This document is a seminar report submitted by Abhishek Gupta to his faculty on the topic of Facebook security settings. It provides an overview of Facebook and its history and growth. It then details various Facebook security settings that users can configure to help protect their privacy and security, such as using secure browsing, adjusting privacy settings, enabling login approvals and notifications, opting out of facial recognition, and removing information from social ads. The report provides step-by-step instructions for configuring these various security settings on Facebook. It concludes with some additional security considerations for Facebook users.
Facebook Security Settings Guide for Safe Social Networking
1. A
SEMINAR REPORT
ON
FACEBOOK AND SECURITY SETTINGS
Submitted to the Faculty of Network Security
BHARTI VIDYAPEETH COLLEGE OF ENGINEERING,
PUNE.
Submitted By -:
ABHISHEK GUPTA
PRN- 080009051
Under the Guidance of -:
Mr. ALOK KUMAR
DEPARTMENT OF NETWORK SECURITY
BHARTI VIDYAPEETH COLLEGE OF ENGINEERING,
PUNE
BHARTI VIDYAPEETH UNIVERSITY
COLLEGE OF ENGINEERING
PUNE
2. CERTIFICATE
This is to certify that,
ABHISHEK GUPTA
has carried out the project on “FACEBOOK AND SECURITY SETTINGS” under my
guidance in partial fulfilment of the requirement for the doploma in Network
Security of Bharti Vidyapeeth University, Pune during the academic year 2012-13.
Mr. Alok Kumar Prof. S. B. Vanjale
(Seminar Guide) (Coordinator of Network Security)
Date:
Place: Pune
3. Acknowledgement
I’m highly obliged to the people who have given me the much needed guidance for the
seminar work.
First I would like to convey a word of gratitude to my guide, Mr. Alok Kumar for guiding me
throughout seminar work & providing me excellent support by valuable guidance & by
providing sufficient time for completion of my work. Without his immense help it would have
been really difficult to complete this work in time.
I’m also extremely grateful to Prof. SB Vanjale, Coordinator Of Network Security for
providing all facilities & every help for smooth progress of dissertation work.
4. INDEX
TOPIC PAGE NO.
• ABOUT FACEBOOK 02
• MANAGING FACEBOOK SECURITY SETTINGS 04
• FACEBOOK SECURITY 10
• FACEBOOK SECURITY SETTINGS FOR A NEW SEARCH 14
• FACEBOOK TIMELINE SECURITY AND PRIVACY 18
• REFERENCES 30
ABOUT FACEBOOK
Facebook is a social networking service launched in February 2004, owned and operated
by Facebook, Inc. As of September 2012, Facebook has over one billion active users, more
5. than half of whom use Facebook on a mobile device. Users must register before using the
site, after which they may create a personal profile, add other users as friends, and exchange
messages, including automatic notifications when they update their profile. Additionally,
users may join common-interest user groups, organized by workplace, school or college, or
other characteristics, and categorize their friends into lists such as "People From Work" or
"Close Friends".
Facebook was founded by Mark Zuckerberg with his college roommates and fellow Harvard
University students Eduardo Saverin, Andrew McCollum,Dustin Moskovitz and Chris
Hughes. The website's membership was initially limited by the founders to Harvard students,
but was expanded to other colleges in the Boston area, the Ivy League, and Stanford
University. It gradually added support for students at various other universities before
opening to high school students, and eventually to anyone aged 13 and over. Facebook now
allows any users who declare themselves to be at least 13 years old to become registered
users of the site.
In May 2005, Accel partners invested $12.7 million in Facebook, and Jim Breyer added $1
million of his own money to the pot.
According to a May 2011 Consumer Reports survey, there are 7.5 million children under 13
with accounts and 5 million under 10, violating the site's terms of service.
