Facebook Smart Card FB _1800

(1)

Facebook Smart Card

FB 121211_1800 Social Networks - Do’s and Don’ts

 Only establish and maintain connections with people you know and trust. Review your connections often.

 Assume that ANYONE can see any information about your

activities, personal life, or professional life that you post and share.

 Ensure that your family takes similar precautions with their accounts; their privacy and sharing settings can expose your personal data.

 Avoid posting or tagging images of you or your family that clearly show your face. Select pictures taken at a distance, at an angle, or otherwise concealed. Never post Smartphone photos and don’t use your face as a profile photo, instead, use cartoons or avatars.

 Use secure browser settings when possible and monitor your browsing history to ensure that you recognize all access points.

Minimizing your Facebook Profile

Go to Account > Privacy Preferences Go to Downward Arrow >

Privacy Settings Access Facebook Privacy Setting Here

2 1

3

4

5

6 Change to

“Friends Only”

Disable Personalization

Disable Public Search

Uncheck ALL Boxes

Limit Use of Apps

Facebook has hundreds of privacy and sharing options. To control how your personal information is shared, you should use the settings shown below (such as Only Me, Friends Only) for (1) Privacy, (2) Connecting, (3) Tags, (4) Apps/Websites, (5) Info Access through Friends, and (6) Past Posts.

Click to access and edit Profile

(2)

Facebook Smart Card

FB 121211_1800 Do not login to or link third-party sites (e.g. twitter, bing) using your Facebook account. “Facebook Connect” shares your information, and your friends’ information, with third party sites that may aggregate and misuse personal information. Also, use as few apps as possible. Apps such as Farmville access and share your personal data. Profile Settings

Apply and save the Profile settings shown below to ensure that your information is visible to only people of your choosing.

-

Deactivating / Deleting Your Facebook Account

To deactivate your Facebook account, go to Account Settings and select Security. To reactivate your account log in to Facebook with your email address and password.

To delete your Facebook account, go to Help Center from the account menu. Type Delete into the search box. Select How do I permanently delete my account then scroll down to submit your request here. Verify that you want to delete your account. Click Submit. FB will remove your data after 14 days post security check. Useful Links

A Parent’s Guide to Internet Safety www.fbi.gov/stats-services/publications/parent-guide

Wired Kids www.wiredkids.org/

Microsoft Safety & Security www.microsoft.com/security/online-privacy/social-networking.aspx OnGuard Online www.onguardonline.gov/topics/social-networking-sites.aspx

Show Birthday Change to Only Me

Change to Friends Only Change to

Only Me Click on Info tab

to start editing

Change to Friends Only

Change to Only Me

(3)

Google+ Smart Card

G+ 121911_2000 Social Networks - Do’s and Don’ts

 Assume that ANYONE can see any information about your activities, personal life, or professional life that you post and share.

 Ensure that your family takes similar precautions with their accounts; their privacy and sharing settings can expose your personal data.  Avoid posting or tagging images of you or your family that clearly show your face. Select pictures taken at a distance, at an angle, or

otherwise concealed. Never post Smartphone photos and don’t use your face as a profile photo, instead, use cartoons or avatars.  Use secure browser settings when possible and monitor your browsing history to ensure that you recognize all access points. Managing Your Google+ Profile

Google+ provides privacy and sharing options using Circles. Circles are groups that users create for different types of connections, such as family, friends, or colleagues. Content is shared only with circles you select. Google+ requires that users provide real names - no pseudonyms.

Profile Settings

Apply and save the Profile settings shown below to ensure that your information is visible to only people of your choosing. Click to access

and edit Profile

This box is PUBLIC. Do not fill out additional information

Name & Profile Picture are PUBLIC

Select Edit Profile to make changes

DO NOT add links to other online presences, such as a webpage, Facebook, Twitter, or LinkedIn

Change to YourCircles

Change to YourCircles Change to Only You

To share information on this page with specific people, select Custom then choose appropriate Circles

Uncheck top button

Uncheck

(4)

Google+ Smart Card

G+ 121911_2000 Account Settings & Minimizing Your Activities

Apply the Account settings shown with arrows below to ensure that your information is shared in a limited fashion.

Deleting Your Google+ Profile Information or Account

Useful Links

Change to “Off”

Uncheck

Remove Everyone Don’t Add Phone Number

Change as indicated

 Account settings can be accessed under Account Settings > Google+.

 Maintain a small Google+ "footprint". Select only important Google+ notifications as shown in the box to the left.

 Limit notifications to email as opposed to text.

