A colleague recently shared this video that pokes fun of the “always on, gotta share everything on social networks” lifestyle for many people here in America. It is a serious issue for professionals here in the US, especially if they work in education or youth service nonprofits. In many places in the world, sharing everything online can be a life and death matter particularly for activists working in certain countries.
For the curriculum we’re developing for the E-Mediat project, a social media capacity project for NGOs in the Arab World, you can’t train NGOs on effective use of social media without addressing issues of privacy and security. This past month, I took a deep dive looking at the privacy and security how-to guides available. I thought I’d share (couldn’t resist) and summarize some of what I learned here.
There are two particularly useful guides (both available in other languages including Arabic). They are Security in a Box and Protecting Your Security Online. Both guides are written for citizens in the Middle East and North Africa who want to use technology safely to communicate, organize, and share data, but the tips and recommendations are useful for anyone working for a nonprofit who needs to mindful about privacy. Here’s a curated collection of privacy tutorials for NGOs here.
Social networking sites like Facebook make it easy for sensitive information about us to be made public unintentionally. Therefore, it is important to understand how to best protect one’s own privacy as well as others. Tactical Technology’s Security in A Box suggests asking a couple of good reflective questions about your account on any online social networking platform where you set up a presence:
- Who can access the information I am putting online?
- Who controls and owns the information I put into a social networking site?
- What information about me are my contacts passing on to other people?
- Will my contacts mind if I share information about them with other people?
- Do I trust everyone with whom I’m connected?
Publishing content on Facebook, Twitter, and other platforms has become a requirement for NGOs that want a presence and to participate on social channels. However, they should not rely on a social platform as the single host for their information. First, it is very easy for governments to block access and it can happen without warning. Also, some social networking sites may remove objectionable content themselves, rather than face a censorship battle . There are also other reasons to avoid publishing all your content on social sites.
Be careful about sharing too much information in your status updates – even if you trust your “friends.” In the United States, sharing too much information has resulted in burglaries. It is easy for someone to copy status information. Most social networks allow automatically cross posting information with other social networks. For example your tweets can be automatically shared on your Facebook account. You may be intentionally sharing sensitive information from one channel to another. Plus, it isn’t a good practice for inspiring engagement.
Some social network platforms, like Facebook, make assumptions about your privacy intentions. Some assume that you want to share your information publicly and this is reflected in the the “default” settings which are overly complex. Whenever you set up an account, make sure you understand the ins and out of privacy settings. On the site Open Book you can search Facebook and understand what is open. You can also use Reclaim Privacy, a browser tool that helps you adjust your Facebook privacy settings, although I encountered a few glitches.
The AccessNow Guide offers some critical basic tips for protecting security on free hosted email services like Google’s Gmail and Hotmail, both offers something called end-to-end encryption (HTTPS) which makes using them secure. More advice on keeping email communication, see Security in a Box tip sheet and for specifics regarding Gmail see the security check list and Hotmail’s guide. This FireFox plugin called HTTPS Everywhere is handy.
Normally, voice communication over the Internet is no more secure than unprotected email and instant messaging. Only Skype and Gizmo offer encryption for voice conversations, and then only if you are calling another VoIP user, as opposed to a mobile or landline telephone. See Security in a Box tip sheet for more options.
Be careful when accessing your social network account in public internet spaces. Delete your password and browsing history when using a browser on a public machine in an Internet cafe. See Security in A Box: How to destroy sensitive information.
Access social networking sites using https:// to safeguard your username, password and other information you post. Using https:// rather than http:// adds another layer of security by encrypting the traffic from your browser to your social networking site. See Security in A Box: How to remain anonymous and bypass censorship on the internet.
Always make sure you use secure passwords to access social networks and your email. If anyone else does get into your account, they are gaining access to a lot of information about you and about anyone else you are connected to via that social network. Change your passwords regularly as a matter of routine. See Security in A Box: How to create and maintain secure passwords for more information.
Here are some tips from AccessNow Guide on how to create strong passwords:
- Think of a phrase, rather than a single word.
- Make your passphrases twelve or more characters long; this makes it harder to crack using various software programs.
- Use a combination of symbols, numbers, uppercase and lowercase letters. One way is to include symbols and numbers for words and letters in a passphrase, which can be a saying or a line from a song or poem.
- Don’t use the same password for every account; if your password is easily intercepted when inputted online in a place that doesn’t offer HTTPS, it’s easy to intercept your log-in information and use it to access your other accounts.
- Change your passwords every 3 months or more often if you use internet cafe systems or computers other than your own.
- If you have problems remembering passwords, use a secure encrypted program like KeePass to keep track of them.
- Some accounts are compromised via lost password recovery systems. Be sure your security questions and answers for your accounts are not simple and easy to guess.
You can test the strength of your password using this online test.
Mobile phones can also have security and privacy risks. Security in a Box has an extensive set of guides on how to make sure that your mobile phone is safe.
One of the challenges of protecting privacy and security online is that the technology changes quickly and we need to be vigilant and educated. But the basic steps as reflected by the advice above can go a long way.
How are protecting your privacy on social networks? What resources have you found useful?
Update: Great Privacy Checklists