We live in a time with unprecedented levels of digital surveillance. In an era where, according to some sources, data is more valuable than oil. In this digital age, the single most popular online activity is engaging with social media. According to Statista, 2.65 billion people worldwide engaged with social media as of 2018. Facebook alone had over 2.4 billion users in 2019. With a host of developing nations having greater access to the internet and mobile devices, that number is only going to go higher. Statista predicts that by 2021, the total number of social media users in the world could be 3.1 billion.
This means that roughly a third of the world’s population is on social media. This rise, in spite of growing concerns around social networks and digital security, shows how integral social media has become in everyday life. It also means that social media companies are going to be sitting on a gold mine of user data. And as we’ve witnessed time and time again, this data is not safe from misuse, theft and hacks. In fact, according to Gemalto’s Breach Level Index, just in the year 2018, social media vulnerabilities and leaks accounted for over 56% of a total of 4.5 billion data records compromised worldwide. This raises the question:
How safe is your data on social media?
Logging into a social network allows the platform real-time access to a host of user data. Firstly, there’s information that the user willingly shares with the platform. This could include (based on how much you decide to disclose) your real name, age, location, photos, email id, employment information and access to your contacts.
Then there’s also data being collected about which the majority of users are unaware. This could include your device information, the operating system (OS) used, the GPS location from where you posted something, language settings, Internet Service Provider, and even the current battery percentage of your device.
Additionally, a user’s social media usage pattern, including ‘liked’ pages, comments, shared photos, interactions with friends and even third party sites visited through ads are all tracked, stored, and sent through complex algorithms to create a digital profile of the user. While social media companies claim that this is done solely to improve a user’s experience of their platform, the truth cannot be further from the claim.
Inconveniently enough, it is the users themselves who unwittingly grant the platform the permission to do this. Social media companies disclose many of these practices in the terms and conditions of their user agreements. But as we all know, almost nobody takes the trouble to go through pages after page of highly technical legal jargon. Almost all of us scroll to the end and hit accept but what we are actually giving away when we do this is ownership of all our content on that platform. Unwittingly, our acceptance of these obscure terms and conditions is also what allows the company to share or sub-lease your data to any third-parties as they see fit.
In its most harmless form, this data is shared with advertisers who can fine-tune the ads that you see on the platform. In its most harmful form, it could turn into something like the Facebook-Cambridge Analytica data scandal, an event that had the power to influence the elections of an entire country.
Social media companies often claim that the data being collected from the users is anonymous but as has been revealed time and again by whistleblowers and investigative journalists, that is often not the case. They also claim that the data is stored safely but all users can do is take their word for it. And as pointed out in the Breach Level Index report, that is also found to be simply not the case. Although interestingly, it should be noted that in the same report, it was revealed that Social Media as a category had the least number of breach incidents (less than 1%) compared to categories like Healthcare (27%), Financial (14%) and Education (9%). But at the same time, it also accounted for the most number of compromised records.
Cyber Security threats to your data
The personalized approach of social media is what allows hackers to use particular bits of information as effective bait while targeting user accounts. Remember those old phishing attacks from a troubled Nigerian prince that used to flood your inbox? They have now gotten more efficient with a new technique called ‘spear phishing’. This is a highly personalized form a phishing attack that relies on personalization to trick the victim. These attacks can be personalized based on the victim’s likes and interests and often appear to be sent from friends or coworkers. We often let our guard down when they see references to people or places that seem familiar to them, which is something the attacker exploits.
Hackers can glean certain intimate information you share on social media, like the name of your pet, where you were born, your mother’s maiden name to make more informed guesses for your security questions. This could in turn be used to reset your password and hold your account hostage. There has been a steady rise in ransomware attacks where compromised accounts, photos, and sensitive information are held as a means of extortion. Using one or a few individuals’ compromised accounts, even entire companies can be held at ransom by hackers.
What you can do to protect your data from digital security threats
- Use unique, complex passwords for every online account you have and change them regularly, especially after an announcement of a security breach or data leak. If this is too cumbersome, you could consider using a reliable password manager that will generate complex passwords for you and keep track of your passwords for you.
- Protect sensitive information. When it comes to your profile information or any post that you share, ask yourself who you’re comfortable sharing this data with. Never share sensitive information on social media, including financial information, account credentials, confidential company information or personal information that could be used to steal your identity or compromise your accounts.
- Take the time to carefully configure the privacy settings for your individual social profiles and make sure that only those who you want to see your content are actually seeing it. Be especially aware of unsolicited contact through social media, particularly from people that you do not know and avoid clicking on suspicious-looking links in your direct messages or your news feed.
Decentralized social media platforms
In the wake of these social media vulnerabilities being exposed, a new wave of decentralized social media platforms emerged. These social media dApps, including our very own Murmur, are built with a greater focus on data security, transparency and privacy. They are built on a blockchain and require a blockchain account which uses a private and public key pair instead of a password for authentication. Sidestepping passwords altogether is just one way in which us dApps minimize some of the above-mentioned risks. The decentralized structure of the blockchain also makes it more cumbersome for hackers since the data is not all stowed away in one centralized location, but distributed across secure digital nodes.
Supported by an ad-free social mediascape, there’s no reason for your data to be shared with third parties, which further reduces the number of weak points for a data breach on a decentralized social media platform. A user grants permission to read or write data only while being logged in. Once the user logs out, the dApp no longer has access to the user’s data.
Although relatively new in the social media space, blockchain-based social dApps like Murmur are steadily growing more popular with increasing awareness of cyber threats in traditional social networking websites.