Social networking platforms

Posted10 August 2016

Table of Contents

...Loading Table of Contents...

    This chapter aims to help you navigate through the privacy and security settings of some popular social networking sites with a view to making their use more secure, or perhaps better said, less insecure. In particular, it gives step-by step guides in this respect for Facebook and Twitter, as well as some general guidelines for YouTube and Flickr.

    Required reading

    What you will get from this guide

    • The ability to reduce the amount of your personal information made public when you use social networking platforms
    • The ability to control who can access your profile, status updates, photos, and other data on social networking platforms
    • The ability to reduce the amount of your personal information made available to advertising partners and other third parties
    • Tips on how to protect your privacy and that of others when sharing photographs and videos online

    1. Social networking platforms

    These social networking security guides aim to help you navigate the privacy and security settings of a few popular social networking platforms, with a view toward making them more secure (though less insecure is perhaps a better way of putting it). Specifically, step-by step guides are provided for Facebook and Twitter, and some general guidelines are provided for YouTube and Flickr.

    These social networking websites are the most popular and widely used social networking tools. They are owned by private companies and, as noted in chapter How to protect yourself and your data when using social networking sites, these companies make their money by collecting information about users and selling it on to advertisers.

    Government crackdowns will target these sites first and block them, and the companies will cave into government pressures and censor when necessary. If they are not blocked, they are actively monitored by numerous governments who collect user metadata and make requests for private information about individuals of interest, often including human rights defenders. Note, in this regard, that companies managing social networking servers have access to all your information, including your private data and password.

    It may be worth looking at alternatives to these sites, such as Diaspora, Crabgrass, Friendica, Pidder, or SecureShare which have been designed with digital security and activism in mind. The Social Swarm is a think-tank run by a not-for-profit organisation which carries out discussions, awareness-raising and campaigns related to privacy on social networks, and may be a useful learning resource.

    Other similar sites may be popular in different regions, so you way wish to explore other options. Before choosing one you should consider the following points:

    1. Does it provide connection over SSL (like https) for all uses of the site, rather than just during login? Are there no problems related to encryption, such as problems related to encryption certificates?
    2. Read the End User Licence Agreement and Privacy Policy or Data Use Policy carefully. How are your content and personal data treated? With whom are they shared? For a useful add-on which helps users undestand the Terms of Service of many popular sites, see Terms of Service; Didn't Read.
    3. What privacy options are provided for users? Can you choose to share your videos securely with a small number of individuals, or are they all public by default?
    4. Do you know the geographical location of the servers, under which territorial jurisdiction they fall or where the company is registered? Are you aware of how this information relates to the privacy and security of your email activity and information? Will the site's owners hand over information if they receive a governmental request to do so?

    2. Facebook

    Facebook is the world's most popular social networking site. It can be and has been used widely by human rights advocates in order to build networks, communicate, organise and publicise events or issues. However, it is also a potentially rich source of information for those opposed to the activities of rights advocates. Therefore, knowledge of the different account and privacy settings available is extremely important.

    Facebook is actively monitored by numerous governments, including the United States government. Moreover, Facebook's Data Use Policy states that they will share your information in response to legal requests including governmental investigations.

    It is important to keep in mind that, due to the open nature of Facebook, your security and privacy depends heavily on that of your friends and contacts. While practicing these guidelines alone will give you more privacy and security, it will be much less effective if your Facebook contacts do not practice them too. Therefore, it's important to spread these practices among your friends, family and other contacts on Facebook so as to improve your security, as well as theirs.

    Many people use Facebook Groups as a way of communicating and organising socially, politically and professionally. While Facebook gives you the ability to create a "secret" group, it's worth noting that all the information shared in such groups is shared not only between members but also with Facebook and whoever has access to their data, which can include state agencies or other third parties who request it. As an alternative we recommend the Crabgrass service provided by RiseUp.Net, although it's worth noting that it is specifically designed for activism.

    You should always stay up-to-date on the Facebook Privacy Settings. The settings outlined in this guide will help keep your Facebook account more secure (as of June 2014). However, it is always advisable to look at the official Facebook help page for Privacy and Security settings for any updates, or advice for any questions you may have. You might also want to check out Facebook's Terms of Use and Data Use Policy documents.

    2.1 How to Create a Facebook Account

    To create Facebook account open your web browser, (we recommend Firefox web browser with security add-ons or Tor Browser), and type https://www.facebook.com into address bar, to arrive at Facebook's homepage. Note the s in https address that indicates that you are now communicating through secure, encrypted connection (also known as a Secure Socket Layer - SSL).

