Social Media and Online Security: Whose Pictures Are They Anyway?

Photo of author

By Richard

There’s a whole legal area around intellectual property, copyright, trademarking, and other items that pertain to this topic too. Here again, I’ll leave it to the legal experts to speak to this.

With the ever-growing popularity of social media marketing and social commerce, the question of content privacy has become even more important.

The first rule to follow in posting information online is a simple one: don’t post anything that you can’t ultimately be OK with being totally, publicly available.

No matter how mature a social media or content-sharing platform is, I always say we’re just one overworked, underpaid engineer away from the content being made public. A dirty secret in social media is that the newer and hotter the platform, the more it’s run by the “seat of the pants” by too few people. Human error is the oldest and strongest risk to online security and privacy and it applies strongly here.

It’s not just human error on the part of those hosting your information you have to worry about: privacy controls can be confusing and you could well end up sharing content more broadly than you thought. There’s always a risk that those you’ve shared it with will make a mistake and share your information more broadly than you intended (here it’s not just a technical risk: you have to account for the human faux pas too).

There are also security risks involved. Your account can be hacked leaving your personal information in the hands of a stranger. And this happens more often than you think, as Hari Ravichandran explains in his book.

For those reasons, the most important rule is don’t share it if you can’t live without losing control of it.

Once you’ve narrowed down what you want to share to only what you can see public, there are then two key points that relate to whatever security and privacy controls the platform has in place.

Facebook, Instagram, and Twitter all have some degree of security and privacy controls over who can see your content (in the security world we call these “access controls”). Each has its own take on the matter (e.g. “friends” on Facebook or Instagram, “close friends” on Twitter, etc.) but don’t let the different terms confuse you. 

They really are the same: tools that put identified users into groups that you use to give access to your content. Since the principles behind these are the same across platforms, the two key points always apply across platforms as well.

  • Make sure you understand the permissions and the groups that the platform uses.
  • Use those permissions and groups in as simple and clear a manner as possible.

It might seem obvious to call out understanding permissions and groups the platform uses, but this can’t be overstated. When there are problems with “oversharing” it almost always stems from not fully understanding these points. 

The other critical point is that after you understand the groups and permissions enough to use them, use them in a simple and straightforward manner. Or to put it another way: don’t use customized settings.

I’m sure it’s a shock to have a security and privacy person say this: you see articles all the time about how to “lock down your Facebook settings”. I feel those are well-intentioned but a disservice. Going down the path of extreme customization will likely undermine your understanding of groups and permissions. 

Too much customization can take that understanding I said you should have and render it null and void. Customization introduces complexity and complexity is always the bane of security: it provides opportunities for our friend human error to step back into the picture. If you feel a social media platform’s built-in groups and permissions scheme doesn’t meet your needs, then don’t customize it: use another platform. 

The goal of understanding security and privacy with social media is how to strike a balance between being reasonably secure and engaged. Many security and privacy people tilt the balance towards security and privacy to the point of not being engaged. Conversely, many social media practitioners tile the other way and don’t worry about security and privacy. Too much of either isn’t a good thing: it makes people miss the benefits of social media or reap unintended consequences.

Once you understand that posting content is an act of letting go of control and then understand what actual controls you do have, you should be able to strike that same balance yourself to be a smart, engaged, and savvy social media user.

Images Courtesy of DepositPhotos