Content Type:
Blog
Category:
9 minute read

U.S. Senate Cybersecurity Monthly Roundup

June 18, 2019

Social Networks: How to Make Your Social Safe Because Others Won’t

On June 18, 2019, ID Experts president and CEO Tom Kelly gave a presentation to U.S. Senate staffers as part of the U.S. Senate Cybersecurity Monthly Roundup, which is a series intended to equip decision makers on the hill on the scope of privacy and security concerns facing Americans online. Read on to see what he shared on the risks and vulnerabilities of social media platforms, as well as his tips to stay safe.

Social Networks: The Problem

  • If you’re not on social media, do you even exist?
    • It’s a question designed to provoke laughter – and reflection.
    • Social media has become so woven into the fabric of our lives that few of us question its power and its ubiquity. Without social media, the modern break-up, the modern engagement, the modern vacation and the modern family as we know them wouldn’t exist.
      • To give you an idea of how much social media rules our lives: the average child born now will have 1,300 pictures and videos posted of them before age 13.
      • A third of people interact on social media more than 10 times a day.
  • These platforms are ubiquitous, and we entrust them with so much of our lives – but should we?
    • We all know about the Facebook/Cambridge Analytica scandal, which exposed the information of 87 million users. This was the first of many privacy breaches and compromises over that last year and a half by Facebook and other social media and internet platforms, including:
      • A hack of up to 50 million Facebook user accounts discovered in September 2018, the largest breach in Facebook’s 14-year history, where personal information was exposed and accounts could potentially be taken over.
      • Just after this hack, Facebook announced their Portal home smart devices in October 2018 amid a lot of confusion around the level of privacy afforded to consumers using this device, including the types of data that is captured as well as when and how it “watches” you with its camera.
      • The exposure of massive data troves on over 540 million Facebook members discovered in April, 2019 that were deposited openly on Amazon cloud servers. The data included user’s names, password, comments and likes, following right on the heels of:
      • Facebook’s storage of millions of user passwords in plain text on their networks making them accessible to more than 20,000 Facebook workers.
      • And in June 2019, the breach of 49 million users on Facebook’s Instagram property exposing the location and contact information of their members.
    • Time and time again, Mark Zuckerberg has promised users new levels of privacy and security – and time and time again he has failed them.
    • But Facebook is just the tip of the iceberg…
      • Not to be left out, Amazon experienced a data breach-related around Black Friday last year November 2018, that exposed the names and email addresses of an unstated number of members.
      • It was discovered in April, 2019 that Amazon also employs thousands of people around the world that listen to millions of voice recordings each year captured in Echo owner’s homes and offices. While their stated intent is to use humans to improve Alexa’s AI, this nonetheless raises profound privacy questions.
      • The late, but not lamented, Google+ realized in 2018 that a bug exposed the data of 52 million of its users – but rather than immediately notify those users, it sat on the news for nearly a month.
      • In 2012, a major breach occurred on LinkedIn. Four years later, thieves were still profiting of that breach: a Russian hacker was selling 117 million username and password combinations on the dark web.
      • 100 million users of Quora, the question and answer website, had their names, emails, passwords and direct messages exposed to hackers.
    • Concerning as these statistics are, they’re not the extent of the problems experienced on social media. Some are due to our own negligence:
      • On the more common end of the spectrum, all of us have learned one way or the other to manage our reputations on social media. The cost can be high; most employers will take a look at prospective employees’ platforms, and if they find what they see offensive, it could cost the job.
      • Similarly, oversharing personal information can put you or your connections in harm’s way. Predators are on the lookout for sensitive information, and posting details like sensitive medical information or details about your children can lead to trouble.
    • Some are due to poor platform infrastructure security or permissions:
      • Location tracking is a hybrid issue; some platforms let you restrict location sharing and some don’t. In the case of Facebook Messenger, all it takes is a savvy programmer and using a browser extension to plot a map of the location data people failed to disable.
      • Data breaches are an issue for any digital platform. That said, it’s important that users change credentials and restrict the amount of personal information that’s included on a platform, so in the event that there’s another breach like the one that compromised 50 million users on Facebook last fall doesn’t have as big an effect on your identity.
    • Other threats are due to the sinister actions of other people:
      • Phishing attacks are becoming increasingly common on social media, with a 74.7 quarter-over-quarter increase – higher than any other industry.
      • Malware is also used to scrape data or otherwise cause harm. One example is the use of social media quizzes by Ukrainian hackers to lure over 60,000 Facebook users into installing malicious browser extensions that scraped their data.
      • Fake accounts run rampant on certain networks. At the end of Q4 in 2018, Facebook said that it might be hosting as many as 116 million fake accounts. Account impersonation can simply be annoying, but it can also be destructive, as it was when some fake Sandburg and Zuckerberg accounts were being used to scam Facebook users out of their cash.
    • In extreme cases, these threats have resulted in real horror stories. A sample of these include:
    • Still, others take another form. Social media also opens the door to cruelty and malice from those without the tech-savvy to create phishing attacks or the interest in making duplicate accounts.
      • Pew reports that 59 percent of teens have experienced bullying online. And even those who don’t experience bullying weary of the “drama” that they see online, with 45 percent saying its “overwhelming.”
      • For some, it gets much more sinister. Molly Russell, a British teenager, killed herself in 2017. Her parents blame Instagram and Pinterest for giving her access to images of self-harm. More recently, a young Malaysian woman committed suicide after 69 percent chose “death” in an Instagram poll she created that gave her followers the chance to choose “death” or “life.”
    • An additional reference for social media scams are available at 10 Social Media Scams and How to Spot Them

