Facebook, a website which is less than a decade old, now has over a billion users. Those users share a lot of information about their lives. Where they live, who they associate with, what they like – and more. That’s a lot of information in the hands of one company, and it has repeatedly earned the attention of the media for potential security issues.
That hasn’t stopped anyone from using Facebook, however. If you’re reading this there’s a good chance that you are also a user. Should you be worried?
The Difference Between Security & Privacy
Facebook has been at the center of privacy controversies for years. But privacy is not the same thing as security. It’s possible for a site to have privacy flaws while it remains secure.
This is the case with Facebook. There are many ways for an account to be compromised, but a hack on Facebook itself is not known to be one of them. The company has not yet experienced a breach of its systems and continues to combat the possibility with an aggressive bounty program that rewards people who find dangerous bugs. We may one day wake up to find that the social network has been hacked, but it hasn’t happened yet.
Yet people have their accounts compromised and their information harvested on a regular basis. This happens not because Facebook itself has been breached but instead through social engineering, compromised apps and poor password security.
Facebook’s largest privacy issue is the fact it’s a social network. Users visit it to share their lives and to see what others are interested in. People who visit the site expect to see new things, click on links and open apps, but they often don’t know if what they’re clicking on is legit.
It’s a common scenario. A person clicks on a link to a funny video or story. The website is infected with malware or executes a phishing attack by acting as if Facebook needs additional information. It obtains the user’s information, often without the victim knowing anything is wrong. The person’s account is compromised and is soon spamming all kinds of nonsense.
The introduction of apps to Facebook expanded the site’s functionality, yet it also increased the potential for privacy concerns. When a user opens an app for the first time they provide the app some level of access to their information. That provides an avenue for data harvesting by a third party.
An app is, ultimately, only as secure as the people behind it. Even an app from a trustworthy company could become problematic if the company is hacked and access to the app gained. You should carefully consider the apps that you use and the permissions they ask for.
There are two tools that can help you with this. One is Facebook’s own permission manager. It can be accessed by going to Privacy Settings –> Ads, Apps and Websites –> Apps you use. You can see every app authorized to interact with your account and edit or remove permission. It’s a good idea to regularly prune this list by removing apps that you no longer use.
The second useful tool is PrivacyFix. It automatically checks your privacy settings for issues that might make you vulnerable to having personal information harvested and then directs you to the menu where you can fix them. It’s both easy to use and effective.
Poor Password Security
A fair number of “hacked” accounts are actually compromised because someone guessed their password. This is more common than you might think. A small percentage of users have simple passwords, but a few percent of one billion is still a heck of a lot.
You can improve your security by picking a more complex password, but why stop there? You should start using two-factor authentication as well. If this is enabled you will need both a password and a code sent to you via text message to log in from an unknown computer.
It can be annoying but it’s also extremely secure. An unauthorized user can only access your account if they have access to your text messages and know your password.
To turn on this feature go to Account Settings –> Security –> Login Approvals and click the checkmark. Turn on Login Notifications via email while you’re at it. This will alert you if anyone manages to log in to your account from an unknown device.
Conclusion: Should You Be Worried?
There’s no doubt that Facebook can be used to harvest personal information. It’s happened in the past, it is happening right now, and it will happen in the future. There will, at the least, always be some number of users who set all of their information to public.
But Facebook is as secure as you make it (for now, at least). Its servers have not suffered any known breach. The problem exists in the gap between the privacy options Facebook offers and how users understand them. I think the company could do a better job of explaining how its privacy features work, but that’s not the same as Facebook suffering a security breach.
If you must worry, be concerned about losing your account. Unauthorized access could make you the victim of defamation and/or cause your account to be removed. That can be both embarrassing and inconvenient, so take the tips in this article seriously. They are a boon to your privacy.