    Step 1. Fill in the fields marked First Name and Last Name, fill in your e-mail address twice and create a new Password. You area also required to provide a birthday and select a gender (although only 'male' and 'female' options are given).

    Figure 2: A completed form

    Note: We recommended setting up a new e-mail address to register with Facebook. If you use your public or work-related e-mail address, this will make it easier for possible adversaries to find you. Note also that Facebook's Terms of Use require you to use your real name when using Facebook. This will of course make it easier for potential adversaries to find you and follow your activities. You can provide a false name, although it should be noted that this goes against Facebook's Terms of Use and you may still be identifiable according to your IP address, among other things. Connecting to Facebook through software such as Tor Browser is also difficult as Facebook remembers your location and may mistake your logins for attempted break-ins.

    Considering all of the above, if you are concerned that your identification, or the linking of your Facebook activities to your offline work or personal life, might pose a threat to your life, liberty, health, or work, or that of your family or friends, perhaps it is better not to register or use Facebook. Read more about how to stay anonymous online in How to Remain Anonymous and Bypass Internet Censorship.

    Note: Remember, it is extremely important that you choose a strong password to protect your account and your information. Please see chapter 3. How to create and maintain secure passwords.

    Step 2. Make sure you have read and understood Facebook's Terms of Use and Data Use Policy before clicking sign up. These contain important information about what information you are handing over to Facebook and how it will be used by them.

    Step 3. On the Find Your Friends screen Facebook asks you to provide your email address and password in order to look for contacts from your e-mail account on Facebook, who you can later add as Facebook contacts. We very strongly recommend that you skip this step.

    Figure 3: The Find Your Friends screen

    Step 4. On the Profile Information screen Facebook asks you to provide information such as the High school, College or University you attended, and your current Employer. While this information may make it easier for friends to find you, it will also make it easier for adversaries to find you too. We recommend that you click skip this step.

    Based on the information you provide at this step, Facebook will then make suggestions of possible classmates or colleagues of yours who you may wish to add as friends. Again, consider carefully who you wish to add and do not add anyone as a contact who you do not know and trust.

    If you do not wish to add any friends at this point, you can also skip this step.

    Figure 4: The Profile Information screen

    Step 5. On the Profile Picture screen Facebook asks you to provide a picture of yourself, either by uploading one or taking a picture with your webcam.

    Figure 5: The Profile Picture screen

    Note: This picture, as well as your cover photo on your Facebook timeline, will be visible to anyone who arrives at your profile, including people who are not your friends, and regardless of what your privacy settings are. Consider very carefully whether you want to use a photo in which you, your friends, family, colleagues or organisation could be recognised by possible adversaries.

    Once you click Skip or Save and Continue, you will be prompted to check the inbox of the email address you provided. Here you should find an email from Facebook requiring you to follow a link to confirm the validity of your email address. Once you have done this, your Facebook page is created.

    2.2 General Settings

    Step 6. From your Facebook Home page, click on the small arrow beside Home in the top right-hand corner and select Settings.

    Figure 6: Options

    This will take you to the Settings menu. On the left-hand side, you can choose different categories of settings. The first tab is General Account Settings, where you can edit information about your name, username, email, password, networks, and language.

    Figure 7: General Account Settings

    Step 7. You should update your password regularly, preferably at least once every three months. Remember, it is extremely important that you choose a strong password to protect your account and your information. Please see the Create and maintain secure passwords guide.

    Figure 9: Password options

    Step 8. Your network: Facebook allows you to join networks, based on criteria such as your high school, university, employer, hometown or current city, as a means of making it easier for people to find and connect with you. While this may make it easier for you to find contacts, it will also make it easier for people, including adversaries, to find you. Considering the volume of users of the site, it is improbable that you need to join a network in order to connect with the people you know and trust on Facebook.

    2.3 Security Settings

    Step 9. Click on in the menu on the left hand side. This will open the Security Settings page.

    Figure 10: The Security Settings page

    Step 10. Click on the Login Notifications tab. Here, you can choose to be notified if an attempt is made to log in to your Facebook page from a device which you have not used before. Choose whether to receive by Email or Text Message/Push Notification.

    Note: If you select to receive alerts via Text Message, this means you will link your mobile phone number to your Facebook account, making your activities on the site more easily identifiable.

    Figure 12: Login Notifications options

    Step 11. Login Approvals: For added security, you can choose to have to enter a security code every time your account is accessed from a computer or device Facebook does not recognise. The security code will be send as SMS to your mobile phone.

