Wednesday, April 4, 2018

Advice from SANS Institute on Facebook issues

 The SANS Institute is a company that specializes in information security and system administration. SANS provides a large curriculum of information and cyber security courses, tutorials, and certifications.
 The following is their advice on the Facebook issues raised after disclosure of information used by Cambridge Analytica after a gather by an application.
 My advice differs on the delete your Facebook account point. Once an account is deleted, services often reuse that account after a period of time. Thus someone or something can harvest deleted accounts and re-use them. Not just Facebook, yahoo, gmail, etc. In my opinion it is better to not use, but keep active such accounts.

 SANS message and advice:

Folks, we know and understand many of you have been following Facebook in the news about several big privacy incidents and allegations.  We wanted to provide you with a short summary of what those issues are, and more importantly what you can do to protect yourself.  First, a brief overview.  The US Federal Trade Commission is investigating whether Facebook violated terms of a 2011 settlement when data of up to 50 million users were transferred to Cambridge Analytica, a data analytics firm.  This data was originally collected from a Facebook app called “thisisyourdigitallife”.  The app not only collected extensive data from people who downloaded it, but the app connected data on their friends also.  This incident is raising a lot of questions, to include what other data has been collected by other apps, and how was that data shared.  Below are steps you can take to protect your privacy.  Note that while these steps are specific to Facebook, you should consider following the same steps for any social networking sites you use online.  In addition, Facebook will be making privacy changes in the coming months, as such, some of the links or options listed below may change. 
  1. Delete: If you are truly concerned about Facebook and no longer trust it, the most dramatic step you can take is to Delete Your Facebook Account.  If you do, your information cannot be recovered, so we recommend you download all of your past Facebook activity first from your settings page.
  2. Deactivate: The second option is to Deactivate Your Facebook Account, which is in your General Account Settings. This freezes your online activity to include disabling your profile and remove your name and photo from most things you've shared on Facebook.  However, you will still be able to message people.  Unlike Deletion, with Deactivation you can Re-activate your account, which means your profile and past activity is restored.
  3. Minimize Apps: The issue is not only what data Facebook collects about your activity, but what data any third party apps that connect to your Facebook account, apps such as Clash of Clans or What is Your Inner Age.  Only install apps you need and minimize what they collect.  Why do you think there has been such an explosion of these fun and free apps?  Because they make money harvesting your information. In addition, limit what others share about you with their apps in the “Apps Others Use” section. Finally, delete an app when you no longer need it or no longer trust it.  Not sure what apps you have?  Check out your apps page and review your apps. Every app you have is just one more opportunity for others to collect information about you.  
  4. Logins: Many websites (and apps) give you the option of using your Facebook account to login.  While that is convenient, it just means more data sharing is happening between that website and your Facebook account.  Protect your privacy by using a unique login for each and every account you have.  Can’t remember all of your passwords?  Neither can we, that is why we recommend a Password Manager.
  5. Sharing: Always be careful what you share with others.  If you do not want your parents or boss to read it, you probably should not post it.  Yes, you can use privacy options to control who can read your posts, but remember those can be confusing and change often, so what you thought was privately shared can become publicly available.
  6. Two-factor Authentication: Finally, while not related to privacy, one of the best steps you can take to securing any of your online accounts is to enable two-factor authentication.  This requires a second step to logging into the site.  This very simple step is one of THE most effective ways you can secure your online accounts.
Unfortunately, these steps are not as simple as we would like.  Facebook and other sites do this on purpose, they make money by collecting your information.  We want you to be aware that information is being collected about you and the steps you can take to protect yourself.  Finally, while these steps are specific to Facebook, keep in mind many other free sites have the same issues.

No comments:

Post a Comment