What not to publish on Facebook

Zionsbank has an article up on the types of personal privacy information that you should never publish on Facebook (or any other social networking site for that matter).  I thought that I would republish it here and add some of my own comments.

Many users of social-networking websites inadvertently put themselves at risk by sharing too much information.

1. Address and birth date. Disclosing your home address or your place or date of birth could make you a target of an identity thief. Your home address even could attract a burglar or stalker to your home. If you're throwing a party and need to provide directions, do so through email.

2. Year of graduation from high school or college. These can help scammers pretend to be former classmates, a common way to win victims' trust.

3. Business contacts. Professional networking websites typically let people on your contact list see the names and IDs of everyone else on your list. An unscrupulous competitor, dissatisfied customer, or former employee could send a damaging message about you to everyone on the list.

4. Mother's maiden name. Businesses often use your mother's maiden name to confirm your identity, so it's prudent to keep that name as confidential as possible. (Keep in mind that pet names are another common security question.)

5. Travel plans and schedules of groups you belong to. If you mention the dates of an upcoming vacation on a social-networking website, or that you've joined a Wednesday-night book group, you might unwittingly have told a burglar when your home will be vacant.

6. Your valuables. Don't discuss your expensive art, antiques, or jewelry. It could make you a target for a burglar.

7. The name of your doctor or dentist. If a scammer learns where you receive medical treatment, he might attempt to obtain your insurance information. This could be sold to someone who lacks health insurance, who would then pose as you to obtain treatment.

Now, are all of these genuinely good ideas because they are security concerns?  Or, are they taking the fun out of social networking?  For example, point (2), the year of graduation from high school or college, is a good way to identify with others.  We like people who are similar to us, and people who are our own age tend to experience things at the same time.  For example, I graduated from high school in 1996 and from university in 2000.  That means that I was just coming of age during the dot-com boom and saw the Internet revolutionize a lot of communications.  Someone graduating from high school in 2006 would have grown up, mostly, with that sort of thing and so the two of us wouldn’t relate on quite the same level as someone my own age.  Similarities are what build social networks.

On the other hand, not publishing point (1) is certainly a good idea.  At least, not publishing it for anyone to see.  I have seen people on Facebook that I am not friends (or should I say Friends) with.  I have also seen their home address.  That’s just not a good idea.  The reason is stated above.  Someone with malicious intent could grab that data and impersonate you.  It isn’t personal; automated bots that crawl pages could be used to harvest this information and if yours is published out in the open, it makes it easier to become a victim of something.  Whether or not this is something that is actually done in real life (vs low tech methods such as rummaging through garbage or grabbing receipts or photocopying licenses or something), reducing your personal attack surface is something that you probably want to get to.

Similarly, not publishing your mother’s maiden name is also a wise decision.  Many other websites use the mother’s maiden name as a security question (that’s how Sarah Palin’s Yahoo! account was supposedly hacked).  If you are giving it away, then there’s a chance that you are giving away the information to some of your other accounts too, like financial accounts.  Luckily, banks are starting to wise up and require multiple security questions (and half the time I can’t remember the answers to my own questions, or what my answer would be to a proposed question).  But there are other websites that still use this as a single answer.  Given enough time and information, an attacker could probably use the information to guess your password, too.  For example, if you use the same password at multiple sites, and the attacker gets a password reset sent to his account (or display the password to you in clear text), he might be able to log in to your other accounts.

All in all, the above information is decent advice.  #2 might be a little restrictive, and #5 may be a bit paranoid if you’re vague enough, but in general, be careful to whom you reveal information,  and make sure you lock down your privacy settings.  You don’t need to advertise every little thing to the whole world on Facebook.  That’s what Twitter is for.