6. How to Share

“If I could edit Google Images, then I wouldn’t be as scared of the Internet.”

—CHLOË SEVIGNY

It’s no secret that Yelp, Facebook, Google, and map apps know your current location, and you’re probably cool with that because you want to use the services they provide in exchange. In fact, you’re probably cool with sharing lots of information with these apps because they do useful things with it.

However, even if it weren’t for Creepy Steve and your frenemies, social media can be used to hurt you if you’re not careful about what you share. Anything you post on Twitter, Facebook, Google+, and other social media sites may be used to disqualify your job application or discipline you as an employee, and it can even be used as evidence in court.

Every social network and app is different, and social media companies change their privacy settings (and usage rules) all the time. That’s why it’s good to have a basic checklist at hand when you start using a new account or app and when you recheck its settings, which you should do often. This way, you pay attention to what you’re sharing online and track those privacy policies.

But remember: anything you put online can potentially become public, no matter how tight your privacy controls are.

SOCIAL MEDIA CHECKLIST

Our relationship with social sharing—photos, videos, status updates, location check-ins, and more—changes as our lives evolve. The way we feel about sharing something one day may be totally different next week (or next year). At the same time, the companies we use for sharing change, too, and their privacy and sharing policies change with them, which sometimes leaves us exposed.

For all of these reasons, everyone should do a privacy checkup about every 90 days. Why every three months? Because companies like Facebook change their policies more often than that. Imagine if you opt to recheck your privacy only every six months: that would mean you’re checking only twice a year. An embarrassing photo could be sitting out there on a public profile for half a year, and you wouldn’t even know it.

Do this first: view your Facebook, LinkedIn, and Google+ profiles as someone else. Then adjust your privacy settings.

Don’t panic if you see something you didn’t realize was public, and don’t blame yourself for what these companies have done to your privacy. What’s online doesn’t have to stay visible forever.

When you log back in to your account to adjust your privacy levels, review settings like these:

• Control your visibility

• What does my profile look like?

• What happens if I share my photos on other sites?

• Who can see my photos or location?

• How to remove my images

• How to delete my profile

• Tagging

• Personalization

• Location

Sharing Only What You Want

When you review what you’ve already shared, or if you’re trying to decide what’s safe to share before you press Upload or Share, consider the following:

• Posting photos and videos: When posting photos and videos, think about what you’re doing in the image or video. Are you drinking with friends? Is your mouth wide open in an excited scream? Do you look exhausted or unkempt? Does the image reveal details about your home, work, credit card numbers, or vehicle? Is there a mailing address printed on an envelope?

• Posting updates: When posting updates to your online profiles, choose how you want to share that content every time, whether that’s publicly, with friends, or only with certain people.

• Posting comments: When commenting on posts by others, pay attention to how you’re posting. Are you posting with your real name? Does your comment reveal your name, location, or anything else that could be used to figure out private information?

• Likes, upvotes, and favorites: When you click Facebook’s Like button, upvote a post, or favorite something, that action will be reflected in your profile. Then visitors to the item you favorited may see your picture and a link to your profile.

• Friending: When friending someone, ask yourself why you’re friending them. Do you actually know them? Do you trust them with your personal information or with access to details about your friends and family?

• The content of your posts: When posting, never share anything on your red or yellow lists (like your entire birth date, address, or phone number) or news about a trip you’re going to take (that you’ll be away from home).

To reduce your online profile even further and for even better control of what you share, also consider doing the following:

• Select privacy levels for connecting with others on Facebook, including who can find you, who can send you friend requests and messages, and who can post on your wall.

• Edit the privacy settings for existing photo albums and videos to make sure that they’re being shared only as publicly as you want them to be.

• Enable tag review.

• Disable settings like Suggest photos of me to friends and Friends can check me in to places. Settings that automatically share things for you in the background can often spring unwanted surprises, such as telling someone where you are (or worse, where you live!) when you’d rather have privacy, or sharing embarrassing or revealing photos without your knowledge.

Do a check-in on the privacy and sharing settings for all the apps and games on your phone, phablet, or tablet, too. A lot of apps have default settings that benefit the company that made them but make user privacy take a backseat.

