Facebook’s endless year of privacy scandals may have been the biggest cyber security story of 2018. So you may be wondering if it’s even possible to use Facebook and keep your privacy.
From watching the sudden demise of one-time social media dominators Myspace and Friendster, Facebook learned — or perhaps overlearned — a few lessons. These lessons seem to include constantly iterating to make sure the experience doesn’t get stale while using all available customer data to maximize user engagement and make the site a more effective advertising platform. With the power of artificial intelligence, and reinforcement learning in particular, the site will likely even get even better at reading both users’ and advertisers’ minds in 2019.
We’ve always had the option to not use the site, of course, or delete your account. However, many people still want to stay touch with “friends” and the world, and they don’t want to surrender their privacy completely just to do so.
If you can’t give up Facebook and still want to be mindful as possible of protecting your private data, Erka Koivunen, F-Secure’s Chief Information Security Officer, has some advice:
Never expect your Facebook Messenger conversations to remain private
Conversations you have through Facebook Messenger may feel private, but they open to Facebook. The site’s algorithms will harvest them to profile you. Depending on what third party apps you have connected to your Facebook profile, the apps may have permission to read, create and delete messages on your behalf.
The site has also been caught giving bulk access to users’ messages to third parties, despite suggesting otherwise.
Keep in mind that WhatsApp creates a ‘shadow profile’ of you
Facebook’s other messaging platform, Whatsapp, features end-to-end encryption. This means that even Facebook cannot see the contents of your messages, unless Facebook introduces additional decrypting keys during the key exchange. But this doesn’t mean Facebook couldn’t or wouldn’t seek to guess what is it that you are communicating and with whom.
WhatsApp, of course, knows who you communicate with on the platform and how frequently. They also see how long your messages are and the size of the attachments you send. Most notably, WhatsApp has access to your phone book by default, which means that you just uploaded your whole social network to Facebook. Facebook uses this information to maintain a hidden “Shadow Profile” of you and all your contacts.
We already know that this “Shadow Profile” is much more complete than the one that you see and can download yourself.
At least disable ‘Application Platform’
Facebook has a confusing and constantly evolving set of security and privacy controls that you should check out, even if you don’t have time to master them.
I always disable Application Platform and never allow third party apps to connect to my Facebook profile. This step alone has saved me from most of the security and privacy troubles during recent years.
Harden your device settings
For those committing to joining or sticking to Facebook, I highly recommend hardening up your device and browser settings to minimize the information you share with Facebook.
My mobile device doesn’t allow Facebook to access my camera, photos, microphone or location and I only rarely feel the urge to grant access even temporarily.
You can find these settings in iOS under “Screen Time” and “Content & Privacy Restrictions.”
You don’t need to be honest
When possible, lie and obfuscate. Facebook (and its partners) do not need to know your true age, home address nor your mother’s maiden name. Of course, this is against the site’s terms and conditions. And of course, they have no legal reason to know me so well. I think it is a fair deal: you deceive me and I lie in return.
Dedicate one browser to being ‘social’ online
Use separate browser for social media activities than to work related stuff and random web surfing. Facebook has trackers on virtually every page in the internet – and they appear to very much track you even when you are outside their platform. Some of my colleagues only access Facebook on a dedicated browser on a hardened throw-away computer.
This may be too much of a hassle for most, I know. But it’s a step you need to take if you want to use Facebook and maintain your privacy.
Bonus: Assume anything but Signal is public
Avoid using text messages (SMS) for anything sensitive. And you do use it, expect that whatever you’re sharing will not remain private. While Whatapp is arguably more secure than SMS or e-mail, the privacy concerns of Facebook shadow profiles do not make it a tool I’d use for anything related to business.
I typically recommend Signal when security and privacy are needed.