USING SOCIAL MEDIA SECURELY

Social networking has changed the way we interact with friends and associates. There are now so many social networks playing an integral role in our lives. These include Facebook, Twitter, YouTube, Foursquare, Pinterest; Instagram; LinkedIn and Google+ among others. These have revolutionized the way we interact; communicate, self-express or carry out businesses.

However, we need to be wary of how much personal information we post online. With hundreds of millions of users online globally, these tools not only attract friends and family wanting to stay in touch, but they also attract people wanting to know about you for the wrong reasons.

A number of Zimbabweans have been arrested for various posts shared supposedly with ‘friends’ on social networking sites, and popular messaging platforms like WhatsApp.

We share a wealth of information about ourselves on our social media platforms. We snap loads of selfies; check in at various locations; tweet to friends and strangers alike; publicly express our views on controversial issues, and even announce the arrival of bouncing new babies. While the benefits and joys of social media are numerous, there is growing phenomenon called information over-sharing, and it is  something we do subconsciously. The Internet never forgets the information we share, hence there are many privacy and security issues and risks to consider. Especially in view of the fact that not everyone operating in the cyberspace has good intentions. According to [1]Bishop (2013), there are at least five security threats you should be wary of online:

  1. Having Your Identity Stolen

Identity theft is on the rise due to the free and publicly available personal information on social networking sites. Remember: a lot of account hackings occur due to the use of personal information for passwords.

Having strong passwords, being extra careful about what we post online and being careful not to reveal location information about ourselves are some of the important measures you can take. Often, we innocently post status updates that give away too much personal information that may be useful to identity thieves, for example you may post: Happy birthday to my mother! and then tag her in the post. Likely, your mother’s maiden name will be associated with that tag now. A popular security question is: What is your mother’s maiden name? If you share that online, you run the risk of identity thieves getting the answer to this commonly used question.

  1. Getting Your Computer or Social Profile Hacked

Hackers love social networking platforms, going right to the source to interject malicious code. The codes that hackers use can steal your identity, inject viruses to your computer and obstruct bank account information, to name but a few. Shortened URLs are also used to trick users into visiting harmful sites where personal information can be compromised because the full URL is not seen. The best advice is to never click on a link until you are sure of the source. To tell if a link is safe, you can:

  • Hover over the link – without clicking. This brings up the full URL in the lower corner of your browser, enabling you to see if it’s recognisable or looks authentic.
  1. Inadvertently letting stalkers find you

When you use social networking sites to post certain information, it is no longer private and can fall into the wrong hands. Even with the highest security settings, friends, associates, and even the brands you “like” on your networking sites, can inadvertently leak information about you. The websites you subscribe to, the apps you download, and the games you play on social networking sites all contain personal information about you. Every time you browse a website, companies can put invisible markers on your computer called ‘cookies’. When you are online, these cookies track your activity as you move from site to site.

  • Activate “Do Not Track”– To keep sites from tracking your activity, click on the Do Not Track feature available on some websites. You can also clear the cache and cookies on your browser regularly to help prevent any problems.
  1. Letting the “World” know your whereabouts

Telling the online world where you are going and when you are not at home is inviting burglars to your house. Ordinarily people do not just stand up in the middle of a crowd and announce that they are going on vacation for a week, do they? Of course not, but this is basically what we do when we post our holiday or workshop pictures and plans online. When you travel:

  • Avoid posting specific travel plans– Never post when, where, or how long you will be gone.
  • Delay posts– Wait until you are home to post pictures of your trip to an album online.
  • Use the highest privacy control – Only let certain groups, such as family, view your photos.
  • Be selective with your status updates– You can use an audience-selector dropdown menu on Facebook to choose certain groups to see your status updates.
  1. Becoming over-confident

One of the biggest threats to online security is overconfidence. Whether at home or at work, many users believe that as long as they have a firewall and an antivirus installed, there is no threat to their digital security. Many people also believe that they do not have anything valuable and ‘hack-worthy’, hence do not feel the need to worry about security. With today’s technology, we are now more connected to each other than ever before. When you neglect security, you not only put yourself at risk, but possibly other innocent people as well.