A January 2009 Compete.com study ranked Facebook as the most used social networking
service by worldwide monthly active users. Entertainment Weekly included the site on its
end-of-the-decade "best-of" list, saying, "How on earth did we stalk our exes, remember our
co-workers' birthdays, bug our friends, and play a rousing game of Scrabulous before
Facebook?" Critics, such as Facebook Detox, state that Facebook has turned into a national
6. obsession in the United States, resulting in vast amounts of time lost and encouraging
narcissism. Quantcast estimates Facebook has 138.9 million monthly unique U.S. visitors in
May 2011. According to Social Media Today, in April 2010 an estimated 41.6% (129.5 million)
of the U.S. population had a Facebook account. Nevertheless, Facebook's market growth
started to stall in some regions, with the site losing 7 million active users in the United States
and Canada in May 2011.
The name of the service stems from the colloquial name for the book given to students at the
start of the academic year by some university administrations in the United States to help
students get to know each other.
MANAGING FACEBOOK SECURITY SETTINGS
7. Social networks like Facebook are open to phishing, malware and other unwanted problems.
While there is no perfect solution, you can change your Facebook security settings to help
increase your privacy and safety.
Using a Secure (HTTPS) Connection
By default, Facebook does not encrypt your access credentials. Using a secured connection is
important, because without it, it’s extremely easy for a hacker to sniff your credentials and
quickly access your account. HTTPS solves this problem by encrypting your login cookies and
other data.
You can sign up for Facebook HTTPS by doing the following:
1. Click the drop down arrow next to Home on the upper right side of the screen and
select Account Settings.
2. Click Security in the left navigation panel.
3. Click Edit next to Secure Browsing.
4. Select the Browse Facebook on a secure connection (https) whenever
possible checkbox.
5. Click Save Changes.
Adjusting your Facebook Security Settings
The highest Facebook security setting for protecting your personal information is the Friends
option. Unless you want the whole Facebook network world to see all your profile, photos
and videos, it should be limited to people you trust. The other less secure settings options are
Network and Friends, Friends of Friends and Everyone.
To manage your Facebook privacy settings:
8. 1. Click the drop down arrow next to Home on the upper right side of the screen and
select Privacy Settings.
2. In the Control Your Default Privacy section, select your default security setting for all
of your Facebook posts (i.e., status updates, photos, links, etc.). We recommend
selecting Friends.
Important: You can change this default setting for each post you make.
3. In the How You Connect section, click Edit Settings. This section allows you to control
how people on Facebook can contact you.
4. Determine how secure you want each one of these sections. If you are unsure, change all
of these settings to Friends with the appropriate menus.
5. In the Timeline and Tagging section, click Edit Settings. This section allows you to
control how Facebook tags affect you. We recommend selecting Friends.
6. The Profile Review feature (which is located in the Timeline and Tagging section)
allows you to review any tagged content that is added to your profile, such as pictures in
which you are tagged by friends. This feature is turned off by default. To turn this on,
click the arrow next to Review posts friends tag you in before they appear on your
timeline, and then select Enabled from the drop down menu. When you have content to
review in which you are tagged, a Pending Posts tab will appear on your profile that
allows you to post this data to your profile or not.
7. Click Back, and then click Done.
Using Login Approvals and Login Notifications
9. If you use Facebook’s Login Notifications, whenever your account is accessed from a new or
unrecognized device, Facebook sends an email to your email address to notify you.
You can also use Facebook’s Login Approvals feature for an extra layer of security. If you
choose this option, Facebook sends an access code to your mobile phone via text message
that must be used to login to your account whenever your account is accessed from a new or
unrecognized device.
To set up Facebook’s Login Approvals and Login Notifications:
1. Click the drop down arrow next to Home on the upper right side of the screen and
select Account Settings.
2. Click Security in the left navigation panel.
3. Click Edit next to Login Notifications.
4. If you want Facebook to send you an email when an unrecognized computer or device
accesses your account, click the Email checkbox in the Login Notifications section, and
then click Save Changes.
5. Click Edit next to Login Approvals.
6. If you want Facebook to send you a text message that contains an access code that must
be used when an unrecognized computer or device accesses your account, click
the Require me to enter a security code each time an unrecognized computer or
device tries to access my account checkbox in the Login Approvals section, and then
click Save Changes..
