It’s no secret that large technology companies have taken over a significant portion of our lives with most people hardly noticing. The ethical and legal ramifications of this are a current topic of hot debate – but on a practical level, what can you do to gain back some control whilst still remaining connected?
Some people have decided that the free use of social media or email platforms in exchange for access to their personal details, habits, wants and wishes is too a high a price to pay and they have stopped using them. Facebook, WhatsApp and even LinkedIn have been deleted from their devices. When loss of privacy impacts your personal security, it is time to take action.
But is removing yourself completely from part, or all, of the online world necessary? As with many issues, it is a balance between what you are prepared to give up (in the way of privacy, time being shown adverts etc.) versus the benefits (keeping in contact with friends, access to gossip/news/information).
If you do want to stay connected, one thing we can all do is check our privacy settings. I realise that this will take a little time, but it shouldn’t take as long as it takes to read the terms and conditions (if anyone does) and it will give you tangible privacy benefits.
If I were to set out the most important privacy setting for some major platforms (changing from the default settings they are shipped with), they would be as follows:
Most of you will use LinkedIn and have probably already changed your settings for most of the areas (15) we advise upon for privacy and security, but have you altered how your profile appears to non-logged in members?
If not, on a mobile phone:
- Navigate to Settings >
- tap on Visibility >
- select Edit your public profile >
- go to Edit Visibility and turn off Your profile’s public visibility.
On a desktop:
- Navigate to Settings and Privacy >
- go to Visibility in the left rail >
- under Visibility of your profile & network, click on Change next to Edit your public profile >
- toggle Your profile’s public visibility to Off.
Many of us started using Zoom last March or shortly afterwards and in the rush for usability, perhaps privacy took a back seat. Boris Johnson taught us all about the need to keep the meeting ID to only those invited and making sure all of your meetings have a password. However, you can, and should, do much more. The following is a long, but important list of what you should have in place if you are still using Zoom, to protect your session against unwanted visitors (this is not the default).
- Once logged in to the Zoom portal >
- head to Settings under Personal >
- click on Meeting. You should then be able to find the settings below by scrolling down the list of settings under the Meeting section. While in a meeting, some privacy settings can be adjusted via the Share Screen button, but most control is offered in the web portal’s Settings menu >
- Turn on the Require that All Meetings are Secured with One Security option. This will require that all meetings are secured with one security option: a passcode, Waiting Room, or Only authenticated users can join meetings. If no security option is enabled, Zoom will secure all meetings with the Waiting Room >
- Enable the Waiting Room feature so that only the meeting host is allowed to admit attendees to the meeting >
- Enable the Meeting Passcode option so that all instant and scheduled meetings are both passcode-protected >
- Disable the Allow Participants to Join Before Host option to prevent participants from joining the meeting before the host arrives. Disable the Auto Saving Chats option to avoid automatically saving all in-meeting chats after the meeting starts. Disable the Send Files via Meeting chat option to prevent the spread of unwanted material. Adjust your Screen Sharing settings. It is possible to disable Screen Sharing entirely, or to limit it to just the host by selecting Host Only under Who Can Share? Disable the Annotation option to prevent host and participants from using annotation tools to add information to shared screens. Disable the Allow Removed Participants to Rejoin option so that any unwanted visitors can’t access the video call once removed.
The most important is to hide your ‘About’ information.
When clicking on a contact name in WhatsApp, it is possible to see a short bio or a statement, or just an away message. It is up to users to make this ‘About’ information private.
- Go to Settings >
- Account >
- Privacy. Tap on About and choose between My contacts or Nobody to make sure your About information is not public. Additionally, you can also choose to make your Last Seen and Profile Photo private from the Privacy tab. The process to do so is similar to the About information.
WhatsApp Ireland, Ltd has recently been in the news at the wrong end of a record-breaking €225 million fine, complete with 266 pages setting out reasons for the decision. WhatsApp breached the GDPR’s transparency requirements and had their privacy notices criticised for not being clear and comprehensive.
The grandfather of social media with a business model geared towards advertisements. Facebook constantly monitors your activity, both on and off its site, as it helps the platform to send you targeted adverts. It is possible to tailor or even delete this history data through the Off-Facebook activity page. To review and clear your Facebook history the best way is to log into your account on a desktop. It is possible to do it on mobile devices, but the process is more comprehensive on a computer.
For the desktop: Once on the main Facebook page, click
- on the downward-facing arrow in the top right corner of the screen, click on Settings and Privacy >
- and then on Settings.
- Go to Your Facebook Information in the left column.>
- Click on view you Off-Facebook activity. From this page, you can: Clear your history by clicking on the Clear history option. Please note this option is misleading. Although it disconnects your profile data from your account, stopping Facebook from targeting you with specific ads, it won’t completely prevent Facebook from collecting analytics reports from the other websites you are visiting. You need to log out completely in order to prevent such data collection. Select the Manage future activity option which is the permanent version of Clear history. When this option is turned off, companies are no longer able to supply Facebook with ad-targeting data on your online likes and dislikes. Please note that disabling Future off-Facebook activity will prevent you from signing into other apps and websites using Facebook. Click on the Manage your Off-Facebook activity option which will show you the apps and sites that have shared ads with your Facebook account. When you’re ready to clear this information, click Clear History.
It is also possible to download a copy of your Facebook information at any time. It can be a complete copy of your information, or specific types of information and date ranges that you wish to review. Downloading your information is a password protected process that only you will have access to. Once your copy has been created, it will be available for download for a few days.
On a mobile phone: To clear your history,
- tap the three-line menu in the bottom right of the Facebook app >
- scroll down to Settings and Privacy, and click on Settings >
- Under Permissions, go to Off-Facebook Activity and open the tab. Examine the apps that monitor your online activity. Once you are sure you want to remove the information tap Clear history. Within the Off-Facebook Activity tab, click on More options and select Manage Future Activity. >
- Click again on Manage Future Activity, toggle off Future off-Facebook activity and click on Turn Off.
One of the most important controls to take charge of is who can find you.
- Navigate to Settings and Privacy >
- click on Privacy and safety >
- scroll down to the Discoverability and contacts section >
- toggle off Let others find you by your email and Let others find you by your phone.
Of course, there are other platforms to consider and our advice includes enhancing privacy settings for Instagram, TikTok and SnapChat as well as Amazon, Netflix and Slack.
For all social media platforms, you should:
- Set up Two-Factor Authentication for your accounts if you can. This requires an additional security check on top of your usual login
- Use strong and unique passwords (using 3 or 4 random words) and if you can’t remember them, use a password manager
- Think about what you’re posting, and who has access to it - not only those that follow you or are on your friends list but consider who may have access publicly
- Avoid oversharing. There are other platforms such as Wire and Signal if you want to communicate with a small subset of your ‘friends’
- Avoid linking social media accounts to each other
- Consider new ‘friend’ requests carefully
- Be wary of clicking on any links you have not requested
- Always logout properly if using a third-party device or computer.
Peter Yapp, Cyber Partner at Schillings Peter started his career in investigation and has been involved in computer forensics for nearly three decades. He was a deputy director at the UK’s National Cyber Security Centre and now provides pre and post cyber security incident advice to a range of individuals, companies, boards and operators of essential services.