Facebook and Security Settings Report


Published on

Published in: Education, Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Facebook and Security Settings Report

  2. 2. CERTIFICATE This is to certify that, ABHISHEK GUPTA has carried out the project on “FACEBOOK AND SECURITY SETTINGS” under my guidance in partial fulfilment of the requirement for the doploma in Network Security of Bharti Vidyapeeth University, Pune during the academic year 2012-13. Mr. Alok Kumar Prof. S. B. Vanjale (Seminar Guide) (Coordinator of Network Security) Date: Place: Pune
  3. 3. Acknowledgement I’m highly obliged to the people who have given me the much needed guidance for the seminar work. First I would like to convey a word of gratitude to my guide, Mr. Alok Kumar for guiding me throughout seminar work & providing me excellent support by valuable guidance & by providing sufficient time for completion of my work. Without his immense help it would have been really difficult to complete this work in time. I’m also extremely grateful to Prof. SB Vanjale, Coordinator Of Network Security for providing all facilities & every help for smooth progress of dissertation work.
  4. 4. INDEX TOPIC PAGE NO. • ABOUT FACEBOOK 02 • MANAGING FACEBOOK SECURITY SETTINGS 04 • FACEBOOK SECURITY 10 • FACEBOOK SECURITY SETTINGS FOR A NEW SEARCH 14 • FACEBOOK TIMELINE SECURITY AND PRIVACY 18 • REFERENCES 30 ABOUT FACEBOOK Facebook is a social networking service launched in February 2004, owned and operated by Facebook, Inc. As of September 2012, Facebook has over one billion active users, more
  5. 5. than half of whom use Facebook on a mobile device. Users must register before using the site, after which they may create a personal profile, add other users as friends, and exchange messages, including automatic notifications when they update their profile. Additionally, users may join common-interest user groups, organized by workplace, school or college, or other characteristics, and categorize their friends into lists such as "People From Work" or "Close Friends". Facebook was founded by Mark Zuckerberg with his college roommates and fellow Harvard University students Eduardo Saverin, Andrew McCollum,Dustin Moskovitz and Chris Hughes. The website's membership was initially limited by the founders to Harvard students, but was expanded to other colleges in the Boston area, the Ivy League, and Stanford University. It gradually added support for students at various other universities before opening to high school students, and eventually to anyone aged 13 and over. Facebook now allows any users who declare themselves to be at least 13 years old to become registered users of the site. In May 2005, Accel partners invested $12.7 million in Facebook, and Jim Breyer added $1 million of his own money to the pot. According to a May 2011 Consumer Reports survey, there are 7.5 million children under 13 with accounts and 5 million under 10, violating the site's terms of service. A January 2009 Compete.com study ranked Facebook as the most used social networking service by worldwide monthly active users. Entertainment Weekly included the site on its end-of-the-decade "best-of" list, saying, "How on earth did we stalk our exes, remember our co-workers' birthdays, bug our friends, and play a rousing game of Scrabulous before Facebook?" Critics, such as Facebook Detox, state that Facebook has turned into a national
  6. 6. obsession in the United States, resulting in vast amounts of time lost and encouraging narcissism. Quantcast estimates Facebook has 138.9 million monthly unique U.S. visitors in May 2011. According to Social Media Today, in April 2010 an estimated 41.6% (129.5 million) of the U.S. population had a Facebook account. Nevertheless, Facebook's market growth started to stall in some regions, with the site losing 7 million active users in the United States and Canada in May 2011. The name of the service stems from the colloquial name for the book given to students at the start of the academic year by some university administrations in the United States to help students get to know each other. MANAGING FACEBOOK SECURITY SETTINGS
  7. 7. Social networks like Facebook are open to phishing, malware and other unwanted problems. While there is no perfect solution, you can change your Facebook security settings to help increase your privacy and safety. Using a Secure (HTTPS) Connection By default, Facebook does not encrypt your access credentials. Using a secured connection is important, because without it, it’s extremely easy for a hacker to sniff your credentials and quickly access your account. HTTPS solves this problem by encrypting your login cookies and other data. You can sign up for Facebook HTTPS by doing the following: 1. Click the drop down arrow next to Home on the upper right side of the screen and select Account Settings. 2. Click Security in the left navigation panel. 3. Click Edit next to Secure Browsing. 4. Select the Browse Facebook on a secure connection (https) whenever possible checkbox. 5. Click Save Changes. Adjusting your Facebook Security Settings The highest Facebook security setting for protecting your personal information is the Friends option. Unless you want the whole Facebook network world to see all your profile, photos and videos, it should be limited to people you trust. The other less secure settings options are Network and Friends, Friends of Friends and Everyone. To manage your Facebook privacy settings:
