If the service is free, then you are the product. Your data and social media privacy are slowly being portioned and sold to advertisers by the social media sites you use.
There’s an added layer of third, fourth and fifth-party apps that can access the personal data you’ve given social media sites, without any legal obligation to protect you.
So, what can you do to protect your online presence and stay safe while using social media?
Well, at Your Online Choices, we’re passionate about raising awareness surrounding safety and privacy online.
In this ultimate privacy guide to social media safety and data protection, we’ll cover everything you need to know to stay secure on social media—even if you’re green and two-factor authentication, geotagging, metadata, and phishing all sound like magical incantations.
Some of the tips we’ll cover today include:
- How to create strong passwords and protect them
- Why your privacy settings are the security system you never knew you had
- The golden rule for posting mindfully on social media
- How to spot and guard against attacks
Let’s get started with the one who holds the keys to your online privacy: your password.
Maintaining Username and Password Security
Password strength is the gatekeeper of your online presence and you want to ensure that it’s as beefed up as possible to protect your online identity and keep your data safe.
To ensure your online presence is protected, you must practise good password hygiene:
- Prioritise password strength using a long chain of unique characters and numbers that are never reused between websites. If the web service permits, aim for a 20–30 character passphrase that is easy for you to remember and difficult for others to crack.
- Use password managers that protect your passwords from threats with the highest level of encryption that’s difficult to crack.
- Have password recovery options, such as email and phone number verification, to enable you to reset your password.
- Never share passwords, as third parties may use them to hack your accounts or steal your personal information.
Keeping your usernames and passwords secure is essential for safeguarding your digital privacy.
Enabling Multi-Factor Authentication
Even if your password is longer and more unique than, say, “Password1234,” it still isn’t immune to brute force, keylogger, or man-in-the-middle password attacks.
That’s where multi-factor authentication (MFA), also known as two-factor authentication (2FA), comes in.
Enabling two-factor authentication on your accounts adds an extra step to the login process by requiring the input of an authentication code sent to you via email or SMS. 2FA can also involve a thumbprint or facial scan.
It’s easy and can help protect your accounts from hackers and other malicious actors who may have somehow gained access to your password.
Here are a few ways to get started:
- Authenticator Apps: Download an authenticator app that generates a unique code each time you log in to your account.
- SMS Verification: Set up a text message service to your phone in order to receive a code to log in to your account.
- Backup Codes: Generate backup codes and store them in a safe place. These codes can be used in case you lose access to your account.
- Security Keys: Use a physical security key that uses USB, NFC or Lightning connectors to connect to your device and access your account. This is especially useful if you access your account from multiple devices.
Two-factor authentication is almost a safety standard at this point, as most social media sites, online marketplaces, and services now offer it.
If 2FA is available, always opt in. If it isn’t offered by the social networking site you’re using, set it up yourself.
It is important to note that each method of multi-factor authentication comes with its own set of advantages and drawbacks. The following table offers a side-by-side comparison to help you determine the most suitable option for you.
|Authenticator Apps||Generates unique code each time, not dependent on SMS delivery||Requires a smartphone, could be inconvenient to switch between apps|
|SMS Verification||Easy set-up, no need for an additional app||Dependent on mobile network, susceptible to SIM swapping attacks|
|Backup Codes||Useful when you don’t have access to your phone||Can be lost, should be stored securely|
|Physical Security Keys||High level of security, great for multiple device access||Can be lost, some devices may not have the appropriate connectors|
Regularly Checking and Adjusting Your Privacy Settings
“Technology does not need vast troves of personal data, stitched together across dozens of websites and apps, in order to succeed.”Tim Cook, Apple CEO
If passwords are the gatekeepers of your online identity, think of privacy settings as the fencing, surveillance and security system that help keep undesirables away from your personal data.
Do you remember the global furore from Meta and other tech companies when Apple announced their App Tracking Transparency feature in 2021?
The feature essentially put power back in users’ hands to decide which apps get to follow them around on the web, and social media sites saw the end of their business model.
