Skip to 0 minutes and 6 secondsHello I'm Tom Smith, working in Information Services at the University, and I am here today to talk about keeping your account safe, and you safe, online.
Skip to 0 minutes and 20 secondsNot using the same password for every site is a good idea because it means that should that site be compromised -- get hacked -- it doesn't give people access to other sites. Definitely try not to leave phones and tables on buses, in taxis, or on trains, because that just gives people access to all your data. And it may not be serious; they may just do something malicious like delete all your work, or all your images, or send an "I never liked you message" to all your friends or something. But the most important thing that you
Skip to 0 minutes and 52 secondscan do to keep your account safe is essentially: don't click the phishing links. If you don't know what a phishing link is, a phishing link is normally an email that says "your account has been hacked, please log in to confirm" or "your account is running out". Or it might be your bank saying "we have noticed something suspicious, please log in" and they fool you into think that you're on the site -- the York site or a bank -- but you're not, and you're giving away your information. So you are less at risk from hackers than you are from just giving away your information! Another thing that you can do to keep yourself safe is to not share too much information.
Skip to 1 minute and 33 secondsThere are people out there on the internet who will look to intimidate and abuse you based on how you look, what gender you are, maybe what politics you hold, or what sexuality you have. So giving away that information and it being linked to your real identity can become a problem. It's something that didn't used to be a problem but is becoming increasingly a thing that many technology companies don't know how to deal with. So it's a good idea to take positive steps
Skip to 2 minutes and 0 secondsand craft your online identity: choose to maybe be non-gender-specific and say "I'm a purple rabbit", not a young person from a certain country. And only give away the information that you are happy with being tied to your person and your personality.
Skip to 2 minutes and 23 secondsOne example of an exercise I did with some twelve and thirteen year old kids was to see how much information we could find out about somebody from some very minimal information. We started with a tweet that had a picture attached saying "snowy bus ride to work today". From the picture the kids could work out where the bus was, and so we looked on Google maps and we worked out roughly where that person would be working. And from there, there was another tweet that said "no gardening today because the weather was bad" and we worked out roughly where they lived, from the angle of the photograph.
Skip to 3 minutes and 1 secondAnd from there we worked out some of his friends and from there we worked out what he was doing at the weekend.
Skip to 3 minutes and 7 secondsThese were all extrapolations: these were not him sharing personal information, but just from using some guess work and a little bit of sleuthing we were able to piece together somebody's life, and we knew where he was, when he was there, and who he was with. And for lots of people, if somebody had malicious intent against you, that would be enough to either make a move via a friend or have enough information to know where you would be. And it was scary. And that was just in a few minutes with a few kids in a room doing some digital stalking.
Skip to 3 minutes and 40 secondsSo you need to think about your identity online nowadays in these sorts of ways, and protect it from people who might want to harm you or embarrass you or maybe just be malicious against you.
Keeping yourself safe online
The information trail we leave online isn’t just a reputational concern. We can give away a lot of personal details, and while for the most part this will be just noise in the internet, it is information that can be used against us.
The UK television series Hunted provides an effective (and indeed entertaining) illustration of how our online activity can betray our movements, our intentions and our personal networks. In some cases, confiscated devices, phishing attempts and hacked passwords are used as a means of gaining sensitive information, but all too regularly the clues hide in plain sight: on open social media accounts that any of us can see.
If you’re posting in an open forum, anybody can access that information. Tweeting something like…
Holiday! Just hope my new bike can bear 2 weeks without me, languishing in the backyard of 12A The Grove, Chepstow. Forgot to chain it. Oops
…is obviously a bad idea. But communicating even snippets of such information has risks, because snippets can build up into a larger picture about you and your circumstances.
It isn’t just what we post that poses a potential risk. Our accounts themselves may be sharing more than we might think. If you’ve ever seen your Facebook profile picture staring back at you from the comments section of a blog post, inviting you to participate, or if you’ve seen adverts targeting your interests, you’ll have an idea of the kind of thing that can get passed around. It’s a good idea to go through your social media security settings with a fine-toothed comb every now and again, to lock down as much as you’re able, but inevitably there is a tradeoff between security and functionality.
For a particularly graphic illustration of how much information you’re sharing via your Facebook account (assuming you have one), why not Take This Lollipop (Be aware that the site uses some horror imagery, though it is perfectly safe and it does demonstrate very effectively how much of your Facebook account is public and accessible).
There are other measures you can take to stay private online. For more sensitive activity you could use the privacy mode on your web browser, and there are browser extensions like Privacy Badger and Ghostery which can be used to block tracking activity and social media integration.
But perhaps the simplest way of staying private on the internet is to not share personal information in the first place.
© University of York