Attorney General Hector Balderas
From the Office of the Attorney General:
ALBUQUERQUE – Attorney General Hector Balderas, as New Mexico’s chief law enforcement officer, has issued a Consumer Safety Advisory intended to protect all users of Facebook in the aftermath of the revelation that Facebook gave away the personal information of some 50 million subscribers to a political campaign.
“You, as a Facebook user, are the best editor of your own information,” Attorney General Balderas said. “You can decide who can see and use your data just as you can decide who to allow into your home. However, everyone should be aware that ‘sharing’ information in cyberspace multiplies the possibility that a third party has and will use your information.”
As an example, the Attorney General explained that a business that takes data such as phone numbers, addresses, “likes” and personal opinions from a Facebook account also has access to the same information from all the individual’s Facebook friends.
A Facebook user may rely on Facebook’s promises not to share certain information or the limitations the site places on use of a user’s data. However, every time a Facebook user signs in on a different site using the Facebook login, the new site gains access to all the Facebook user’s data, all the Facebook user’s friends’ data—and the new site will share data with other outfits according to its own policies and procedures.
As alarming as it may be that your data, your friends’ data and their friends’ data may be shared without specific knowledge or permission, Attorney General Balderas advised that consumers can stop—or at least slow—the chain of data breaches through exercising a bit of self and site control.
“There are many ways a Facebook user can regain a certain amount of control of personal information, but it can be more challenging to stop the mirroring, multiplication and manipulation that starts as soon as a Facebook log-in is shared elsewhere.,” Attorney General Balderas continued.
The Attorney General noted that every time you’ve signed into an app or website using Facebook, you’ve given that entity permission to access your profile in a variety of ways – from being able to view simple data like your birthday or friends list, to actually being able to post and communicate on your behalf (think Instagram, or your mom’s Farmville account).
The Attorney General set forth a few sets of guidelines, hoping that New Mexico Facebook users will become “cyber-savvy” as well as “cyber-secure” in their use of media:
Specifically to protect your Facebook account, the Attorney General suggests visiting the Facebook site and following the instructions given there on how to tailor your “settings” or rules for using your account. Currently, Facebook has FAQs that include, among others, “How do I control who can see what’s on my profile and timeline?”, “What’s the Privacy Checkup and how can I find it?”, “What should I do if I don’t want search engines to link to my profile?”, “How do I stop people from posting on my timeline?”, and “When I post something, how do I choose who can see it?”
Among other protection measures, Attorney General Balderas suggests for using Facebook are as follows:
- Opt to use Facebook’s “verification mechanism,” which means that you require “two-factor authentication” every time you log in. With two-factor authentication, you log into Facebook with a password, then receive a code sent to another, separate device such as your cell phone, then enter the code on the Facebook site before going further with your browsing or entering on the Facebook site.
- Make sure you are comfortable with the phone and email information you have shared—and change it if you are not. To change the settings that allow shared information, click “settings”, then “privacy” under “Who can look me up?” on Facebook. Use the dropdown menu next to each setting to select who can look you up using that information. Keep in mind that you control who can see your mobile phone number or email on your profile separately, and if you’re sharing your mobile phone number or email on your profile with someone, they can look you up with it.
- Delete any “Apps” you find on your settings, especially if you don’t even know how they got there. To be on the safe side, click “x” on any apps you don’t recognize or trust to disconnect them from your profile for good. For apps you do wish to remain connected to, you can click the pencil/edit button to review what kind of permissions they have on your page. Remember, which permissions and how much control is given varies from app to app, but you should make sure that any kind of third-party access is from a source that you trust.
- Review and consider deleting “Apps” on Facebook on the box labeled “Apps Others Use.” Many of the third-party Apps your friends use can pull data on you and on your friends; if you are not comfortable with sharing that data, uncheck any boxes for Apps you don’t want.
- If you choose to delete your Facebook account altogether, you may want to see the personal data Facebook has given away first. To download that information, first, click the “account” menu down arrow at the top right of any Facebook page; then click “download a copy of your Facebook data” at the bottom of your General Account settings and finally, click “Start My Archive.” Remember that if you want to delete your account, that’s different from deactivating your account. If you deactivate the account, Facebook hides you from searches and hides your timeline, but keeps all your data ready to reinstate you—and ready to share.
When you delete a Facebook account, here is what happens: Facebook delays deletion for a few days after the request is made in case you change your mind. If you log in during the grace period, Facebook cancels the deletion. In approximately 90 days, data Facebook has stored on you may be deleted. However, copies of some material (like log records) may remain in Facebook’s database, but are “disassociated from personal identifiers”, according to the company.
Additionally, Attorney General Balderas suggests general tips for becoming more secure in any and every cyber environment:
- Don’t save your password on any public device—such as computers in cybercafes and library public access desktops;
- Always log out on other devices when you leave. Even if you “close” a browser after a session, you may be leaving your personal information open for a hacker unless you fully log out;
- Use two-step verification every time possible. It may be inconvenient, but better safe than sorry;
- Clean up your browser so that viruses found during your searches do not get stored and “phishers” don’t discover your authentication details; and
- Protect yourself from spyware and malware sometimes linked through pop-up ads on your screen or browser. One of the easier ways to eliminate spyware and malware is to use a spyware, malware and adware remover.