Social media sites often allow you to control the settings for who can see your profile and what type of information can be seen by the public. You can also control what kind of ad targeting you receive and if your information is collected by the site.
The rule of thumb with privacy settings is to lock everything up because even the smallest nugget of information can be used to identify and track you.
Researchers from the University of Melbourne found that even anonymised data can identify people if there is some public knowledge available about them—such as their year of birth.
Imagine what they can do with a fully filled About section on Facebook!
Let’s look at how you can optimise your privacy settings to enhance personal data protection:
- Review your profile to see what kind of information is visible, such as your phone number or address. You should also check what type of information can be seen in a social media search. This can include posts, photos, and other information shared across multiple platforms.
- Adjust the settings for data collection and ad targeting. Social media sites will allow you to opt-out of certain data collection practices or limit the type of ad targeting you receive. Make sure the platforms are restricting the data they’re collecting and access to it.
- Take charge of your online security by regularly checking your privacy settings. Adjust your privacy settings and make sure you’re only sharing the information you want. You have the power to decide who can access your data and how it’s used.
- Limit the amount of personal information you share to ensure your data is secure. No need to share who your immediate family are or your phone number.
- You can also use antivirus software to help protect your privacy. This’ll provide an additional layer of security and help protect your data from malicious software or hackers.
Social media platforms such as Facebook, Twitter, and Instagram have evolved drastically over the years, tweaking their algorithms to better monetise your interests to the detriment of your online privacy.
We’ve previously talked about Facebook’s major data privacy issues to shed light on this very issue.
Aside from double-checking the locks on your privacy settings or opting out of social media altogether, there’s not much else you can do to impact these social networking giants.
The video below shows how you can hide your IP address.
All these social media platforms are profiting off your data and it’s in their best interests if you’re lax about your own data protection.
So, do your due diligence and make sure your personal information is secure.
Being Mindful of What You Post
Posting content online can be a fun creative outlet, but you need to consider each post, comment, like, or retweet as public and permanent.
The internet is forever. Even if you delete questionable old posts, there are ways for people to dig up what you’d rather keep hidden; such as The Wayback Machine, which has screenshots of social media pages in its over 640 million archived web pages.
Be mindful of the impression your posts give and who’s viewing it. You don’t want to post something that could be misinterpreted or be seen as offensive. And you certainly don’t want it to come back to haunt you decades later!
Your personal brand and reputation are on the line, and you want to make sure that your online presence reflects positively on you.
Beyond having your reputation, beliefs, or actions dissected by strangers, social media posts unknowingly expose tons of personal information that raise privacy concerns.
Just take a second to think on it: The location check-in at your neighbourhood barber, the photo with your kid’s school in the background, the video that shows a panoramic view from your flat, conversations with mates in the comments—the opportunities for exposure are endless.
A summary report funded by the Australian research council found that over 60 percent of Australian adults had experienced some form of digital harassment, with the 18–24 age set being more at risk.
The more public information there is about you, the more ammunition bad actors have to attack.
Who are you sharing your content with? Is it friends, family, or the public?
Even if you feel like you’re in control of who can view your posts, you never know who will see them. Your content can be shared and spread to a wide audience, so remember that once it’s out there, it’s out of your control.
There’s no correct threshold of privacy for social media posts, so we’ll leave you with one golden rule:
Always double-check before you post and err on the side of caution.
Is it something that you’re comfortable with being seen? Is it something that you can stand by? Is it something that might expose or endanger you or your loved ones?
Here is a table that breaks down common types of social media posts, their potential risks, and strategies for safer sharing.
|Type Of Post||Potential Risk||Mitigation Strategy|
|Location check-ins||Reveals your frequent locations, routines||Limit location sharing; avoid checking in real-time|
|Personal photos||Can expose background details such as home location, loved ones||Be mindful of the background details in your photos|
|Political or controversial opinions||May lead to online harassment, may affect future employment||Consider sharing such opinions privately or anonymizing your account|
Limiting Who Can See Your Posts
Limiting access to your posts is another effective way to take charge of your digital privacy.
Social media safety is the only occasion when keeping your enemies closer categorically doesn’t work.