Opting out from Facebook’s Facial Recognition Feature
Facebook recently released a new feature that will “recognize” your face in photographs
uploaded to Facebook. Many privacy advocates are worried that this could lead to anyone
being able to search for information about you based on any picture of you.
To opt out of the facial recognition feature:
10. 1. Click the drop down arrow next to Home on the upper right side of the screen and
select Privacy Settings.
2. In the Timeline and Tagging section, click Edit Settings.
3. In the Who sees tag suggestions when photos that look like you are uploaded section,
click the arrow on the right hand side.
4. Click the drop-down menu and selected Disabled.
5. Click Back, and then Done.
Removing your Name and Profile Picture from Facebook Social Ads
Facebook created Social Ads a few years ago which allows your name and profile picture to
be displayed in advertisements your friends see. While this might not seem like a big deal,
their privacy policy states that your name and profile picture could be used in the future for
third party applications or ad networks unless you remove your name and profile picture
from Social Ads.
To remove your name and profile picture from Facebook Social Ads:
1. Click the drop down arrow next to Home on the upper right side of the screen and
select Account Settings.
2. In the left navigation panel, click Facebook Ads.
3. Click Edit third party ad settings.
4. From the If we allow this in the future, show my information to drop-down menu,
select No one.
5. Click Save Changes.
6. From the Facebook Ads page, click Edit social ads settings.
7. From the Pair my social actions with ads for drop-down menu, select No one.
8. Click Save Changes.
Using One Time Passwords
11. It can be risky to log into Facebook from a computer you don’t own. To get around this, you
can use the one time password feature. To do this, you must use the cell phone listed on your
Facebook account, and text the message “otp” (for one time password) to 32665. You will
receive a text message response with a one time password that you can use to access your
Facebook account. This password is only good for 20 minutes. It’s a good idea to use this
feature anyone you access Facebook from someone else’s computer.
Recovering a Hacked Account
If you see posts on your account that you didn’t write, or are unable to login, your Facebook
account may have been hacked. If your account is compromised, go to
http://www.facebook.com/hacked and follow the instructions. As soon as you do this,
Facebook will lock your account. Facebook will then ask you to complete a four step
procedure to unlock your account. Once you have recovered your account, be sure to set up
all possible security features, especially secure browsing (https) and the login notifications
feature.
Other Security Considerations
• When you create your Facebook account, don’t display your birthday, hometown or
schools you attended to everyone. Since identity theft is a big issue, limit this to family
and close friends.
• If you play games or use a lot of applications on Facebook, consider creating a new
account that does not have any personal information in it.
• Keep your Internet browser current. Since new malware and viruses are discovered all
the time, having the latest software will help eliminate these problems.
• Change your Facebook login password often. If you share a computer (or use a public
one), don’t set the option to remember any passwords you enter into websites.
• It’s great to connect on Facebook with lots of people for networking and friendship, but
be selective when adding friends that will have access to your page.
12. • Make sure you click the drop down arrow next to Home on the upper right side of the
screen and then select Log Out when you end your Facebook session. If you simply
close your browser, your account is still active. The next person to open a browser on
your computer and visit Facebook will be logged into your account.
• As a rule, don’t click on suspicious links. These might be embedded in a suspicious
spam message or video posted on a friend’s account. When you click on this link,
malware might be loaded onto your computer. The best rule is to use your common
sense.
• Clickjacking is a technique used by attackers to trick users into clicking on links or
buttons that are hidden from view. There is a tool that was created to help you avoid
clickjacking called Web of Trust (WOT), which is a free browser tool that maintains a
database of known safe sites as well as malicious sites reported by the WOT
community. You can download WOT by visitingwww.mywot.com.
Facebook Security
13. Kids and adults today are spending several hours a day on Facebook. Facebook over the last
several months has tried to incorporate several new internet safety features. These new safety
features are designed to give Facebook users better privacy.
