Contact Us

Social Media Over-Sharing...Parents Much Worse Than Their Kids!

Go Back

Social media sites make money via targeted advertising, based on the personal information we provide when we sign up and post as a user. As such, they directly benefit from and actively encourage us to provide as much personal information as possible so they can harvest it and profit from it. The single biggest danger with social media is succumbing to these pressures. This is important because once we post something online, we hand over our copyright rights to the social media platforms and they can do a whole manner of different, and often morally ambiguous things with it.

What is Over-Sharing?

Over-sharing can involve sharing too much information, either consciously or unconsciously. I’ll address conscious over-sharing first which is where we post this information intentionally online ourselves. I’ll then address unconscious over-sharing where mis-configured privacy settings on our devices and social media apps lead to our devices over-sharing our personal information without us even knowing about it. This even includes children apps too!

How do we know when we are over-sharing?

If you’re doing the following you’re most likely over-sharing;

  • Posting (either in written or photo form) your date of birth, phone number or home address. This includes posting personal information or pictures about your friends and family
  • Announcing when you’re going on holiday
  • Sharing hate or discriminating posts/messages
  • Posting your life step-by-step (e.g. what you had to eat for each meal of the day)
  • Sharing pictures of inappropriate content
  • Sharing every little accomplishment your children/pet have achieved
  • Venting about family or partner arguments
  • Posts about your finances

Conscious over-sharing

You’d be surprised what people can gather about us online and then use against us. 1 in 10 teenagers have posted their mobile number publicly online and 35% of employers have found information on social media that they’ve used to justify not hiring a job candidates. Doxing, the practice of collating publicly available personal information on people, is one activity criminals use to exploit our over-willingness to share personal information online.

I’ve set out a common scenario below which brings to life how even something as seemingly innocuous as a birthday party can, if not done correctly, can put us at undue risk;

You have an open Facebook profile meaning it appears to anyone in the world in search engine results. The fraudster now has your name and what you look like. For your birthday, you’re having a BBQ in your front garden with some pals to through back a few cold ones. Your daughter posts a couple photos from her iPhone of your wife bringing out the cake and you blowing all 43 candles out. The fraudster now has your date of birth. Naturally she tags you and everyone else who are in the photo. The fraudster now has your residential address.

From only an open profile and a couple of innocent snaps, the fraudster now has your name, your date of birth and your home address – key information needed to apply for loans or credit cards, helping them commit identity fraud against you. So, what can we do about it?

Practical tips to stay safe

  • Assume all photos can be viewed by anyone in the world (friends, family, parents, recruiters, employer). Even if your parents for example aren’t able to see the photo you’ve posted (maybe because you’re not friends with them on Facebook) they can still come across the photo via other means, e.g. somebody screenshotting it and sending it directly to them, someone else tagging them in it or posting it to their own wall.
  • Only accept friend requests on social media sites from people you know in real life.
  • Tighten privacy settings of social media accounts and set to ‘private’ so only your friends can find your profile, ensuring your profile doesn’t show up in search engine results.
  • Never post any of the following information online; date of birth, mobile/landline telephone numbers, home town, relationship status, school/work locations, graduation dates, pet names and other interests and hobbies (these can be used to guess security questions or passwords).
  • Photos taken from smart phones give away much more information than you’d think, like the GPS coordinates of where the photo was taken. Try the tool at this link http://exif.regex.info/exif.cgi - it extracts the metadata (hidden information) that’s captured by your smart phone or camera every time you snap a shot. Go to the settings on your phone and turn this functionality off.
  • When creating new profiles on a social media site;
    • Don’t create usernames or IDs that include your full name, date of birth or any information that is part of your password.
    • When completing the ‘My Details’ sections of the registration forms, think – does this site really need this information? Just because there is a space asking for your DOB doesn’t mean, necessarily, you have to complete it! Only fill in mandatory fields marked by an asterisk.
  • If you absolutely must provide your date of birth, you could always provide a date that is close but not your exact DOB. Usually the social media websites mandate in their Terms and Conditions that you must provide accurate information when registering so be aware you would be contravening their rules if you ‘consciously’ did this. The key point for them is that you confirm you are old enough to use their service. Therefore, they need the year and month of your birth only. There’s absolutely no reason for them to know the day of the month that you were born! So, should your finger slip on the keyboard and accidentally miss key the day entry then you will have better privacy in the long-run…
  • Don’t use the geo-tagging or the ‘checking-in’ features (which track your real location) as this could be an open invitation to criminals to target your property when you’re evidently out of the house or exacerbate the information available to cyber bullies or stalkers.
  • Keep messaging conversations on the social media / dating sites. If someone is trying to encourage you to move your conversation onto a different website or social media platform, this could be because they are trying to avoid the protective mechanisms in place on the original website that are there for our safety.