To keep yourself and your information safe, pay careful attention to your online activity. Avoid posting information related to:

  • travel plans
  • bank account information
  • your full address and birth date
  • your children’s’ or immediate family’s names, school, and birthdates
  • location information, such as the name of your work place
  • your daily schedule

 

Understanding privacy settings

No matter what social network service you use, it is important that you know where to find the privacy and security settings for your account. This is especially crucial given that platforms such as Facebook, are constantly changing or modifying privacy settings, hence the things you might have set to ‘Private’ before might not be that anymore due to these changes. Once you know where to find settings, you should look at the following;

  • Who can read your profile.
  • Who can see your posts and activities.
  • What information is shared with external sites and businesses.
  • Which applications are able to access your data.
  • What information your “friends” can share about you.
  • Who can see your pictures and/ or location.
  • Which sites integrate with your social networks (an example is Facebook’s ‘Like’ feature)

Most services will allow you to have control and tier your privacy levels:

  • One for Friends (or immediate contacts/ inner circle).
  • One for Friends of Friends (second level contacts).
  • One for Third parties (everyone in the world).

Locating Privacy settings?

Below is an example of how to make good use of Facebook’s security and privacy settings. Your privacy settings page has a group of important general controls for your Facebook account. We will discuss a few things that are absolutely critical to ensure that you have full control over.

To view and adjust your privacy settings:

  1. Click in the upper-right corner of your Facebook page.
  2. SelectSettings from the dropdown menu.
  3. SelectPrivacy on the left.

You can also quickly view and adjust some of the most used privacy settings and tools from your Privacy Shortcuts at the top right of any Facebook page.

To control the privacy for posts, photos and other stuff you share on your Timeline, you can choose your audience when you post.

Some important features to note:

Basic Privacy Settings and Tools

Selection of an Audience for the content you share

Choosing who can see your posts

You will find an audience selector tool in most places where you share status updates, photos and other things you post. Click the tool and select who you want to see certain information.

The tool remembers the audience you shared with the last time you posted something and uses the same audience when you share again unless you change it. For example, if you choose Public for a post, your next post will also be Public unless you change the audience when you post.

The audience selector also appears alongside things you have already shared, so it’s clear who can see each post. After you have shared a post, you have the option to change with whom it is shared with. If you want to change the audience of a post after you have shared it, click the audience selector and select a new audience.

Remember, when you post to another person’s Timeline, that person controls what audience can view the post. Additionally, anyone who gets tagged in a post may see it, along with his or her friends.

 

Controlling who can see your profile and Timeline?

Here’s an overview of settings you can use to control what you share on your profile and Timeline.

Overview

  • You can share basic information such as your hometown or birthday when you edit your profile. Click Update Info below your cover photo, and then click the edit button next to the info you would like to change. Use the audience selector next to this info to choose whom you are sharing it with.
  • Anyone can see your public information, which includes your name, profile picture, cover photo, gender, username, user ID (account number), and networks.

 

Timeline Review

  • Before photos, posts and app activities that you are tagged in appear on your Timeline; you can approve or dismiss them by turning on Timeline review. Keep in mind, you can still be tagged, and the tagged content (ex: photo, post), is shared with the audience, the person who posted it, selected other places on Facebook (ex: News Feed and search).
  • Set an audience for who can see posts you have been tagged on your Timeline.
  • To see what your profile looks like to other people, use the View As

 

Controlling who can add you as a friend?

By default, anyone on Facebook can add you as a friend. You may control  who can send you friend requests this way:

  1. Click in the top right of any Facebook page and select
  2. Click Privacy in the left column.
  3. Click Edit next to Who can send you friend requests?
  4. Select an audience from the dropdown menu.

 

Removing tags from photos or posts you are tagged in

To remove a tag from a post that you have been tagged in, click  in the top right of the post and select Remove Tag. Removed tags will no longer appear on the post or photo, but the post or photo is still visible to the audience that it is shared with. People may be able to view the post or photo in places like News Feed or Search Results. To fully remove it from Facebook, ask the person who posted it to take it down.

Enabling login approvals?

Login approvals are a security feature similar to login alerts, but with an extra security step. This is almost similar to the 2- factor authentication process discussed in Email Security. If you turn on login approvals, you will be asked to enter a special security code each time you try to access your Facebook account from a new computer, mobile phone or browser. Login approval can be turned on or off in the Security Settings.

Exif Data

The evolution of technology and the ever-increasing availability of mobile phones with built-in cameras, has meant that more and more people have the ability to capture and share images with friends and family across the globe. However, images and media in the modern age generally tend to contain hidden information, or metadata that includes GPS coordinates of the location they were taken at, the date and time, camera shutter setting details, and sometimes even the name of the programme you used to edit them.

EXIF (Exchangeable Image File Format), data are all the details that are in the properties of an image or media that can be used to identify you or your location. Every time you take a picture with your digital camera or phone, a file (typically a JPEG), is written into your device’s storage. In addition to all the bits dedicated to the actual picture, it records a considerable amount of supplemental metadata as well.

Diagram above shows some of the data accompanying an image.

