Social Media connects people across the world by providing users with a means to share content. It has undoubtedly become a huge part of our daily routines. In 2021, Americans spent an average of two hours and thirty minutes a day on social media. But not all personal information is intended to be shared with others.
While social media has its benefits, usage also puts users at an increased risk of serious threats to their data privacy. Nevertheless, most social media users tend to downplay these risks. It is important to know that privacy rights are not automatic and if you don’t take active steps to protect yourself, you are placing yourself at risk of an attack to your online reputation.
Why Should You Care About Your Social Media Privacy?
Any information that you provide to a social media platform can become public. Even a well-intentioned post meant for a private group of people can be misinterpreted, shared with a larger audience and become viral. Additionally, private account information is frequently hacked and utilized for nefarious purposes. Social media is also becoming a platform by which employers monitor candidates for employment and employees.
A 2020 study found that 79% of surveyed employers admitted to rejecting applicants based on social media publications. Social media publications can also be the basis for terminating existing employees. Common reasons for termination include posts about workplace conflict, confidential work matters, discriminatory behavior such as racism, insensitive jokes, political content and risqué photos.
Risks to data privacy do not only come from outsiders. Social media platforms themselves can also place your privacy at risk. There have been a steady increase in lawsuits against social media platforms over how they utilize and monetize the private information of users. Most technology giants have some sort of litigation pending related to data privacy. For example, Meta is defending allegations related to Facebook’s “Pixel” tracking tool, where it is alleged that Facebook improperly received data related to its users that were transmitted from hospital websites. TikTok is facing allegations that it tracked and collected its users’ activities on third-party websites via its in-app browser, in violation of wiretap and consumer protection laws. Tinder and Match.com are facing a class action lawsuit related to the allegations that the companies improperly stored and used the biometric facial scans of users through their photo verification feature.
Clearly, the information you share on social media will shape your relationships, career prospects, reputation and future.
How Can You Protect Your Privacy on Social Media?
The only way to fully protect yourself against social media privacy risks is to refrain from using it. But, for most people, this is not a realistic solution. So, what can you do to actively combat the risks to your data privacy while still enjoying social media? KJK has compiled a list of 10 steps you can take right now to protect your privacy on social media.
Step 1: Review the Platform’s Terms and Conditions
Social media platforms are governed by certain terms and conditions. Terms and conditions are guidelines that outline the purpose, function and expectations of the user experience on a specific platform. While websites enforce terms and conditions in different ways, a quick review of a social media site’s terms and conditions will give you valuable insight into how that platform intends to use your personal information.
Most people do not review a site’s terms and conditions until after they have an issue. This is because terms and conditions tend to be long, repetitive and constantly evolving. Additionally, most people recognize that they don’t have a choice but to accept the terms and conditions of site use if they want to utilize a platform. While this is largely true, you likely do have some choices related to your data that you waive when you fail to read a site’s terms and conditions. Knowledge of a site’s terms and conditions will help you protect your data privacy.
Here are some terms and conditions that you should consider reviewing:
Some websites include terms whereby, by making publications from the platform, you agree to assign intellectual property rights to that platform. This sometimes means that a platform can have ownership rights over your posts, disseminate them, monetize them or more. This also means that if you want to delete content after it is published, you might not be able to.
Geotags and Location Sharing
Sometimes, a site’s terms and condition automatically opt users into certain features. This can include the tracking and sharing of a user’s location information. Any time your location is shared with the internet, you are placing your safety at risk.
Step 2: Be Cognizant of the Personal Identifying Information You Share With a Platform.
Social media users should be mindful of the type of information they share with others. Any information you share on social media, even if it is just shared with a single person or a private group of people, has the potential to become public information. Personal information is frequently collected by employers, journalists, members of law enforcement, lawyers and marketers. It is also collected by hackers, data miners and archiving sites.
Here are some common types of data that can be collected from social media sites:
- Your legal first and last name
- Your birthday
- Your email address
- Your physical address
- Your Internet Protocol (IP) address
- Your photos
- Your written publications
- Your current geo-location
- Your “likes” or “preferences”
- Your biometric data
- Your credit card information
While sharing some of this information might seem more harmless than others, there are many privacy issues that can arise from publishing any personal information. For example, sharing your preferences on social media could provide hackers with key information related to your account passwords (ex. Favorite sports teams, names of children or pets, significant dates, etc.). When a hacker guesses your passwords, they gain access to even more of your private information, which places you at an increased risk of identity theft, online scams, sextortion and revenge porn. You should be skeptical of all personal details that you share on a social media platform.
Step 3: Choose Secure Login Methods
Social media users should utilize secure login methods. Specifically, social media users should consider enacting the following precautions:
- Select a strong and unique password
- Avoid using the same password for different accounts
- Update older passwords
- Set up two-factor authentication for logging into social media sites and your own private devices
- Avoid logging into social media accounts from public and/or shared devices
Social media users can also help safeguard their private information by utilizing a virtual private network (VPN). A VPN is an encrypted internet connection that enhances internet security and privacy. A VPN works to limit the amount of information companies can mine from your browsing habits. Thus, it can assist in protecting your private information.
Step 4: Set Your Profile to Private
Social media sites often give you the option to limit who can see your profile information. Setting your profile and posts to private will minimize the likelihood that your information will be taken and used by strangers for nefarious purposes.
