Recently Nick Galov from the Tech Jury blog contacted me about an infographic he created covering the safety of our online data across popular social media networks. I felt it would be good to do a feature, so I reached out to some members from the Caribbean Cyber Support Team (Caribbeancst.com), and Ricardo Higgins from Jamaica agreed to collaborate with me to create this article. Ricardo is a Systems Administrator in Jamaica aiming to earn his place in Cyber Security.
A highlight from Ricardo: “Agreeing to help Gavin Dennis to write this article is probably the highlight of the month so far. Today being April 8, 2019. I’m not just excited because this is my first article but because, hopefully, this article can help someone to better protect their data and that of their loved ones. We decided to take a few points and expound on them to share to the masses in Jamaica and the world.“
What do you know about Facebook, Twitter, IG, etc.? Are you aware of the business models of the companies in question? How do they handle the information we willingly give to them? Often, we become engulfed in the world of social media because it’s almost unavoidable in our current digital focused world. Let’s shed some perspective on that.
Let’s dig into the question – how safe is our online data?
Our data is as safe as the controls in place to protect it. Those controls can be both technical and non-technical. Technically, social media companies could configure their IT network with strong security controls to minimise the risk of a compromise. Non-Technically they could develop procedures and a culture that protects users’ data from misuse and human error (e.g. integrity, ethics, security awareness training).
Numerous news releases and some recent public government interventions have called for social media giants to be more responsible, ethical, and honest about how they use people’s data. Based on the kind of security issues being reported in these media releases everyone has a right to be concerned, even if they don’t have a social media account. Why? Because the data being mined, lost, or misused is not only about the registered user but also their relatives, friends, lifestyles and more. Although the media has been heavily pointing fingers at the social media companies, there are many more perspectives that we as responsible adults often avoid discussing, that is, accepting responsibility for what we share online.
We’ll share a variety of perspectives throughout this post and hope that from there, you, as the reader, will feel more empowered to be a part of the solution.
The infographic extracts used throughout this post (owned by Tech Jury and used with their permission) uses two (2) categories of badges, each with four (4) factors to consider. They are
Data Collection Badge (how a social network collects data):
- Personal data and posts
- hardware and software information
- payment details
- information from outside the network
Data sharing badges (how a social network uses our data):
- data used within the network
- sent outside the network
- investigations and research
Data collected by social networks
Let’s explore some of the data collected by a few major social media companies using the badges mentioned above.
The following globally popular social networks and mobile apps all collect personal data and hardware and software information about their users:
How ‘free’ online services tend to work?
To provide a ‘free’ service, these companies have to spend money to set up servers, pay for web-hosting, hire staff to manage these resources among a myriad of things. They eventually have to get back what they invested by using the data they gathered in a way that will be beneficial to their interests.
So what should you do? Should you stop using these services?
It is a choice. We have to be careful of what we openly share on social sites and apps, Not merely to minimise our exposure to the thousands of advertisers but also because of the risk that our data might be lost or misused.
Using Facebook as an example
Facebook collects personal data from its users who connect to their platform and uses it to generate revenue in various ways such as selling that data to other companies for marketing and other purposes.
Based on the large size of Facebook its nature and complexity, It’s not surprising they have been affected by some data breaches and data misuse incidents. But think about the following questions:
- Is Facebook to be entirely blamed for reselling users’ data who freely provide it without reading their terms and conditions?
- Is Facebook to be blamed for users who stay on their platform while fully knowing that their data has been or is being used in unethical ways?
- Is Facebook has been breached due to negligence, but a user still provides their data willingly, who is really at fault?
Avoiding a data breach is very challenging, especially in large companies because even with all the fancy controls and technology, a staff member can choose to be negligent, decide to go rogue, or make an operational error that leads to a compromise. But even removing technical security are we as humans exercising compassion after recurring data breaches and ethics violations when we continue to support their business? Or are we negligent ourselves for continuing to be a part of a data sharing cycle we disagree with?
If Social Media giants didn’t have such an encouraging user base, they would not be as profitable or as large as they are. So, are we ready as users to acknowledge one of the critical issues, our continued support of their irresponsible behaviour?
It is ok to have a social media account
We have accounts on a few social platforms, but we’re also critical of what kind of information I share. I use Linkedin, Twitter and Instagram but I intentionally don’t have a Facebook account, even though Facebook owns Instagram. For those platforms I do use, I’ve accepted a certain level of risk and have taken steps to minimise any potential loss to myself if they get breached. For example, I do the following:
- I Use a unique password for each service online
- I Use multifactor authentication where feasible
- I Try to learn how to opt-out of data sharing schemes
- I Minimise publicly posting anything too personal about my life
Understanding the general business model behind FREE services
It’s a common habit among people to gravitate to “free” services, and the structure of online social sharing services are no different. If we think about it logically before signing up, we should be sceptical about how these companies are making themselves profitable to provide services to us for free. Sometimes it may not be immediately clear to the average person if there is no financial cost, sometimes they don’t care because to them free is better than paid, but behind the scenes, there is a cost of handing over our data, and it has a selling price to the right buyers.
Anything can be sold, every day we buy bottles of water, even though we have tap water. Water isn’t really what we are buying; we are buying convenience and the idea of better. Our data is a little bit of the same because when social networks get our data, they correlate it, clean up and provided it in a “better” and more usable format for someone else who is willing to be a buyer or use it towards generating income. It’s not a bad business model either because if the users agree for their data to be resold under certain circumstances in exchange for using a social service, then there is nothing unethical happening.
Side note from Ricardo: “I must admit that I have signed up and used the big 4 (Facebook, Twitter, Instagram and Whatsapp). I still use them today, but I have lessened the time spent on Facebook, Twitter and Instagram by a significant amount compared to when I first signed up for the service, and I will continue to lessen my usage until We’re eventually off a few of them.
Nothing is wrong with having a social media account; it’s all down to how you use the service and what you share. We have to understand what we are signing up with before we sign up and we have to be mindful of our security! ”
Where does it leave us all
We are left with responsibility. The responsibility to read and understand what we agree to when we sign up for a social media service. For those who might have issues understanding terms and conditions we also have the responsibility to ask someone else who can translate it.
Social media isn’t the enemy, and all resources on earth can be abused, even air, water, and food. I firmly believe that as adults we must do better to take responsibility for our lifestyles, our habits, and the information we share outside of our thoughts. If we believe we entrust our data to someone who has been repeatedly irresponsible, then we owe it to ourselves and the people around to show them we are responsible citizens and will not continue to make the same mistakes repeatedly.
Security tip from Ricardo “As bothersome as it sounds, using separate passwords for each service is a must to ensure your data is safe from those these social sharing services aren’t willing to sell your data to, If you have a challenge remembering your passwords, you can try a password manager. All you would need to remember at that point is one password, and that is to get into your password manager. I use LastPass, I couldn’t survive without it!“
Hop over to Tech Jury’s website
There’s a lot more to take away from the full Infographic over at Tech Jury; we only covered a sample. The full infographic provides useful information about how some of the popular social networks use and share our data, with brief details about related data breaches. Enlighten your mind and make smarter decisions, every day. I hope you appreciated this post. Stay informed.
View the full infographic: https://techjury.net/blog/online-data-safety-stats/
Connect with Ricardo and me on LinkedIn, links below:
- Ricardo Higgins – https://www.linkedin.com/in/ricardo-higgins-47a0a1121/
- Gavin Dennis – https://www.linkedin.com/in/gavin-dennis-security/