One particularly problematic feature many apps have is instant personalization. This means that an outside company has partnered with a website to merge data sets. Both companies get access to data about you that they can monetize, and you get a combined and presumably more useful experience. For example, a site like Pandora would know your Facebook habits, and vice versa—and their advertisers would, too.

The biggest site to implement instant personalization has been Facebook, but other big social media sites have similar options in their settings. For example, Twitter’s version of this is in Settings ▸ Personalization, with clear language that explains that you’re letting Twitter track and record your activity outside of Twitter. So-called personalization is a clever way of making Facebook’s advertising partnerships with Yelp, Pandora, and Microsoft seem like convenient features. And for a number of Facebook users, this is true—it’s an easy way to integrate these services with their Facebook accounts.

But it’s like having these sites spy on you wherever you go, and you don’t have control over what they’re sharing about you with each other. Options and settings that instantly personalize an app or service take away your control over your personal information, shopping habits, and other things you already have to fight to keep private. So turn them off, and don’t fall for this attempt to trick you into trading privacy for convenience.

Friending

Online and approved friends have the most power over your private information, if you let them see it. If you wouldn’t give an online friend the keys to your house, keep them locked out of your private life. And before you start friending anyone, find out how to block users and unfriend people.

Also, don’t let anyone tag your posts without your permission. Review any check-in and tagging settings and be a tight-ass about it. The last time someone tagged you at a location and posted photos of you, they were sharing your location online.

BUT I CAN’T GIVE UP FACEBOOK (OR INSTAGRAM, OR TWITTER, OR FOURSQUARE, OR . . .)

It’s estimated that nearly one quarter of the Internet’s ads are run on Facebook. Advertising and data-mining companies are making billions scraping (collecting and analyzing) your personal data and selling it to any outside party that’s interested. Companies that buy user information love Facebook because it has the most valuable vaults of data ever assembled: not only do you tell it everything you like, but it also knows what your friends like, which is an amazing predictor of what you’ll like.

Social media sites do all they can to make sure the information they have about you is correct and complete, because it makes the information about you worth more money. They use your account data like your name, age, gender, email addresses, and location (information you enter when you sign up for services like Gmail, YouTube, Blogger, Picasa, and so on) to build your profile. Their many data trackers and ad agencies (like DoubleClick, AdSense, and AdMob) use the data stored on your computer and phone when you browse online, search Google Maps, or shop to learn more about you so that they can serve you better ads and make more money off you. Your information is freely bought and sold unless you squeeze your Facebook, Google, Yahoo!, and other privacy settings tight.

NOTE If you simply shut down a profile but don’t delete it, it’s actually still there on the site’s computers. Unless you delete your information, companies can still use your info, even if you quit a site. If you’re going to quit a site and never go back, always delete your profile—don’t just disable it.

Sometimes people online respond to concerns about social media sites and privacy by saying that we should “just quit” using Facebook (or other sites). But most businesses have social media profiles, so their employees need to have profiles on these sites, too. In other words, not using these sites simply isn’t an option for people who want to be employed—or have a social life or stay connected to family. Fortunately, you can put limits on the information shared by social media sites. Here’s how to do that with the two major ones: Facebook and Google+.

QUIT HUMPING MY LEG, FACEBOOK

Facebook is an awesome way to connect, but you need to make sure you don’t share more than you mean to. Companies like Facebook are always trying to get more info about you to make your data more valuable to their advertisers, and they’ll say anything to convince you to give up every little piece of personal information. Fight it at every step, because this sharing isn’t for your safety or benefit—it’s for their profits.

Because Facebook changes its privacy settings all the time, it’s important to be more vigilant with Facebook than with most places you may hang out. Start by going to Facebook’s Privacy Settings and Tools page (http://facebook.com/settings/?tab=privacy). As of this writing, you’ll find three general sections: Who can see my stuff?, Who can contact me?, and Who can look me up?

Begin by reviewing the settings in each of these sections and carefully decide what you’d like to share and with whom:

• Public: What can people see on your profile? Check your public profile to see what’s exposed to everyone. Most people only share a profile image, general location, and maybe school info or work history. It’s a good idea to make anything else, especially photo albums and wall posts, available to friends only.

