Privacy and Security on Social Networks | Beth's Blog

Privacy and Security on Social Networks

Digital Strategy

A colleague recently shared this video that pokes fun of  the  “always on, gotta share everything on social networks” lifestyle for many people here in America.  It is a serious issue for professionals here in the US, especially if  they work in education or youth service nonprofits.    In many places in the world,  sharing everything online can be a life and death matter particularly for activists working in certain countries.

For the curriculum we’re developing for the  E-Mediat project, a social media capacity project for NGOs in the Arab World,  you can’t train NGOs on effective use of social media without addressing issues of privacy and security.   This past month,  I took a deep dive looking at the privacy and security how-to guides available.    I thought I’d share (couldn’t resist) and summarize some of what I learned here.

There are two particularly useful guides (both available in other languages including Arabic).   They are Security in a Box and Protecting Your Security Online.    Both guides are  written for citizens in the Middle East and North Africa who want to use technology safely to communicate, organize, and share data, but the tips and recommendations are useful for anyone working for a nonprofit who needs to mindful about privacy.   Here’s a curated collection of  privacy tutorials for NGOs  here.


Social networking sites like Facebook make it easy for sensitive information about us to be made public unintentionally.   Therefore, it is important to understand how to best protect one’s own privacy as well as others. Tactical Technology’s Security in A Box suggests asking a couple of good reflective questions about your account on any online social networking platform where you set up a presence:

  • Who can access the information I am putting online?
  • Who controls and owns the information I put into a social networking site?
  • What information about me are my contacts passing on to other people?
  • Will my contacts mind if I share information about them with other people?
  • Do I trust everyone with whom I’m connected?

Publishing content on Facebook, Twitter, and other platforms has become a requirement for NGOs that want a presence and to participate on social channels.   However, they should not rely on a social platform as the single host for their information.   First, it is very easy for governments to block access and it can happen without warning.  Also,  some social networking sites may remove objectionable content themselves, rather than face a censorship battle .   There are also other reasons to avoid publishing all your content on social sites.

Be careful about sharing too much information in your status updates – even if you trust your “friends.”  In the United States,  sharing too much information has resulted in  burglaries.    It is easy for someone to copy status information.    Most social networks allow automatically cross posting  information with other social networks.  For example your tweets can be automatically shared on your Facebook account.   You may be intentionally sharing sensitive information from one channel to another.  Plus, it isn’t a good practice for inspiring engagement.

Some social network platforms, like Facebook,  make assumptions about your privacy intentions.  Some assume that you want to share your information publicly and this is reflected in the the “default” settings which are overly complex.     Whenever you set up an account, make sure you understand the ins and out of privacy settings.      On the  site Open Book you can search Facebook and understand what is open. You can also use Reclaim Privacy, a browser tool that helps you adjust your Facebook privacy settings, although I encountered a few glitches.


The AccessNow Guide offers some critical basic tips for protecting security on free hosted email services like Google’s Gmail and Hotmail, both offers something called end-to-end encryption (HTTPS) which makes using them secure.     More advice on keeping email communication, see Security in a Box tip sheet and for specifics regarding Gmail see the  security check list and Hotmail’s guide.   This FireFox plugin called HTTPS Everywhere is handy.

Normally, voice communication over the Internet is no more secure than unprotected email and instant messaging. Only Skype and Gizmo offer encryption for voice conversations, and then only if you are calling another VoIP user, as opposed to a mobile or landline telephone.  See Security in a Box tip sheet for more options.

Be careful when accessing your social network account in public internet spaces. Delete your password and browsing history when using a browser on a public machine in an Internet cafe.  See Security in A Box: How to destroy sensitive information.

Access social networking sites using https:// to safeguard your username, password and other information you post. Using https:// rather than http:// adds another layer of security by encrypting the traffic from your browser to your social networking site. See Security in A Box: How to remain anonymous and bypass censorship on the internet.


Always make sure you use secure passwords to access social networks and your email.  If anyone else does get into your account, they are gaining access to a lot of information about you and about anyone else you are connected to via that social network. Change your passwords regularly as a matter of routine. See  Security in A Box:  How to create and maintain secure passwords for more information.

Here are some tips from AccessNow Guide on how to create strong passwords:

  • Think of a phrase, rather than a single word.
  • Make your passphrases twelve or more characters long; this makes it harder to crack using various software programs.
  • Use a combination of symbols, numbers, uppercase and lowercase letters. One way is to include symbols and numbers for words and letters in a passphrase, which can be a saying or a line from a song or poem.
  • Don’t use the same password for every account; if your password is easily intercepted when inputted online in a place that doesn’t offer HTTPS, it’s easy to intercept your log-in information and use it to access your other accounts.
  • Change your passwords every 3 months or more often if you use internet cafe systems or computers other than your own.
  • If you have problems remembering passwords, use a secure encrypted program like KeePass to keep track of them.
  • Some accounts are compromised via lost password recovery systems. Be sure your security questions and answers for your accounts are not simple and easy to guess.

You can test the strength of your password using this online test.

Mobile phones can also have security and privacy risks.  Security in a Box has an extensive set of guides on how to make sure that your mobile phone is safe.

One of the challenges of protecting privacy and security online is that the technology changes quickly and we need to be vigilant and educated.    But the basic steps as reflected by the advice above can go a long way.

How are protecting your privacy on social networks?  What resources have you found useful?


Update:  Great Privacy Checklists


5 Responses

  1. Joitske says:

    Thanks, this is what I get often asked!

  2. Ilya says:

    Theres a way to protect and ensure your privacy on social netwroking sites such as Facebook. Theres a plug-in called — this plug-in allows you to post protected status updates, wall posts, comments, and even photos, the plugin encodes these posts or photos and allows you to set ‘permissions” so that only certain people you select are allowed to view the protected content. I just started using it about a week ago, and I can now post and upload anything I want without the risk of being exposed. you can get the plugin at the google chrome extenions store for free, or by going to

  3. ' says:


  4. James Kent says:

    I have a suggestion.Update Your Virus Database!

    A lot of times, when people have an antivirus program installed in their PC or cellphone, they tend to just go ahead and leave it there in the background. When a virus hits, the automatic reaction normally goes along the lines of “Man! My antivirus software isn’t doing it’s job!”, which sometimes IS the case, but it’s not ALWAYS the case.
    Virus databases of any antivirus program has updates, and these updates include the most recent virus definitions and protection against them. Let’s face it, in this day and age, you’re more likely to get hit by a newer virus than an older one. By lacking 50% of the virus definitions, you’re probably only about 25% protected, since it’s the newer 50% of the definitions, and these are the ones that are more likely to hit!
    To make the long story short, update the virus database on whatever antivirus program you’re using, be it on your PC or your cellphone! It’s just one of those “Better Safe Than Sorry” things!

  5. […] we believe to be private or confidential is often open and available without our knowledge. Reading Beth’s Blog reminded me that there are always ways to get around privacy that we sometimes forget like our […]