The problem with the new security setting is that they are confusing to understand. The new
safety features do provide better internet safety for kids if they can understand them. The
biggest issue here at the at the center for internet safety and security is that not all security
setting are in one location. We will break down all the safety settings and show you what they
should be set at.
Here is a quick breakdown of the new Facebook Security Options
Everyone – All information on your profile is exposed to the entire internet. You are
completely exposed to everybody on the internet.
• This is the worst option. Don't allow any safety setting to be everyone.
Friends and Networks – Means that your friends and networks have complete access to your
entire profile.
• We don't recommend this setting because you don't know everybody in the network.
Friends of Friends – All friends and friends of your friends has complete access to your profile
• This is ok, but does give profiles more exposure than we like.
Only Friends – Only friends you approve has access to your profile
• Best safety Option. This only gives friends you approve of access to your profile.
Customize – Create custom security access to your profile.
• Don't recommend creating custom settings unless you know what your doing.
Step 1: To find the security settings click on Account → Privacy Settings. Here is the main
menu for all the security settings.
14. Step 2: Click on Profile Information. Here you will see the safety setting for your profile.
You see safety setting for Personal Info, Birthday, Education and Work, Photos, and etc. Here
is a simple breakdown of all your options. We recommend all safety settings to Only Friends.
Step 3: Click on Photo Albums. Verify that only Friends has access to view photos.
15. Step 4: Go back to Account → Privacy Settings. Click on contact information. Verify that all
setting are set to Only Friends. However, we do recommend that for the safety setting Add me
as a friend to everyone. This will allow be people to add you as a friend.
Step 5: Click on Back to Privacy and go to Applications and Websites. Click on edit settings
for What your friends can share about you. We are very displeased with Facebook on this
settings. By default Facebook allows applications that your friends use full access to your
account. These applications can can scan all the information on profile. Companies they can
16. send email or messages on products they offer. Facebook should never allow applications that
people don't use full access to profiles. Uncheck everything and hit Save Changes.
Step 6: Verify that Activity on Applications and Games Dashboards is set to Only Friends
17. FACEBOOK SECURITY SETTINGS FOR NEW SEARCH
Facebook announced this week it will make it a lot easier to search your personal page along
with all of your friends. It’s called the Facebook Graph Search. While this announcement
does not change your privacy settings on Facebook, it means if you’ve ignored your privacy
settings, now is a really good time to check it out. (Facebook wrote up more details about
how privacy works with the new search.)
Facebook says the graph search will take already existing information inside the social
network and make it a lot easier to find. If you want to find a friend who likes dogs and lives
in New York, Facebook will find those people. If you want to see photos your friends shared
of food from diners, Facebook will find those images. That means the content you have
posted in the past will turn up a lot easier. That’s why it’s a good time to look at how you’ve
used Facebook in the past and make sure you are happy with what people find out about you
when they search Facebook.
If you have never really looked at your Facebook privacy settings, let’s go through some of
the basics to help you know what people can and cannot see, whether they are a friend or
just a random person visiting your personal page.
Views from the public
You have a public page. Every person who has a Facebook page has its own link or URL.
Depending on your privacy settings, the public can see none, some or all of your information
when they visit your page. Here’s how you find your public setting. I’ll use my Facebook page
as an example. Look for the little gear box in the right hand corner just below your cover
photo.
18. The little gear box give you an option to “View As” and check your “Timeline settings.” Let’s
do “View As” first. Facebook lets you know at the top that you’re viewing your page from the
public. You can also view the page as a specific person. This is helpful if you have categorized
different friends with different
Privacy settings.
If you do not like what is viewed from the public, you can go into your Timeline Settings and
make some changes. You can also update each section of your About Me page (there’s an
edit box in the top right corner of each section) to decide what is public and what is not.
Now that you have seen what your page looks like from the public view, the next step is to
analyze what your friends can see.
Views from your friends
The new graph search will allow your friends to search information about you based on your
page likes, locations, photo tags and even the music you listen to on Spotify.
