Facebook and Security – part 3

13 08 2012

In the first two posts I told you how to use the Facebook security settings to protect your information and how to manage your ‘friends’ to ensure you are only sharing your innermost secrets with the people you think you are.
In this final post I’m going to return to areas I touched on briefly in the first post which are the Facebook Applications and advertising. Facebook is a commercial organisation, even more so since their flotation on the NYSE earlier this year, and as such they have to find ways of generating income from a service which “is free to join and always will be”.
Let’s start with the Applications. Many of you will be familiar with ‘Farmville’, ‘Fishville’, ‘Mafia Wars’, but you can also create virtual worlds in other areas, play poker, play slot machines and so on. Other Applications offer to tell your future, share birthdays with your friends, or let you see what’s happening in the news, all incredibly vital stuff I’m sure but as I’ve said before, nothing is free in this life.
Most of these applications are free to download, and the ‘only’ price is your agreement to let them post on your behalf, share your details with pretty much anyone they wish and pester you with requests. In return some of them let you give them your credit card details so that you can buy all of those wonderful upgrades that you never knew you needed. The problem is that by participating, you have agreed to the application becoming one of your friends, and we’ve already looked at what that can mean. Before signing up, have a quick read through what it is you are signing up to. Do you have any idea what this organisation is about, are they even who they say they are? Is your mailbox (the one you’ve registered with Facebook) going to be filled with spam, as they share your details with other organisations who will pay good money for ‘live’ e-mail addresses?
So two tips for managing Applications. Firstly, think before you click ‘accept’, or ‘agree’, you are about to make a complete stranger your Friend. Do you really want to do that? Secondly, have a regular review of what Applications you have signed up to. You do this by clicking that little downward pointing arrow in the top rightof the Facebook page and then selecting Apps on the left hand pane. A regular cull never did anyone any harm.
So now for the biggest earner of all, Advertising. Facebook knows everything about you; your name, age, sex, marital status, hometown, where you go, what you do and who you do it with. Who your friends are, possibly their birthdays, their friends, interests etc. etc. etc. This is marketing dreamland. Want to advertise a wedding service to someone living in Norwich? Facebook can identify everyone with a status of Engaged, select those living within say 20 miles of Norwich and post a link on their home page. Rather than me telling you how easy it is to do, why don’t I let Facebook? Follow this link to read all about it https://www.facebook.com/advertising/how-it-works. So why should you care from an Information Security perspective? Two main reasons, firstly the ease with which adverts can be created, means that you should not simply trust what appears on your Facebook page, as I said in an earlier blog, “on the Internet, no-one knows you’re a dog”, just because it looks like a duck, walks like a duck and quacks like a duck, on the Internet it could still be a Rotweiller. Secondly this should make you appreciate the implications of being too free and easy with your personal information. Information is power and money, I’m going to cover Social Engineering in a later post, but for now let’s just say that if someone comes across as credible then we tend to believe them. If something looks personalised we will tend to trust it. By using the information you have put on Facebook, the advertisers will be both credible and personalised, but are they trustworthy? Do you really want to follow that link to an advert written just for you and then give them your credit card details?

Anyway, that’s enough for today.
As always, if you have any thoughts or comments please share them, if you’ve enjoyed reading this then please click on the ‘share’ button below, and as always Safe Surfing

David

Advertisements

Actions

Information

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s




%d bloggers like this: