We’re coming up on three years since Mark Zuckerberg famously announced, “The age of privacy is over.” Some of us, however, still value our privacy. The nonstop Facebook information grabs of late, coupled with recent high-profile security breaches, point to the inevitable: a catastrophic breach at Facebook. When that happens, the most concentrated dossier about you, including all your personally identifiable information, will be in the wrong hands.
Facebook’s bet has always been that you are willing to sacrifice your privacy if it makes it easy for you stay up to date with friends and family, and of course see the latest beach photos of your prom date from 1974. And, fat jokes aside, that’s where I begin to care a lot.
Facebook is designed to harvest your personal information to better sell ads. Period. Maybe that practice shouldn’t be legal, but as long as it is, it should be controlled. While we have no Privacy Czar in Washington, it seems clear where certain lines can and should be drawn.
For instance, Facebook recently required users of the recently-acquired Instagram who forgot their passwords to upload pictures of a government-issued photo ID before granting access to their own accounts.
What’s next, your Social Security and insurance policy numbers? And then what happens when — not “if” — there is a breach and that information gets into the wrong hands?
If Facebook is doing as well as they claim, they should pay for the sort of authentication systems used by banks and credit agencies. After all, your personally identifying information is worth a lot more than your bank information to the right thief. But the bigger issue is the existence of this huge data bank filled with personally identifiable information.
I have a friend who alternates between four Facebook accounts, migrating among them every couple months. His theory is simple: “They will never get an accurate picture of me, so if there is ever a breach, or the company decides to flout the law, at least it will be harder for a third party to piece together who I am.” Put simply, he is doing for his privacy what neither Facebook nor lawmakers are willing to do: he’s trying to protect it.
Remember the uproar over the now-central news feed feature? No one wanted all their friends to know their every click on the site. And then it became the new norm — just like the parade of security breaches we hear about in the news. Or how about when you couldn’t permanently delete your data from the site? My friend with four Facebook profiles remembers that “era.” And then there was Beacon, a service that allowed outside companies to see users’ data to make customized ads. After a class-action lawsuit, and a $9.5 million settlement, Facebook closed that down in 2009.
If you don’t have the time to maintain four Facebook accounts, here are seven things you can do to at least minimize the damage when Facebook gets hacked.
1. Change your name. If you tweak your name just a little, or use a nickname, life will be easier for you after the inevitable hack. Open more than one account. Yes, it violates Facebook’s terms of service, but 80 million accounts already do it, says privacy expert John Sileo. And don’t be scared by the argument that anonymity leads to crime, says online security expert C. Matthew Curtin: “You can do bad things anonymously, and you can do bad things using your name.”
2. Stop geotagging your photos. Geotagging includes the latitude and longitude where a picture was taken, i.e., home. If you right-click on a photo you can find this information under “properties.” If you are using an iPhone, look under “Settings,” go to “Privacy” then “Location Services” to turn off location services for all applications or just for individual applications, like the camera. Even if you turn this feature off on your camera or smartphone, all photos you have already taken will contain the information.
3. Lie about your age. While it’s fun to get birthday greetings on your wall, it’s a key piece of information needed to steal your identity. At least post the wrong year.
4. Don’t store your credit card information on the site. Facebook has several services that require a credit card. Buyer beware.
5. Have some boundaries. When Facebook asks you where your photo was taken, keep it to yourself. There is no reason to post pictures that tell a potential thief not only where your house is, but what sort of transportation will be needed to take all your stuff. Don’t brag about new cars, especially if your photos show where you keep the keys in your kitchen. And set your privacy controls so only people you know can see stuff that could be used to create a new credit card account or the like.
6. Less is more (peace of mind). While we all have pride in the things we’ve done and the places we’ve lived, the more you tell the world about it, the more likely that information will bring you to the attention of an identity thief. Go through your timeline and remove posts that provide personally identifiable information.
7. Deactivate your account. As Mr. Miyagi told Daniel-san in The Karate Kid, “Remember, best block, no be there.” You can’t get hacked if you don’t have an account.
Bonus Pro Tip: Don’t use your Facebook password anywhere else. That’s making it way too easy for the bad guys.
Does there need to be a huge security breach that results in millions of dollars in identity theft-related crimes before users begin to question the wisdom of placing so much trust and personal data in the hands of such a mercurial company that again and again has shown that it doesn’t really understand privacy?
With more than 1 billion users — the world’s largest repository of consumer likes and dislikes in the global marketplace — Facebook is going to continue strip mining that treasure trove of data. But all signs point to a mining disaster.
The age of privacy is dead, long live the age of privacy! An identity thief can make life very difficult for you. As the hacks of the New York Times and Twitter prove, it’s only a matter of time. And how can anyone in their right mind “Like” that?