Resources for the global digital safety training community.
Credits
Last Updated 2014-03This Input session covers essential components to impart to participants, about the use of social networking services and applications, and the implications of sharing personal information with both other users and the companies owning such applications.
There are lots of demos, online tools, and videos you can use in order to make this input compelling and relevant.
Social media is a huge topic that can involve questions and deep-dives into a wide range of online platforms and issues; therefore, how you sequence this session, and highlight certain elements, is up to you. Most importantly, the structure you choose should be tailored to your particular audience.
For some audiences, this issue is a very sensitive one, and it comes with very real consequences; others may feel they understand all the issues and don’t really need to worry about it. Either way, try to adjust the content here to speak to the social networking services they use and the risks most relevant to them.
A good point of introduction for participants is to explain how online communities have existed since the invention of the Internet. First there were bulletin boards and email lists, which gave people around the world opportunities to connect, to communicate and to share information about particular subjects.
Acknowledge the value of social networking platforms that point to some of the tensions and contradictions involved in people’s feelings about them, such as:
Many people use it for their personal and professional lives, and it can be a central part of the job for others. Some use it for all of these things simultaneously though, which can become complicated and confusing.
…and share our lives with people we know, or don’t know, from all over the world, immediately, and for free (or almost free). Some people can even use it as a lifeline, in particular if it’s their only means of communicating with others.
…in the right contexts, social media platforms are powerful tools for shaping opinions and organizing communities. This can be a huge benefit or a huge drawback, depending on how they are used.
In addition to whatever we know that we’re sharing (e.g., with “friends” on Facebook), we may also be inadvertantly sharing it with the world if we aren’t using certain access controls or privacy settings.
Most of the functions of social networking sites are neither new nor unique - they’re often just well-designed, convenient, and perhaps most importantly, everyone is using them. But don’t forget too that most of the actions you take on social networking sites can also be performed via the Internet without joining a social networking site.
Start this portion of the session by highlighting, in the most appropriate way possible, that…
Remember that social networking sites are owned by private businesses, and that they make their money by collecting data about individuals and selling that data on, particularly to the third-party advertisers.
The free platforms and service that you use, like Facebook, Google, and Twitter, make a lot of money off of your use of their services.
As of the end of 2013, the estimated value of the average user on Facebook was $98; for Twitter, $110 - in the words of a Verizon marketing executive…
In addition, with the help of social networking “Like” and “Tweet” buttons being embedded on websites across the Internet, users are inadvertantly revealing their real identities online.
These identity-related data points are being hungrily scooped up by marketing agencies in order to sell private companies advice on what they can sell to you, and how they can do it.
Helpful Demo: Share Lightbeam (aka Collusion) to the group. This is a Firefox add-on that can show how a selection of users are tracked online.
When you enter a social networking site, you are entering a network that is governed and ruled by the owners of the site. Privacy settings are only meant to protect you from other members of the social network - they do not shield your data from the owners of the service.
We should read Terms of Service (ToS), End User Licence Agreements (EULAs), Privacy Policies, and Data Use Policies to learn how our content and personal data treated, and with whom are they shared.
Helpful Demo: To help make sense of these documents, use tools like TOSDR (“Terms of Service; Didn’t Read”) that can help you understand and navigate them. Briefly show a few social networking sites’ ToS summaries (e.g., Twitter, Facebook, and Google) on TOSDR to lend more clarity to how these terms and agreement are structured, and how they can change.
After details of PRISM emerged in 2013, few people worldwide aren’t aware of the reality that governments can compel companies based in their country to hand over user data. But this isn’t the only way:
When choosing, and using, a social networking site take a look at…
Helpful Demo: Show participants the transparency report results for the countries they live in from Google, Twitter, Facebook, and Microsoft.
Below are some essential points for participants to seriously consider, when it comes to the security features and privacy capabilities of a given social networking site.
Does this social media site or application provide a connection over SSL (https://)?
What privacy options are provided for users?
Helpful Demo: Use Creepy to show social media postings made nearby the training or other places requested by participants.
Again, social network sites can be very useful, and promote social interaction both online and offline; but when you use them, you may be making information available about yourself and others to people who want to abuse or misuse it.
Imagine walking through the party with all your personal details, and up-to-the-minute accounts of what you are thinking, written on a big sign stuck on your back so that everyone can read it without you even knowing. Do you really want everyone to know all of these things about you?
Do you know all these people? Do you trust them with everything you post online that they can see? Don’t accept “friend” or contact requests easily. In particular, ask yourself:
Ask participants to suggest items for this list:
Most people who use social networks have had to negotiate different spheres of their life online through their accounts. People have different networks (friends and partners), families (and parents!), work associates (and bosses), and contacts they’d prefer to keep private from other contacts.
Some sites allow you to organize groups and what those groups can see, but this can be complicated and may not offer everything that users need for their particular situation.
But this can become very complicated, especially if the sites that allow pseudonymns and multiple accounts aren’t where their contacts are. Some social networks (and Facebook in particular) require users to sign up with and display their real names.
The experience of users in Syria recently is a powerful one.
Many Syrians needed to use Facebook as one of the only means of communication with their community, and using their real name was extremely dangerous. In addition, when Syrians were arrested, they were often asked to provide their online ID and password for their social networking accounts, which were then used to map out their online “friends,” and impersonate them in communications, leading to additional arrests and more compromised identities.
Furthermore, actual virtual battles took place on Facebook between pro- and anti-Assad groups who would “sabotage” each others’ pages by violating (or reporting violations of) Facebook’s Terms of Service in order to get them taken down. Often these were the only (or one of the only) means of communication and organization for these communities and networks.
This was a case of a social networking tool being used as an extension of a conflict zone based on the “law” of the company who controlled it: Facebook, Inc.
If you work with sensitive information and topics, and are interested in using social networking services, it is important to be very aware of the privacy and security issues that they raise.
Anyone who works with (or is a member of) a vulnerable population is particularly at risk from the dangers of social networking sites, and needs to be extremely careful about the information they reveal about themselves and about the people they work with.
…to access social networks. If anyone else does get into your account, they are gaining access to a lot of information about you and about anyone else you are connected to via that social network.
…if you have experienced attempts to access your accounts, or believe someone may try to do so. Almost all the main social networking sites now offer this. Be aware of how it works for each, and that you can still access your account if you cross borders or lose your mobile phone.
…when they are updated or changed, to ensure you’re not sharing information unintentionally. If the changes are confusing, seek out news articles or reviews of the updates to help navigate the changes from the previous settings.
…or maybe different pseudonyms, for different campaigns and activities. Remember that the key to using a network safely is being able to trust its members. Separate accounts may be a good way to ensure that such trust is possible.
…when accessing your social network account. Delete your password and browsing history when using a browser on a public machine.
…and including too much information in them – even if you trust the people in your networks. It is easy for someone to copy your information.
…with other social networks. For example, you can post an update on your Twitter account and have it automatically posted on your Facebook account as well. Be particularly careful when integrating your social network accounts! You may be anonymous on one site, but exposed when using another.
…and never rely on one as a primary host for your content or information – it is very easy for governments to block access to a social networking site within their boundaries if they suddenly find its content objectionable. The administrators of a social networking site may also decide to remove objectionable content themselves, rather than face censorship within a particular country.