Thursday, April 5, 2018

How to protect yourself (and your friends) on Facebook

By Brian X. Chen

A Facebook sign is displayed at the Conservative Political Action Conference at National Harbor in the US. Photo: Reuters

20 March, 2018

NEW YORK ― Revelations that a voter-profiling that worked on US President Donald Trump’s presidential campaign harvested private information from 50 million Facebook profiles has many people wondering: What, if anything, they can do to protect their data connected to the social network?

Here’s the harsh truth: Not much, short of ceasing to browse the web entirely or deleting your Facebook account.
[Well, yeah. closing out your FB account and never using it again, is one option.

And then there are all the precautions you can take from below.]

Yet there are some best practices you can employ to help safeguard your data, such as installing software to block web-tracking technologies and carefully vetting the apps that you use on Facebook.

But it also helps to understand what exactly happened with those 50 million profiles in order to determine how you can better protect your data. Here’s what you need to know.

So what happened?

An academic researcher at Cambridge University built an app called thisisyourdigitallife, which offered to pay Facebook users to take a personality test and agree to share that data for academic use. About 270,000 people participated in the study — enough to extract information on tens of millions of Facebooks users.

How did Cambridge Analytica get data on 50 million people when only 270,000 people had agreed to hand over their information to a third party? Facebook said people who downloaded the app gave consent for the app to collect limited information about their friends whose privacy settings were set to allow it.

That information was eventually paid for by Cambridge Analytica, the voter profiling company that worked with the Trump campaign.

OK, so what do I do now?

There is a multipronged approach you can take to protect yourself from data-harvesting apps and programs. That includes tools you can install in your browser and settings you can tweak on Facebook. Here’s a rundown of what you should do:

Audit your Facebook apps. If you used Facebook to sign in to a third-party website, game or app, those services may continue to access your personal data. On Facebook, go to the settings page and click on the Apps tab to see which apps are connected to your account. From there, you can take a closer look at the permissions you granted to each app to see what information you are sharing. Remove any apps that you find suspicious or no longer use.

Audit your Facebook privacy settings. If you are concerned about what details apps can see about you and your Facebook friends, now is a good time to check your privacy settings and minimize the information you share publicly. For example, you can make sure that only your friends can see your Facebook posts, or that only you can see your friends list.

Read privacy policies.When you sign up for a new app or web tool, the company typically asks you to agree to its terms of service. Make it a habit to peruse the terms and pay particular attention to the privacy policy. If you see language that suggests your data could be shared in a way that makes you uncomfortable, don’t use the program.

Install a tracker blocker.
There are add-ons that you can install in your browser that try to block trackers embedded on websites. But be aware that in some cases, they will make parts of websites work improperly. In our tests, Disconnect and Privacy Badger were useful tools for blocking trackers on Google’s Chrome browser.

Here’s a primer on how tracking works, to give you a sense of why blockers are important: When you engage with an app on Facebook, it may plant a tracker in your web browser, like a cookie, that collects information from you. Even when you close out of the app, the tracker can continue to follow your activities, like the other sites you visit or the people you interact with through status updates, according to Michael Priem, chief executive of Modern Impact, an advertising firm in Minneapolis.

“It doesn’t go away after you’ve stopped looking at the ad,” he said.

Install an ad blocker. Another way to block trackers is to prevent ads from loading altogether. Ad blockers are also add-ons that you can install for your browser on your mobile device or computer. Mobile ads are fully functioning programs, and they sometimes include malware that harvests some of your data. Even the largest websites do not have tight control over the ads that appear on their sites — and sometimes malicious code can appear inside their ad networks. A popular ad blocker among security researchers is uBlock Origin.

Clear your browsing data. Periodically, you can clear your cookies and browsing history. Apple, Google, and Microsoft have published instructions on how to clear data for their browsers Safari, Chrome and Internet Explorer. That will temporarily delete cookies and trackers, though they will probably reappear over time.

Be wary of unknown brands. Even if you read the privacy policies, you still may have to take them with a grain of salt. In the case of the thisisyourdigitallife app, the fine print said the information would be collected for academic use, not commercial purposes. So think twice before sharing information with unfamiliar companies or organizations. (Then again, the researcher came from Cambridge University, one of the world’s top schools — so who can you really trust?) 


[Here are my FaceBook "Wall" strategies.

Firstly, I don't post really personal information. You think you are sharing with you friends, BUT, have you set your privacy to restrict access to your posts to just your friends? Or is it set to "public"?  So anyone can see it?

And even if you intend to share it only with friends, note that Cambridge Analytica got to 50 million profiles thru friends of the original 270,000 users who used their app.

Secondly, limit the use of FaceBook, and limit your "digital footprint". I stopped "liking" stuff on FB and other social media when I realised that they used those "likes" to target ads at you. And then they can predict and influence your choices. 

Here are advice from another website (more detailed than my advice) on how to limit the private info you share with FB. For one, turn off your location setting.

Same for quizzes and surveys. Most of them are bunk, and none of them will actually improve your life. And all of them are a back door into your personal information. So why?

Authentic Psychologists who carry out surveys have to comply with ethical rules to protect your privacy. Unscientific "fun" surveys don't. Cambridge used a researcher's app to carry out a "personality test". This invariably means a self-administered questionnaire. Or survey. 

