Social media can be a huge force for change, and in these times where many of us are bouncing in and out of lockdowns, also a vital lifeline for communication on everything from important matters to the wildly trivial. We’re all allowed our personal obsessions, after all.
However, many of us don’t think about the wider picture of what we post to social media, and what it says about us not only to those we specifically want to converse with, but the wider world as well.
There’s absolute value in our social data and what it says about us, and while we’re (mostly) happy with the trade-off of, say, using a Facebook or a Twitter this way, what about when others use that same data for potentially nefarious means.
This isn’t just a theoretical exercise, either. As the BBC reports, recently a database was put up for sale that claims to have specific details on some 700 million users of the professional social network LinkedIn.
This wasn’t the result of a hacking type attack (strictly speaking). The individual selling the records claims that they used gathered up public-facing information, a process usually referred to as “scraping”, into their massive database of information. Patiently, they had used LinkedIn’s own systems for displaying that data to pull it out into a separate database, collating individual user profiles as they went.
The asking price for all that data? $US5,000 (roughly $6,800 or so in Australian dollars).
That might not seem like much – and it does show how an individual record itself might not be viewed as all that valuable if you calculate it out – but the reality here is that personal data does have a concrete, real-world value.
Anyone buying that data potentially has names, dates of birth, possibly phone numbers and addresses – a real hacker’s paradise for potentially fooling a bank into resetting passwords, or a government authority to issuing identity documents, and so on.
What’s key here is that this is data that has been handed over willingly by each person in turn. For its part LinkedIn claims no private data was actually unveiled, but then it might not need to be if that information was able to be seen in a public way.
All of which highlights a key issue with using these platforms, and it’s that we all need to think about what data we reveal about ourselves or others when we post, and how “public” it might be.
Congratulating that old friend on their birthday, even though they’ve not put their real date of birth into Facebook? That confirms when it is, and it’s a standard security question.
Posting photos of the cute grandkids playing in the street so that others in the family can see them? Innocent intent for sure, but also possibly a pic with geo-location data in it as well.
Even those “fun” quizzes that ask you to discover your Star Wars name (or others) by matching up birth months or pet names or whatever aren’t so innocent – because again, those are pretty standard security questions.
By themselves they seem simple, but if you combine that data with other details, you can start to build a very high-level profile of just about anyone who posts to social media this way.
Now, that doesn’t mean you shouldn’t use social media at all. It just means that, like the fact that it’s sensible to put on a car seat belt when you go driving, when you’re on social media, think not only about what you’re saying but also who might see it – and what it might reveal about you to the wider world.
The phishers might not care about your opinion of the daily news or the weather, but there’s more to your data than that.