• Friends: From the same Preview My Profile Facebook page, you can type in any of your friends’ names and see your profile exactly as they see it. This can help you manage what people on different lists can see.

• Friend lists: Is everyone on the right list? Double-check.

• Photos: Review all your photos and ones you’re tagged in. Untag yourself and delete or ask to have any photos deleted that you aren’t comfortable with.

• Apps: Facebook apps sometimes do sneaky, uncool things when you’re not paying attention. Many spy on you and sell your habits to companies you don’t know anything about. Get rid of the ones you’re not using by looking in your account settings.

A Facebook account comes with numerous privacy violations, and you should fix them before you use Facebook even once. For one thing, Facebook will always ask you to add more information so that it can “connect you to friends,” but you don’t need to give up that information, ever. Don’t let Facebook get more out of you than you want to give it. You can find your friends without telling Facebook more than it needs to know.

In fact, you don’t need to have anything more in your Facebook profile than a name, an email address, a birthday, and a gender—and you can make it all up if you like. (You may even want to give Facebook a version of this personal information that is just for Facebook.) Everything else—like schools you’ve attended, your jobs, your current city, and your hometown—can stay blank. Facebook treats your name, photo, gender, username, and school and job information as public information, but only you should be able to decide if these things should be public.

First off, change Who can see my stuff? to Friends, not the dangerous default of Public. If you add things like Life Events to your timeline, they’ll be public by default because you have to set the privacy level for each one. You get to decide who can send you friend requests or if you want your profile to be searchable, and you can set all these options to private if you like.

Furthermore, your choice of friends affects your privacy on Facebook, so choose your friends wisely. Set Review posts friends tag you in to On unless you want something embarrassing or too revealing to end up in front of everyone before you can stop it. Do the same for Review tags people add to your own posts.

Location Information in Photos

You can control whether or not your friends can tag you (telling Facebook and the public where you are in the process). If you don’t want your location announced to the world, turn off tagging in Facebook’s privacy settings.

The same goes for photo-sharing services like Flickr, Instagram, Imgur, and so on. You should find privacy settings in each that allow you to keep your photo’s geolocation data to yourself. In Instagram, location is turned off by default, and you can remove location data in old photos.

Be Smart About Checking In

Be smart about checking in on Facebook, Foursquare, or any other app that tracks your location. Never check in at home, and never check in at someone’s house or you’ll just make it easy for a stalker to come find you right at that very moment in a private place. Also, never tag a photo with a location at someone’s house unless the person whose house it is tells you that’s okay. And don’t forget to double-check your Fitbit or other personal tracker settings to make sure they’re not broadcasting information to the world that you don’t want Creepy Steve to know.

CONTROLLING WHAT YOU SHARE WITH GOOGLE AND GOOGLE+

Even if you haven’t directly signed up for Google+, if you have an account with any Google site like YouTube, Blogger, or Gmail, you have a Google profile and a Google+ account because Google makes one for you. The Google Dashboard shows everything that Google says it knows about you, or at least the bits it will allow you to control. To view it, log in to a Google account and then go here: http://google.com/dashboard/.

Managing Your Google+ Profile

Now that you’ve taken a look at the Google Dashboard, let’s go deeper into how to manage what you share in that Google+ profile that you didn’t even know you had. Log in to Google+ by visiting http://plus.google.com/, and then work your way through the list below.

• Google+ public profile: To see what’s made public in your Google+ profile, click Profile and change View profile as to Public.

• Privacy settings: You’ll need to edit two sets of settings: your Google+ privacy settings and your (general) Google account privacy settings. To check your Google+ privacy settings, click your icon (in the upper-right corner) and then click Privacy.

To see a menu of the general account privacy settings, sign in to your account and go to http://myaccount.google.com/. Read through each setting, and change anything you don’t like.

• Photos: Check settings in http://photos.google.com/, http://plus.google.com/, and http://picassaweb.google.com/settings/.

• Applications: Go to http://myaccount.google.com/ and review which services you’ve authorized to connect to your Google accounts.

• Settings and services: Finally, manage your overall Google+ settings at http://plus.google.com/settings/. (You’ll find more useful information for managing and securing your account at http://google.com/safetycenter/.)

