Social media lockdown: 4 privacy features you won't find in your settings

Remove geotags, revoke app permissions, and send encrypted messages to keep your life story on a need-to-know basis.

You use a social network--at least one, maybe a few. Everyone does. You probably know all about your preferred network's privacy settings, enough to make sure that the whole world doesn't know your business. But if you're paranoid--aren't we all?--you can find ways to lock down your privacy that go above and beyond even two-factor authentication.

You have to start with your social networks' settings, of course. If you don't bother to limit the visibility of your posts or to make sure you're not being tagged all over the place (thanks, facial-recognition technology), then there's no point in proceeding. Facebook has the most convoluted settings of all the social networks, so follow our how-to for complete instructions.

After you confirm that your photos, contact information, and political musings aren't on display for the world to see, you can take a few extra steps to safeguard your privacy.

Keep an eye on permissions

Every time you download a smartphone app, you allow its developers to see some of your information. Sometimes it's as basic as your name. Other times it's your address book, your Facebook or Twitter account information, your location, or your photos.

So how do you know which apps are raiding your contact list or have access to your photos? iOS apps must ask you upon installation for permission to access your contacts, location, Facebook account, and microphone, and you can easily grant or revoke such access from the Privacy section of the iOS Settings.

Android briefly had a hidden feature called App Ops that let you tightly control each app's permissions, but Google withdrew the feature three weeks after its launch late last year. Nonetheless, in Android versions 4.3 through 4.4.1, the basic App Ops settings can still be accessed via third-party controllers like App Opps 4.3/4.4 from Color Tiger. You can use this app for granular permissions control of a wide range of Android apps (social or otherwise). Just be aware that App Ops is not an official Android feature, and third-party controllers have the potential to break the apps they hook into.

An app developer would like nothing better than to have access to all of your data, and sometimes such an arrangement makes sense. For example, if you want to share your Instagram photos on another social network, it's logical for that network to request permission to see your camera roll. But that app doesn't need access to your address book, which is why you should consider using MyPermissions as a central monitoring system to keep track of the permissions you've granted.

The service, available as a desktop plug-in and as an app for iOS, Android, and Kindle Fire, monitors any app connected to your Dropbox, Facebook, Google, LinkedIn, and  Twitter accounts. If you use one of your social networks to log in to another site or app, MyPermissions will issue a notification.

Facebook already requires apps that use the "Login with Facebook" function to ask for your permission to post on your wall, but MyPermissions goes beyond that basic step.

Eavesdrop on the Web

Keeping your eye on multiple sites at the same time is easy enough, but what about the places you don't visit or the networks you don't care to sign up for? How would you know if your name is being bandied about like so much gossip in a small town? You can set up alerts with a fairly new service called Mention, a Google Alerts alternative for social networks.

Set up keyword alerts for your name--or whatever else you want to stay in the loop on--using Mention's iOS and Android apps, website, or Chrome app, and set up filters for the places you want to watch (for example, Facebook and Twitter but not blogs or forums). As with Google Alerts, you can choose the frequency of alerts. Mention seems particularly useful for public figures or companies, and it offers paid tiers for big brands, but it's a good way to monitor your social reputation.

You can stick with Google Alerts, but Mention offers a more pleasant user interface, more in-app context about the alert, stats about the frequency of your mentions, and the ability to interact with an alert--you can respond to a tweet without even leaving Mention, if you wish.

Just say no to geotags

We share photos on social networks without a second thought, but even a harmless photo can contain more information than you want it to. When you post an image, nosy folks can easily glean the location from the photo's geotags, or the information your smartphone attaches to the photos you take.

Researchers at the University of California, Berkeley, and the International Computer Science Institute put together a super-creepy project that shows just how much information you're sharing when you post on Twitter and Instagram--and those results are based just on your geotagged posts, not on the metadata from your photos. If you share enough images from a few places on a regular basis, stalkers can easily figure out where you spend the most time and use that to their advantage.

To avoid telling the world where you'll be on a given day, turn off location services when you post on social networks. You can prevent your smartphone from attaching geotags to your photos by changing the camera's settings.

Go underground

Of course, if you take your privacy especially seriously, you probably don't want to use a network that gives your information to its advertisers. New social sites and messaging apps are claiming to offer increased privacy in the form of encryption, secret groups, and use of peer-to-peer protocols to prevent tracking by corporate eyes (or the NSA).

BitTorrent, Sgrouples, Silent Circle, and Wickr are just a few of the bigger names in the secret social space, giving you ways to communicate without putting any of your data on the line.

Join the CSO newsletter!

Error: Please check your email address.

Tags Internet-based applications and servicessecuritymobile securitytwittersocial networkssocial mediainternetFacebook

More about DropboxFacebookGoogleNSA

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Caitlin McGarry

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place