  8. 8. 1. Click the drop down arrow next to Home on the upper right side of the screen and select Privacy Settings. 2. In the Control Your Default Privacy section, select your default security setting for all of your Facebook posts (i.e., status updates, photos, links, etc.). We recommend selecting Friends. Important: You can change this default setting for each post you make. 3. In the How You Connect section, click Edit Settings. This section allows you to control how people on Facebook can contact you. 4. Determine how secure you want each one of these sections. If you are unsure, change all of these settings to Friends with the appropriate menus. 5. In the Timeline and Tagging section, click Edit Settings. This section allows you to control how Facebook tags affect you. We recommend selecting Friends. 6. The Profile Review feature (which is located in the Timeline and Tagging section) allows you to review any tagged content that is added to your profile, such as pictures in which you are tagged by friends. This feature is turned off by default. To turn this on, click the arrow next to Review posts friends tag you in before they appear on your timeline, and then select Enabled from the drop down menu. When you have content to review in which you are tagged, a Pending Posts tab will appear on your profile that allows you to post this data to your profile or not. 7. Click Back, and then click Done. Using Login Approvals and Login Notifications
  9. 9. If you use Facebook’s Login Notifications, whenever your account is accessed from a new or unrecognized device, Facebook sends an email to your email address to notify you. You can also use Facebook’s Login Approvals feature for an extra layer of security. If you choose this option, Facebook sends an access code to your mobile phone via text message that must be used to login to your account whenever your account is accessed from a new or unrecognized device. To set up Facebook’s Login Approvals and Login Notifications: 1. Click the drop down arrow next to Home on the upper right side of the screen and select Account Settings. 2. Click Security in the left navigation panel. 3. Click Edit next to Login Notifications. 4. If you want Facebook to send you an email when an unrecognized computer or device accesses your account, click the Email checkbox in the Login Notifications section, and then click Save Changes. 5. Click Edit next to Login Approvals. 6. If you want Facebook to send you a text message that contains an access code that must be used when an unrecognized computer or device accesses your account, click the Require me to enter a security code each time an unrecognized computer or device tries to access my account checkbox in the Login Approvals section, and then click Save Changes.. Opting out from Facebook’s Facial Recognition Feature Facebook recently released a new feature that will “recognize” your face in photographs uploaded to Facebook. Many privacy advocates are worried that this could lead to anyone being able to search for information about you based on any picture of you. To opt out of the facial recognition feature:
  10. 10. 1. Click the drop down arrow next to Home on the upper right side of the screen and select Privacy Settings. 2. In the Timeline and Tagging section, click Edit Settings. 3. In the Who sees tag suggestions when photos that look like you are uploaded section, click the arrow on the right hand side. 4. Click the drop-down menu and selected Disabled. 5. Click Back, and then Done. Removing your Name and Profile Picture from Facebook Social Ads Facebook created Social Ads a few years ago which allows your name and profile picture to be displayed in advertisements your friends see. While this might not seem like a big deal, their privacy policy states that your name and profile picture could be used in the future for third party applications or ad networks unless you remove your name and profile picture from Social Ads. To remove your name and profile picture from Facebook Social Ads: 1. Click the drop down arrow next to Home on the upper right side of the screen and select Account Settings. 2. In the left navigation panel, click Facebook Ads. 3. Click Edit third party ad settings. 4. From the If we allow this in the future, show my information to drop-down menu, select No one. 5. Click Save Changes. 6. From the Facebook Ads page, click Edit social ads settings. 7. From the Pair my social actions with ads for drop-down menu, select No one. 8. Click Save Changes. Using One Time Passwords
  11. 11. It can be risky to log into Facebook from a computer you don’t own. To get around this, you can use the one time password feature. To do this, you must use the cell phone listed on your Facebook account, and text the message “otp” (for one time password) to 32665. You will receive a text message response with a one time password that you can use to access your Facebook account. This password is only good for 20 minutes. It’s a good idea to use this feature anyone you access Facebook from someone else’s computer. Recovering a Hacked Account If you see posts on your account that you didn’t write, or are unable to login, your Facebook account may have been hacked. If your account is compromised, go to http://www.facebook.com/hacked and follow the instructions. As soon as you do this, Facebook will lock your account. Facebook will then ask you to complete a four step procedure to unlock your account. Once you have recovered your account, be sure to set up all possible security features, especially secure browsing (https) and the login notifications feature. Other Security Considerations • When you create your Facebook account, don’t display your birthday, hometown or schools you attended to everyone. Since identity theft is a big issue, limit this to family and close friends. • If you play games or use a lot of applications on Facebook, consider creating a new account that does not have any personal information in it. • Keep your Internet browser current. Since new malware and viruses are discovered all the time, having the latest software will help eliminate these problems. • Change your Facebook login password often. If you share a computer (or use a public one), don’t set the option to remember any passwords you enter into websites. • It’s great to connect on Facebook with lots of people for networking and friendship, but be selective when adding friends that will have access to your page.
