Online Safety

Changes to hiding from public search on Facebook

Recent changes to the Facebook privacy settings, has made it difficult for users to conceal their personal profiles, as Facebook has removed the ability to hide from public search.  Facebook profiles have the ability to be located through the Facebook search function and in some cases via search engine sites such as Google.

However there is some reprieve.  Within the Facebook Privacy Settings, you have the option to remove yourself from a search engine link. This means that persons using a search engine to look for you via a name search, should be unable to link to your Facebook profile.

Go to > Privacy Settings  > Who Can Look Me Up?  > Do you want other search engines to link to your timeline?  > Uncheck the box.  (as per diagram below)

Be aware this may not remove a link to your profile due to any public content that you post.  As a result please ensure you check your privacy settings and only post your information to friends.

Social Media Quick Tip: Beware of the “Who Stalks My Page” Scams on Facebook

Facebook scams are plentiful and most of us like to think we’re pretty good at spotting them. One in particular seems to nab law officers from time to time. It’s the one that promises to tell you who “stalks” your page the most. Sometimes it’s also worded as “see who views your profile.”

To officers, it’s a double-edge sword because if it actually worked, it would be very useful in an investigation if someone complained of being harassed. To be able to run an application that (presto!) showed who’s been stalking the victim’s page would be very useful in finding out who the main suspects are. But it doesn’t work that way.

In my training sessions with law enforcement, I’ve been asked more than once if I could tell them how to do just what this scam claims to do. The twist was, in each case where I was asked, it was the cop or one of his/her colleagues who was being harassed on Facebook and they wanted to know which one of these “tools” I recommended.

Here’s the absolute truth: Every one of these claims is a scam. Facebook makes it very clear that the company doesn’t do this itself and won’t allow third party access to that information. If you click through to one of these scams, you will be giving the scammer access to your account. I shudder at the implications that has for officer safety. Beyond that, the scammer will use your account to send messages to all your Facebook friends on your behalf.

It isn’t possible to overstate the need for law officers to be careful with third-party applications on Facebook. The best rule is to assume that all of them will cause harm unless you know for certain it’s been created by a reputable company and serves a real purpose.

This Social Media QuickTip was previously published on LawOfficer.com.

Social Media Quick Tip: Keep Your Lat/Long to Yourself

Don’t let geolocation coordinates undermine your own safety

Geolocation coordinates can help you in an investigation, but they can also put your safety at risk. Turn off geolocation functions on your computers and smartphones. Photo iStock

Geolocation coordinates are everywhere in social networking these days. If you’re an investigator, you’ve probably figured out how useful such data can be to link someone to a time and a place.

Remember: Your own geolocation data can also be used to undermine your own safety. To help keep yourself, your family and officers at your department safe, do the following:

1. Turn off geolocation on your smartphones–on the phone itself and within the camera function. On a Blackberry, click Menu and then Turn Off GPS. On an iPhone go to Settings, then General. On an Android, from within the camera application, go to Location and Security and Disable GPS.

2. Turn geolocation off within the mobile apps installed on your smartphone as appropriate.

3. Turn geolocation off on social networks you access from a computer or tablet, such as an iPad.

4. Any digital photograph you take can have lat and long embedded. Digital cameras, especially late models, are likely to store this data with every image. If you take a photo of your children and post that photo online, you’ve just potentially told people where to find your kids.

5. Be mindful of all of the above advice if you play FourSquare or use Facebook Places.

Finally, and perhaps most important, have a sit-down with your kids and fellow officers, and make sure they understand these risks, as well.

This Social Media Quicktip was previously published on LawOfficer.com.

Facebook Secure Browsing for Officer Safety

And the implications for department social media policy

Early this year Facebook offered users the ability to use the sight a bit more securely with “secure browsing” (https) or SSL encryption, as Facebook said, “whenever possible”. It’s important to enable https, otherwise, any hacker sharing the same public wifi can easily infiltrate your social media accounts. But for police officers concerned about their own privacy and safety, there’s more to it.

