March 29, 2011 | By Randy Abrams, Director of Technical Education, Cyber Threat Analysis Center – ESET North America
Facebook and Data Leakage Prevention
OK, it is really hard to use Facebook in a title with the words “data leakage prevention” since Facebook is all about leaking data, but some people are unaware of the nefarious lengths that Facebook will go to in order to misappropriate your information.
The latest trick by the Facebook marketing staff is to tell other people that you support their advertisers. For example you may go to a restaurant, post on your wall that you went there, have an utterly miserable meal and vow to never return only to find an advertisement that says you, personally, like the restaurant.
As is the case with most things that relate to privacy at Facebook, great lengths are taken to attempt to make it so you won’t discover how to prevent more data from being shared than you are comfortable with.
In this specific case here is what you need to do to limit access to your data. First log into your Facebook account. If you do not have such an account then you have already taken the most significant step in protecting your data, but we will assume you have such an account.
The next step is to go to the upper right hand corner of the screen and click on “Account”. Next you click on “Account Settings”. On the right most tab of the account setting page you will see “Facebook Ads”. The next thing that happens is a dialog box titled “Understanding Social Ads” pops up and provides a fairly useless and ambiguous message. Just close the dialog box and you will see a drop down box titled “Allow ads on platform pages to show my information to”. You have two choices here. You can let advertisers show unspecified information to your friends or to nobody. You might think that by choosing nobody you have protected your privacy upon hitting the “save changes” box, but those sneaky, deceptive people at Facebook placed another setting down at the bottom of the page. You must scroll to the bottom of the page to access the setting “Show my social actions in Facebook Ads to”. This defaults to showing to your friends, rather than defaulting to the respectful “show to nobody” and then allow you to choose what you want to share and who you wish to endorse and when.
It is a really good idea to go through all of your Facebook settings and keep in mind that Facebook will attempt to hide anything they don’t want you to change, so make sure that you always look at the entire page. A button that seems to say you are done means that you did something, but it doesn’t mean that there isn’t more of significance further down the page.
For questions about security or suggestions of topics you would like to see here, please email me at AskESET@eset.com.