Facebook Smart Card FB 121211_1800 Social Networks - Do s and Don ts Only establish and maintain connections with people you know and trust. Review your connections often. Assume that ANYONE can see any information about your activities, personal life, or professional life that you post and share. Ensure that your family takes similar precautions with their accounts; their privacy and sharing settings can expose your personal data. Avoid posting or tagging images of you or your family that clearly show your face. Select pictures taken at a distance, at an angle, or otherwise concealed. Never post Smartphone photos and don t use your face as a profile photo, instead, use cartoons or avatars. Use secure browser settings when possible and monitor your browsing history to ensure that you recognize all access points. Minimizing your Facebook Profile Click to access and edit Profile Go to Downward Arrow > Privacy Settings Access Facebook Privacy Setting Here Facebook has hundreds of privacy and sharing options. To control how your personal information is shared, you should use the settings shown below (such as Only Me, ) for (1) Privacy, (2) Connecting, (3) Tags, (4) Apps/Websites, (5) Info Access through Friends, and (6) Past Posts. 1 2 3 4 Limit Use of Apps ALL Boxes 5 Disable Personalization Disable Public Search 6 Limit Old Posts to
Profile Settings Facebook Smart Card FB 121211_1800 Do not login to or link third-party sites (e.g. twitter, bing) using your Facebook account. Facebook Connect shares your information, and your friends information, with third party sites that may aggregate and misuse personal information. Also, use as few apps as possible. Apps such as Farmville access and share your personal data. Apply and save the Profile settings shown below to ensure that your information is visible to only people of your choosing. - Only Me Click on Info tab to start editing Only Me Only Me Only Me Show Birthday Deactivating / Deleting Your Facebook Account Useful Links A Parent s Guide to Internet Safety Wired Kids Microsoft Safety & Security OnGuard Online To deactivate your Facebook account, go to Account Settings and select Security. To reactivate your account log in to Facebook with your email address and password. To delete your Facebook account, go to Help Center from the account menu. Type Delete into the search box. Select How do I permanently delete my account then scroll down to submit your request here. Verify that you want to delete your account. Click Submit. FB will remove your data after 14 days post security check. www.fbi.gov/stats-services/publications/parent-guide www.wiredkids.org/ www.microsoft.com/security/online-privacy/social-networking.aspx www.onguardonline.gov/topics/social-networking-sites.aspx
Google+ Smart Card G+ 121911_2000 Social Networks - Do s and Don ts Only establish and maintain connections with people you know and trust. Review your connections often. Assume that ANYONE can see any information about your activities, personal life, or professional life that you post and share. Ensure that your family takes similar precautions with their accounts; their privacy and sharing settings can expose your personal data. Avoid posting or tagging images of you or your family that clearly show your face. Select pictures taken at a distance, at an angle, or otherwise concealed. Never post Smartphone photos and don t use your face as a profile photo, instead, use cartoons or avatars. Use secure browser settings when possible and monitor your browsing history to ensure that you recognize all access points. Managing Your Google+ Profile Google+ provides privacy and sharing options using Circles. Circles are groups that users create for different types of connections, such as family, friends, or colleagues. Content is shared only with circles you select. Google+ requires that users provide real names - no pseudonyms. Click to access and edit Profile Profile Settings Apply and save the Profile settings shown below to ensure that your information is visible to only people of your choosing. This box is PUBLIC. Do not fill out additional information Select Edit Profile to make changes both Name & Profile Picture are PUBLIC DO NOT add links to other online presences, such as a webpage, Facebook, Twitter, or LinkedIn Your Circles To share information on this page with specific people, select Custom then choose appropriate Circles top button Only You Your Circles
Google+ Smart Card G+ 121911_2000 Account Settings & Minimizing Your Activities Apply the Account settings shown with arrows below to ensure that your information is shared in a limited fashion. Change as indicated Don t Add Phone Number Account settings can be accessed under Account Settings > Google+. Maintain a small Google+ "footprint". Select only important Google+ notifications as shown in the box to the left. Limit notifications to email as opposed to text. Do not connect your mobile phone to Google+ or use the Google+ mobile application, and Disable +1 on non-google Websites Do not allow contacts to tag you then automatically link to your profile Disable your circles from accessing your photo tags prior to you Limit Huddle capability only to your circles Off Check as indicated Remove Everyone Do not add outside accounts Deleting Your Google+ Profile Information or Account Useful Links A Parent s Guide to Internet Safety Wired Kids Microsoft Safety & Security OnGuard Online By default, Google+ uses your Google contact information to link your accounts from other online services, aggregating your online identity in one location. To disable this feature: Go to Account Settings > Connected Accounts Click No to Google-suggested 3 rd -party accounts Disable Google+ access to your contact information Do not manually connect other online accounts using Google+ Go to Account Settings > Account Overview www.fbi.gov/stats-services/publications/parent-guide www.wiredkids.org/ www.microsoft.com/security/online-privacy/social-networking.aspx www.onguardonline.gov/topics/social-networking-sites.aspx Delete Google+ Content removes Google+ related information such as circles, +1 s, posts, and comments Delete your entire Google profile removes all user data from Google services, including your Gmail Disable web history to prevent accumulation of your digital footprint