  12. 12. • Make sure you click the drop down arrow next to Home on the upper right side of the screen and then select Log Out when you end your Facebook session. If you simply close your browser, your account is still active. The next person to open a browser on your computer and visit Facebook will be logged into your account. • As a rule, don’t click on suspicious links. These might be embedded in a suspicious spam message or video posted on a friend’s account. When you click on this link, malware might be loaded onto your computer. The best rule is to use your common sense. • Clickjacking is a technique used by attackers to trick users into clicking on links or buttons that are hidden from view. There is a tool that was created to help you avoid clickjacking called Web of Trust (WOT), which is a free browser tool that maintains a database of known safe sites as well as malicious sites reported by the WOT community. You can download WOT by visitingwww.mywot.com. Facebook Security
  13. 13. Kids and adults today are spending several hours a day on Facebook. Facebook over the last several months has tried to incorporate several new internet safety features. These new safety features are designed to give Facebook users better privacy. The problem with the new security setting is that they are confusing to understand. The new safety features do provide better internet safety for kids if they can understand them. The biggest issue here at the at the center for internet safety and security is that not all security setting are in one location. We will break down all the safety settings and show you what they should be set at. Here is a quick breakdown of the new Facebook Security Options Everyone – All information on your profile is exposed to the entire internet. You are completely exposed to everybody on the internet. • This is the worst option. Don't allow any safety setting to be everyone. Friends and Networks – Means that your friends and networks have complete access to your entire profile. • We don't recommend this setting because you don't know everybody in the network. Friends of Friends – All friends and friends of your friends has complete access to your profile • This is ok, but does give profiles more exposure than we like. Only Friends – Only friends you approve has access to your profile • Best safety Option. This only gives friends you approve of access to your profile. Customize – Create custom security access to your profile. • Don't recommend creating custom settings unless you know what your doing. Step 1: To find the security settings click on Account → Privacy Settings. Here is the main menu for all the security settings.
  14. 14. Step 2: Click on Profile Information. Here you will see the safety setting for your profile. You see safety setting for Personal Info, Birthday, Education and Work, Photos, and etc. Here is a simple breakdown of all your options. We recommend all safety settings to Only Friends. Step 3: Click on Photo Albums. Verify that only Friends has access to view photos.
  15. 15. Step 4: Go back to Account → Privacy Settings. Click on contact information. Verify that all setting are set to Only Friends. However, we do recommend that for the safety setting Add me as a friend to everyone. This will allow be people to add you as a friend. Step 5: Click on Back to Privacy and go to Applications and Websites. Click on edit settings for What your friends can share about you. We are very displeased with Facebook on this settings. By default Facebook allows applications that your friends use full access to your account. These applications can can scan all the information on profile. Companies they can
  16. 16. send email or messages on products they offer. Facebook should never allow applications that people don't use full access to profiles. Uncheck everything and hit Save Changes. Step 6: Verify that Activity on Applications and Games Dashboards is set to Only Friends
  17. 17. FACEBOOK SECURITY SETTINGS FOR NEW SEARCH Facebook announced this week it will make it a lot easier to search your personal page along with all of your friends. It’s called the Facebook Graph Search. While this announcement does not change your privacy settings on Facebook, it means if you’ve ignored your privacy settings, now is a really good time to check it out. (Facebook wrote up more details about how privacy works with the new search.) Facebook says the graph search will take already existing information inside the social network and make it a lot easier to find. If you want to find a friend who likes dogs and lives in New York, Facebook will find those people. If you want to see photos your friends shared of food from diners, Facebook will find those images. That means the content you have posted in the past will turn up a lot easier. That’s why it’s a good time to look at how you’ve used Facebook in the past and make sure you are happy with what people find out about you when they search Facebook. If you have never really looked at your Facebook privacy settings, let’s go through some of the basics to help you know what people can and cannot see, whether they are a friend or just a random person visiting your personal page. Views from the public You have a public page. Every person who has a Facebook page has its own link or URL. Depending on your privacy settings, the public can see none, some or all of your information when they visit your page. Here’s how you find your public setting. I’ll use my Facebook page as an example. Look for the little gear box in the right hand corner just below your cover photo.
