My self-worth is based on how many FB farm friends I have
When you sign up for Facebook, they tend to want you to fill in as much information about yourself as possible. They will then take that information and make it available basically to anyone who wants it.
There are 2 ways around letting Facebook just give your information away.
• Don’t sign up for FB
• Control your account
The first way is obviously the easiest and best, but then how would you be able to stay in touch with all of those high school plebes that used to pick on you and now want to be your friends?
After you set up your FB account, you’ll want to head on over to the account section.
Once there, you will have a number of options to choose from as far as privacy is concerned. Someone did a chart of all of the privacy options and I am presenting it here for your review. It was published by The New York Times and it’s a pretty decent representation of their privacy issues. It also includes some eye opening statistics on their policy.
Facebook Privacy options (source: NYT) – Click to enlarge
I’m going to take you through each of these individually.
Main FB Account Page
Facebook Ads Tab
This one is easy. Where it asks if you want to allow ads on platform pages to show my information to, you want to select No One.
Even if you select the other option (friends), it will still allow information to pass. No one needs to know what ads are being targeted towards me. This way, it will help reduce the amount of information someone will be able to collect about you. They won’t be able to tell what political affiliation you are, what games you’re playing, etc.
Name – your choice what you put in here, but remember anyone can see it.
Username – again, your choice, but again anyone can see it.
E-Mail – This one is fairly straight forward. I suggest however you get a ‘disposable’ e-mail address to use for something like Facebook.
Password – This one should be a very strong password. It should follow these simple rules;
• 15 Characters (if possible)
• At least 3 upper case letters
• At least 3 lower case letters
• At least 3 numbers
• At least 3 special characters (!@#$%^^&*)
• No recognizable names, places, personal identifiable information.
• An example of a good password would be;
• And remember; NEVER share your password with ANYONE. Not you’re kids, your spouse, your co-workers, NO ONE. Think of it as a mortal sin.
Linked Accounts – This is other accounts that you can log in with other than you primary account. I suggest against this as it makes it easier to ‘break into’ your account.
Privacy – We’ll come back to this one
Account Security – I suggest you enable this one.
It tells you if your account is accessed from a device that you haven’t used before. It’s not a bad idea, even if you use multiple public computers to log into the device. You’ll be able to track when/where a login has taken place.
Deactivate Account – kind of self explanatory.
Many people associate themselves to different network within Facebook. I find this an invasion of my privacy and refuse to ‘join a network’.
What networks do is allows people to track what you do, where you live, where you went to school, a LOT of social engineering stuff.
Using the networks from Facebook, I am able to glean a large amount of information on someone and use it in order to get into their ‘inner circle’ of online friends and could really rape them of whatever information I see fit.
Personal opinion, stay away from associating yourself with networks.
This one here is more of an annoyance/notification issue than anything. Basically, what do you want to be notified of that is happening on Facebook, do you want an e-mail every time someone comments on something, or posts something? It can get overwhelming and fill up your inbox pretty quick.
Again, this is more of an annoyance/notification issue. Basically you set up your mobile phone so that FB can send it text messages. Be careful with this one if you don’t have unlimited text messaging as it can rack up SERIOUS cash.
This one here is a DANGEROUS tab. NEVER NEVER NEVER NEVER enter your credit card into Facebook for ANYTHING. There is nothing on Facebook worth paying for. NOTHING.
If you are dumb enough to enter your credit card, you can buy credits to play games (oooo, you can get that mansion on a hill in farm town), buy gifts for people (ooo, you can send someone that virtual dozen of roses) and other miscellaneous FB BS. Please make sure you keep your eyes on your statement and monitor it DAILY.
The applications page of the settings box is pretty much there to let you see what has access and who has access. You can remove or modify portions of it. The basics are;
The edit settings will take you to the security portion of FB so that will be covered a little later.
The ones listed are the only ones that are not able to be removed. They’re basically needed to use FB at its most minimum state.
All of the settings have multiple options for who can see it.
• Friends Only (my favorite)
• Everyone (my least favorite)
• Friends of Friends (dangerous)
• Customize (not recommended, easy to make a mistake)
Now the first section we’re going to discuss is the Privacy Settings. This is probably one of the most important sections in the account area.
Personal Information and Posts
Bio and Favorite Quotations
Personal suggestion is to have this set at Friends Only. You can set it to one of the others, but remember, no matter what you set it to, do you REALLY know everyone on your FB Friends list personally as well as all of their friends?
Please be careful of this one. It allows people to see your bio, your posts and your photo albums. Also, the photo albums each have their own individual “who can see it” settings.
Who do you want to know your birthday information?
Interested and looking for
Are you looking for men, women, friends, dates, etc. Kind of like a dating site portion.
Religious and political views
Dangerous slope here. Who do you want to know if you’re a Republican, Democrat, Muslim, Christian, Jew, Independent, etc. Be careful of what you’re putting in here.
Here’s where you can individually set who is able to see your pictures. This one is a dangerous one because by default, it reverts to your primary ‘who can see this’ settings.