LinkedIn Smart Card LI 121911_1400 Social Networks -Do s and Don ts Only establish and maintain connections with people you know and trust. Review your connections often. Assume that ANYONE can see any information about your activities, personal life, or professional life that you post and share. Ensure that your family takes similar precautions with their accounts; their privacy and sharing settings can expose your personal data. Avoid posting or tagging images of you or your family that clearly show your face. Select pictures taken at a distance, at an angle, or otherwise concealed. Never post Smartphone photos and don t use your face as a profile photo, instead, use cartoons or avatars. Use secure browser settings when possible and monitor your browsing history to ensure that you recognize all access points. Managing Your LinkedIn Profile LinkedIn is a professional networking site whose users establish connections with co-workers, customers, business contacts, and potential employees and employers. Users post and share information about current and previous employment, education, military activities, Use Settings to manage visibility specialties, and interests. To limit exposure of your personal information, you can manage who can view your profile and activities. Profile Settings Apply the Profile settings shown with arrows below to ensure that your information is visible only to people of your choosing. Set to no one Set to Only you Set to totally anonymous Set to Only you Do not use a face photo for your account Set to My Connections Set to Only you LinkedIn Quick Facts There are over 100 million LinkedIn users around the world. Aside from the US, LinkedIn is widely adopted in India, Brazil, and the UK. Users tend to share information related to their careers or jobs as opposed to photographs from parties or social events. LinkedIn profiles tend to be more visible and searchable than in social networks such as Facebook. Paid LinkedIn accounts have access to more information about other users, such as connections, than free accounts. The type of information users can see about each other depends on how closely they are connected (1 st, 2 nd, or 3 rd degree).
Account Settings LinkedIn Smart Card LI 121911_1400 Apply the Account settings shown with arrows below to ensure that your information is shared in a limited fashion. Passwords Use a complex password with capital letters and numbers to ensure that attackers cannot access your account information. Closing Your LinkedIn Account If you no longer plan to use the LinkedIn service, you can close your account. Click Close your account and confirm that you want to take this action. to opt out of Partner Advertising on third party websites to opt out of Social Advertising Application Settings Third-party applications and services can access most of your personal information once you grant them permission. You should limit your use of applications to ensure that third parties cannot collect, share, or misuse your personal information. Apply the Application setting shown with arrows below to ensure that your information is visible only to people of your choosing. Do not share with Third Parties Also, avoid using the LinkedIn smartphone app to prevent accidentally collecting and sharing location data. the box. Do not share your information on Third Parties with LinkedIn. LinkedIn, by default, automatically retrieves information about the user on websites with LinkedIn Plug-In integration. Prevent sharing your activities on third-party websites with LinkedIn by unchecking the box. Useful Links A Parent s Guide to Internet Safety Wired Kids Microsoft Safety & Security OnGuard Online www.fbi.gov/stats-services/publications/parent-guide www.wiredkids.org/ www.microsoft.com/security/online-privacy/social-networking.aspx www.onguardonline.gov/topics/social-networking-sites.aspx
Twitter Smart Card Twitter 121511_1631 W2 Social Networks -Do s and Don ts Only establish and maintain connections with people you know and trust. Review your connections often. Assume that ANYONE can see any information about your activities, personal life, or professional life that you post and share. Ensure that your family takes similar precautions with their accounts; their privacy and sharing settings can expose your personal data. Avoid posting or tagging images of you or your family that clearly show your face. Select pictures taken at a distance, at an angle, or otherwise concealed. Never post Smartphone photos and don t use your face as a profile photo, instead, use cartoons or avatars. Use secure browser settings when possible and monitor your browsing history to ensure that you recognize all access points. Managing your Twitter Account Twitter is a social networking and microblogging site whose users send and read text-based posts online. The site surged to worldwide popularity with +300 million active users as of 2011, generating 300 million tweets and 1.6 billion search queries daily. Stream of tweets from people you follow Use Settings to manage visibility Each tweet is timestamped Following are people you subscribe to Followers subscribe to your tweets Private tweets will only be visible to followers you approve Hashtags (#topic) are used to mark a keyword or topic in a Tweet. Posts with hashtag are categorized by topics in the Twitter search engine. Hashtagged words that become popular become Trending Topics (ex. #jan25, #egypt, #sxsw). Mentions (@username) are used to tag a user in a Twitter update. When a public user mentions a private Twitter account, the link to the private account profile becomes public. Tweets Tweets are short text-based messages up to 140 characters that users post to Twitter. "Tweet" can refer to a post as well or to the act of posting to Twitter. Tweets are public, indexed, and searchable unless protected by the user. Many users never Tweet, choosing only to follow persons or topics of interest. Profile Settings Apply the Profile settings shown below to ensure that your information is visible only to people of your choosing. DO NOT use a face photo Use nicknames, initials, or pseudonyms Use general location, such as a country or a metropolitan area This is how your profile page will look to visitors on the web DO NOT connect to Facebook Twitter Best Practices Avoid using hashtags (#) in updates to avoid being indexed and associated with a topic by Twitter Search. Tweet responsibly. Do not provide personal details regarding your whereabouts and activities in your post. Do NOT upload links to personal photos or websites on Twitter. Do NOT allow Twitter to use your location on mobile devices. Change your Twitter username periodically to limit account exposure.