 Do not connect your mobile phone to Google+ or use the Google+ mobile application, and Disable +1 on non-Google Websites

 Do not allow contacts to tag you then automatically link to your profile

 Disable your circles fromaccessing your photo tags prior to you

 Limit Huddle capability only to your circles

By default, Google+ uses your Google contact information to link your accounts from other online services, aggregating your online identity in one location. To disable this feature:

 Go to Account Settings > Connected Accounts

 Click “No” to Google-suggested 3rd-party accounts

 Disable Google+ access to your contact information

 Do not manually connect other online accounts using Google+

 Delete Google+ Content removes Google+ related information such as circles, +1’s, posts, and comments

 Delete your entire Google profile removes all user data from Google services, including your Gmail

 Disable web history to prevent accumulation of your digital footprint Go to Account Settings

> Account Overview Check as

indicated

Uncheck Do not add outside

accounts

Uncheck

Uncheck

Uncheck Uncheck

(5)

LinkedIn Smart Card

LI 121911_1400 Social Networks -Do’s and Don’ts

otherwise concealed. Never post Smartphone photos and don’t use your face as a profile photo, instead, use cartoons or avatars.  Use secure browser settings when possible and monitor your browsing history to ensure that you recognize all access points. Managing Your LinkedIn Profile

LinkedIn is a professional networking site whose users establish connections with co-workers, customers, business contacts, and potential employees and employers. Users post and share information about current and previous employment, education, military activities,

specialties, and interests. To limit exposure of your personal information, you can manage who can view your profile and activities. Profile Settings

Apply the Profile settings shown with arrows below to ensure that your information is visible only to people of your choosing.

LinkedIn Quick Facts

 There are over 100 million LinkedIn users around the world. Aside from the US, LinkedIn is widely adopted in India, Brazil, and the UK. Use Settings to manage visibility

Set to Only you

Set to Only you Set to totally

anonymous

Set to no one

Set to My Connections

Uncheck Set to Only you

Do not use a face photo for

(6)

LinkedIn Smart Card

LI 121911_1400 Account Settings

Apply the Account settings shown with arrows below to ensure that your information is shared in a limited fashion.

Passwords

Use a complex password with capital letters and numbers to ensure that attackers cannot access your account information.

Closing Your LinkedIn Account

If you no longer plan to use the LinkedIn service, you can close your account. Click Close your account and confirm that you want to take this action.

Application Settings

Third-party applications and services can access most of your personal information once you grant them permission. You should limit your use of applications to ensure that third parties cannot collect, share, or misuse your personal information. Apply the Application setting shown with arrows below to ensure that your information is visible only to people of your choosing.

Also, avoid using the LinkedIn smartphone app to prevent accidentally collecting and sharing location data.

LinkedIn, by default, automatically retrieves information about the user on websites with LinkedIn Plug-In integration. Prevent sharing your activities on third-party websites with LinkedIn by unchecking the box.

Useful Links

Do not share with Third Parties Uncheck to opt out

of Social Advertising

Uncheck the box. Do not share your information on Third Parties with LinkedIn. Uncheck to opt outof

Partner Advertising on third party websites

(7)

Twitter Smart Card

Twitter 121511_1631

W2

Social Networks -Do’s and Don’ts

otherwise concealed. Never post Smartphone photos and don’t use your face as a profile photo, instead, use cartoons or avatars.  Use secure browser settings when possible and monitor your browsing history to ensure that you recognize all access points. Managing your Twitter Account

Twitter is a social networking and microblogging site whose users send and read text-based posts online. The site surged to worldwide popularity with +300 million active users as of 2011, generating 300 million tweets and 1.6 billion search queries daily.

Tweets

“Tweets” are short text-based messages – up to 140 characters – that users post to Twitter. "Tweet" can refer to a post as well or to the act of posting to Twitter. Tweets are public, indexed, and searchable unless protected by the user. Many users never Tweet, choosing only to follow persons or topics of interest. Hashtags (#topic) are used to mark a keyword or topic in a

Tweet. Posts with hashtag are categorized by topics in the Twitter search engine. Hashtagged words that become popular become Trending Topics (ex. #jan25, #egypt, #sxsw).

Mentions (@username) are used to tag a user in a Twitter update. When a public user mentions a private Twitter

account, the link to the private account profile becomes public. Profile Settings

Apply the Profile settings shown below to ensure that your information is visible only to people of your choosing.

Twitter Best Practices

 Avoid using hashtags (#) in updates to avoid being indexed and associated with a topic by Twitter Search.

