Saturday, June 4, 2011
Facebook Security 2 - Privacy Settings
Today I will write about Facebook's Platform for third party apps (applications made for Facebook but not by Facebook), why they're a major vulnerability for your account, and how and why to turn the Platform off and secure your account. While the Account Settings adjustments I recommended yesterday should all be easy calls (and I think FB should make them mandatory instead of opt-in), this involves a genuine trade-off: massively improved security and reduced risk of hijacking, but also the loss of those third party apps.
Third party apps are dangerous for three main reasons that I am aware of:
1. You're trusting your account's safety to more people. FB is already unreliable, and now you're depending on FB and who knows who else to protect access to your account.
2. Yesterday I begged you to enable Secure Browsing (HTTPS) for Facebook, and you did it! But most apps don't permit Secure Browsing and force you to revert to HTTP. This is like using a condom with your partner but sleeping around without protection.
3. With Platform enabled (as it is by default) you can pile up applications without realizing it. A couple of people I've helped regain control of their accounts have had piles of Apps enabled that they didn't recognize and never used. Every one of those is a vulnerability, I'd wager especially those that are sneaky about getting themselves attached to your account.
The Solution (if you can live without Mafia Wars)
1. In the upper right-hand corner select Account
2. From the drop-down menu select Privacy Settings
3. In the lower left-hand corner pic Apps and Websites: Edit your settings
4. Apps you use will list the applications that have permission to access your account and therefore potentially provide access to hijackers and identity thieves. Any there you don't recognize? That's what I'm talking about.
5. Deactivate them individually. (Even if you want to keep some, deactivate the ones you don't use.)
6. Click "Turn off all platform apps."
Ta-da! Your FB profile is now much more secure, and the inability to access Farmville might also make more productive citizen of you. I've had the Plaform turned off for a couple days now and since I didn't really use the apps nothing has changed. The core FB experience (statuses, pictures, wall postings, groups) remains the same.
Tomorrow I'll write about securing Gmail. If you use a different email service, I strongly suggest looking up security protocols because they're all under attack.