Twitter Smart Card Twitter 121511_1631 Account Settings Apply the Account settings shown below to ensure that your information is shared in a limited fashion. DO NOT connect your phone Change every ~6 months Check Protecting your tweets makes all your posts private Only those who you approve can access your tweets Click to delete all location data associated with your account Deactivating / Delete Your Twitter Account To deactive your account, go to Settings and select Account page. At the bottom of the page, click Deactive my account. After deactivation, the user can reactivate the account within 30 days. After 30 days, the account is permanently deleted. Notification & Application Settings Maintain a small digital footprint by minimizing the number of notifications. Revoke access to unnecessary third party applications. Direct message (DM) is never visible to the public Private tweets will become visible to the web when retweeted (RT) by a user with public account Block unknown or unwanted applications from accessing your account Useful Links A Parent s Guide to Internet Safety Wired Kids Microsoft Safety & Security OnGuard Online www.fbi.gov/stats-services/publications/parent-guide www.wiredkids.org/ www.microsoft.com/security/online-privacy/social-networking.aspx www.onguardonline.gov/topics/social-networking-sites.aspx
Enhancing Online Anonymity Smart Card Enhancing Online Anonymity Smart Card HK 100813_1145 Why is striving for online anonymity important? Everything you do on the Internet involves sharing your identity information Identity information can be compared across services by advertisers and data brokers to build consumer profiles This data can also be compiled by identity thieves and malicious actors to gain access to bank accounts and other sensitive information There s no such thing as total anonymity online. Generally, though, how can I make my online activity more anonymous? Use different email accounts, user names, and passwords for different kinds of activity (e.g., banking, instant messaging, social media). For more information on creating emails, see the Anonymous Email Services smart card Use a pseudonym whenever possible; don t volunteer information to websites unless they require it For more enhanced anonymity, consider using TOR, a free browser that anonymizes your IP address. To install TOR, see the Anonymous Email Services smart card Browsing VULNERABILITY: browsers allow websites to install cookies to track your online activity Recommendation: private browsers do not store most cookies Google Chrome Mozilla Firefox Caveats Secure browsing still relays your IP addresses to the websites you visit. You must close the browser for activity to be deleted. Internet Explorer 10 Apple Safari Your Internet Service Provider (ISP) can still see your browsing activity. Internet Searches VULNERABILITY: searches may be recorded and associated with IP address, user agent, or identifiers stored in cookies Recommendation: Search Obfuscation Use general search terms Identify a topic of interest from linked sites DO NOT search using location or individual name, or specific topics DuckDuckGo Uses an encrypted connection by default Only retains cookies related to users settings preferences Does not store users IP addresses, search queries, or personal information. Browser extensions for Firefox, Chrome, Internet Explorer, Safari, and Opera Available at: https://duckduckgo.com/
Enhancing Online Anonymity Smart Card Enhancing Online Anonymity Smart Card HK 100813_1145 Instant Messaging Performed on services such as Adium, Pidgin, Google Chat Allows users to send instant messages from desktop and mobile devices that may contain images, audio clips, and videos Accessed through either explicit registration or implicit registration through an email service VULNERABILITY: message histories can be intercepted; packet contents of chats can be intercepted; usernames can link to email addresses Recommendation: Off The Record (OTR) Messaging Encrypts instant messages Does not save chat logs Chat clients may store users passwords in a local text file on users PCs (Pidgin); they may also share information such as status, device, contact list, and email address in packet File Sharing Allows users to store, share, and create files such as Office Docs, image, video, and audio files Include services such as DropBox, Google Drive, Evernote Cloud or web based VULNERABILITY: sharing private information on SNS; users sharing documents; weak password protection Recommendation: Crabgrass https://we.riseup.net/crabgrass Allows users to register with only an email address Supports file sharing, collaborative wikis, group pages Shared content page Each type of shared content page has a control column Best practices include: 1) using separate emails for chatting and emailing 2) registering for chat clients with a pseudonym used only with that chat client History of document changes including names of Details concerning document permissions Recommendations: File Tea https://filetea.me/default/ Does not require registration File contents are not cached or stored server side Server never analyzes or processes the files being transferred No cache or log entry of a file transfers are kept IP addresses of users are never stored Once the file is uploaded, a link can be copied and pasted to emails or chats; once the browser window is closed, the link expires When sharing files online, be sure to 1) verify sharing permissions are set to ONLY users you wish to share with 2) verify that, if possible, links to shared files can be set to expire 3) ensure that both the sender and receiver have nonidentifying user names