 Tweet responsibly. Do not provide personal details regarding your Use Settings to manage visibility

Following are people you subscribe to Followers subscribe to your tweets Private tweets will only be visible to followers you approve

Each tweet is timestamped Stream of tweets from

people you follow

This is how your profile page will look to visitors on the web DO NOT use a

face photo Use nicknames, initials,

or pseudonyms Use general location, such as a country or a metropolitan area

(8)

Twitter Smart Card

Twitter 121511_1631 Account Settings

Apply the Account settings shown below to ensure that your information is shared in a limited fashion.

Deactivating / Delete Your Twitter Account

To deactive your account, go to Settings and select Account page. At the bottom of the page, click “Deactive my account.” After deactivation, the user can reactivate the account within 30 days. After 30 days, the account is permanently deleted.

Notification & Application Settings

Maintain a small digital footprint by minimizing the number of notifications. Revoke access to unnecessary third party applications.

Useful Links

Uncheck

Block unknown or unwanted applications from accessing

your account Check

Uncheck

Protecting your tweets makes all your posts private Only those who you approve

can access your tweets

Click to delete all location data associated with your account

Private tweets will become visible to the web when retweeted (RT) by a user

with public account Direct message (DM) is never

visible to the public DO NOT connect

your phone

Change every ~6 months

(9)

Enhancing Online Anonymity Smart Card

Enhancing Online Anonymity Smart Card HK 100813_1145

Why is striving for online anonymity important?

• Everything you do on the Internet involves sharing your identity information

• Identity information can be compared across services by advertisers and data brokers to build consumer profiles

• This data can also be compiled by identity thieves and malicious actors to gain access to bank accounts and other sensitive information

There’s no such thing as total anonymity online. Generally, though, how can I make my online activity more anonymous?

• Use different email accounts, user names, and passwords for different kinds of activity (e.g., banking, instant messaging, social media). For more information on creating emails, see the Anonymous Email Services smart card

• Use a pseudonym whenever possible; don’t volunteer information to websites unless they require it

• For more enhanced anonymity, consider using TOR, a free browser that anonymizes your IP address. To install TOR, see the Anonymous Email Services smart card

Browsing

VULNERABILITY: browsers allow websites to install cookies to track your online activity Recommendation: private browsers do not store most cookies

Google Chrome Mozilla Firefox Caveats

Secure browsing still relays your IP addresses to the websites you visit. You must close the browser for activity to be deleted.

Your Internet Service Provider (ISP) can still see your browsing activity.

Internet Explorer 10 Apple Safari

Internet Searches

VULNERABILITY: searches may be recorded and associated with IP address, user agent, or identifiers stored in cookies Recommendation: Search Obfuscation

• Use general search terms

• Identify a topic of interest from linked sites

• DO NOT search using location or individual name, or specific topics

DuckDuckGo

• Uses an encrypted connection by default

• Only retains cookies related to users’ settings preferences

• Does not store users’ IP addresses, search queries, or personal information.

• Browser extensions for Firefox, Chrome, Internet Explorer, Safari, and Opera

(10)

Enhancing Online Anonymity Smart Card

Enhancing Online Anonymity Smart Card HK 100813_1145

Instant Messaging

• Performed on services such as Adium, Pidgin, Google Chat

• Allows users to send instant messages from desktop and mobile devices that may contain images, audio clips, and videos

• Accessed through either explicit registration or implicit registration through an email service

VULNERABILITY: message histories can be intercepted; packet contents of chats can be intercepted; usernames can link to email addresses Recommendation: Off The Record (OTR) Messaging

• Encrypts instant messages

• Does not save chat logs

File Sharing

• Allows users to store, share, and create files such as Office Docs, image, video, and audio files

• Include services such as DropBox, Google Drive, Evernote

• Cloud or web based

VULNERABILITY: sharing private information on SNS; users sharing documents; weak password protection

Recommendation: Crabgrass https://we.riseup.net/crabgrass

• Allows users to register with only an email address

• Supports file sharing, collaborative wikis, group pages

Recommendations: File Teahttps://filetea.me/default/

• Does not require registration

• File contents are not cached or stored server side

• Server never analyzes or processes the files being transferred

• No cache or log entry of a file transfers are kept

• IP addresses of users are never stored

Chat clients may store users’ passwords in a local text file on users’ PCs (Pidgin); they may also share information such as status, device, contact list, and email address in packet

Best practices include: 1) using separate emails for chatting and emailing 2) registering for chat clients with a pseudonym used only with that chat client

Once the file is uploaded, a link can be copied and pasted to emails or chats; once the browser window is closed, the link expires

Details concerning document permissions History of

document changes including names of Each type of

shared content page has a control column

Shared content page

When sharing files online, be sure to 1) verify sharing permissions are set to ONLY users you wish to share with 2) verify that, if possible, links to shared files can be set to expire 3) ensure that both the sender and receiver have non-identifying user names