Posts by me
Basically, who can see what you post, your links, your videos, your photos. You can leave it as everyone, friends, etc, but if you’re pimping out your website (like I do) or are a Website page (like DVM), I’d leave it as everyone. (remember, you can choose who sees the photos and videos independently).
Allow friends to post on my wall
This allows people to post comments on your wall directly without responding to a post you put there. It’s either a yes or no answer, I personally allow it, as you can remove them if necessary.
Posts by friends
This one allows you to control who sees posts that are on your page by your friends. If your friends regularly post something on your wall and you don’t like people seeing something they post, then tone it down. If you don’t care what they see, leave it open. But remember also, you don’t know how your friends have their posting settings, so usually look at it as “everyone can see everything I post” and be careful what you say online.
Comments on Posts
Pretty much who sees the comments on posts that you create. Everyone? Friends only? Depending on what you post on your site, you may want everyone to see it, you may not.
This is where you really want to clamp down on who sees what. It’s a great source of social engineering information.
Each of them are pretty self explanatory and I just warn you about;
• What you put in there
• Who you allow to see it
Friends, Tags and Connections
Again, this is where you want to clamp down on. And remember to keep in mind;
• What you put in there
• Who you allow to see it
This section defines how people find you on Facebook.
The search results allows friends, friends of friends, everyone, etc to find you. Who do you want to know that you are on Facebook?
You are also able to allow public search results. It allows you to see a preview of what people will see before you select Allow. I personally suggest not ‘allowing’ public search results.
Applications and Websites
This is an interesting section. It allows you to adjust the application settings, activity settings, what you share, what your friends can share about you, etc. Its a page that should REALLY be looked at closely and manage it wisely.
What you share
This is more of an informational section than anything, you should really take a deep look at it and ask questions if you have any.
What your friends can share about you
This will allow what your friends can share with their friends, applications, etc. Manage wisely what you allow. You can allow the following;
• Status updates
• Online presence
• Family and relationship status *
• Relationship details (significant other, looking for, etc.)
• My videos
• My links
• My notes
• My photos
• Photos and videos I’m tagged in *
• About me
• My birthday
• My religious and political views
This is where you can really trip yourself up. If you allow only friends to see your notes, links, photos and videos and then turn around and let your friends share them, you’re basically allowing everyone to see them to begin with. Again, be careful with this one.
This allows you to block apps and friends without having to get rid of them or respond to them. It allows you to block those annoying “I just won a million bucks using this app, here’s a gift for you to get started playing this game too” notices that show up on your page from your friends.
It also blocks stuff like “I need help in mafia wars, join my crew”. When I blocked all of those, some people in my friends list disappeared because that’s all they do all day long is play games. It cleared up my feed quite nicely.
Ignore application invites
If you’re like me and HATE FB apps, you’re going to love this one. It’ll stop applications from inviting you to play them as well as stop all requests from friends inviting you to play them with them.
Activity on applications and games dashboards
Yeah, you may like to play mahjong or mafia wars, or even pretty little pony princess. But do you really want your friends, boss or co-workers to know you enjoy the thrill of dressing up your little pony princess and prancing around the magical kingdom?
Didn’t think so…
Instant personalization pilot program
THIS one is interesting. It sets how FB partners and personalize their features with your public information. Basically it tells FB what info they can give to their partners without you knowing about it.
By default, it’s ON. This should be turned OFF. Never let someone share your information without you knowing about it or consenting.
Partners of theirs are currently Microsoft Docs.com, Pandora and Yelp. But I’m sure they’ve got their grubby paws out to draw more in and Microsoft currently has more information on me than I want them to have, they don’t need any more.
This is basically where you have a list of people that you specifically want blocked from your FB page. Pretty self explanatory, but remember, they can always create a new profile or get a new e-mail address, so it’s not full proof.
I know this is a lot to digest and looking back, I’m not so sure that I want to keep my FB page. I keep striping things off of it so it’s turning into my personal web site fan page. Which overall isn’t that bad a thing.
Do you really want to sit down and read something like that? I mean yeah, I’ll read the Constitution (I have many times), but just so my friends, family etc can keep in touch? No, not really.
Remember some of this when you’re on your FB page and now that you’ve read some of it, don’t be afraid to go out and make sure you have your settings marked correctly.
If you have ANY questions on any of these settings, please don’t hesitate to drop a line and give me your questions.
I can probably tell you what my answer is going to be, right now (don’t allow anyone but friends to see your stuff and don’t allow friends to publish anything), but I’ll try and tailor it to your specific situation.
So, do you use FB?
How do you use it, is it just to keep in touch, something to follow events?
What are your thoughts on the privacy issues concerning FB and their privacy statements.
Till next time.
Editors Note: If you still want to use Facebook for keeping in touch with folks or for seeing whats going on out there then just set up one with a fake name
Information Security Correspondent
Norm W. is an information security engineer currently employed as a CONUS civilian contractor. He has worked in the computer industry for the past 20 years and holds several security and non-security related IT certifications. Norm has worked with multiple agencies in the private and public sector as well as foreign companies and agencies to resolve information security issues.