Locking Down the Privacy Settings on Your New Phone

Anytime you get a new phone from Verizon, AT&T, T-Mobile, Sprint, or any other major carrier, that phone will set its privacy settings in a way that makes your information most salable to advertisers. So every time you get a new phone, the first thing to do is to use a little privacy kung fu.

Don’t let the clerk at the phone store set everything up for you lickety-split. You want control: slow them down so you can decide for yourself if you want Google or AT&T to know and report your location all the time. It just takes a second to interrupt them and tell them to let you see each screen and that you want to decide for yourself. It’s also okay to ask them to tell you what each thing you say yes or no to means. If you can’t get an answer you understand, that’s a red flag: decline whatever the permission is until you know what you’re agreeing to. You may not be able to complete the setup of your new phone if you decline some services, so make a note whenever a company won’t let you opt out. That way, you’ll know where the weak spots are in your privacy-protection armor so you can seal them up later.

When your phone gets an update with the latest firmware (the software that runs on the phone), set a PIN or password to prevent just anyone from unlocking it.

Be careful with the apps you install. Even apps from the largest companies or the most trusted app stores sometimes do really stupid and dangerous things with your privacy. Additionally, many apps do things they don’t need to do, like track your location or access to your contacts. Chances are, many apps on your phone—from dictionaries to games—are tracking your location without your knowledge.

Open your camera app, and make sure location reporting is turned off. Then open your social media apps (Facebook, Twitter, and so on), and make sure location sharing is off there, too. You don’t want some creep to see where you live because you took your first photo with your brand-new phone at home.

Whenever you install a new app or update, instantly open that app’s settings to see what you find. Look for items that are set to public, and make them private if possible. If you can’t make them private, consider not using the app at all. And be sure to double-check any location and check-in settings. Don’t let any app—or your friends—tell the world (or your friends) where you are unless you personally okay it each time. Otherwise, Creepy Steve will find out where you live.

SAFELY DISPOSING OF OLD DEVICES

In addition, be careful with what you throw away. Don’t just toss your old phone, tablet, or computer in the trash. And never just hand it over to a reseller, trade-in outlet, or phone-for-cash service without wiping it. Remember from the last chapter that even if you delete everything, you leave behind all kinds of private account information. Wiping is the way to go.

Some people make a game out of finding people’s information on discarded hard drives and devices; others make a living finding, selling, or otherwise using thrown-away (or traded-in) electronics to steal identities.

Scammers and identity thieves will go through trash for discarded devices, but it’s not just dumpster divers who are scouring data off the phones and computers you throw away. In 2014, a Sprint worker was caught sending around nude photos he’d recovered off a customer’s phone—one a female customer had traded in for a new phone. That’s why whenever you dispose of a computer or phone, it’s crucial for you to scour all the personal information it stores.

What these scammers and creeps are doing is basically the same thing as a hard drive recovery. If you’ve ever had a computer, external hard drive, camera, or phone crash and die on you (or you dropped it and it stopped working), you probably know what a hard drive recovery is, because you paid someone to get your data back. Hard drive data recovery is possible because of data remanence, which means that some data still lives on a drive even after it has been “lost.”

It’s easy to make sure you get rid of your electronics safely. First, follow the instructions on how to save or transfer information to a new device. Transfer your phone book, lists of calls made and received, voicemails, messages sent and received, organizer folders, web search history, and photos. Make sure you’ve copied everything, because once you scrub your device, there’s no going back.

Then, consult the service provider’s website or the device manufacturer’s website for the steps to delete information permanently. For a Mac, look on the Apple website for how to wipe the hard drive. For a Windows PC, you’ll find a complete how-to on Microsoft’s website.

Your phone already has built-in tools to securely erase the data on it. Each operating system is different, though. You’ll go about wiping an iPhone differently than an Android or a Blackberry or a Windows phone. So google the steps for your exact device. In general, you’ll look in the Settings menu for terms such as Erase all content and settings, Backup and reset, or Factory reset.

You’re almost done! Some phone wipes are better than others, but no matter what type of phone you have, you need to remove your SIM card, because it’s possible for contacts or call logs to still be on that card. If you have a micro SD card, don’t forget to take that out, too. If you can’t take the SD card out, you’ll need to erase and format the SD card. You can find this function in your phone’s settings.