The best way to analyze what your friends can see is by looking at your Activity Log. You can
find your personal activity log right next to the button you clicked on to find your public
settings.
19. If you joined Facebook a long time ago, there is good and bad news for you. The good news?
Facebook did not archive a lot of your posts until 2007. The bad news? It can take time to
search all of your posts from the past. If you are unsure about the choices you have made in
previous years, it may be worth undergoing a tedious analysis of your Facebook activity.
You can visit your Timeline Controls to decide if you want to mass-limit your posts. Facebook
also has a number of guides that explain how to share, tag posts and photos,post your
location, and use apps.
Photo privacy
If you are concerned about the privacy on your photo albums, you need to go into your
20. photo page and view your albums. Each album has a privacy setting. You can click on the little
icon next to the name of your album (you can see what it looks like with my photo on the
right from our Chicago Architecture Cruise). Clicking on the little icon helps you decide who
can or cannot see your photos. If you see a little globe, that means it’s all public. Remember,
your cover photos are always public. Also, if you posted pictures from other apps,
like Instagram or Flickr, each of those photos will have individual privacy settings. You may
need to go through each photo in those albums if you are concerned.
Like privacy
There is no quick way to go through all of the pages you have liked on Facebook. But if
there’s any time to analyze it, this is the time. If you go to your personal Facebook page,
you’ll find your “Likes” in a box just under your cover photo. Click on an edit box to look
through some topics like music, books and movies to quickly delete extras you may not like
any more. But to get really deep into the many pages you have liked, you have to search
through the entire list. Facebook started collecting your page likes in 2008.
FACEBOOK TIMELINE SECURITY & PRIVACY
Steps to keep your account & identity safe:
Now that Facebook’s timeline feature is in the final stages of being rolled out to all users
(including, finally, to my account), it is important that everyone understands how to use the
21. feature and, most importantly, how to secure your identity and privacy in its new context.
Timeline is quite a simple feature, introduced by Facebook with the goal of putting a timeline
context behind things you post and ways you interact with the site. But now it’s even easier
for people to create a complete digital snapshot of your recent history, for better or worse.
For example, this can make it easier for prospective employers to piece together a good idea
of who you are, but is that always desirable?
It depends, specifically on which items you choose to share (and with whom). For instance, if
you had a racy night out last Friday, that might be the kind of thing you’d prefer to share
with only a few friends, and certainly not the sprawling list of Friends of Friends.
In this first part of a series on securing the timeline feature on Facebook, we dive into
restricting data sprawl through inadvertent interaction with the feature. One caveat though:
Facebook continually updates its privacy and security settings, including the help sections for
each item, so in the future, some of these screens may look different. Still, the principle of
attempting to share as little as possible by default, rather than as much as possible, seems
like a sound approach, privacy-wise.
Diving into Timeline
First, is timeline enabled on your account? When the timeline feature suddenly appeared on
my account (automatically, against my personal preference), I was presented with a
notification that it would be happening, and information about when, followed by a button
showing how to get more information in the timeline help section:
22. Then, when the date arrived, I was presented with a notification that the feature was now
enabled, like this:
Okay, so now I have it, but what to do about? First, on the Learn More page we can dig into
the nuances of the service, starting with the Privacy Options link (highlighted in the red
below)
23. When you click that link, you are taken to a landing page where we can adjust your privacy
settings, here’s the direct link in case you need that:
https://www.facebook.com/help/timeline/privacy
24.
25. First, let’s look at the options for who can see stories on my timeline:
Timeline story visibility
Here you’ll have to start making decisions about what information to share, and with whom.
It is worth noting that Facebook treats sharing items on your timeline very much like sharing
them with other features; you choose what works for you. Typically, Facebook has a couple
ways to controlling this for the user: you can manage groups of content by setting a default
to be applied to all data within that same context; or you can use their inline contextual
control menus for each item to determine piece-by-piece which items get shared, and with
whom.