Ethical hacker James F. Ruffer III of Unibox explained that with a plugin like Mozilla Firesheep anyone can BE YOU on sights like Facebook, WordPress, FourSquare, and Twitter The one protection a user has is enabling secure browsing with the https setting. In a recent post on the Social Media Security blog , he explained how with access, a hacker can control every aspect of the victim’s Facebook profile, including the victim’s Facebook Pages. He added, “Once I am in, the victim has to check secure browsing, log out, and log back in,” he said. “That’s the only way to destroy my attack vector.” Firesheep is a Mozilla Firefox browser extension and utilizes packet sniffing methods to intercept unencrypted cookies or sessions.

This technique is known as “sidejacking” and although the hacker doesn’t have control over the victim’s account, they have mirrored what the victim is doing from his or her browser onto theirs. Due to the high level of attention this security flaw demanded, a Mozilla Firefox plugin called Blacksheep was quickly developed to detect if Firesheep is being used on a network, Blacksheep tries to create “false” sessions IDs on a network to see if the sessions are being hijacked.

Hackers  can also use Firesheep to extend their access to Social Media Management platforms and still get simultaneous control of all the victim’s profiles from there, even if the https secure browsing is enabled.

Detective Constable and forensics investigator Warren Bulmer of the Toronto Police Service is an expert on Facebook security. He explained in most cases the victim wouldn’t know their account has been compromised unless the hacker makes a change. “As long as the person doesn’t do anything they could spy all day long. They can take digital pictures of your screens and collect intelligence all day long. There’s no way to know that they’re there.”

A big part of the problem is Facebook itself. Its new features are implemented automatically, so that users have to actively change the features, which, in many cases, involve user data. Facebook isn’t trying to allow hacking, rather than allow themselves the ability to collect mass amounts of user data. However, the tactic does leave security holes.

Recently the security firm Sophos issued an open letter to Facebook asking for three things, one of which was for https security to be turned on by default. When Facebook introduced the feature, the social network posted on its blog, “We hope to offer HTTPS as a default whenever you are using Facebook sometime in the future.”

Until Facebook makes secure browsing the default setting, know this:

  1. To turn on https secure browsing, in the upper right corner pull-down menu, go to “Account Settings”, then “Account Security”. The https checkbox is the first option.
  2. Some games you play or applications that you might install will turn off https. You should be notified when this happens, be sure to re-enable secure browsing afterwards.
  3. With https security turned on, your use of Facebook will likely run more slowly. It’s a small price to pay.
  4. Never trust any social network to guard your privacy. Guarding your information and therefore your safety and career security is your responsibility.

Regardless of whether Facebook enables the security setting by default or not, law enforcement officers need to take extra care to secure their profiles. Ruffer recommends using an Ironkey, an inexpensive USB device that guarantees secure browsing. Secure data plans like 3G, or a portable hub such a Verizon’s “Mifi”, can be pricey, but may be the best option. Otherwise, avoiding public wifi is the best protection.

Bulmer cautions that there are things you should “just not do” from a public computer or on a public wifi. “In these Internet cafés or coffee shops, you have no idea what their network or someone else also using it is capturing. It would be nice to be able to say the restaurant or hotel is legit and they don’t keep information. The reality is, you really don’t know that. The safest method, if you really need to use these social networks is to do as much security as possible,” he said.

So what should this mean for department social media policy?

When someone leaves the department, does department policy spell out how their accounts are processed and closed so that any security breaches that may have taken place on those accounts are done away with? The first article on ConnectedCOPS.net was an article on social media policy for law enforcement in August of 2009. In it, I called for requiring the people who use social media representing the department or in their personal lives to be competent with regard to how the platforms work. Social media is like anything else a law officer does at work, and it requires a significant amount of training to ensure this competence. Security issues like the one illustrated here reinforce the importance of this point. To this end, department policy should also require the pertinent security measures to help keep these breaches from happening in the first place.