Social Networks: Consumer Recourse

  • Unfortunately, wherein many markets there are competing services to choose from, consumers are limited in the options they can select to have the same level of online social experience as the one they can enjoy on Facebook’s suite of platforms.
  • Consumers deserve more. They deserve to experience the benefits of social media and to have confidence that their data is secure. And they deserve more options.
  • Government: It’s time for national privacy law.
    • Currently, we’re seeing states pass a number of contradictory laws. California, for instance, passed the Consumer Privacy Bill of 2018 – an empowering data privacy law that gives consumers unprecedented control over their own data and resembles the EU’s General Data Protection Regulation (GDPR) in the strength of its protections. New York is currently considering similar legislation.
    • While it’s good to see states taking action, a piecemeal approach isn’t sufficient in a digital era. A California consumer uses digital platforms based in Texas, Minnesota, Georgia and New York. They shouldn’t have to juggle dozens of different data privacy laws; they should be able to expect the same level of protection and control across different platforms and from different companies.
    • As we begin to consider what a feasible national privacy law might look like, we must be careful not to allow social media companies to hijack the conversation. Leading social media executives like Mark Zuckerberg and Jack Dorsey have called for a national privacy law – but we must remember what their “revised” privacy policies and repeated privacy promises have led to. Consumers deserve a say in how companies are obligated to treat their data.
  • Industry: Industry leaders have already made major strides in helping consumers protect their privacy, developing digital products that monitor for fraud, duplicate accounts, and problematic content. While these products are not a solution for effective privacy legislation, they can help consumers protect themselves in the interim.
  • Tips for users
    • Users: While no one user can protect themselves from data breaches, there are concrete steps individual users can take to protect themselves.
      • Maximize your privacy settings. Turn off location sharing. Make sure you understand exactly what information social media apps do and don’t collect. Simple awareness can make all the difference. Tips to protect yourself:
      • Secure your devices. Use biometrics or make a complex, unique password. Take advantage of two-factor authentication whenever it’s offered. It’s important to ensure that a thief can’t just pick up your device and immediately access your social media accounts.
      • Move beyond social media. Thieves pull together as much information they can, from personal details on social media to financial and government information like a credit card, driver’s license and Social Security numbers. Do everything you can to protect this information as well – it gives thieves less to work with.
      • Ask for help. Don’t be afraid to reach out to experts in data security and consider investing in a social media monitoring product.
      • Help others. Make a point of communicating to those in your circles the options that they have on social media and how to remediate issues. Start by helping those in your family and friend groups – the elderly and the young most especially – understand the risk and do what they can to protect themselves. ID Experts / Morning Consult research found that most adults believe that children, teens and seniors are highly at risk on social media, and 92 percent of seniors, themselves, believe that they’re highly at risk. ​

Related topics:

Authors

  • Featuring
    Tom Kelly
    President and CEO

    Tom is a Silicon Valley technology leader who has served as CEO, COO, or CFO of multiple public and private companies. As president and CEO of IDX, and an established privacy expert, he is passionate about helping consumers and business leaders stay ahead of today’s digital threats.

    Tom’s insight has been highlighted in national print outlets like The Hill, CyberScoop, TechRepublic, CPO Magazine, Fox Business, Security Magazine and Morning Consult, and national broadcast outlets like David Webb Show and the Lars Larson show.

About IDX

We're your proven partner in digital privacy protection with our evolving suite of privacy and identity products.