Customising the visibility of your posts can be done in several ways:
- Customising visibility: Adjust privacy settings to limit who can see your posts. Use custom lists to categorise friends and limit the audience for your posts.
- Blocking users: Block users who are harassing or bothering you. Block users who you don’t want to be able to see your posts.
- Managing friend requests: Only accept friend requests from people you know. Don’t accept friend requests from people you don’t know, even if they are a friend of a friend.
- Using private messaging: Utilise private messaging instead of posting to your feed or comments. Messages sent in private aren’t visible to other people.
- Utilising groups: Join groups that have similar interests. Utilise group settings to limit who can see the content you post to the group.
Limiting who can see your posts is an essential step towards protecting your online presence.
With the right privacy settings and the right tools, you can help ensure that your social media activities are safe and secure.
Being Wary of Third-Party Apps
Giving open access to third party apps is like leaving the kitchen window open in your tightly secured house. Someone’s going to sneak in.
This happened to several high-profile music artists in 2020, whose Spotify accounts were hacked via a third-party app. Though quickly remedied, it was a sobering learning experience.
Third-party apps are the weak link in your online security.
You might be picturing dodgy apps in the app store that are flooded with ads and suspicious links, but it goes beyond that.
The risk of a third party app breach can come through pretty legitimate avenues.
It can be any app you allow to connect or collect data from your social media accounts, including:
- Apps that offer a cross-posting feature, for example, an Instagram post simultaneously sharing on Twitter
- Social media tools that automatically post for you, such as Hootsuite
- Marketing automation tools that carry out email and content management tasks
- Apps or games that you log into using your social media accounts
These apps can access a lot of your personal data, so it’s important to be aware of app permissions and data sharing.
Beware of how third-party apps are tracking your activity, using your data, and who has access to your data.
Don’t be afraid to ask questions and do your research, such as reading through the apps’ reviews and looking into their reputation.
It’s also essential to be aware of what you’re agreeing to when you download and use third-party apps.
Here are a few ways to maintain your social media safety while using third-party apps:
- Read the fine print: Take the time to read and understand privacy policies, security measures, data practices, and app reviews.
- App permissions: If you can’t think of any functional reason for an app to request access to your location, camera, microphone, storage, contacts, calls, or messaging, you should decline permissions.
- Data sharing: Familiarise yourself with the privacy settings on social media apps to have better control over data sharing with third-party apps. Make sure they can only access the functional minimum and that they don’t sell your data to fourth and fifth-party apps.
- Account linking: Linked accounts can expose you to data breaches and data sharing beyond what you agreed to. Only link trusted services with solid reputations, privacy policies, and security measures.
- Review and revoke: Regularly review and revoke existing permissions and linkages for apps in your device that you no longer use or trust. Most devices and apps have these controls under Settings and Privacy.
- Use alternative apps: Consider using the official features or services provided by the social media platform instead of relying on third-party apps. Official features are typically subject to better privacy and security controls.
We understand that stopping to check permissions and policies of third party apps is very tedious, but it’s an ongoing responsibility that you cannot afford to shirk.
Guarding Against Harmful Links and Phishing Attacks
You’ve probably received the odd email requesting money that’s most certainly a scam. These often get filtered out as spam, if the outlandish requests themselves don’t immediately trigger your suspicions.
What may catch you off-guard are the rather convincing ways in which bad actors can target you on social media.
Suspicious or harmful links and phishing on social media can hide behind:
- Fake social media profiles of your loved ones and acquaintances
- Spoofed online customer care chats that impersonate real companies
- Fake job postings on LinkedIn targeting personal information
- False security notification emails and fake password reset links
- Messages offering verified status and sponsorships on TikTok and other platforms
Here are a few safety tips to help you dodge bad actors hiding behind harmful links:
- Check the URL before clicking to make sure it’s legitimate. Before clicking on a hyperlink, hover your mouse over it to display the URL. Ensure that the domain and website address match what you expect.
Be cautious of misspellings, extra characters, or unfamiliar domains, as they could indicate phishing attempts or malicious websites.
