Security on social media or: think before oversharing and then don't

Security on social media or: think before oversharing and then don't

Tom Chantler

Summary

There are lots of reasons why people shouldn't share quite so much on social media, chief amongst them being that it may not be safe to do so. It's also unlikely that anybody is very interested in quite a lot of the things you have to say (and yes, I do realise that this second point might apply to a lot of blog posts too). Just try searching Twitter for something banal like "eating lunch" or "watching tv" if you don't believe me.

Today I'm going to look at some of the things people share on social media and explain why a bit more circumspection might be advisable in many cases.

For further reading, you could look at what the Information Commissioner's Office (ICO) has to say about online safety.

Background

In the UK the summer holidays are just around the corner which means that lots of people are going to be posting status updates to Facebook and Twitter saying things like this:

"At the airport"

"Off on hols for two weeks"

Messages like this basically translate to:

"I'm away for a bit, please come and ransack my house"

Why would anybody make a post like this? Are they showing off? Do they think it might serve some useful purpose? I even worry about setting up an Out Of Office[1] automatic email reply for similar reasons.

These are fairly extreme (yet alarmingly common) examples, but what about some less obvious examples?

Sharing information about regular movements

This one may seem a bit less harmful and is thankfully not a reference to going to the lavatory, although some people post about that too.

How often do you see somebody post on Facebook about going to the gym or similar? You might think it's okay if they are posting when they get home, but if this is a regular thing it's fairly easy to work out when they might next work out (feeble pun intended).

Posting photographs of your kids online

Just think about that for a minute. Without getting into the question about whether or not you still own your images and whether or not they can legally be used by others - on which note, did you hear about Richard Prince, the guy selling prints of other people's Instagram photographs for around $100,000 each? - are you sure you want them online for anybody to see? Or to be a bit more melodramatic about it:

Would you print out photographs of your children, write your name (and maybe some other useful personal information, like your home town, the name of your spouse, perhaps your date of birth, maybe even your address, etc) on the backs of them and then leave them lying around in public? I'm guessing not.

You can mitigate the risk somewhat by choosing your privacy settings more carefully and then making sure you're only friends on social media with people you still know in real life (not just people you used to know twenty years ago) and then you can worry if their commenting on your stuff means all of their friends can see it and so on and so on. Or you can elect not to share quite so much stuff, especially since the chances are most of your friends don't want to see it anyway. Although hopefully they won't get quite as angry as these people.

Posting photographs of your debit or credit cards online (bonus points if you include the security code)

You might think that nobody could be this stupid. Think again. Here's a Twitter account dedicated to such foolishness. People also do the same sort of thing with vouchers for XBox points, prior to using them, and then get upset when other people spend them first.

Posting details of your children going on school trips

Some people write detailed posts about their children going away on residential holidays with their schools. That can't be a great idea. Go to this place and you'll find a bunch of kids in the care of a much smaller bunch of adults that probably don't really know them that well.

Photographs of correspondence

If you feel compelled to share some of your personal correspondence online, make sure that you remove anything that you don't want to place in the public domain.

e.g. When I got cross about identity theft (I wrote about it in some detail here), I did at least blank out all of the sensitive information from this letter before tweeting it.

And don't forget, emails count as personal correspondence. Some people tweet screenshots of ticket confirmation. I'm not going to link to any specific examples, but that search just turned up a few sensitive images.

Just this minute (literally) I've seen a new one on my Facebook feed. Someone has shared a photograph of their UK practical driving test pass certificate. Amongst other information, that contains their driver licence number.

Conclusion

Social media is great and you shouldn't be frightened to use it, but you should exercise a modicum of caution before telling everybody everything that you've been up to. And then refrain in many cases. Check out the information about online safety from the ICO and above all, use your imagination and try to decide if what you're posting is likely to do you more harm than good.

If you have any other interesting examples of oversharing, please let me know in the comments section below and I'll update the article.



  1. I almost never set an automatic Out of Office email reply, even when I'm meant to. I'll either redirect my email to someone else (unlikely) or read it when I'm away. ↩︎