The Internet can be a tricky place to navigate. Each social network has an incentive to make you post as much information as possible, websites like to gobble up your email address for marketing, and even innocuous posts on forums can give away more than you meant them to.
The savvy Social Engineer can use bits of information to piece together a profile of who you are and what you do, but it’s not just them you should be concerned about. Social networks can be minefields when it comes to what you should or shouldn’t post, but the Internet at large is just as complicated.
We know that you’ll probably enjoy posting that #poolselfie while on holiday this summer — but before you do you should take a look at these points and consider what you might be giving away before posting your #hotdogsorlegs.
There are two types of location data to think think about; data you choose to post (active), and data that is gathered by your apps and devices (passive).
When it comes to active location we have a choice of what we post. Posting a check in on Facebook or Instagram and tagging it as “James’ Awesome Pad” is not a great idea as it marks out your home address to anybody nearby. If your Instagram account is public and you usually post lots of pictures in one location and then suddenly post from another country it’s quite a good indicator that you have gone on holiday.
Passive data collection by apps is something entirely different though, as it does so without your input. If this is a company or app that you trust and you can understand what they do with that data and are comfortable with it, then no problem. It is worth taking the time to check permissions on your apps though and, yes, even take the time to read those Terms and Conditions.
What to Do
- Check privacy settings on social networks
- Disable Automatic Location tagging for status updates or tweets
- Don’t check in at your home
- Check image background for identifiable landmarks
- Read Terms & Conditions to see what an app or service will do with your location data
- Remove EXIF information from photos
- Change Camera settings to not store location information in captured images
2. Addresses & Phone Numbers
Most of us don’t give out our address to strangers on the internet – and for good reason. However, there may be times you don’t mean to expose your address to the digital world.
One reason to be very wary of what you post is that you can never be sure of what you might be giving away. As shown by Reddit user u/solebluesoul, the barcodes on your mail are actually encoded with your address by your mail carrier which can be read using certain apps. So even if you have redacted the actual address, you may want to reconsider before you post.
Giving out your personal phone number to people you don’t know or companies you may not trust isn’t a great idea either as they can use it to spam or harass you. There is a way to deal with this though, with an app called Hushed. This app allows you to create “burner” (or temporary) phone numbers you can give out in situations like these that call forward to your phone.
What to Do
- When online shopping look for “https” in place of “http” in the URL
- Don’t post your address in public forums like Reddit, Twitter or craigslist
- If meeting someone from craigslist choose a public place for security and to prevent giving away your address
- Redact or blank out address from images before posting, along with mail carrier barcodes
- Install a burner phone app like Hushed
3. Identification, Credit Cards and Banking information
Having your ID stolen is one of the most stressful things that can happen to you. Depending on what the attacker chooses to do, you could potentially be locked out of your utilities, credit cards, and even your bank account.
— Blaster (@Bullet_Wave) April 26, 2016
There is never a reason to post photos or images of your ID, personal financial information or credit cards online, especially without redacting the confidential information first, but you would be surprised just how many people do this, even somewhere as public as Twitter.
What to Do
- Don’t post images of confidential, personal financial information, or IDs online
- If you have a legitimate reason to post, redact or blank out all confidential information
4. What Happens at Work, Stays at Work
While it’s always a hazard that work can intrude on your personal life, there are reasons why it’s best to keep the two separate.
Whether it’s a horrible boss or an uncooperative coworker, these daily stresses can wear you down. Maybe you want to vent on social networks… but employers do not take kindly to rants or complaints on, and even if you choose to delete the post, remember that the Internet never forgets.
What You’re Working On
When it comes to the content of your work things can be a bit tricky. If you are working on something interesting or that you want to tell people about, remember that the information you have could be confidential and needs to remain inside the business for very good reason.
It can be tempting to imagine that your few comments won’t make any difference or that you are “only one person” — but if some privileged or confidential information reaches the wrong people (either a competitor or the press) then this could be extremely damaging to your company, and they won’t look kindly on it.
What to Do
- Create custom Friends lists on Facebook for coworkers and limit personal posts to exclude coworkers
- Don’t post work projects or other confidential information on social media or elsewhere
- Never take or email documents (physical or digital) home unless on a company approved account or device
- When work frustrations build up, find a confidant in an existing social group rather than coworkers or anyone affiliated with the business. When possible only discuss work when in person
- Don’t criticize the business (current or previous) or any colleagues on a public forum or social network
5. Watch What You Say in Digital Public Spaces
Before you reach out to your bank on Twitter when something goes wrong take a second to consider this: by publicly displaying your complaint, you link yourself to that institution, what the nature of the complaint is, and possibly more.
It’s not a stretch to imagine that if someone wants to target you, they can use this information to contact you pretending to be the bank, and potentially lure you to give out confidential information.
Some might say this scenario is unlikely but it is possible and you should keep it in mind before letting your bank (or other providers) know what’s on your mind in a public space.
What to Do
- Create additional/anonymous accounts to interact with customer services on social media
- When interacting publicly do not give specifics, save these for a private conversation
- Before you post consider what kind of information the post could give away — holiday destination and dates, home or work location etc.
- Limit visibility — if you have the option, set the post to private and make use of privacy settings.
How Do You Solve a Problem Like Information?
The majority of people know that openly posting their personal or confidential information is a problem, and avoid from it. However, the real problem with each small leak of data from your posts is that they can be collated into something much more useful — a profile of who you are, what you like, and where you are.
Take the popular website Reddit for example. On Reddit you can be as anonymous as you like, have as many accounts as you wish, and only post when you want. As Reddit is a public forum, all that anonymity doesn’t stop information leaking out.
The website SnoopSnoo shows how this is possible. Enter the username of any Reddit user and it quickly creates a dashboard about that user with data ranging from which subreddits they frequent, to the times they regularly post, to inferred information like marital status and location.
While it can be unsettling to see that much information gleaned about an anonymous account, you don’t need to spend every second worrying about ever posting to the Internet — just like in offline life, it is OK to get to know people and chat. However, it gives a good idea of how easily a profile can be made from information you post online, so it’s worth thinking about what you’re posting before you share it on the Internet.
What’s been the biggest security slip up you’ve seen? Have you been caught out by one of these? Will this post change your habits? Think there’s something we’ve missed? Let us know in the comments below!
Image Credit: Flat illustration of security center. Lock with chain around laptop. Eps10 by La1n via Shutterstock