    Note: Enabling this option will make it more difficult for someone else to access your account unless they also have access to your mobile phone. However, as mentioned above, it also involves associating your mobile phone number with your Facebook account. You should consider the pros and cons of this for your own situation and make the choice which you consider more secure for you.

    Figure 13: Login Approvals options

    Step 12. Code Generator: This setting allows you to use the Facebook mobile app on your smartphone in order to generate login codes or new passwords.

    Step 13. Application Passwords: If you use applications on Facebook, this option allows you to generate individual passwords for them. Unless you have a specific need to do so, however, we recommend avoiding Facebook applications.

    Step 14. Trusted Contacts: This option allows you to select certain contacts from your Facebook friends who can help you to log-in to your account if for some reason you are otherwise unable to. This is done through sharing a secret code with your contact. If you decide to use this option, be sure to choose your trusted contacts carefully and establish a secure means of communication for sharing the code.

    Step 15. Trusted Browsers: Here you can review the browsers most frequently used to access your Facebook account.

    Step 16. Active Sessions: This shows details of any Facebook session that you may have forgotten to log out of - for example in an internet café, or a friend's computer - and therefore is still active. The location is determined by the IP address.

    Fig. 14: An example of a list of several active sessions

    It is very important to close these sessions in order to prevent anyone else accessing your Facebook account, especially if you note any devices in the list which are not yours or you do not recognise. To do this, simply click End Activity beside each active session.

    2.4 Privacy Settings and Tools

    Step 1. To edit your Facebook Privacy Settings, click on the small arrow beside Home in the top right-hand corner and select Settings.

    Figure 1: Options

    Step 2. This will take you to the Settings menu. On the left-hand side, choose Privacy.

    Figure 2: Privacy settings page

    Who can see my stuff?

    Step 3. The first option here creates a default rule for your future status updates: Who can see your future posts?. Here, you can choose between making them available to the entire public, your Facebook friends, yourself only, or a custom group which you can determine. Note that you can also change this for individual status updates, so that you can decide which ones are public, which ones are for friends or which ones are for a specific group. It's also worth noting, though, that everything you post is recorded by Facebook (including when you select Only Me) and can be handed over by them to third parties.

    Step 4. The second option allows you to review the posts which other Facebook users have tagged you in. To see this, click on Use Activity Log.

    Figure 3: Who can see your future posts

    Step 5. The thrid option allows you to restrict access to previous status updates of yours which may have been public. Note, however, the limitation that individuals you tagged and their friends will still be able to see this content.

    Figure 4: Limit previous posts

    Who can contact me?

    Step 6. In this section, you can decide who is able to send you a friend request. This is not particularly important in terms of information security, since in the end, it is still you who decides who to accept as a friend, and you should always exercise caution and avoid adding people who are unknown or untrusted. If you want to change this setting, click Edit.

    Step 7. Whose messages do I want filtered into my inbox?: Facebook allows you to filter the messages you receive into two folders: Inbox and Other. Here you can choose between Basic Filtering, which is more permissive of messages from people who are not on your friend list, and Strict Filtering, which is less permissive.

    Figure 5: Who can contact me?

    Who can look me up?

    Step 8. Here, you can limit the ease with which people can look you up by knowing your phone number or e-mail address (although this is still technically possible), as well as limiting people's ability to find your Facebook page via search engines. The default settings make it as easy as possible for individuals to find you this way, including possible adversaries. Click Edit on the first two options and ensure that only Friends can search for you by your e-mail address and phone number. For the third option, click Edit and uncheck the box which says Let other search engines link to your timeline.

    Figure 6: Who can look me up?

    2.5 Timeline and Tagging

    As we've mentioned before, your information security on Facebook has a lot to do with the behaviour of your friends. In the Timeline and Tagging menu, you can determine what happens when friends tag you or your posts and what happens when they post on your timeline.

    Step 1. In the left-hand sidebar, click on the Timeline and Tagging menu.

    Figure 7: The Timeline and Tagging menu

    Step 2. If you want your timeline to be truly yours, it's advisable to disallow posts on your timeline from anyone but yourself. To do this, click edit beside Who can post on your timeline and select Only Me.

    Step 3. Here, you can decide what happens when other friends tag you in their posts and photographs. It is advisable that you click edit and enable the Review posts that friends tag you in... option so that you can prevent any irresponsible tagging from friends appearing on your timeline. However, this won't prevent their posts (including your tag) from being visible to their friends, or perhaps even the public, depending on their settings.

    Figure 8: Who can add things to my timeline?

