Nowadays everyone has to have a strategy for managing the complexity of social media privacy. Approaches vary:
- A relatively small number of people just don’t care who knows what about them. By default they let it all hang out. We see evidence of this every so often when someone gets fired by an employer who thought a photo was too racy, or a comment too racist.
- On the other extreme, certain people have abandoned social networks altogether, or avoided them in the first place. People who have had stalker problems fit comfortably in this category, for example.
- The majority are somewhere in between. We seek to filter our private information in a practical, socially acceptable way, while minimizing the amount of time and effort we spend understanding policies and tweaking settings.
1. Don’t post truly private information on social networks
The most important thing you can do to protect your privacy is to use self-restraint. You simply shouldn’t put information that you consider “private” on social networks. For starters it’s easy to make a mistake with not-always-intuitive privacy settings, thus giving “public” access when you thought it was “friends only”. Facebook in particular seems to change its privacy system frequently in ways that make it easy to make such mistakes (so much so that it almost seems intentional on Facebook’s part).
Also, people you share “private” information with in social media may goof up and share whatever you share with them. This can happen accidentally (see privacy settings, above) or because they don’t realize that some information they receive from you via social networks is private…unlike all of the other information they are busy sharing every day.
2. Don’t count on leading a secret double-life in social media
It can be awkward for people to receive “friend” invitations from co-workers or bosses. Many of us want to choose when and how to talk shop with friends. We don’t always want to discuss recreation or “personal” matters with everyone at work. We don’t want people from one sphere “looking over our shoulder” as we go about out business in the other. One’s personal brand outside work—maybe we’re a parent, maybe a party animal—may not be the same as one’s personal brand as a professional. Should there be only one “authentic you” for all occasions? Perhaps. But for many people, the ability to make this distinction is important.
People who have a high-profile position that identifies their personal brand and actions closely with their employer’s brand may be especially tempted to lead double lives in social media. For example, a corporate executive might desire to avoid expressing controversial personal political opinions in front of team members and customers, and so uses an anonymous Twitter account to engage in political conversations.
Another example of a dual identity, which a friend of mine epitomizes, is having an “in the closet” Facebook profile for professional friends and an “out” profile for personal friends.
I’m sympathetic with the desire for multiple identities because I respect the desire of people to shape more than one “authentic” personal brand for themselves, and I don’t think the prejudices of co-workers and clients (or potential clients) should impact people’s income or their enjoyment of personal relationships.
But there is a risk of discovery.
Besides the risk of mistakes discussed above, certain sites and services online are actively aggregating data about which social media identities are associated with which people. They sometimes use, at least in part, what they learn from their subscribers (see my previous post, 3 reasons to try social media add-ons for Outlook or Gmail, for one example). So if anyone knows that you have a certain Twitter account and a certain Facebook account, even though you think you’ve kept the two entirely separate, everyone using one of these aggregation services may be able to find out that you are associated with both accounts. Then people who know about one of your email addresses or accounts could find out about other addresses and accounts you use. They might have access to all of your posts—depending on your privacy settings with Twitter and Facebook. Or they might ask you to give them access…which is a whole other topic for a future post.
3. Don’t get “phished” via social media
“Phishing” is where you receive a legitimate-sounding request asking for your username and password which is not really what it claims to be. No doubt everyone with an email account has by now received at least one phony email pretending to be from their bank urgently demanding that they login on a fake bank site for one alarming-sounding reason or another.
Phishing has become extremely common in social media, especially with the use of short links (such as bit.ly) that at first don’t reveal the full address of the destination site. So when you get an odd request from someone to click on a link, don’t. Or if there is something phishy about the language of a post with a link embedded in it, don’t click on the link. Verify the links’ authenticity first.
In addition, there are now hundreds or even thousands of reasonably trustworthy third party social media applications which do things like post updates automatically to your Facebook page about a game or a contest you participated in. Other apps offer to tell you how “influential” your Twitter account has become, or they repeat your posts from one social networking site to another. There are an endless number of useful tools now available based on this principle. And although many are perfectly safe, or at least as safe as any web app can be in this age of malware and hackers, you should always debate whether you can trust a service before giving them access to your Facebook or other social media feeds.
Caution is essential:
- Always be sure of the legitimacy of site you are giving, or possibly re-submitting, your login credentials to before you type in your credentials.
- Don’t provide your credentials to an unknown site just because a friend asks you to. Your friend’s account may have been taken over by a virus which is making this request on behalf of a phishing site.
- Don’t provide your credentials to a site just because the logo looks right. The logo, and even the page layout, may be convincingly faked.
- Before logging into any site, look at the address in your browser carefully to make sure it exactly matches the name of the site you think you’re talking to.
- While you’re at it, and especially when you’re using public (or shared) WiFi, use an “https://” rather than an “http://” address to login to social media, web mail, and any other password-protected sites. For most sites this is as easy as typing in the “s” yourself, if they haven’t provided it already.
What are your concerns about social media privacy, or lack thereof, and what are your strategies for making the best of the situation?