|One Step Ahead
April 7, 2009, Volume 55, No. 28
Another tip in a series provided by the Offices of Information Systems & Computing and Audit, Compliance & Privacy.
I want to use Facebook
safely but the privacy settings are confusing
Today, 175 million users subscribe to Facebook. Stated differently, if Facebook were a country, it would be the 7th most populous in the world.
And yet, many on Facebook, or considering going on Facebook, are worried about how to use it safely.
Sophos, an Internet security company, has produced a Facebook Best Practices Guide, recommending how to navigate and set Facebook privacy settings to minimize one’s risk of identity theft while using the site. The Guide can be found at www.sophos.com/security/best-practice/facebook-profile.html.
The Guide focuses on the approximately 25 privacy-related settings and, for each one, includes a safe setting recommendation and explains the rationale for that recommendation.
One example from the Sophos Best Practices Guide is:
“Only my friends”
Why? By default, Facebook allows all of your networks and all of your friends to be able to view your profile. As networks can contain hundreds of thousands of people (and you have no control over who else joins the network), you are instantly revealing personal information to potential identity thieves if you leave this option at its default setting.
Sophos advises that it is sensible only to allow your profile to be viewed by your friends, so you should set this option to be: “Only my friends”.
The Sophos model is one helpful educational tool for those who wish to harness a popular service while considering how to responsibly address privacy-related risks. Another helpful resource on these issues is www.techforluddites.com/2009/03/privacy-controls-in-facebook-pt-1.html
To receive weekly OneStepAhead tips via email, send email to firstname.lastname@example.org with the following text in the body of the message: sub one-step-ahead <your name>.
For additional tips, see the One Step Ahead link on the Information Security website: www.upenn.edu/computing/security/.