  18. 18. The little gear box give you an option to “View As” and check your “Timeline settings.” Let’s do “View As” first. Facebook lets you know at the top that you’re viewing your page from the public. You can also view the page as a specific person. This is helpful if you have categorized different friends with different Privacy settings. If you do not like what is viewed from the public, you can go into your Timeline Settings and make some changes. You can also update each section of your About Me page (there’s an edit box in the top right corner of each section) to decide what is public and what is not. Now that you have seen what your page looks like from the public view, the next step is to analyze what your friends can see. Views from your friends The new graph search will allow your friends to search information about you based on your page likes, locations, photo tags and even the music you listen to on Spotify. The best way to analyze what your friends can see is by looking at your Activity Log. You can find your personal activity log right next to the button you clicked on to find your public settings.
  19. 19. If you joined Facebook a long time ago, there is good and bad news for you. The good news? Facebook did not archive a lot of your posts until 2007. The bad news? It can take time to search all of your posts from the past. If you are unsure about the choices you have made in previous years, it may be worth undergoing a tedious analysis of your Facebook activity. You can visit your Timeline Controls to decide if you want to mass-limit your posts. Facebook also has a number of guides that explain how to share, tag posts and photos,post your location, and use apps. Photo privacy If you are concerned about the privacy on your photo albums, you need to go into your
  20. 20. photo page and view your albums. Each album has a privacy setting. You can click on the little icon next to the name of your album (you can see what it looks like with my photo on the right from our Chicago Architecture Cruise). Clicking on the little icon helps you decide who can or cannot see your photos. If you see a little globe, that means it’s all public. Remember, your cover photos are always public. Also, if you posted pictures from other apps, like Instagram or Flickr, each of those photos will have individual privacy settings. You may need to go through each photo in those albums if you are concerned. Like privacy There is no quick way to go through all of the pages you have liked on Facebook. But if there’s any time to analyze it, this is the time. If you go to your personal Facebook page, you’ll find your “Likes” in a box just under your cover photo. Click on an edit box to look through some topics like music, books and movies to quickly delete extras you may not like any more. But to get really deep into the many pages you have liked, you have to search through the entire list. Facebook started collecting your page likes in 2008. FACEBOOK TIMELINE SECURITY & PRIVACY Steps to keep your account & identity safe: Now that Facebook’s timeline feature is in the final stages of being rolled out to all users (including, finally, to my account), it is important that everyone understands how to use the
  21. 21. feature and, most importantly, how to secure your identity and privacy in its new context. Timeline is quite a simple feature, introduced by Facebook with the goal of putting a timeline context behind things you post and ways you interact with the site. But now it’s even easier for people to create a complete digital snapshot of your recent history, for better or worse. For example, this can make it easier for prospective employers to piece together a good idea of who you are, but is that always desirable? It depends, specifically on which items you choose to share (and with whom). For instance, if you had a racy night out last Friday, that might be the kind of thing you’d prefer to share with only a few friends, and certainly not the sprawling list of Friends of Friends. In this first part of a series on securing the timeline feature on Facebook, we dive into restricting data sprawl through inadvertent interaction with the feature. One caveat though: Facebook continually updates its privacy and security settings, including the help sections for each item, so in the future, some of these screens may look different. Still, the principle of attempting to share as little as possible by default, rather than as much as possible, seems like a sound approach, privacy-wise. Diving into Timeline First, is timeline enabled on your account? When the timeline feature suddenly appeared on my account (automatically, against my personal preference), I was presented with a notification that it would be happening, and information about when, followed by a button showing how to get more information in the timeline help section:
  22. 22. Then, when the date arrived, I was presented with a notification that the feature was now enabled, like this: Okay, so now I have it, but what to do about? First, on the Learn More page we can dig into the nuances of the service, starting with the Privacy Options link (highlighted in the red below)
  23. 23. When you click that link, you are taken to a landing page where we can adjust your privacy settings, here’s the direct link in case you need that: https://www.facebook.com/help/timeline/privacy
  24. 24. First, let’s look at the options for who can see stories on my timeline: Timeline story visibility Here you’ll have to start making decisions about what information to share, and with whom. It is worth noting that Facebook treats sharing items on your timeline very much like sharing them with other features; you choose what works for you. Typically, Facebook has a couple ways to controlling this for the user: you can manage groups of content by setting a default to be applied to all data within that same context; or you can use their inline contextual control menus for each item to determine piece-by-piece which items get shared, and with whom.
