and will be seen by others, is what leads teenagers to populate MySpace with pictures and content that they would never want their future employers, college admissions officers or even parents, to see.
  2. Posting is Permanent. When you post, you are creating a permanent piece of digital DNA that, for all practical purposes, never disappears. Your words and photos and videos are forwarded, replicated, backed up, quoted and made a permanent part of the internet firmament. In other words, if you post it, you’d better be willing to claim ownership of it for the rest of your life. It is very hard to think a week in advance, let alone 20 years. Would George W. Bush have ever been President had he tweeted his DUIs or possession of Cocaine arrest? The viral and permanent and traceable nature of the information would have doomed his chances.
  3. Posts are Exploitable. Whether they are used against you in a court of law (yes, posts have been used as admissible evidence), used by identity thieves and social engineers (e.g., once a con knows your social network, they can easily use it against you to establish undeserved trust), or aggregated by companies that want to sell you something, posts can and will be used in ways that we average users are not currently considering.

Without question, social media and social networking are killer apps and are here for the long haul. They fulfill too deep a need and too profitable a role in our lives and businesses to write off as a fad. Fortunately, there are concrete solutions for preventing tweet breach and for minimizing damage when it does inevitably happen. I am already experiencing corporations (probably because of their increased risks and liability) beginning to pro-act on the ever evolving side effects of social media. For starters, they are gaining a competitive advantage by:

  • Learning about Twitter, Facebook and other social media first hand. A fun place to start are the videos by Twitter Goddess Gina Schreck (@GinaSchreck).
  • Educating their workforce on the benefits and drawbacks of social media, including tweet breach, productivity gains and losses, social media exhaustion, etc.
  • Establishing guidelines for how to use Twitter, Facebook and Web 2.0 tools in responsible, productive ways
    that deliver the greatest ROI with the least risk
  • Incorporating age-old ideas of etiquette, editorial policy and discretion into the fabric of their new media strategies

I would love to hear your ideas on tweet breach and examples that you have come across. Please feel free to comment with your own tweet breach or similar stories.

After losing his business to data breach and his reputation to identity theft, John Sileo became America’s leading identity theft and data breach speaker. He speaks on the topics of workplace identity theft, data breach and tweet breach. His recent clients include the Department of Defense, the FDIC, Blue Cross Blue Shield, and Pfizer. You can follow his tweets at @john_sileo.