Facebook’s two faces: social media security tips

Facebook is fun, it’s a Yearbook Of The Damned, it’s an entertaining time-sink. This much we know. It’s also becoming a huge magnet for new digital security threats. This much we’re just starting to learn. Here’s a quick briefing on my own Best Practices for secure (or as-secure-as-possible) Facebook use.

Need-to-know info. Your personal profile is a big data mine, not just a virtual Rolodex card for your friends’ convenience. Aside from the bare essentials–name and e-mail address–I show no contact or address info on Facebook. I don’t show my birthday. Work, education, book and music faves, sure; that stuff’s either already publicly accessible or irrelevant to all but the ad robots trying to sell me concert tickets.

Reference check (for self and others). Some security experts are projecting Facebook and similar services will become a big platform for identity hijacking: the creation of fake profiles who might appear to be you or someone you know but are actually operated by scamsters and criminals. Some security types suggest that you pre-empt that possibility by creating your own real profile ASAP (not to mention creating them in advance for your kids–now that’s planning ahead!). Conveniently, this recommendation also works as viral (and vaguely terroristic) marketing for Facebook and company. But there might be something to it.

If you’re already on a social media network, the problem becomes one of trusting requests from people you think you know. If you have other contact info for that person (e-mail or phone number), you could verify the contact that way. But for that out-of-the-blue high school friend who comes calling from halfway round the world, I don’t know what to suggest.

Never talk to strangers. This one’s easier, since it’s the same thing we teach kids in the non-Facebook, so-called “real world.” If you don’t at all recognize a requested contact, ignore them. Two anecdotes here:

1. I got a Friend Request this morning from a total stranger purporting to hail from Regina. Easy enough to ignore. But I Googled the name and the first search result was some Russian website. Definitely ignore.

2. Some stranger sent me a message asking if I was SoAndSo from WhereverTheFrack. Just because I’m not doesn’t mean I need to tell them so. Ignore that message; if you answer it, you let a stranger see your profile, friends, and content for a month. So ignore it. They’ll figure it out. (Assuming they even are who they say they are.)

To IP or not to IP? It was a colleague at UNB Saint John who first tipped me to the fact that Facebook claims de facto copyright on anything you post to it. Your status updates, your messages, your baby photos. It all becomes the intellectual property (IP) of Facebook. So think hard about what you want to give them without getting any royalty cheque in return.
UPDATE: Facebook doesn’t claim copyright on user-generated content; this policy changed quickly, in response to user protest. Still, I don’t generally post to FB any content I’d consider having a copyright stake in.

Applications, schmapplications. For me, Facebook is all about status-line quips and edifying links. Okay, and baby pictures too. (As long as they don’t name names — I’m not kidding.) “What are you doing?” keeps me up on just that for my globally distributed peeps, and occasionally bloats into conversation threads. My contacts act as a collective critic, filtering and promoting the best of what’s current on the interwebs. And it’s a great way to maintain a kind of root-fire-level family reunion all year long.

So I don’t need a pixelated cupcake. I don’t need a digital garden. And if I want to play Scrabble, the board’s in the living room. I routinely turn down applications because every application you add gives its developer — a third-party interest that is not Facebook — access to your information. (And as you can see, I’m jittery enough about Facebook having that info, amid rumours they’re funded by various military-industrial interests.) Most applications won’t work if you crank up your privacy filter just one notch. My one exception is the book-recommendation app weRead, because I like to promote books and reading. But weRead is now on notice, for sending me its own bogus recommendations (and for trying to convince me that “one of my ‘friends'” has a crush on me).
UPDATE: Yeah, I don’t have any book-reading apps on FB now. And the latest invasive-app development is last fall’s introduction of the “Read” app that automatically shares any article you read in a given subscribing organ in your FB profile. As one critic put it, making sharing passive rather than conscious is a great way to ruin sharing.

So that’s my take on the two (or possibly many) faces of Facebook. Feel free to tweak or critique these suggestions with a comment. And don’t forget to go pre-emptively create a profile on the hundred and thirty or so social network sites out there … before the gangsters and terrorists do it for you.