Social Media Privacy: Expert Q&A

Posted by · May 9, 2017 10:00 am

Facebook, Instagram, Twitter, Snapchat…the list goes on. We’re a population of over-sharers who are constantly connected to the outside world. We’re always communicating and updating the world on who we are, where we are, and what’s going on in our lives. It’s through these mediums that our privacy online can sometimes be compromised. How can we safely use these mediums and minimize our risk at the same time?

To explore this topic, we sat down with data security expert Anthony Garcia and discussed social media privacy in this increasingly less private world.

Experts Exchange: What is your current role and company?

Anthony Garcia: I work as part of the DevOps staff at Experts Exchange.

EE: What are your qualifications and certifications in online privacy?

AG: As part of my role at the company, I’m responsible for the security and privacy of the company’s employees and the website’s users.

EE: What do you see as some of the largest security risks facing social media use today?

AG: I think one of the largest dangers people face today is doxing, or the “Internet-based practice of researching and broadcasting private or identifiable information.”

EE: What social platforms pose the biggest threat to privacy and identity?

AG: Platforms that give you the ability to post publicly available information are the ones that can the reveal the most information about you since that data can be mined by anyone, so they are all a risk. Facebook, Twitter, Instagram, Snapchat, etc.

EE: What really happens with social media data mining?

AG: There are many companies that mine user information from websites and create user profiles they can then sell as a service for ad targeting. It’s not difficult for anyone to become a customer to one of these sites and use the information for nefarious purposes.

There have also been recent controversies surrounding police agencies and employers using these platforms for their benefit. As machine learning and big-data software improves, the profiles built by these companies become a lot more sophisticated and accessible. There are some data mining opt-out services available (like this one) that show how some of the major data-broker companies are gathering info as well as how to opt out of them collecting your data.

EE: What information loss and theft should consumers be concerned with?

AG: Having personal information available online is worrisome since it can lead to harassment, stalking, and identity theft. The more information someone has about you the easier it is to bypass security questions for financial or other important accounts.

There’s also the factor of the suppression of freedom of speech. There’s a worry that what you say might show up in a report of you that governments or employers could see, possibly stifling your ability to share.

EE: What is the fine print people sign on for when you allow social media apps to run on your phones or in the background?

AG: There is often too much information in the Terms of Service of a website. These terms sometimes allow some of your information to be shared without you explicitly allowing it.

There are extensions that allow you to see a summarized version of the Terms of Service for some of the major sites.

Mobile apps also often prompt you for permission to your device’s local information, such as contacts or access to some of the hardware, like the microphone or camera. Third-party apps that use your social media profile can also get access to other information from your profile that might regularly be private like your name, e-mail, and contacts. The problem with these apps is that once you grant it permission, they have your data on file and there is no guarantee they will delete it — even if you remove its permissions.

EE: How can people control their settings to protect themselves from lack of privacy with social media apps?

AG: The major thing people can do is to be careful what they post publicly. Even if you’re posting anonymously, publicly identifiable information like saying who is in your family, what school you go to, etc., can be compiled into a profile that can then be tied back to you.

You can sort of prevent this by limiting what is shared publicly, but this can be tricky with the confusing privacy policies most sites use. For example, on Facebook you can limit what you post, but people could possibly see what pictures or posts you’ve liked, or photos others might post of you with less strict settings.

There’s also passive tracking done through ad tracking and other methods that collect information on your purchases and browsing habits. Preventing these efforts usually involves opting out of the tracking, which can be tricky and time-consuming since every website you visit or purchase from will have their own Terms of Service. To prevent ad tracking, you can use browser extensions or software that detects and blocks tracking when it occurs.

If you are able to successfully opt out of tracking and only post privately, you might still be susceptible to personal information being leaked if one of your accounts gets compromised. Hackers can use spyware or other techniques to gain access to your account, and then all of the stuff you had shared privately or information hidden in your account will be accessible to them.

You are also not guaranteed that the people you share stuff with will not share it themselves.

EE: What systems or products do you recommend for securing these gaps and threats, and why?


  • To block tracking.
  • To opt out of major data brokers’ tracking efforts.
  • Review the privacy policies of different sites and set the permissions so things don’t get posted publicly by default.
  • Revisit and review the social media profiles you have and the access permissions you’ve granted to third party apps that use them for authentication.
  • You can also review the Terms of Service for sites using this extension, because knowing what the sites can share with others is important to help you decide what you will share with them.
  • Review the permissions for apps on your mobile device. You can disable things like geotagging on an app-by-app basis to make it more difficult for someone to find you with that information.
  • Most of the major social sites like Facebook and Google have a page where you can view your browsing history. Make sure to review this and remove any unknown devices.
  • Use a strong password. Extensions like lastpass can help you set different and strong passwords on sites without having to memorize all of them. If your account gets compromised because of a weak password, the steps you took to keep your data private will have been in vain.
  • Use two-factor authentication, available on most sites nowadays. This can increase the difficulty for someone trying access your account.
  • Use antivirus or antispyware software to prevent becoming compromised via malicious code. If your device becomes compromised, they can gain access to all of your accounts. Most free antivirus programs have similar detection rates, but the best defense against viruses is the user.
  • Do not click on links from people you don’t know and don’t visit sites you don’t know or that may have a poor reputation.
  • Disabling flash or java on your browsers can also go a long way if you don’t need it.