26. Since it may cause problems to make your data Public by default, you’ll have to decide if you
want to share your items with Friends (+ friends of anyone tagged), only you, or some custom
combination where your preference can be more granular, with the ability to restrict certain
people or groups (which can be handy).
Here we’ll have to start making decisions whether to allow or protect information sharing by
default. Remember, you can always increase the sharing of data, but it’s very difficult to
restrict sharing once your data is sprawled out to your Friends, or their friends. Imagine
taking a racy picture intended for someone you are close to and having that accidentally
shared to the wrong group of people, and their friends, etc. It’s well nigh impossible to then
try to restrict who has a copy of that photo going forward. It’s also a good idea to restrict
Facebook photo uploads to things that wouldn’t cause hate and hurt if they seeped out into a
wider audience. After all, there are many humorous websites where screenshots of allegedly
private Facebook conversations and content sharing, and someone in an unintended
27. audience grabs a screenshot and broadcasts it to the wide world. Don’t let this happen to
you.
Assuming you want to take a more secure approach, you may start by ratcheting down your
privacy so that only you, or very select small groups of friends may see your content. If
someone legitimately gets offended that you seem to be excluding them from sharing, just
add them individually to a given group. This way it’ll be easier to control your data, which
over time is a far better security wise.
It’s also good to note that you have the ability to delete items from the timeline that you may
not want integrated into it.
As you can see, you can also just hide it from timeline, but then it still may appear elsewhere.
If there’s a reason to hide content, there’s likely a reason to delete it altogether, unless you
have compelling reasons to retain it.
Also, there are controls to hide friends’ post from appearing on your timeline by default,
which might be handy if your friends get a little carried away with sharing content you may
not consider flattering, and/or that may become visible to those groups you’d rather not
share with by default. (Consider that a prospective employer may agree with Aesop that “a
man is known by the company he keeps” and draw conclusions about you based on the lewd
iPhone snapshot that your best man put on your timeline.)
28. On the other hand, you can always just use the Report the post if it gets too far over the line
and violates Facebook’s Terms, so that may be an option to keep in the back of your mind if
your friends get a little too crazy.
Of course, you can review the content and then decide as well, on a case-by-case basis.
Here’s a screenshot of the context menu for the timeline on an item:
It’s good to know what to look for when you’re trying to control the sprawl of your data, so
keep an eye out for these context menus and you’ll have a finer degree of control.
29. Who can see what’s on your Timeline?
Next we look at who can see details about you on your timeline, like your hometown,
birthday, or other details:
Again, you can either set these directly, or use context menus on your profile to control what
information appears on your timeline, using the audience selector. It’s nice that only your
friends are allowed to post on your timeline, averting a potential privacy mess if the audience
were wider, especially if you don’t pay much attention to how many friends that your friends
are collecting on their list.
30. Also, note you can turn on the Timeline Review feature. Let’s say you want to review items
BEFORE they get posted to your timeline, here’s where you might enable that:
It’s nice that you get a Pending Post notification, so you’ll know when there’s content
awaiting approval. Also, it’s a good idea to check your activity log periodically to note
changes. Haven’t looked at yours lately? Here’s what the
31. Activity Log is all about:
Activity log
It’s a good way to take a quick look at content from the time you set up your account to the
present. It’s tough to keep up with all the content day-to-day, so this might be a quick way to
roll back the years and see if there are things you’ve missed, all in one place. Here you might
want to dive in and change sharing of one or more items that have reached a wider audience
than you planned, and/or at least KNOW what got shared and when.
32. Some European Facebook users have requested a full log from Facebook of all their content
and been provided with a substantial numbers of records, sometimes hundreds of pages in
length, burned onto a CD and shipped to them. Getting all that data is harder for North
American Facebook users, but you can submit a request for what Facebook does make
readily available here. It may be a good idea to take a peek at what content they show on
your profile, and adjust accordingly.
In our next Facebook security and privacy post we will look at reviewing our timeline from
other people’s perspective, using a tool called View As . Until then, we hope this post will
help with tuning your timeline settings to your liking.