Officer Safety: On Facebook, Remove Yourself from Public Search, Bing Still Finds You

One of the first things in the privacy settings on Facebook that many people like to take care of is to take themselves out of public search.  It’s a smart thing to do with a personal profile if you’re a law officer. Keeping private profiles as limited as possible to close friends and family is a good idea. If people can’t find you in a search, you don’t have to worry about what to do with unwanted friend requests.

If your Facebook profile is used as a professional profile, it’s a good idea to leave Public Search active so constituents can find you.

But taking oneself out of public search on Facebook does not mean the removal of your information from showing up in Bing search results, when a person is logged in to Facebook. So what this appears to mean, is that if a person can’t find you by running a search on search engines outside of Facebook, they can log into Facebook, run a search for you and you will show up in web results if you haven’t removed yoursellf from Bing. In this November 2010 announcement from Bing, it’s confusing, but it is explained.


1.

To take oneself out of public search, the first step is to – in the upper right corner where it says account – click and pull down to “privacy settings”. In the bottom left corner, under “Apps and Websites” click “edit your settings”.






2.

On the next screen click the “edit settings” button at “Public Search”.






3.

Uncheck the box.




4.

Then click “see preview”.  You might get a confirmation that looks like this.


















You think you’re done. You’re not. Anyone with a Facebook account – more than 500 million people at last count, can still log in and search your name. You will show up in web results from Bing unless you do the following.


5.

Go to the Facebook Help Center and click “Search”.

Then click “Search on Bing.com”




















6.

Then click on “How do I control what information appears in Bing results?”






















7.

Then click the third bullet point down Block Bing “here”.







































Sneaky huh? More to come…..

Officer Safety: Survival Guide for Cops on Facebook

There are two words that should never be in the same sentence: Facebook and Privacy. The exceptions, of course, are if in the same sentence are other words like “don’t bet on it”, “not a chance”  or “aint happenin'”. This post isn’t about slamming Facebook. I wouldn’t do that, I’m a Facebook fan. Nor is this a post about the stupid things some cops have done on Facebook which have caused embarrassment to their department, the compromising of a case, disciplinary action taken against them or even dismissal from their jobs. This post is about being a cop, being on Facebook and not compromising your safety or that of your family members or co-workers in the process.

I’m a huge proponent of law enforcement using Facebook and all social media in the strategic ways that make sense for their departments and their roles within them. In these cases, officers should always be using professional profiles, department email addresses and official photos. When citizens can go to their police department’s Facebook page and see posts by, and interact with, real officers, it’s a win-win for everyone. It’s especially essential that the officers in the very public-facing roles (Community Police Units, SROs, K9, etc) have visible profiles, as appropriate, and leverage these tools to the fullest extent possible. But that’s where it ends.

In October of 2010, Phoenix Police made a DUI stop and discovered a CD with many photographs and names of more than 30 Phoenix police officers and civilian employees which had been culled from Facebook profiles. On a flier distributed to law enforcement, posted here with permission, Phoenix PD’s Counterterrorism Unit advises to set profile settings to “friends only”. That’s a good first step. But it’s not enough. People who really want to harm you, like the people who create CD’s as described above, can still find you. The next several posts on this blog will take you through some crucial Facebook settings for officer safety.

I hate to say it, but the time has come. The more I think about it, the more convinced I become that cops shouldn’t have personal profiles on Facebook. I know it seems crazy coming from me. I also know that all you cops on Facebook aren’t exactly going to heed this advice and shut down your pages. So, maybe we can agree on an approach that will help guard your personal safety, and your kids’ safety, protect your career and keep the Chief off your back. Although, I could name a few chiefs who need this information too.

I have just three main points. but each has several sub-points.

  1. Don’t mix personal with professional
  2. Figure out how to set your privacy settings and pay attention to changes Facebook makes to them
  3. Clean-up your (online) act

1. Don’t mix personal with professional.

If  you have a professional profile, keep it that way.

  • Don’t friend the high school buddies, or especially any ex girlfriend or boyfriends. But also, don’t friend family members. Keep it completely professional, friend only co-workers and those citizens with whom you interact in the course of your work. This is hard to do, especially if you live in a small town.
  • Don’t put pictures of your family, especially the kids, on any profile in which you’re identified as a police officer. Even if the only identification is that you’ve listed “abc PD” as your employer.
  • Keep the photos of you being a regular guy or girl off the professional page. This includes everything from pictures of you holding a beer to information about your off-duty hobbies and interests.
  • You can figure out the friends lists feature on Facebook but for law officers, it’s about identifying oneself as a cop vs. not identifying oneself as a cop. Even if you have the professional contacts on one friends list, personal friends on the other, it doesn’t keep the two worlds separate enough. Especially when it comes to photos tagged with your name.

On your personal profiles, you’re not a cop, seriously.

  • No photos of anything law enforcement related. As hard as it is when you actually possess a photo of a hot chick in shorty shorts, sitting on the hood of your cruiser holding a firearm. Resist temptation. Show it to your buddies personally if you must, but leave it off Facebook.
  • Most important is that identifying yourself as an officer compromises your safety.
  • Even here, keep the photos of the kids off. It’s not fair but it’s reality.

2. Figure out Facebook privacy settings.

  • I can think of no good reason anyone would have settings at anything other than “friends only” let alone police officers.
  • One reason the above often happens is because too many people on Facebook haven’t learned how to change the privacy settings, or they don’t care. As a police officer, if you don’t care or can’t be bothered to thoroughly learn to manage privacy settings on Facebook, stay off for your own good. For a glimpse of how Facebook regularly changes default privacy settings, see Matt KcKeon’s “The Evolution of Privacy on Facebook” here.
  • Click through every thing available under both privacy and account settings and lock them down.
  • Don’t play the third-party “Send a virtual drink to somebody” or “Does Jessica look better with long hair?” games. When installed they take all your personal information as well as personal information of everyone you’re connected to. When your friends play these games – your info goes with theirs. Go into application settings and delete whatever is installed that you don’t recognize and trust. And note that this is another reason to keep your private profile separate from professional. You can’t control what your friends do online.
  • The next few posts on ConnectedCOPS.net will take you through some key privacy settings. For example, one way to help prevent people from finding your personal Facebook profile is to take yourself out of public search. Unfortunately, I recently discovered that it doesn’t mean you won’t be found by the Bing search engine. Tomorrow I’ll show you how to block Bing.

3. Clean-up your (online) act

  • Law enforcement has to smarten up about personal information
  • Anything you post, any “like” button you hit, will be closely scrutinized by cop-haters and/or defense attorneys. If you “like” the Page of an organization that an attorney can use to point a finger at you and discredit your testimony or get your case thrown out, it will happen.
  • Don’t assume your so-called friends on Facebook won’t be the ones who report something you’ve posted to your Command Officer. It has happened and at least one cop in Georgia lost his job because of it.
  • Watch what others post about you and educate your friends and family. If you’re at a party and people are taking pictures, rest assured they’ll be on Facebook tomorrow. That photo of you having a good time will be tagged with your name linking to your professional profile. Even just photos of you spending time with family can be a threat to you if they appear online.  You can untag yourself, but you can’t make the photo go away.
  • Facebook has already begun to introduce facial recognition technology. Those high school photos that you don’t think look anything close to how you look now, will be traced to photos of you today that you thought nobody but your friends would see. Want to work undercover? It might cost you that opportunity.

Keeping up with Facebook is a lot of work. I started writing this blog post nearly a year ago. It seems like every time I went to finish it, something else about Facebook changed and I had to start over. I and the rest of the ConnectedCOPS writers will attempt to stay abreast of Facebook changes with the goal of having relevant information for you.  But even if you master Facebook Privacy settings, do you have that warm fuzzy feeling that your information is really safe?

If you ever have a question don’t hesitate to let me know and stay safe out there, and online.