Some links and additional information for social media privacy and security workshop at the Milton Keynes cryptoparty on 10 May 2018.

This page is also available at http://bit.ly/mkcp18.

Important note

If something online makes you fear for your safety, or the safety of others, report it to the police as well as the owners of the platform you're using (Facebook, Google, etc.).

This post

This post is a series of annotated links to further resources. It covers:

• Social media
  • Things to check
  • How to find the settings on different social media platforms
• Web browser extensions for safety

In most cases, its easier to get to all the settings via the "desktop" version of a platform (such as on a laptop PC) rather than via the "mobile" version on a phone or tablet.

The Tactical Tech data detox pack is an excellent resource for checking what information about you is being shared online. For wider information about privacy, see the Open Rights Group pages on privacy.

You might also want to look at the introduction to Cybersecurity course at OpenLearn, for a beginner friendly look at this and more.

Social media

Things to check

Note that even if you restrict what you share online, things which were shared more publicly in the past will still be public and a copy stored somewhere by someone.

Profile visibility

How much information can people see about you? This can include things like name, location, email address, phone number, job, interests, and so on.

Don't forget information about your "social graph": friends, relatives, spouses, and the like.

Many social media platforms allow you to keep this information public or private, or perhaps only share it with your friends or contacts on the platform.

Post visibility

Who can see what you share to social media? Again, most platforms allow you to choose between posts being visible to only you, to your friends, and fully public.

Resharing and commenting

Who can "reshare" your posts and forward them to others? This can be a hole through which post you intended to be private can become public.

Similarly, who can comment on posts you share? You may not want everyone to comment, whether that's because the comments are rude, or because the "comments" are spam, posted by unscrupulous advertisers.

Photo location data

Most phone cameras store location data about where the photo was taken. This can be a problem when you take pictures at home and post them publicly. Your phone camera should have a "save location" setting. It's best to turn this off when taking a photo at or near your home. Also be careful of sharing photos that contain other information that could locate you, such as street names.

Contacts by others

Who can contact you, either to connect or send messages?

Most platforms allow you to block individuals, mute posts, and report inappropriate behaviour. Use these tools. But note that reporting behaviour may not lead to much action by the social media provider.

App and ad access

Can other apps have access to your social media accounts? This can be good, such as allowing you to automatically cross-post between social media platforms, or allowing you to log into another site using your social media identity (e.g. log in using Facebook credentials).

Similarly, advertisers can use your information to targed ads. You may not want to allow these advertisers access to your habits or interestes.

Download your data

Most large platforms allow you to download what data they hold about you. It can take hours, or even days, for the platform to assemble the data. You'll typically receive an email when it's ready. It can be worth having a look at the data, just to see if there's anything in there you don't recognise.

Facebook

Facebook has a lot of privacy and security settings, so expect to be spending a good few minutes going through all the settings.

On the desktop version, you can see the settings via the down-pointing arrow at the right of the top blue bar. In the settings, you should look at four areas: security and login, privacy, apps and websites, and ads.

On mobile Facebok, you can get to the setting from the "hamburger" icon at the top right of the home screen.Scroll down the list for "Settings & Privacy" and select "Settings" within that.

Links

• Basic privacy settings from Facebook: a good place to start
• The "complete" guide to Facebook privacy from Wired: a good walkthrough of all the checks you should do.
• Facebook Privacy Settings from Trusted Reviews: things you should do for specific concerns.

WhatsApp

Note that WhatsApp is owned by Facebook, so anything revealed to WhatsApp will make its way into the wider Facebook ecosystem.

To find the settings, press the three dots at the top right of the screen, select "Settings", then select "Account". There you'll find the privacy settings.

Links

• WhatsApp's settings guide for Android and iOS
• BT's guide to WhatsApp settings
• MakeUseOf has some WhatsApp privacy settings you should consider.
• Tips on settings from Messaging App Lab

Instagram

Note that Instagram is owned by Facebook, so anything revealed to WhatsApp will make its way into the wider Facebook ecosystem.

To find the settings, press your own picture at the bottom right to bring up your profile. Then press the three dots at the top right to bring up the settings. Move down through the settings as appropriate.

Links

• Instagram's privacy FAQs
• A good guide on Instagram privacy settings from Mozilla.
• Some privacy tips from MoneySavingExpert

Twitter

To get to the settings on Desktop, click on your profile picture at the top right, then select "Settings and privacy".

On mobile, swipe from the left to reveal the control panel and again select "Settings and privacy".

Links

• Twitter's privacy guide
• Twitter privacy settings guide from C|Net.
• Make Use Of highlights the three most critical settings: browsing tracking, interest-based ads, and location information.

Google

Not exactly a social platform, but Google has a lot of information about most people.

Google's My account page is a good centre for all the privacy and security settings. The privacy check up takes you on a guided tour of most privacy settings.

Web Browsers

Google Chrome and Mozilla Firefox allow privacy-enhancing settings and extensions. Microsoft Edge has some, but not as many and not as good.

Use Chrome or Firefox for web browsing, if possible.

Users and profiles

Where possible, use a different login user for each person who uses a PC. If you can't do that, have a different profile in the web browser for each person. As well as keeping things secure, it prevents you getting bizarre recommendations from shopping sites!

Settings

Things your browser stores. Mostly harmless, but worth looking at once in a while.

• Cookies: small files that identify you to website. Used for things like keeping you logged in at a site.
• Passwords: use strong passwords and get a machine to remember them. Better to use a password manager (such as LastPass or 1Password), but storing them in your browser is better than trying to remember them.
• History: where you've been. Up to you to determine what you want other users to see!

Third party cookies are dangerous and should be blocked. They're used by social media platforms and ad networks to track you across sites. Tell your browser to block them.

• Chrome: Search settings for "Cookies", enable the "Block third party cookies" setting.
  

• Firefox: Search preferences for "Cookies", select "Custom settings for history", set "Accept third party cookies" to "Never".
  

Private browsing / incognito mode

This just stops your browser storing history on your PC, and essentially logs out of all online accounts. It doesn't stop people outside your house tracking that session, or linking your internet address to other activity. It has its place, but it's not a panacea.

Extensions

Extensions to use include:

• Privacy Badger: monitors trackers and cookies, prevents you being tracked by advertisers.
• HTTPS Everywhere automatically loads secure versions of sites where possible.
• uBlock Origin: blocks ads and other rubbish on websites. Don't confuse with "uBlock".
• Advanced use: JavaScript blockers like ScriptSafe (Chrome) or NoScript (Firefox) can make browsing more secure and more pleasant, but you may need to enable some sources on some sites.

Acknowlegements

Cover photo by Kev Costello on Unsplash.