To tell you which muppet you are most like, or which Game of Thrones character you would be, or which Star Trek character you most resemble. None of these information will improve your life. Or if it might, you have a very, VERY sad life.

Thirdly, who are your friends? I used to "accumulate" friends on FB. Mainly to play games. I think I got to about 170+ and then I just didn't want to care anymore. And the games were getting really silly and time-consuming. And a waste of time.

I stopped accumulating "friends" (who were no more than "player characters" for the games I played. I stop playing "social media" or facebook games, and have trimmed my "friends" down to less than 120. I could do more, but most of my friends are not really active on FB. If the 270,000 original users of the app could lead to 50 million people's profile being captured, then each person would have about 185 friends. Not unusual.

Nothing is for free. There is no free lunch. Free games are usually "paid for" by ads. Why is your time worth that much to an advertiser? Or the person selling your viewership to the advertiser? It seems worthless to you? Maybe there is something else that you are selling?

And finally, maintain your privacy. And it's not just FaceBook. Any social media has vulnerabilities, and the greatest vulnerability is "social hacking" - people hacking YOU.

Take this example.

This is a "case study" of what I consider very sketchy or even downright suspicious activity.


In 2014, I commented on a YouTube video on the internet, and this person "123456j" replied. I replied to his comment. I do not recall the gist of the reply, the video (IIRC) was about Lee Kuan Yew, I believe. Anyway, he then sent me a personal message by email. I did not invite such him to PM me, nor was the nature of our "conversation" one that would necessitate a personal message (It's about LKY, how personal would it be?).

Anyway, he replied by email and suggested communicating by phone. I had NO INTENTION of replying by email or by phone, because... why? So I copied his email, posted it on the YouTube video comment, and replied to it, as a comment. My "innocent" assumption was that he attempted to reply to the comment, and "accidentally" replied by email. I was reasonably sure that this was not an easy mistake/accident to make, but one should not jump to the worst assumption in the first place.

He got upset and sent this threatening email (in red and the original is attached). My reply which I posted on the YouTube comment page with his email/message is in black. He deleted everything within days.

"My suggestion to you is that you do not post a personal message on a public forum or else I will be reporting abuse to the youtube site and I will be seeking legal representation if your posting of my personal message to you that you have posted for all to see results in any damages to myself.

If you want to take this matter offline I will provide you with my singapore hp number and we will discuss this matter.

I deleted your post. I suggest that you give it a rest."

"Please do report it. I would like to see what legal advice you receive. You seem unaware of your precarious position.

And no, I do not have any intention to communicate with you on a private messages or by phone. You posted a comment on a public forum. I replied on a public forum. At no time did I agree to a private conversation. At no time has the discussion become private, or personal. So why are you sending private messages to me? It is highly suspicious.

If you can't deal with my arguments publicly, you were perhaps hoping to be more aggressive over private messages? More threatening perhaps? More abusive? Vulgar? Disrespectful?

Please do report this. And I suggest you do no send me any more private message. Reply here or not at all. I will post all your messages here. I have nothing to hide.


For information, he never reported anything. And he did not reply other than to delete my comment.

But I was REALLY PISSED. Because he made a threat. But he is obviously stupid, and a bully, and hoped to scare me with threats of legal action. Only I don't scare easily, and I know the law, and I get pissed when threatened, especially when threatened unfairly. And stupidly. By stupid persons. 

Note also that he raised the stakes after threatening me, hoping that I was frightened, he then offered his phone number. Which means when I call him, he would have my phone number. I was also careful to suggest that he would only want to be more aggressive over the phone. But I suspect if I turned out to be a young girl, he would try to groom me. Or maybe he prefers boys. Who knows?

I am still ANGRY with this person for his baseless threats, and if I have a chance I would want to report him. I do not know if he has tried to a) bully others, or b) get other people to call him or contact him privately for whatever nefarious reasons. But this was in 2014, and I had better things to do then. 

Of course, it might well be that he is just a sad, pathetic, lonely, socially inept, internet addict looking for a friend IRL, and based on the way he tries to make friends (first by threatening them), it is obvious he a) has no friends IRL, and b) is socially inept. And that maybe he has no nefarious intent at all! 

Anyway, this is an example of social hacking. Or the first step to exploitation. The Internet should be like Vegas. What happens on the Internet, should stay on the Internet. Same for FB, or YouTube, or any other social media, especially with strangers. Of course if you are friends IRL, FB is an extension of that relationship. However for other social media contacts you call "friends", keep them that way. And don't let them "hack" their way into your real life.

On Thu, May 15, 2014 at 8:56 PM, YouTube <> wrote:
123456j has sent you a message          
You can reply to this message by visiting your inbox.

My suggestion to you is that you do not post a personal message on a public forum or else I will be reporting abuse to the youtube site and I will be seeking legal representation if your posting of my personal message to you that you have posted for all to see results in any damages to myself.

If you want to take this matter offline I will provide you with my singapore hp number and we will discuss this matter.

I deleted your post. I suggest that you give it a rest.
©2014 YouTube, LLC 901 Cherry Ave, San Bruno, CA 94066

Oh, I kept this email in case he tried to carry out his legal threat. Unfortunately, I don't think I saved his first email. 

No comments: