I’m going to take a brief break from the paranoia inducing (in)security series. Let’s go on a brief tangent to talk about Facebook security, but more importantly eleven basic steps you can take to begin to make your social networking session more secure.

Encrypt Facebook

The simple version is HTTP traffic can be intercepted and the packets can be viewed by anyone with the knowledge. HTTPS by comparison is encrypted data and (with a few exceptions) can’t be intercepted. While the initial Facebook login page IS encrypted with HTTPS all the content thereafter goes out over HTTP by default and is vulnerable to packet sniffing & side-jacking. To enable HTTPS browsing:

  • Account >
  • Account Settings >
  • Account Security >
  • Change Select “Browse Facebook on a secure connection (https) whenever possible.”
  • Save!

The downside to this is that not all of Facebook is current accessible from a secure HTTPS connection. The primary culprit are 3rd party apps and games. When I tested it earlier there was an issue that would default your browsing back down to an HTTP connection after you accessed a section that was not encrypted. Until this is resolved this means that if you use non-HTTPS apps/games you will need to re-enable it after you are done. Hopefully this quirk will be resolved soon.

Remotely terminate Facebook sessions

If you are like me you may often leave Facebook signed in on multiple devices. On a normal day I may have three sessions logged in (iPad, laptop, and home desktop), but what if you’re being naughty at work browsing Facebook? Moreover, what if someone else has logged into your account without your consent?! Well, there is a simple way to check and see how many connections are active, and to remotely disable them if necessary! To monitor & remotely sign out a session:

  • Account >
  • Account Settings >
  • Account Security >
  • Change

Here you can see a listing of what sessions are currently active with information such as  browser type, operating system, approximate location, IP address, and time of the last access. If you see an unauthorized or unwanted session you can click the “end activity” link and that session will immediately be terminated! Keep in mind if you access Facebook via a 3G connection the session may appear to be coming from someplace far away. Don’t panic! In my case my iPad shows as being located in Atlanta, GA when in reality it’s in Charlotte, NC. This is normal for a cellular connection.

Use one-time passwords when on public WiFi

As I’ve mentioned before, WiFi is everywhere these days and it’s great, but there are potential pitfalls. If you want to be absolutely certain someone eavesdropping on the network cannot get your password you may want to consider having a one-time password send to your cell phone via SMS! This is also HIGHLY recommended if you access Facebook on any public computer. This one time password can only, as its name suggests, be used once and is only valid for 20 minutes. To have a one-time password sent to you:

  • Send the text “otp” (short for One Time Password) to 32665 (FBOOK) from your mobile phone.

Hide from search engines

Let’s say I want to find information on a Joe Smith and I opt to Google him. If his privacy settings are not configured correctly I could be presented with any information from his Facebook profile he has set as public. To change this: I have heard a lot of people clamoring about how Facebook is evil and is giving away your information. In reality this is simply not the case. The point of sites like Facebook is to be able to find friends and potentially meet new people that you share common interests with. You can’t find people if you aren’t allowed to see the data that you need to look through. Facebook is NOT evil. They are simply doing what it was designed to do… making it easier for people to find each other!

  • Account >
  • Privacy Settings >
  • Apps & Websites >
  • Edit your settings >
  • Public Search >
  • Edit Settings >
  • Uncheck “Enable Public Search”

Adjust and remove applications

How many of us have added an app to take a quiz or play a game only to find out we hate it and never want to go back to it? Thing is all those old/unwanted application still have access to your profile information and can spam up your wall, and worse your friends walls! The ideal solution is to remove any app that you don’t actively use on a weekly basis. To remove or adjust applications:

  • Account >
  • Privacy Settings >
  • Apps & Websites >
  • Edit your settings >
  • Apps you use >
  • Edit settings.

Here you can see when the last time you used an app was and select to either disable certain rights to an app or to remove it all together. I’m seeing a trend currently in applications making certain/all rights required rather than optional, and the only thing you can do IS to simply fully remove the app. A more drastic step is to select the option “Turn off all platform apps” to take a scorched Earth policy to your applications.

Disable “social ads”

Have you seen the “Social Ads” in the margins on the site? They are where Facebook targets yo based upon an action a friend of yours has taken. Want to get rid of them? Here’s how:

  • Account >
  • Account Settings >
  • Facebook Ads
  • Select either “No one” or “Only my friends” dependent upon your wishes.

Your friends may be leaking!

Nobody likes leaks. So let’s be like the little dutch boy and stick our fingers in our friends (informational) dam! Here’s how:

  • Account >
  • Privacy Settings >
  • Apps & Websites >
  • Edit Settings
  • Uncheck the boxes you like next to “Info accessible through your friends.”

Disable instant personalization

Facebook has a feature that shares information with certain sites (Bing, Pandora, Yelp, etc.) While this sounds pretty bad at first (lord knows how many chain status updates have been spawned about this) it’s not AS bad as it seems. Firstly, it is not just any website that gets this level of connectivity. It is restricted to pretty high profile sites, then then it’s restricted to things you and your friends may have liked, links, and reviews posted. To disable it:

  • Account >
  • Privacy Settings >
  • Apps & Websites >
  • Edit your settings >
  • Scroll to the bottom >
  • Instant Personalization >
  • Edit settings >
  • Watch video about what it actually is… or skip it >
  • Uncheck “Enable instant personalization on partner websites.”

Personally, I don’t care if Pandora tells my friend Bridget that I like Depeche Mode (it is a sweet band after all), or that I thought Skyline was the biggest waste of film I have ever seen. However, that’s just me and you are welcome to make up your own mind.

Double check all your photos remain private

So you’re a smarty-pants and have the photos of yourself already set to private. The question here is did you remember to manually adjust the privacy setting for the default albums (Profile pics, Mobile uploads, & Wall photo albums)? To check and adjust:

  • Privacy settings >
  • Customize settings >
  • Edit privacy settings for existing photo albums and videos.

Playing tag with Facebook check-ins

When you have check-ins enabled any of your friends can, say it with me now, check you in to a venue. It may be fine to say you’re out having dinner with one friend while snubbing another, but what if you don’t want the world to know you’re having dinner with your ex? You have two options here…

  1. You can simply remove the tag by logging in and doing so.
  2. Disable the feature all together:
  • Account >
  • Privacy Settings >
  • Customize Settings >
  • “things others share” >
  • Edit settings >
  • Friends can check me in to Places.

People (not) here now!

 Have you used Places only to find that your mug and name are plastered up showing everyone that you’re here too? Want to disable this?

Here’s how:

  • Account >
  • Privacy Settings >
  • Customize Settings >
  • Uncheck “Include me in ‘People here now’ after I check in.”

So there you go, eleven ways to increase your security and privacy while using  Facebook all in one place! What a bargain!