  25. 25. Since it may cause problems to make your data Public by default, you’ll have to decide if you want to share your items with Friends (+ friends of anyone tagged), only you, or some custom combination where your preference can be more granular, with the ability to restrict certain people or groups (which can be handy). Here we’ll have to start making decisions whether to allow or protect information sharing by default. Remember, you can always increase the sharing of data, but it’s very difficult to restrict sharing once your data is sprawled out to your Friends, or their friends. Imagine taking a racy picture intended for someone you are close to and having that accidentally shared to the wrong group of people, and their friends, etc. It’s well nigh impossible to then try to restrict who has a copy of that photo going forward. It’s also a good idea to restrict Facebook photo uploads to things that wouldn’t cause hate and hurt if they seeped out into a wider audience. After all, there are many humorous websites where screenshots of allegedly private Facebook conversations and content sharing, and someone in an unintended
  26. 26. audience grabs a screenshot and broadcasts it to the wide world. Don’t let this happen to you. Assuming you want to take a more secure approach, you may start by ratcheting down your privacy so that only you, or very select small groups of friends may see your content. If someone legitimately gets offended that you seem to be excluding them from sharing, just add them individually to a given group. This way it’ll be easier to control your data, which over time is a far better security wise. It’s also good to note that you have the ability to delete items from the timeline that you may not want integrated into it. As you can see, you can also just hide it from timeline, but then it still may appear elsewhere. If there’s a reason to hide content, there’s likely a reason to delete it altogether, unless you have compelling reasons to retain it. Also, there are controls to hide friends’ post from appearing on your timeline by default, which might be handy if your friends get a little carried away with sharing content you may not consider flattering, and/or that may become visible to those groups you’d rather not share with by default. (Consider that a prospective employer may agree with Aesop that “a man is known by the company he keeps” and draw conclusions about you based on the lewd iPhone snapshot that your best man put on your timeline.)
  27. 27. On the other hand, you can always just use the Report the post if it gets too far over the line and violates Facebook’s Terms, so that may be an option to keep in the back of your mind if your friends get a little too crazy. Of course, you can review the content and then decide as well, on a case-by-case basis. Here’s a screenshot of the context menu for the timeline on an item: It’s good to know what to look for when you’re trying to control the sprawl of your data, so keep an eye out for these context menus and you’ll have a finer degree of control.
  28. 28. Who can see what’s on your Timeline? Next we look at who can see details about you on your timeline, like your hometown, birthday, or other details: Again, you can either set these directly, or use context menus on your profile to control what information appears on your timeline, using the audience selector. It’s nice that only your friends are allowed to post on your timeline, averting a potential privacy mess if the audience were wider, especially if you don’t pay much attention to how many friends that your friends are collecting on their list.
  29. 29. Also, note you can turn on the Timeline Review feature. Let’s say you want to review items BEFORE they get posted to your timeline, here’s where you might enable that: It’s nice that you get a Pending Post notification, so you’ll know when there’s content awaiting approval. Also, it’s a good idea to check your activity log periodically to note changes. Haven’t looked at yours lately? Here’s what the
  30. 30. Activity Log is all about: Activity log It’s a good way to take a quick look at content from the time you set up your account to the present. It’s tough to keep up with all the content day-to-day, so this might be a quick way to roll back the years and see if there are things you’ve missed, all in one place. Here you might want to dive in and change sharing of one or more items that have reached a wider audience than you planned, and/or at least KNOW what got shared and when.
  31. 31. Some European Facebook users have requested a full log from Facebook of all their content and been provided with a substantial numbers of records, sometimes hundreds of pages in length, burned onto a CD and shipped to them. Getting all that data is harder for North American Facebook users, but you can submit a request for what Facebook does make readily available here. It may be a good idea to take a peek at what content they show on your profile, and adjust accordingly. In our next Facebook security and privacy post we will look at reviewing our timeline from other people’s perspective, using a tool called View As . Until then, we hope this post will help with tuning your timeline settings to your liking.
  32. 32. REFERENCES 1. www.facebook.com/help/privacy 2. www.privatewifi.com/.../managing-your-facebook-security-settings/ 3. http://blog.aarp.org/2013/01/16/prepare-your-facebook-security-settings-for- new-search/ 4. http://lifehacker.com/5813990/the-always-up+to+date-guide-to-managing- your-facebook-privacy 5. http://www.internetsafetycenter.com/facebook-security-facebook-safety- settings-profile-safety-settngs 6. http://www.welivesecurity.com/2012/09/13/facebook-timeline-security-and- privacy-steps-to-keep-your-account-and-identity-safe/ 7. http://howto.cnet.com/8301-11310_39-57481551-285/five-minute-facebook- security-checkup/