If you’re reading this, then you almost certainly have a Facebook account, since nearly 1 in 7 people worldwide are now on the book. You’ve probably already visited the site today and maybe even wrote a wall post you wouldn’t be so fond of a few years from now. Well here’s some news: Your digital footprint on social media could be affecting your life much more than you realize.
Every “share” and “like” carries more baggage and potential damage than you ever could have imagined. Facebook’s reach into highly-sensitive personal data is quicker, wider and more extensive than ever before and so many American users have no clue who is getting access to what. A new study by Consumer Reports shows that not only does Facebook have an alarmingly large amount of your personal data, but the site is also sharing that information a lot more than you probably think. And to add fuel to the fire, Americans are willingly oversharing and it’s costing them more than they know.
“Facebook really is changing the way the world socially communicates and has become a successful service in part by leveraging copious amounts of personal data that can be spread far wider than its users might realize,” said Jeff Fox, Consumer Reports technology editor. As part of its State of the Net 2012 report, Consumer Reports surveyed 2,000 U.S. households and estimates there are about 150 million Facebook users nationwide.
The study found that the combination of voluntary and involuntary data sharing has turned Facebook into a perfect storm for unraveling consumers’ private lives. An estimated 13 million American Facebook users have never changed their privacy settings or don’t even know what that means. On top of that, 28 percent actually choose to share all, or almost all, of their wall posts outside of just their friends.
But it’s not just what consumers are voluntarily sharing or saying on Facebook that’s potentially dangerous to them, but a lot of their personal information is being collected and shared without their knowledge. Federal privacy laws do cover Americans’ financial and health data; however, the amount of your information that’s shared through social networks is much harder to control. And Facebook is collecting, keeping and sharing more information than you may imagine.
One area of Facebook where user privacy can get tricky is games and apps. Whenever you run one, it automatically collects your public information like your name, gender and profile photo. But on top of that, the app also gets a list of your friends, even if you don’t choose to share that information. Apps can also access information shared by users’ friends, unless they’ve specifically changed that privacy setting. So Facebook apps can access your personal data and activity, even if you don’t use them, and that’s a problem. Consumer Reports’ study found that only 37% of Facebook users have actually used the site’s privacy tools to identify what information apps are allowed to access. And those who do allow access to their data probably have no clue to whom they’re giving access.
The only requirement needed to create an app on Facebook is a verified account and either a cellphone number or credit card. So basically anyone can create a Web-based app or mobile app that can be accessed via Facebook. Experts told Consumer Reports that the site doesn’t even have to review how the apps are programmed before users can access them. But Facebook says it monitors apps closely for any threatening behavior.
“We have a dedicated team that reviews apps using a risk-based approach to ensure we address the biggest risks, rather than just doing a cursory review at the time an app is first launched,” a spokesman told Consumer Reports. “We also have stringent automated systems in place to quickly catch bad actors before they can gain access to user data.”
Facebook not only keeps track of what you are doing specifically on Facebook, but it’s also tracking all of the other websites you visit as well. If you see the option to “Like” the page you’re on, Facebook knows you were there. The “Like” button not only reports to Facebook your presence on a site, but sends along the time and date of your visit as well as your IP address. And get this, you don’t even have to actually click the “Like” button or be logged into Facebook.
Consumer Reports points out that it’s not just fancy technologies like tracking capability that pose privacy threats to Facebook users, but the information users themselves choose to share can put them and their personal information at risk.
While it may seem like common sense, a lot of people actually need to be told that what they post on social media could end up coming back to bite them. Insurers, employers and even college admissions officers are now using social media to evaluate people. So you may not be running for office, but a picture of you funneling a beer at a party or a status update about how much you hate your ex-boyfriend could end up costing you your dream job. Consumer Reports found that 69% of HR reps say they’ve rejected job candidates based on their social media history. And here’s the kicker, you’ll have no idea if this is what happened to you, because they’re not going to tell you; they just won’t call you back.
Services like Social Intelligence actually collect public Facebook posts for companies to include in background checks and what employers are looking for are sexually explicit photos or videos, racist remarks and evidence of illegal activities. It seems like avoiding these types of things would be a no-brainer, but apparently not. And on top of that, a lot of landlords now use social media to screen potential tenants.
“Our electronic trails have been digitized, formatted, standardized, analyzed and modeled, and are up for sale,” says a report from Novarica, a New York-based research and consulting firm. “As intimidating as this may sound to the individual, it is a great opportunity for businesses to use this data.”
And if businesses can access this data, so can criminals. Even your friends can pose a risk. Consumer Reports’ survey showed that some 20 million U.S. Facebook users aren’t comfortable with all their friends regarding personal security, either because they don’t know them or they know them well enough to not trust them.
Facebook signed a settlement with the Federal Trade Commission last year that barred the site from making misrepresentations about the privacy of users’ information. Facebook also agreed to get users’ consent before overriding their privacy settings. Some said the agreement wasn’t enough though and still criticize Facebook’s secret website tracking and the amount of personal data it keeps on all its users.
Despite the areas out of their control, there are a lot of things consumers can do to protect themselves on Facebook and one thing all users should do is change their privacy settings. Narrow the audience for your profile so that only certain people can see it. Sharing info with “friends of friends” can expose your data to thousands of Facebook users. Also set the audience for all previous wall posts to just friends. That can minimize damage caused by past posts. And take a moment to think before you post something, because you really have no clue who may get their hands on it.
And if you have trouble filtering, Consumer Reports offers this basic guideline from Ed Skoudis, an instructor at the D.C.-based SANS institute that trains security experts: “Maximize your privacy settings, but even then, assume anything you do on Facebook can be seen by all of your friends, your mom, your great-great-grandchildren, your employer, health insurer, and the government.”