Print This Issue

One Step Ahead
April 7, 2009, Volume 55, No. 28

One Step Ahead

Another tip in a series provided by the Offices of Information Systems & Computing and Audit, Compliance & Privacy.

I want to use Facebook safely but the privacy settings are confusing

Today, 175 million users subscribe to Facebook. Stated differently, if Facebook were a country, it would be the 7th most populous in the world. 

And yet, many on Facebook, or considering going on Facebook, are worried about how to use it safely. 

Sophos, an Internet security company, has produced a Facebook Best Practices Guide, recommending how to navigate and set Facebook privacy settings to minimize one’s risk of identity theft while using the site.  The Guide can be found at www.sophos.com/security/best-practice/facebook-profile.html.
The Guide focuses on the approximately 25 privacy-related settings and, for each one, includes  a safe setting recommendation and explains the rationale for that recommendation. 

One example from the Sophos Best Practices Guide is:

Profile (edit)
Option: Profile

Sophos recommends:
“Only my friends”

Why? By default, Facebook allows all of your networks and all of your friends to be able to view your profile. As networks can contain hundreds of thousands of people (and you have no control over who else joins the network), you are instantly revealing personal information to potential identity thieves if you leave this option at its default setting.

Sophos advises that it is sensible only to allow your profile to be viewed by your friends, so you should set this option to be: “Only my friends”.

The Sophos model is one helpful educational tool for those who wish to harness a popular service while considering how to responsibly address privacy-related risks. Another helpful resource on these issues is www.techforluddites.com/2009/03/privacy-controls-in-facebook-pt-1.html


To receive weekly OneStepAhead  tips via email, send email to listserv@lists.upenn.edu with the following text in the body of the message:  sub one-step-ahead <your name>.

For additional tips, see the One Step Ahead link on the Information Security website: www.upenn.edu/computing/security/.

Almanac - April 7, 2009, Volume 55, No. 28