Some links and additional information for social media privacy and security workshop at the Milton Keynes cryptoparty on 10 May 2018.
This page is also available at http://bit.ly/mkcp18.
If something online makes you fear for your safety, or the safety of others, report it to the police as well as the owners of the platform you're using (Facebook, Google, etc.).
This post is a series of annotated links to further resources. It covers:
In most cases, its easier to get to all the settings via the "desktop" version of a platform (such as on a laptop PC) rather than via the "mobile" version on a phone or tablet.
The Tactical Tech data detox pack is an excellent resource for checking what information about you is being shared online. For wider information about privacy, see the Open Rights Group pages on privacy.
You might also want to look at the introduction to Cybersecurity course at OpenLearn, for a beginner friendly look at this and more.
Note that even if you restrict what you share online, things which were shared more publicly in the past will still be public and a copy stored somewhere by someone.
How much information can people see about you? This can include things like name, location, email address, phone number, job, interests, and so on.
Don't forget information about your "social graph": friends, relatives, spouses, and the like.
Many social media platforms allow you to keep this information public or private, or perhaps only share it with your friends or contacts on the platform.
Who can see what you share to social media? Again, most platforms allow you to choose between posts being visible to only you, to your friends, and fully public.
Who can "reshare" your posts and forward them to others? This can be a hole through which post you intended to be private can become public.
Similarly, who can comment on posts you share? You may not want everyone to comment, whether that's because the comments are rude, or because the "comments" are spam, posted by unscrupulous advertisers.
Most phone cameras store location data about where the photo was taken. This can be a problem when you take pictures at home and post them publicly. Your phone camera should have a "save location" setting. It's best to turn this off when taking a photo at or near your home. Also be careful of sharing photos that contain other information that could locate you, such as street names.
Who can contact you, either to connect or send messages?
Most platforms allow you to block individuals, mute posts, and report inappropriate behaviour. Use these tools. But note that reporting behaviour may not lead to much action by the social media provider.
Can other apps have access to your social media accounts? This can be good, such as allowing you to automatically cross-post between social media platforms, or allowing you to log into another site using your social media identity (e.g. log in using Facebook credentials).
Similarly, advertisers can use your information to targed ads. You may not want to allow these advertisers access to your habits or interestes.
Most large platforms allow you to download what data they hold about you. It can take hours, or even days, for the platform to assemble the data. You'll typically receive an email when it's ready. It can be worth having a look at the data, just to see if there's anything in there you don't recognise.
Facebook has a lot of privacy and security settings, so expect to be spending a good few minutes going through all the settings.
On the desktop version, you can see the settings via the down-pointing arrow at the right of the top blue bar. In the settings, you should look at four areas: security and login, privacy, apps and websites, and ads.
On mobile Facebok, you can get to the setting from the "hamburger" icon at the top right of the home screen.Scroll down the list for "Settings & Privacy" and select "Settings" within that.
Note that WhatsApp is owned by Facebook, so anything revealed to WhatsApp will make its way into the wider Facebook ecosystem.
To find the settings, press the three dots at the top right of the screen, select "Settings", then select "Account". There you'll find the privacy settings.
Note that Instagram is owned by Facebook, so anything revealed to WhatsApp will make its way into the wider Facebook ecosystem.
To find the settings, press your own picture at the bottom right to bring up your profile. Then press the three dots at the top right to bring up the settings. Move down through the settings as appropriate.
To get to the settings on Desktop, click on your profile picture at the top right, then select "Settings and privacy".
On mobile, swipe from the left to reveal the control panel and again select "Settings and privacy".
Not exactly a social platform, but Google has a lot of information about most people.
Use Chrome or Firefox for web browsing, if possible.
Where possible, use a different login user for each person who uses a PC. If you can't do that, have a different profile in the web browser for each person. As well as keeping things secure, it prevents you getting bizarre recommendations from shopping sites!
Things your browser stores. Mostly harmless, but worth looking at once in a while.
Third party cookies are dangerous and should be blocked. They're used by social media platforms and ad networks to track you across sites. Tell your browser to block them.
Chrome: Search settings for "Cookies", enable the "Block third party cookies" setting.
Firefox: Search preferences for "Cookies", select "Custom settings for history", set "Accept third party cookies" to "Never".
This just stops your browser storing history on your PC, and essentially logs out of all online accounts. It doesn't stop people outside your house tracking that session, or linking your internet address to other activity. It has its place, but it's not a panacea.
Extensions to use include: