Basic safety tips and security guidelines for Facebook and web based social media

Given the vituperative pushback of the BBS online against those who participated in the vigil in Colombo a few weeks ago, immediate measures to secure content posted on to web based social media platforms are essential to protect one’s own privacy, and those of family, friends and colleagues. Engaging in liking content on Facebook, featuring articles on it, uploading photos and video, linking other social media accounts to it (like Instagram and Twitter) and commenting on others posts all expose personal information, as well as one’s network of friends and their personal information and content. If you aren’t careful about the protection of your own information on online social media fora, the personal information of your network of ‘friends’ can be compromised. This information can be subsequently digitally manipulated in any number of ways which can put you and them in very serious trouble with the law enforcement agencies both domestically and internationally. Given the increasing sophistication of the BBS and its ilk to produce and promote web based hate speech campaigns especially across growing numbers of Facebook groups, expect attempts to hack into, disrupt, deface and surveil emails and social media accounts of those leading and participating in pro-democracy activism and advocacy to increase. Information below was written post-haste to help protect those attending a large rally in against hate in Colombo in late April 2013. It is the nature of online social media platforms in general and Facebook in particular to change their Terms of Service and privacy controls regularly. The predominant bias of all social media sites is to share everything openly and publicly. Privacy is not the default setting. Privacy is hard to configure, not easily attained and never guaranteed in any online social media platform - especially Facebook. Though content on Facebook and other links are accurate at the time of writing, readers are encouraged to get in touch with the author for specific concerns over online security. Tamil translation of this guide here. Sinhala translation can be read here.

Page 1

Locking down Facebook
Click on the gear icon on the upper right hand side of the screen. Select Privacy Settings. This is what my screen looks like.

Under ‘Who can see my stuff?” and ‘Who can see your future posts’, click on Edit. From the drop down menu, select Custom. Select Friends and uncheck “Friends of those tagged and event guests”.

Click Save Changes. Page 2

To limit the exposure of what you’ve put on Facebook, click on “Limit The Audience for Old Posts on Your Timeline”.

Click on ‘Limit Old Posts’, and then ‘Confirm’ in the resulting confirmation prompt. Limit your exposure to unknown persons by changing ‘Who can look me up?’ to only Friends. Mirror the same setting for ‘Who can look up your Timeline by name?’.

Disable ‘Do you want other search engines to link to your Timeline?’. See here for details. Next, click on the gear icon again and select ‘Account Settings’. Then from the list of options on the left, click on ‘Timeline and Tagging Settings’.

Page 3

Make sure the following options are set only to ‘Friends’. ● Who can see posts you've been tagged in on your timeline? ● Who can see what others post on your timeline? ● When you're tagged in a post, who do you want to add to the audience if they aren't already in it? Make sure ‘Review tags people add to your own posts before the tags appear on Facebook?’ is set to On. Make sure ‘Who sees tag suggestions when photos that look like you are uploaded?” is set to No One. When done, your settings should look like the following.

Next, click on ‘Followers’ option on the left hand side. Make sure ‘Turn on Follow’ is set to off.

Next, select ‘Apps’ from the left hand side. Make sure the sharing settings of all your apps connected to Facebook are at a minimum, set to ‘Friends’. The most secure is the ‘Only me’ setting. A good and highly recommended compromise is to go into Edit - then from drop down menu select Custom - and uncheck ‘Friends of those tagged and event guests’. While Page 4

laborious if you have a lot of apps connected to Facebook, this ensures that your information is secure to the extent possible. When done, the app screen should look something like this.

It’s also advisable to turn ‘Instant Personalisation’ off.

Finally, click on the ‘Security’ link on the left hand side of the screen. ● Make sure secure browsing is enabled. ● Make sure login notifications are enabled, configured as you see fit. ● Check on ‘Active Sessions’ to see if anyone else has compromised your account and is accessing it surreptitiously (from locations you have not been to, or on dates and times you were doing something else) ● Review the devices you’ve logged into the account with (beware of any devices that are logged into your account which you don’t own, or haven’t used to gain access) Page 5

The resulting screen should look somewhat like this.

The most important step if you are an activist using Facebook to secure your account access is to turn on ‘Login Approvals’.

Turning this on forces anyone, including yourself, to enter a code sent via text message to your mobile when logging in from a new browser, or one that Facebook hasn’t already associated with your account. Click on ‘Get Started’ and follow instructions. Securing photos on Facebook is laborious if you have a lot of albums in your account, but vital in light of how photos the account owner thought private have recently made it to public websites, blogs and other Facebook groups set up to defame and hurt. Once this content is Page 6

in the public domain, it is impossible to wrest control and restore privacy. Note that all Facebook cover photos are public. This cannot be changed. Only way to control exposure is to actually delete the photos you don’t want anyone else to see, and choose one that doesn’t expose members of your family, friends or colleagues, or give a hint as to where you might be located at. Privacy of specially generated albums like Instagram, iOS photos, iPhoto Uploads, Mobile Uploads and Timeline Photos can’t be adjusted per album. They have to be done per photo. To adjust privacy of all other albums, go to your account, click on Photos, then Albums. Click on the gear icon underneath each album. Select Custom - and then uncheck ‘Friends of those tagged and event guests’. Save your changes. This has to be done for each album.

Additionally, please review the information you have provided to Facebook when setting up your account. This article has some commonsense guidelines about what not to share on Facebook (and applies to other social networking platforms on the web). Read HOW TO: Stay Safe When Engaging in Political Activism on Facebook and note in particular Section 3 on ‘Stay Anonymous Without Getting Kicked Off’. Page 7

More reading on securing Twitter, Google Accounts and your mobile
● How secure is your Twitter account? ● How to use your mobile phone safely and securely for activism? ● Set up two step verification for your Google Account (e.g. Gmail account)

More resources from author and the Centre for Policy Alternatives
Content written or commissioned by the author, specifically for activists active in Sri Lanka. ● ශ්​ රී ලංකාව | අන්තර්ජාලය ප්​ රකාශණ නි දහස / Posters on Online Freedom of Expression in Sri Lanka (set of Sinhala, Tamil and English posters on FoE and online security. You can also download them from here.) ● FOE Online in Sri Lanka | Videos for activists (including videos on web based communications security. Also available on Vimeo here.) ● The Sri Lankan President’s Twitter archive and Propaganda 2.0: New challenges for online dissent

Sanjana Hattotuwa Editor, Groundviews 25.4.2013 sanjanah [at] gmail [dot] com

Page 8

Sign up to vote on this title
UsefulNot useful