As I read my Facebook wall - I realized this isn’t new, these disclaimers had the same tone as the old chain letters, which had the stark warning, “DEADLINE tomorrow.” I suddenly got flashbacks to 1980 when my mother would walk in the door, her face full of terror, after checking the mail, holding a chain letter in her hand. She would sit down on the dining room table frantically writing the same letter over and over to make sure our family avoided famine. This Facebook hoax is the 2016 version of the chain letter– minus the hand cramps.
My first reaction, as a privacy professional, is to scream at my screen. The second reaction is to write on every single one of their walls and explain the concept of opt-in vs. opt-out and the use of Facebook privacy settings. My third reaction, after my initial annoyance subdued, was to educate; educating Facebook users about what level of privacy they should expect from a platform like Facebook.
In our society today, we fortunately have a heightened awareness of personal privacy online - we care about what people and organizations do with our personal data. This is especially true in the post-Snowden era. Yet, our urge is to share, over share, it is a human instinct. We sternly tell our children and our employees “think before you post on social media … anything you post today can be seen years from now” and “nothing is deleted in the technology era.” We question the government when there is a breach and we diligently check our credit reports to make sure we were not victims of identity theft. This increased awareness of security and privacy is borne out by industry analysts like Forrester who have seen a sea change in attitudes towards privacy, as people become more aware of the issues surrounding the sharing of personal data on social platforms. This Facebook “chain-disclaimer” proves how passionate the public is about their privacy.
However, there still lacks a fundamental understanding of online privacy since many educated people believe that you can share, share, share, but by simply pasting a short statement they will be fully protected. This then, leaves us with a question. Why doesn’t the mainstream user understand privacy? There are a number of reasons why this may be the case. I have attempted to highlight some of them here, from a technical viewpoint but I am sure sociologists, anthropologists and psychologists could offer more insights.
Breaches get a lot of media attention – but prevention isn’t top of an individual’s mind. We need more education on how to protect our personal data and understand who has access and what can be done with that data.
So what can you do to be a good digital citizen?
Mostly it’s about being aware:
Privacy aware - Use, update, and care about your privacy settings. They are there to allow you to make the choice of what you want to share and with whom. Configure your privacy settings; they are there to tell the hosting organization, e.g. Facebook, what to share and with whom. Putting a privacy disclaimer notice on your wall, or in an email, spoof or not, will not have any effect on what the hosting platform shares.
Spam aware - Fact check before spreading the good word. If it is on the Internet, even from a reputable source, it may not be true. Remember those ‘Nigerian Prince’ spoof emails? Of course he was neither a Nigerian nor a prince, but rather a popular email scam. Or remember that email from your mom telling you she is stuck in on some island without her passport and she needs $10,000 dollars? A quick check on snopes.com usually will tell you if it is true or not.
Spoof aware - Don’t share links or “like” things on Facebook to win prizes. Most of the time when you see Disney saying they are giving away free cruises, or Target has a $500 gift card for you, or Bill Gates is going to send you $10 for every share that post gets – put on your logical cap; most likely, these offers are too good to be true. Offers like these are typically after personal information, or to get access to your social profile, or even share dangerous links with friends for a social engineering attack.
At the end of the day, the Facebook privacy disclaimer hoax is a lesson for all of us on personal privacy. Social media is like a wildfire for spreading information and the more we rely on digital venues to get our news, share updates with our family, share pictures, and for professional use, the more diligent we have to be in our understanding of what privacy is and the impact it can have. In the meantime, please, please, please go delete that paragraph long status off your wall and instead post a picture of your cute kids!
About the Author
Avani Desai the President at Schellman. Avani has more than 15 years of experience in IT attestation, risk management, compliance and privacy. Avani’s primary focus is on emerging healthcare issues and privacy concerns for organizations. Named as one of the 2017 Global Leaders in Consulting by Consulting Magazine she has also been featured and published in the ISSA Journal, ITSP Magazine, ISACA Journal, Information Security Buzz, Healthcare Tech Outlook, and many more.More Content by Avani Desai