Unconscious over-sharing

Recent research found that by testing 111 children’s’ apps, 10% of them leaked a piece of information that could be used to locate that child. The applications we use on our devices use our personal information and do all kinds of things with it that may not be in our best interest. Normally this is fine, as a map app wouldn’t be a whole lot of use if you denied it access to your location! However, some apps put us at undue risk, insecurely sharing our sensitive data and it’s these we want to limit.

The best way to understand what your apps are sharing and with whom, is to download a privacy app like ‘Lumen’. It will quickly and easily show you which apps are actively harvesting your personal information and sharing it with unknown third parties. You can then take steps to tighten your privacy settings to prevent them doing so.

Case Study: The Fappening

A great example of where apps we use every day actually put us at more risk than we may initially think, is an event now known as ‘The Fappening’. It occurred a few years back and was where Apple’s iCloud was hacked by a small group of US-based hackers. Four hackers stole hundreds of peoples’ private photos and videos and then posted them online.

The hackers used a combination of phishing campaigns and basic ‘over-the-counter’ password cracking software. These tools guessed the top 500 passwords approved by Apple’s password policy. They ended up stealing log-on credentials of tens of thousands of iCloud users, impacting over three hundred celebrities including Jennifer Lawrence, Rhianna, Kate Upton and Kaley Cuoco. Once they compromised one email account, they used it as a stepping stone to compromise family, friends and work colleagues associated with it (i.e. in the contacts list of the hacked account).

Released images and videos included everything from the mundane selfies and scenic snaps to X-rated nude photos and videos. As you can imagine, once leaked, shady parts of the internet jumped on the opportunity to make money and posted sex tapes all-over the internet. One of the most disconcerting aspects of the hack is that when you use these two tools together, you can get access to anything the victim has ever done on their mobile device. This would provide hackers with more than just naughty pics, that could be used for extortion. I expect this almost undoubtedly took place for some of the unlucky celebrities but it just didn’t make the headlines because it was settled in private.

The whole reason why this hack happened is because most people thought that whenever you take a photo on your iPhone it just stays on your phone. Unfortunately, not. So that you can access your photos from anywhere in the world and from multiple devices, each photo on an Apple device by default syncs into Apple’s cloud called iCloud.

There was no vulnerability with Apple’s iCloud itself, it was the users’ passwords which were weak and were cracked. This is a great example of why we need to have both strong passwords but also an understanding how apps / websites use our data.

What we can do is make sure that information isn’t shared in ways we aren’t comfortable with;

  • Review permissions – before purchasing an app always review the ‘permissions’ information which outlines what the app accesses once downloaded. If you’re not comfortable with it, e.g. a torch app accessing your health information from your Fitbit, then choose a different app.
  • Update your mobile privacy settings – most smart phones now have a dedicated ‘Privacy Settings’ menu option in their settings. Review the settings here and ensure they align to your privacy preferences.
  • Use privacy enabling apps – there are a number of apps that help you manage your privacy on your mobile devices, like Lumen previously mentioned. They provide you with visibility of what actually is going on and then offer ways to lock stuff down. I’d bet my mortgage that if people had known that their nude media was being sync’d with an online iCloud account, most people would have chosen to exclude those photos from sync’ing and use a secure media vault app to store them in instead.
  • Sharing is great and as you can see we shouldn’t stop doing it…but, we should be conscious of over-sharing!

Let me know what you think, in the comments below!

Leave a Reply

Your email address will not be published. Required fields are marked *

Hacked Social Media Recovery Handbook!

Pop your email into the form below and we'll send you the link to your free handbook!

We hate spam and won't send you mindless marketing emails. We share some internet safety tips. You of course can unsubscribe at any time.

Free Protection Checklist!

Pop your email into the form below and we'll send you the link to your internet safety protection checklists!

We hate spam and won't send you mindless marketing emails. We share internet safety tips. You of course can unsubscribe at any time.

Free Cyber Bullying Handbook!

Pop your email into the form below and we'll send you the link to your free handbook!

We hate spam and won't send you mindless marketing emails. We share some internet safety tips occasionally. You of course can unsubscribe at any time.

Free I've Been Hacked Handbook!

Pop your email into the form below and we'll send you the link to your free handbook!

We hate spam and won't send you mindless marketing emails. We share internet safety tips. You of course can unsubscribe at any time.