Would you give your phone number to a stranger? How about a stranger in a frog costume, or hey, a frog avatar online? It may seem incredible, but 82 Facebook users did just that last month.
According to a recent report by the San Jose Mercury News, Sophos, a Boston-based Internet security company, was able to acquire highly personal information from 40% of the nearly 200 Facebook users who chose to add “Freddi Staur” as a friend in their Facebook accounts. Freddi Staur doesn’t exist, except as a toy on the desk of some Sophos employee. The company created a fictional person on Facebook to illustrate how vulnerable people can be when using social networks.
Why is Mint bringing this story to you? Well, securing your personal information on social networking sites isn’t only a matter of privacy. It’s also an important step in preventing identity theft. If you share personal information online, you make it easier for identity thieves to make off with your life story (and credit cards, and social security number, and so on) without a second thought. Victims of identity theft can suffer significant financial losses, and can spend years working to “clear their name.” Read any of Identity Theft Horror Stories our readers have shared with us… We don’t want to have this happen to you.
Secondly, as a new web service in the personal finance space, we’ve given a lot of thought to what we can do to make a web experience as private and anonymous as possible. In fact, you’ll be able to register for Mint using only your email address, zip code and password. And since we don’t share or sell your data with anyone, your privacy will be thoroughly protected, and TRUSTe verified.
We thought we should share with you what we know about how to evaluate and protect your privacy and identity online. The Freddi Staur story got us focused on the issues relative to the popular “social networks,” so let’s answer the big question:
How do you protect your personal information while still enjoying the social and professional benefits that Facebook, MySpace and LinkedIn have to offer?
At Mint, we want you to understand:
- The information you should and shouldn’t share
- How you can actively set limits on the information you do share, and
- How these sites treat your information differently.
The Information You Should Never Share Online
Some information is so central to your personal safety and so revealing of your individual identity that you should never make it available on the public area of any website. Think of these as the Three Off-Limit Facts about you:
- Your social security number
- Your phone numbers
- Your home address
Information You May Choose to Provide Online
Facebook, MySpace, LinkedIn and similar sites have become incredibly popular precisely because of their social factor: they help you stay in touch with friends or business contacts, and make new ones as well. To take advantage of their benefits, though, these services need you to share some personal information. That’s where we throw the caution flag, because you have to:
- Understand the information you share with the site.
- Understand what information the site will share by default and with whom.
- Actively use controls the site provides to better protect your information.
- Understand how the company providing the site will use your information themselves.
Understand the information you share
Sites typically ask for some personal information at two points: registration and profile development. These sites typically require some or all of the following information from you to set up an account:
- E-mail address
- Zip code
- Birth date
After registering, you’ll probably want to add information to your profile to get the most out of the site. After all, isn’t this “private profile” supposed to represent you? Many people often add a slew of other identifying bits after registration to flesh themselves out. Common additions like school and work locations, contact information, your friends, groups and networks you join, and personal interests and activities are all there to give your profile personality. Right? True, but be aware it’s giving your profile publicity, too.
And when you look across all the information you’ve shared, it’s pretty clear that any stranger with bad intentions — and access to this information — has a great head start in knowing who and where you are, and if you’re a high potential target for identity theft. They know how to contact you, too, and what information they might use to lure you into slipping them some of the Three Off-Limit Facts that open the door to your financial life and personal security.
Understanding Your Options
Each of the three sites we’ve highlighted takes a slightly a different approach to sharing your information, so we’ll look at each separately.
Default Settings: Facebook’s information philosophy — and default setting — is to share almost everything that you’ve included in your Facebook account. That means if you’ve never changed your privacy settings, your Facebook profile is shared with not only all your friends and groups, but also with everyone in every network you join.
That’s a lot of sharing.
Luckily, though, Facebook gives you options to limit that outlandish profile broadcasting. Here’s where to start reigning in your information.
Information Control Options: The good news is that unlike many social websites, Facebook provides their users with an arsenal of privacy control and settings.
When you sign into your Facebook profile, take a look at the upper right-hand corner of the page, and click on the “Privacy” link next to the “Logout” link:
In this page, you have control over:
- Information you share in your profile
- Information people see when they search for you
- Information on actions you take with other people
- Information available to others when you contact them
- Privacy controls for applications you’ve added to your account
Important Facebook privacy settings to note:
Search settings: By default, everyone can find your profile listing in a public search. This includes users on Facebook, and potentially people searching on Google, Yahoo, and MSN.
If you want to keep yourself searchable like this, you should strictly limit the information you’re leaving on that public listing. We highly recommend, though, that you don’t “go public” and instead uncheck the box “Allow anyone to see my public search listing.”
Profile settings: Here’s where you have control over the contact information you provide to other people. If you’re in one or more of Facebook’s Networks, you have the option of either displaying your contact information to only your friends, or to everyone. Again, Mint recommends that you limit sharing to only your friends and that you specify “no one” can see your contact e-mail.
Are all of these settings giving you a headache? Set your profile to “No Networks” and many of these settings will remain inactive. This makes it less likely that you will unknowingly share information you don’t want to provide to strangers.