Showing the location where a photo was taken using Google Maps

  • Enter the coordinates of the image with spaces and a comma in between each set.
  • Add a negative sign on the first set of numbers under Latitude (we are located below the Equator).
  • Click the Search button to show where the picture was taken

Removing EXIF data

Option 1: Removing all properties

  • When you right click on an image, at the bottom of the properties window, there is the option to ‘Remove Properties and Personal Information’.
  • On the Remove Properties dialog, you can create a copy of your photos with “all possible properties” removed. Alternatively, you can click “remove the following properties from this file”, and then check the boxes next to each item you want to delete.

Addressing challenges related to instant messaging apps: WhatsApp

An Instant Messenger (IM), is a real time tool for communicating over the Internet. A number of popular instant messaging tools allow users to see whether certain people are online or connected to the Internet. Typically, the instant messaging service will alert a user if somebody on the user’s list of correspondents is on-line.  Popular services such as WhatsApp and Facebook Messenger, now include advanced abilities such as voice messaging, file sharing and video chatting. As with all things digital, instant messengers can transfer worms and malware. In Zimbabwe, there are increased cases of revenge porn with images of nude people circulating through WhatsApp. Hoax messages that may cause alarm and also most likely carry malware, also circulate in similar fashion

WhatsApp is without doubt, the most used mobile application in Zimbabwe. We use it to share texts photos, videos, contacts and even files. Our WhatsApp messages contain even the most private details of our lives. With the rise in cases of revenge porn and stolen information from WhatsApp messages, it is important to be aware of some best practices to ensure that our information, images, files and media, is kept safe. We can secure our Whatsapp in the following ways:

  1. Lock WhatsApp using AppLock

Assuming you already have a password on your phone locking the WhatsApp application with a password, is one of the best ways of protecting your chats. WhatsApp does not offer such a function, but there are third-party apps like AppLock that do. It might seem very cumbersome, but if you lose your phone, this will prevent anyone else accessing your chats. Applock is a free tool that is available for download on the Google Playstore.  Applock can also be used to protect most of the applications on your phone.

  1. Hide the ‘last seen’ timestamp

It may not seem like vital information, but if a scammer already knows some other things about you, adding that last piece of contextual information could prove useful to them.

Awake or not, at church or travelling, you just might not want contacts especially colleagues, spouse or even your boss to know that you are checking WhatsApp at your work desk. You can disable or restrict who sees your ‘last seen’ time in WhatsApp’s ‘Profile’; ‘Privacy’ menu. However, if you turn this feature off, you won’t be able to see other users’ ‘last seen’ times either.

  1. Watch out for scams and phishing messages

WhatsApp itself will never contact you through the app. Also, WhatsApp does not send emails about chats, expiry, voice messages, payment, changes, photos, or videos, unless you email their help and support. Anything offering a free subscription, claiming to be from WhatsApp or encouraging you to follow links in order to safeguard your account, is definitely a scam and not to be trusted.

  1. Deactivate WhatsApp when you lose your phone

If you lose your phone, Whatsapp offers users simple and effective security tips to keep control of your account if your phone is lost or stolen. As well as locking your SIM card through your network provider, WhatsApp recommends that you immediately activate WhatsApp with the same phone number on a different phone, with a replacement SIM. One number on one device can only use the app at a time, so by doing so you instantly block it from being used on your old phone. If that is not possible, WhatsApp can deactivate your account.

WHATSAPP WEB

How to use WhatsApp Web?

  1. Click on this link https://web.whatsapp.com/. (It currently works only in the Chrome Browser)

  1. Open WhatsApp on your phone and select WhatsApp on web in the settings.

  1. Scan the QR code displayed on the computer screen using your mobile. If you are logged into WhatsApp Web on one computer and try to open WhatsApp Web on another machine, you will be notified.

Security concerns arising from using WhatsApp Web

  1. No Password protection: WhatsApp Web does not give you password protection. Since there is a QR code, anyone can scan it.
  2. Unscrupulous usage: What if someone takes your phone and logs into WhatsApp Web via your phone. WhatsApp on mobile has no password to restrict access to opening the app on the web. He or she could scan the QR code and access your data. Unless you know about it or check it on your mobile, you will never know your WhatsApp is being used or surveilled by someone else.
  3. Someone’s reading offline:If you switch off the data connection of your mobile, the person who has logged into your WhatsApp Web can still view all your previous messages though he cannot send or receive any new message. And if the person tries to send some message, as soon as you switch on your data connection on mobile, those messages will be sent.

  1. Switch off the data connection to your phone by turning off WiFi and data connection. Whatsapp Web will stop working i.e. cannot send any messages by WhatsApp Web.

 

 

 

Linkedin
https://www.fungaiafrica.org managed by MISA Zimbabwe