Our modern social media landscape has convinced us all to share every small detail of our lives with people we haven’t spoken to in person in years. Think about the implications of that.
Samuel Culper, of the outstanding website Forward Observer, has this to say about Social Media: “We should farm data from it, but never plant”.
Reaching back even farther, to the times of Solomon, the best advice book ever written has this gem for us:
Those who guard their lips preserve their lives,
but those who speak rashly will come to ruin.
Proverbs 13:3
As my friend best-selling author Ivan Throne says, “Concealment is the Second Law”. Every time you are tempted to reveal some personal data, do a risk assessment on it. What is the benefit of sharing this information, versus the risk that exposing it will cause. It doesn’t have to be just about safety. Consider this….you make a social media post about opening a business, what are the chances that your competition will then start actions to thwart your plans? A vindictive neighbor? A government bureaucrat?
It’s perfectly fine to want to share information with your friends, but think about all of the information that you are putting out there. Many people essentially “narrate their lives” on social media, which can put your property and your safety at risk.
It’s not only social media that is a risk, but so is social engineering and general conversation.
Elicitation is a technique that spies use to get information from people without them knowing it, and it happens every day by criminals, too, they just don’t use the fancy name.
Let me give a quick example from an investigation I was involved in. A restaurant chain in a heavily Middle-Eastern community in Detroit had their waitresses engage in conversation with customers, learning their travel plans back to the Middle East. When they found a customer who was leaving the country soon who paid with a credit card, they used a spare credit card machine to lift the “third track” off the magnetic stripe on the credit card. This track contains name and address data. The leaders of the ring would then conduct a burglary while the customer was out of the country and not only steal high value things, but they would also sell the furniture and decorations online.
Social engineering is tricking you into giving up information that can be used to guess your online passwords. The most common variation can be seen on Facebook dozens of times every single day. It goes like this….”Let’s see who will do this with me” and it then proceeds to ask you to complete a series of seemingly innocuous questions about your life. Within those questions, you’ll find commonly used “forgot your password” security questions, and you are WILLINGLY giving everyone the ability to hack into your life.
I’ve seen a variation with one Twitter user who claims to be randomly asking questions like “What’s you favorite food” and “Where would you like to go on vacation”. Intermixed every so often is a security question type question. He’s counting on you getting used to commenting on the random questions and blindly answering security question answers.
Another area that invites risk is “checking in” or “tagging” yourself in locations. If I tag myself at a movie theater, I’ve just told the world exactly where I can be found for the next couple of hours. More importantly, I’ve told them where I’m NOT, such as my home. The best strategy in this area is to not do it all, but if you feel that you must, tag yourself as you are leaving the location.
We all want social media to portray our lives as fun-filled and happy, so many people spend their days posting photos of their activities. Just like tagging or checking in, you’re telling the world where you can and cannot be found in real time. I understand that you want the world to see your awesome cruise experience, but you can post those photos as soon as you get home instead of telling everyone that you are in Belize with no plan to get home for several days.
Have you ever noticed how after you go somewhere or you discuss something with friends, you instantly start getting ads about what you discussed? It’s called surveillance capitalism and it’s a huge business. Open your phone’s settings and check “app permissions”. You’ll be surprised at how many apps can access your location for no other purpose than to sell that data. Yes, they are selling surveillance reports on everywhere you go. Turn these settings off, or to “only while using the app”. There is no reason for you to let some random company profit off your location data and there is absolutely no reason why your Scrabble game ever needs to know your location or record audio.
At this point, many people I advise tell me “But I have location turned off on my phone”. I laugh at that comment. Your travels are Google or Apple’s biggest money-making product…do you really think they’ll let you turn it off? Tucker Carlson ran a segment where they took a phone that had location turned off and another phone that was TURNED OFF COMPLETELY and traveled around Washington DC for a day. At the end of the day, they checked the phones, and both were sending location data to Google, despite the settings and the one phone being turned off.
During the current CoronaVirus pandemic, Governor Gretchen Whitmer said during a press briefing that she had received location data from Google about the movements of Michigan residents to determine if residents were abiding by her Stay Home Order. Do you remember giving your consent to that government search of your private data? You didn’t have to , because Google violated your 4th Amendment rights, and they aren’t bound by the Constitution.
The only way to be sure that a phone isn’t sending location data is to remove the battery. Did you notice that you can no longer remove the battery? That’s on purpose; your location data is their biggest money-making product.
Have you noticed that whenever you get a text message or an email now, you get a list of suggested responses? That’s not for your convenience; it’s because they are reading your messages looking for information to sell.
Try this experiment: open your photo gallery and click “Search” type in anything you’ve taken a photo of and hit enter. If you typed dogs, it will show you every dog photo. Again, this isn’t for convenience, it’s because they are analyzing your photos to see what they can market to you.
Check Facebook. Look at your security settings for a tab call “Off Facebook Data”. It’s default setting is “on”, allowing Facebook to capture all your data on your phone, including your location data, for them to sell. Change it to “never” and delete the history.
The only way currently to ensure that your phone isn’t recording your audio (they really do, read the fine print), video (yes, that too), and location, is to store it turned off in a Farady cage except when you are actually using it.
Privacy should be a major concern to you. Many of my clients say “I have nothing to hide, so I don’t care”. Your personal, physical safety is worth protecting and if the data can be sold to advertisers, it can be hacked and downloaded by bad actors.
Guard not only your lips, but also your digital data as well.
Fiercely guard your private information. Share online sparingly.
Tactical Wisdom 