Default Settings: By default, people on MySpace can see when you’re online. Your profile and photo is also set to be viewable by everyone.
Information Control Options: MySpace’s privacy options are very limited, but changing three key settings can provide you with some important privacy protection:
- Online Now: By un-checking this box, other users won’t know when you’re actively on your account.
- Profile Viewable By: By selecting “My Friends Only,” you limit the ability for strangers to find your personal information.
- Photos: By un-checking this box, you prevent your photos from being emailed and shared by other users.
You should be aware that MySpace does not have individual privacy controls for each section of information you provide. Whenever you decide to add information to your MySpace profile, you should take extra care in deciding what you divulge.
Default Settings: By default, your LinkedIn public profile is set to display your full profile information. That means any information you provided will be available publicly. Thankfully, there are choices available to you to take control of your privacy.
Information Control Settings: LinkedIn provides you with much more control over the information you share with other users. Unfortunately, these controls are scattered throughout the site.
To get started, click on the “Accounts & Settings” link on the top right corner of LinkedIn, and then on the “My Public Profile” link under the Profile Settings section. You will now be on this page:
Now you have two options: turn off your public profile so that no one out of your LinkedIn Network can view your information, or limit the type of information other people can see. If you’re concerned about your privacy, we recommend that you turn off your public profile.
The other settings choices are fairly straightforward. You should note that if you choose to have your public profile on, LinkedIn requires that you make available your basic information such as name, industry, location, and numbers of recommendations.
LinkedIn also provides further privacy controls under the “Privacy Settings” section of the Settings page. Although each of these settings is on a separate page, LinkedIn provides great descriptions to each of the settings available to you, and what those settings can do.
Two settings to note in this area: “Profile Views,” where you can set what will be shown to other LinkedIn users when you view their profiles; and “Notifying My Network,” where you can control how or when people in your network are notified when you make significant changes to your profile.
In the “Name & Location” settings page, you have the option to display only your first name and last initial. When you set your locations, LinkedIn does a good job of simply sharing your regional area — not your specific city — to other LinkedIn users.
- Will they share or sell your information?
- How recently was it updated?
Let’s apply some of the considerations listed above to each of the social networking websites:
- Will they sell your information? Sites that share and sell your information expose you to greater privacy risks. Obviously, the more people with access to your information, the more opportunities for identity theft.
- Facebook and MySpace: Neither states that they will not sell your personal information. It’s safe to assume that they are reserving the right to do so.
- LinkedIn: LinkedIn clearly states that they will never rent or sell your personal identifiable information to third parties for marketing purposes.
- How recently was it updated? Sites should be updating their policies whenever new services and features are introduced which affect the privacy of your personal information. If you see that the social networking sites you use are frequently adding new features, you should expect to see that their privacy policies are reviewed and updated regularly. How recently were these sites’ privacy policies updated?
- Facebook (May 24, 2007) and LinkedIn (July 14, 2006): both updated within the last 14 months. Not bad.
- MySpace (August 26, 2005): you may want to consider whether their policy is current enough to protect the information you may have added in any new features they’ve added over the past 2 years.
Mint’s View on Privacy
These sites offer real benefits to their users, as shown through their popularity. But they also come with considerable risks to your privacy and identity. You should protect your “virtual self” with the same common sense that you apply in the real world. Mint’s point of view is:
- You should never share your phone numbers, physical addresses, or social security number information on public websites.
- You should take the time to understand how the information you do choose to provide will be shared. There are three key questions to answer before you open accounts and complete “profiles” (or to answer today if you already have an account):
- What’s shown to friends/contacts?
- What’s shared with strangers on the site?
- What’s shown publicly on search engines?
- You also need to be proactive in finding and using the controls these sites provide to protect your personal information and reduce your exposure to identity theft.
- You should understand how the companies that provide these sites will use your information. Key questions to answer:
- Will they share or sell your information?
You can also take immediate steps today to give yourself an extra layer of privacy:
- Visit TRUSTe and read the ten tips on protecting your personal information on the Internet.
- Check out Privacy Rights Clearinghouse’s fact sheets on Internet Privacy and Financial Privacy.
How safe will my privacy and identity be at Mint?
Mint is not and will not be a social networking website, but you should still ask yourself many of the same questions about our privacy practices. Our philosophy is that your privacy is paramount: we believe that you should be anonymous when you are on our site, and that your information is your own. This philosophy drives our practices:
- We’ll ask for the absolute minimum amount of information necessary in order to provide a great and useful service. To sign up for Mint, you’ll only need to provide:
- An E-mail address of your choice. We recommend that you use an email which doesn’t include your name.
- Your zip code.
- A password. We’ll let you know how strong your password is.
- We will not sell or rent your personal information to anyone, for any reason, at any time. Not for marketing purposes, nor to “enhance” your experience on Mint.
- We’ve tried hard to write a privacy and security policy in English. Please let us know of anything that’s not crystal clear. Our policy was last updated on August 8, 2007, and you should expect that we’ll be updating it at least once a year — especially given the new features we already have on the drawing board!