Step 5: Don’t Accept Friend Requests from Strangers
Fake accounts have become increasingly popular on social media sites. From July to September of 2022 alone, Facebook states that it removed 1.5 billion fake accounts. Social media users who want to protect themselves from data privacy risks should refrain from accepting friend requests from strangers. Social media users targeted by fake accounts commonly face the following legal issues:
Sextortion is a serious violation of privacy that occurs when an attacker (also called a sextortionist) threatens to release explicit images or videos of the victim if the victim fails to meet the attacker’s demands (typically for large sums of money). Typically, this type of attacker targets social media users who are willing to accept friend requests from strangers. After the victim accepts the attacker’s friend request, the attacker messages the victim, gains their trust, requests personal information and documents other personal information from the victim’s social media account. Once the attacker has gained access to enough personal information (such as cell phone numbers, employer, friend list, etc.), the attacker persuades the victim to send compromising images or claims to have hacked his or her webcam. The attacker then threatens to release the compromising images to family, friends and employers unless a ransom is paid.
Impersonation occurs when an attacker steals the photos and social media content of the victim and then utilizes this information to make a different account impersonating the victim. The attacker then uses the account to perpetuate internet scams, including but not limited to, selling revenge porn, engaging in sextortion, etc. While impersonation often happens to public accounts, it can also happen to private accounts.
The best way to protect yourself from a social media scam is to set your profile to private and refrain from accepting friend requests from strangers. You should also keep in mind certain common indicators of fake social media accounts. Fake social media accounts often have one or more of the following characteristics:
- The account does not have a profile picture or utilizes a profile picture of a person that looks like a model
- The account has a low number of friends or followers
- The account does not follow anyone you know
- The account has very few photos or posts
- The account sends you a direct message that appears to be in broken English or directs you to click a URL.
Step 6: Review Your Account Permissions and Restrict Access to External Apps
Social media users should be extremely cautious before granting any third-party app access to your account. Third party apps are created by external developers to integrate with a social media platform. While these apps can make the social media experience more enjoyable, utilizing them can come with extreme risks to your data privacy. When you use a third-party app with your social media account, you are granting that app permission to access, use and collect data from your social media account. If the app becomes compromised, the hacker will also gain access to linked accounts.
Social media users who want to increase privacy protection on social media should check the list of apps that they are logging into through that social media site and revoke access permissions.
Step 7: Turn off Location Data
Location data, geo-location tags and social media “check-ins” broadcast your exact location at a certain point in time. When you notify others of your physical location, you let them know where you are and where you aren’t. Sharing location data not only jeopardizes the physical safety of you and your family members, but it also increases your risk of being physically attacked and/or robbed. For example, in 2016, Kim Kardashian was robbed at gunpoint after she posted a photo of herself wearing a 4.5-million-dollar diamond ring at Paris Fashion Week. Ultimately, her attackers admitted that they traced her through her public social media posts.
Even if you don’t tag your exact location when you post on social media, your photo or message might still contain key information about your location that may assist others in tracking you. For example, if you post videos of your child at a soccer game every Saturday, viewers may know your weekend routine, your child’s interests, what team he or she plays for and even what school he or she attends. Social media users that want to increase privacy protections should also consider posting photos after they return from an event or trip and refraining from publicizing location related details.
Step 8: Be Wary of Phishing Schemes
Phishing schemes are fraudulent communications from cyberattackers that are designed to trick the recipient into revealing sensitive personal information. Phishing attacks on social media typically come in the form of a direct message, but they can also take other forms. Here are some examples of social media phishing schemes:
The Fake Quiz
A quiz tells you that it will tell you the name of your future band if you provide your childhood street name, your mother’s maiden name and your favorite animal. Thinking the quiz is harmless fun, you provide the information and receive a band name. Your answers are collected by cyberattackers, who use the information to guess the security questions for your bank login.
Direct Message Phishing
A brand messages you on Instagram and states that they want to send you free product in exchange for your social media promotions of their product. They direct you to click a link containing malware. The malware is downloaded on your computer, and the attacker steals your sensitive information.
Your friend’s profile is hacked on Instagram. The hacker posts an Instagram story purporting to be your friend and claiming that she multiplied her cryptocurrency investments by sending them to a third party. You follow the hacker’s directives and lose your investment.
Step 9: Remember That the Internet Is Forever
The phrase “the internet is forever” is famous for a reason. Publications made from private profiles, direct messages and “disappearing” content apps like Snapchat are not really private. Anything you provide to a social media site can be copied, shared and made public. Once content spreads, it can become difficult, if not impossible, to remove. Social media users should think of potential repercussions before posting any content, and refrain from making statements that could incentivize others to spread private information.
Step 10: Know When to Involve an Attorney
If you are facing an attack related to the exposure of your private information on the internet, you should act as quickly as possible to address the situation. Negative content that is ignored can rapidly spread into a bigger issue. If you are not sure where to start, or a problem appears to be getting worse, you should consider contacting an internet attorney.
Protecting Yourself on Social Media
While no social media user can fully protect themselves against a cyberattack, you can actively combat the risks by enacting safe social media practices. If you have questions related to the privacy of your data on social media, or if you are the victim of an online attack and need assistance, please contact KJK Internet Defamation and Content Removal attorney Ali Arko (ALA@kjk.com; 216.716.5642).