- Be wary of generic messages and unknown links from unknown sources. Direct messages that appear generic, poorly written, too good to be true, or are from unknown sources could be attempting to trick you into revealing personal information.
Look for signs of suspicious content, such as grammatical errors, unexpected attachments, and urgent or threatening requests for personal information.
Pay attention to the logo, images, and branding. It’s a red flag if they appear pixelated, blurry, and poorly formatted, or if the entire message is an image with no clickable text.
- Don’t open attachments or click on links from unknown or suspicious senders. Malicious attachments can contain malware that can compromise your device and data. Verify the sender’s identity and authenticity before interacting with any attachments or links.
- Always use an up-to-date antivirus and malware protection software. Install and regularly update reliable antivirus and malware protection software on your devices. They help detect and prevent malicious software or files from infecting your system.
We totally get that it can be difficult to discern what’s genuine and what’s not when it comes to links, but by following the above tips and being mindful of the current cyber threats, you can ensure your social media privacy is secure.
“Privacy is not an option, and it shouldn’t be the price we accept for just getting on the internet.“Gary Kovacs, former CEO of Mozilla Corporation
Being Careful With Location Data
We live in a world where our every move is being tracked for both honest and nefarious reasons, depending on who has access to your location data.
Even in cases where the location data is anonymised, an MIT study found that just four purchases in one store out of 150 stores in the same area can be used to identify 70 percent of users.
That’s why it’s crucial to understand the risks to your online privacy through geotagging and location-based ads and services on social networking sites.
Social media apps may collect various types of location data to enhance user experiences, provide location-based features, and deliver targeted advertising.
The specific location data collected can vary across different apps and platforms, but here are some common types:
- GPS Location: Social media apps can access your device’s GPS data to determine your precise geographic location. This information allows apps to provide location-based services such as check-ins, local recommendations, or targeted content based on your current location.
- IP Address: Social media platforms may collect your IP address to approximate your geographical location, allowing them to offer location-based features and content.
- Wi-Fi Networks: By analysing the names or signals of nearby Wi-Fi networks your device detects, social platforms can estimate your location even when GPS or IP address data is unavailable or less accurate.
- Bluetooth: Some social media apps use Bluetooth technology to detect and interact with nearby devices or beacons. This can help determine your proximity to specific locations or other users for features like nearby friend recommendations or location-based advertisements.
- Metadata From Uploaded Content: Social media platforms may extract location data from the metadata embedded in your uploaded photos or videos. This metadata, often called EXIF data, can include GPS coordinates.
The question then becomes, how are the social networks sharing and protecting all the location data in their hands?
Well, the truth is, you can’t really know for sure who’s getting their hands on or using the location data from social media sites.
So, here are four key ways to protect your personal information from location tracking dangers:
- Disable location services when not in use. This will help protect your personal information from being tracked by third parties.
- Don’t be fooled by location-based ads or app features. They may seem helpful, but they can also be used to track your movements and tie your digital life to your physical life.
- Use a trusted VPN service that offers AES-256 encryption to encrypt your connection and make it more difficult for apps to track you. Your Online Choices exhaustively reviews the best free and paid VPN services in Australia.
How Your Online Choices Helps Protect Your Online Presence
Knowledge is half the battle. For many of those looking into online safety and specifically social media privacy, it’s challenging enough to figure out what to do let alone what you don’t know.
Now, it’s time to put what you’ve learned into action.
Create strong passwords, enable two-factor authentication, adjust your privacy settings, limit who can see your posts, and be mindful of what you post.
Treat your location data and privacy with the same care that you treat your bank account, because it is valuable.
And, if it looks too good to be true or too hasty to allow you time to think, run!
Applying these privacy strategies will ensure that you stay safe and secure while enjoying social media.
Don’t wait. Start making your online presence secure today one password and setting at a time.
- 6 Steps to Secure Your Privacy on Top Social Media Platforms - September 4, 2023
- 5 Ways to Minimise Your Digital Footprint Today - September 2, 2023
- Understanding Your Digital Footprint: What Is It and Why Does It Matter? - August 24, 2023