By Rob Sobers
Are social media sites really keeping our information safe? It’s a question that is becoming more pertinent — and more prominent — as individuals increasingly integrate social media into their everyday lives, and as more and more businesses use the platforms as a way to authentically connect with the customer base.
The increase in social media use isn’t the only reason individuals and businesses are increasingly focusing on the security of social media sites. Recent breaches in the news cycle have demonstrated the ability of hackers to target applications we use every day. In 2017, Instagram saw a large-scale breach in their API, which comprised the personal information of 6 million users, including several high-profile users whose contact information ended up on the dark web. Additionally last year, Gmail was targeted by a phishing scam, which affected more than 1 million users.
Even with strong privacy settings, social media applications have access to a great deal of our data. Depending on the application in question, social media sites can access everything from our name and our birthdate to our phone number, email address, mailing address, photos and videos. Additionally, apps have access to other identifying information, such as our location information, credit card information and device settings.
This level of non-privacy is concerning when considering that we don’t really know what the applications are always doing with our information — or what they’re doing to protect it.
Varonis set out to determine just what social media sites are doing to keep our personal information safe. To do so, they compared the social media privacy settings of three top sites — Facebook, LinkedIn, and Twitter — from their user-facing security measures to key implementations they’ve made behind the scenes.
Their research, which examined each social site’s own security blog, broke down the security advancements and tactics aimed to combat fraud and keep users’ information safe. From identifying fake accounts through cluster analysis (LinkedIn) to enacting policies regarding the removal of fake or abusive bots (Twitter) and implementing VPN protection to allow users to access the site via VPN (Facebook), the sites are certainly taking steps to both keep users’ and their information safe.
Still, breaches aren’t the only thing causing concern around social media; the lax — and sometimes questionable — security policies of the applications themselves are as well. This year, Facebook was rocked by a privacy scandal when it was revealed that Cambridge Analytica, a political data firm hired by the Donald Trump campaign in 2016, had gained access to the private information of more than 50 million Facebook users without their consent. Even more recently, at the end of March, it was reported that Facebook has been saving and storing videos that users thought were deleted.
So, can we trust social media sites with our information? Can individuals trust the applications that have become such an integral part of their daily lives? Can businesses trust the platforms they use to promote their services, build their brand, and connect with their audience? While the Varonis infographic demonstrates that safety and privacy is something social media sites have made strides in, scandals like the one Facebook is currently embroiled in remain a reminder that we have a long way to go.
About the author
Rob Sobers is a Sr. Director at cybersecurity firm Varonis. He has been writing and designing software for over 20 years and is co-author of the book Learn Ruby the Hard Way. Prior to joining Varonis, Rob held a variety of roles in engineering, design, and professional services.