Who is responsible for privacy on social networks?

This morning, I was flipping through my RSS reader and got to Margie Clayman's post, "Let's Talk About Keeping Kids Safe on Facebook". My curiosity was piqued right away because this subject is one I feel strongly about. As a parent, it's close to my heart as well. I don't always agree with Margie's point of view, but I have a  lot of respect for how she presents it - with class and an open mind to different perspectives. I have so much to say on this subject that I'm devoting a blog post to it instead of just leaving a novel-sized comment on Margie's site.

This isn't strictly an issue about children. There are a lot of misconceptions out there about privacy and social media among adults - and we're the ones teaching our kids how to use these tools "properly". The expectation of privacy on the Internet, to me, is a misnomer. The Internet is inherently connected and open. Even secure sites are occasionally breached. Does that mean we should all disconnect? No. It just means we have to think more strategically about how we're using these tools to protect ourselves.

Data Security
In the opening paragraph, Margie states (emphasis mine):

"I think that on Facebook in particular, it’s really easy to do things that could have alarming consequences because everything seems so safe there on the surface. You can lock down your content, you’re talking to your friends and family for the most part…what could go wrong?"


Those words in bold? That is the problem with any and every site that requires a login - I would even include twitter in this for the people who don't make their tweets public. But Facebook is, by far, the most common place that users feel safe. Here's why that's false security:

Your data on Facebook is only as secure as the weakest password of the people on your friends list. Assume that at least one has "password" as their password and post information accordingly.

Back when I had only around 100-150 friends, about five had their accounts broken into or clicked on nefarious links within a few weeks of each other. That's a high enough percentage that I'm not comfortable with posting much personal information on Facebook. Further to the password point, it is naïve to think that anything you share on social Web sites is secure. It's social. It's sharing. I'm repeating myself here, but it's the Web, which is inherently shareable, hackable and not private.

This is a great reason for businesses NOT to have a personal profile on Facebook. Pages can't see the profiles of their fans, but since a profile set up by a business can, there are definite privacy concerns. If a business account was hacked and "friend" data used for nefarious purposes, that could be devastating to the business' reputation.

Location Services
Margie moves on to discuss the use of location-based services, i.e., Foursquare, by parents - specifically parents who check-in at their children's school. If you're checking in at any location where you leave your child on a regular basis without being there with them every single time, it's a bad idea. Check-ins shouldn't be done everyday or at every location you visit. Personally, I won't check-in at work or even on the bus route that I take, because that narrows down where I live a little too much for my liking.

Social media is like one big puzzle with lots of pieces spread out all over. It doesn't take a rocket scientist to find the pieces and put together a really thorough picture of your life, unless you're smart about how and what you share. The safest bet is to assume that everyone in the world can see everything you've ever posted on the Web.

Real Names
I absolutely support using a name online that one is comfortable with using. A word of caution: It's far better to think about this before you start using your real name than it is to try to change mid-stream. I recently almost unfriended a person on Facebook because I saw this name in my friends list and had no idea who they were or why I'd friended them. Then I happened to notice the vanity URL and realized that it was, in fact, someone I knew; they'd changed their name. But that vanity url? It's permanent and identifies them as their previous self via - you guessed it - their real name. That kinda defeats the purpose of changing the name, don't you think?

It's my personal belief that the risk of using your real name online is no greater than using it in your day-to-day life - for the average person (and without a doubt, there are exceptions). It is a reality that there are people in this world who will use that information to do harm, but there are countless ways to get that information about you that don't include online interactions. Just think about how many people and places have your name and/or contact information - track it for a month or two; you'll be amazed. For kids, it's fewer, but there are still many.

Ultimately, the responsibility for privacy lies with individuals using social tools. Posting without a clear idea of the ramifications could lead to unintended negative consequences, from lost job opportunities to greater potential for being the victim of a crime. We control what we post online - not Facebook, Twitter or any other social networking site. It's worth it, then, to learn how to protect ourselves rather than relying on someone else to do it for us.

What steps do you take to protect your privacy online?