diff --git a/README.md b/README.md index f303b10..889e67d 100644 --- a/README.md +++ b/README.md @@ -157,15 +157,21 @@ The big companies providing "free" email service, don't have a good reputation f ## Social Media +There are some serious [Privacy Concerns with Social Networking Services](https://en.wikipedia.org/wiki/Privacy_concerns_with_social_networking_services). Lock down your privacy settings, but know that even after doing so, all data intentionally and non-intentionally uploaded is effectively public. If possible, avoid using conventional social media networks. + **Security** | **Priority** | **Details and Hints** --- | --- | --- -**Check your privacy settings** | Recommended | Most social networks allow you to control your privacy settings. Ensure that your profile can only be viewed by people who are in your friends list, and you know personally. -**Only put info on social media that you wouldn’t mind being public** | Recommended | Even with tightened security settings, don’t put anything online that you wouldn’t want to be seen by anyone other than your friends. Don’t rely solely on social networks security. -**Don’t give social networking apps permissions they don’t need** | Recommended | By default many of the popular social networking apps will ask for permission to access your contacts, your call log, your location, your messaging history etc.. If they don’t need this access, don’t grant it. -**Revoke access for apps your no longer using** | Recommended | Instructions: [Facebook](https://www.facebook.com/settings?tab=applications), [Twitter](https://twitter.com/settings/applications), [LinkedIn](https://www.linkedin.com/psettings/third-party-applications), [Instagram](https://www.instagram.com/accounts/manage_access/). -**Use a secure email provider** | Optional | Most email providers completely invade your privacy intercepting both messages sent and received. [ProtonMail](https://protonmail.com) is a secure email provider, that is open source and offers end-to-end encryption. There are alternative secure mail providers (such as [CounterMail](https://countermail.com), [HushMail](https://www.hushmail.com) and [MailFence](https://mailfence.com))- but [ProtonMail](https://protonmail.com) has both a clear interface and strong security record. -**Remove metadata before uploading media** | Optional | Most smartphones and some cameras automatically attach a comprehensive set of additional data to each photograph. This usually includes things like time, date, location, camera model, user etc. Remove this data before uploading. See [this guide](https://www.makeuseof.com/tag/3-ways-to-remove-exif-metadata-from-photos-and-why-you-might-want-to/) for more info. -**Don’t have any social media accounts** | Advanced | It may seem a bit extreme, but if you're serious about data privacy and security, stay away from entering information on any social media platform. +**Check Privacy Settings** | Recommended | Most social networks allow you to control your privacy settings. Ensure that you are comfortable with your current exposure, check the settings regularly, as updates can cause these to default back to public +**Think of All Interactions as Public** | Recommended | There are still numerous methods of viewing a users 'private' content across many social networks. Therefore, before uploading, posting or commenting on anything, think "Would I mind if this was totally public?" +**Don't Reveal too Much** | Recommended | Profile information creates a goldmine of info for hackers, the kind of data that helps them personalize phishing scams. Avoid putting too much detail (DoB, Hometown, School etc) in the About section +**Be Careful what you say** | Recommended | Status updates, comments and photos can unintentionally reveal a lot more than you intended them to (such as location, preferences, contacts etc) +**Don't Share Email or Phone Number** | Recommended | Posting your real email address or mobile number, just gives hackers, trolls and spammers more munition to use against you +**Secure you Account** | Recommended | Profiles media profiles get stolen or taken over all too often. The easiest way to protect against this, is to use a unique and strong password, and enable 2-factor authentication. See the [Authentication](#authentication) section for more tips +**Don't Grant Unnecessary Permissions** | Recommended | By default many of the popular social networking apps will ask for permission to access your contacts, your call log, your location, your messaging history etc.. If they don’t need this access, don’t grant it. For Android users, check out [Bouncer](https://play.google.com/store/apps/details?id=com.samruston.permission) - an app that gives you the ability to grant permissions temporarily +**Be Careful of 3rd-Party Integrations** | Recommended | Avoid signing up for accounts using a Social Network login, revoke access to social apps you no longer use, see instructions for: [Facebook](https://www.facebook.com/settings?tab=applications), [Twitter](https://twitter.com/settings/applications), [Insta](https://www.instagram.com/accounts/manage_access/) and [LinkedIn](https://www.linkedin.com/psettings/permitted-services) +**Remove metadata before uploading media** | Optional | Most smartphones and some cameras automatically attach a comprehensive set of additional data (called [EXIF data](https://en.wikipedia.org/wiki/Exif)) to each photograph. This usually includes things like time, date, location, camera model, user etc. It can reveal a lot more data than you intended to share. Remove this data before uploading. You can remove meta data [without any special software](https://www.howtogeek.com/203592/what-is-exif-data-and-how-to-remove-it/), use [a CLI tool](https://www.funkyspacemonkey.com/how-to-remove-exif-metadata), or a desktop tool like [EXIF Tage Remover](https://rlvision.com/exif/) +**Consider False Information** | Recommended | If you just want to read, and do not intend on posting too much- consider using an alias name, and false contact details. Remember that there are still methods of tracing your account back to you, but this could mitigate a lot of threats +**Don’t have any social media accounts** | Advanced | Social media is fundamentally un-private, so for maximum online security and privacy, avoid using any mainstream social networks **Recommended Software** - [Alternative Social Media](/5_Privacy_Respecting_Software.md#social-networks)