    Step 4. Who can see things on my timeline? This item is associated with the previous options. Previously, we've decided who gets to publish material to your timeline, and here, you get to decide who can read them. If you click Edit, you can change these settings so that either everyone, friends of friends, a custom group of people, or only yourself can see posts you've been tagged in, or things others post on your timeline.

    The first option, View As, is an interesting way to see what certain individuals can see on your timeline. However, keep in mind that Facebook can still record all of the above and share it with third parties including law enforcement.

    Figure 9: Who can see things on my timeline?

    Step 5. How can I manage tags people add and tagging suggestions? This refers to tags of you by other users of Facebook. It's best if you switch on the Review tags people add to your own posts before the tags appear on Facebook option, and limit the audience for the second option to Only Me. Facebook has begun using a form of facial recognition technology which allows it to identify photographs that look like you among your friends' and contacts' photos and suggest that they tag you in the photos. Naturally, for rights advocates, this could be particularly sensitive and therefore it's strongly recommended that you deactivate this option if it is available to you.

    2.6 Blocking Users and Apps

    Step 6. In the menu on the left, select Blocking. Here, Facebook offers ample opportunities for blocking unwanted, intrusive, and sometimes potentially dangerous information.

    Figure 10: Select Blocking from the drop-down list

    Step 7. Restricted List. Here, you can discretely add Facebook friends to a list which will limit them to only being able to view information you share publicly on your timeline (per the settings we explored above). To add friends to the list, click Edit List.

    Figure 11: Restricted List

    Step 8. Block users. Here you can block a user from accessing your Facebook page, any of your content, or adding you as a friend.

    Figure 12: Block Users

    Step 9. Block app invites. Often, we will have Facebook friends who are enthusiastic about a particular application, often a game, and they will continuously send us invites to join this game. Here, you can block application invites from such friends.

    Figure 13: Block App Invites

    Step 10. Block event invites. Similarly, here you can block invitations to events from certain Facebook friends.

    Figure 14: Block Event Invites

    Step 11. Block application. As the name suggests, here you can prevent an application from accessing all but your public information.

    Figure 15: Block Apps

    2.7 Followers

    Facebook gives you the option of allowing people to subscribe to your news feed, without being friends. Be aware however, that if you allow others to subscribe to your news feed, then some of your data is available for them and others in their network to see. The safest option is not to allow people to subscribe to your news feed.

    Step 16. Click on Followers from the menu on the left.

    Step 17. Ensure that Friends is selected.

    Fig. 18: Follower settings

    2.8 Applications

    Many Facebook users love and actively use applications — for example, games and ways to empower communications, such as social readers. Each application is associated with your Facebook account, and the basic data of your Facebook account will be available to any application (such as your name, gender, public pictures and network). Also, when installing a new application, it may ask for your permission to have access to the same or other information about you and your friends. This includes a variety of data, such as age, place of residence, education, circle of friends and contacts. Thus, the application can gather and share information such as what country you come from and where you currently are. Some of this information you may consider sensitive. Therefore, for safety reasons, we recommend not to use Facebook applications unless you really need to.

    Step 1. Click on Apps in the menu on the left.

    Figure 1: Application menu

    Step 2. Apps you use. Here, you can enable or disable the so-called "Facebook Platform" which allows you to use Apps. By default, this option is enabled. It allows you, for example, to register for other sites using your Facebook account. On the one hand, this is convenient: no need to spend time on the registration form and fill in all the fields, especially if you do not intend to make frequent use of this site (for example, you want to leave a comment on a news story, or sign a petition). On the other hand, your comment will be linked to your Facebook account, recorded and possibly shared. If using Apps isn't important to you or your work, it's recommended that you click Turn Off Platform in order to better protect your privacy. If you do decide to leave the option enabled, then pay attention to the list of applications already installed at this point. Do you really need them all?

    Step 3. By clicking on an app you can see what information it has access to.

    Figure 2: Details of an app

    Step 4. To remove an application, click on the 'x' beside the app in the list, and then click Remove in the warning window which pops up.

    Figure 3: Remove an application

    Step 5 Apps others use. We also have to consider that some of our Facebook friends bring our information into the apps that they use. By clicking on Apps others use, you can un-check the boxes beside categories of your information which you don't want to share with your friends' applications.

    Figure 4: Apps others use

    Step 6. Instant personalisation. Facebook's Instant Personalization also grants certain websites access to your public profile information when you visit them. What these sites do is that they adjust their web contents to suit your wants and needs, thus creating a personalized experience. To be more secure, if this service is available in your region, you should disable it.

    Step 7. Click under the Instant Personalisation tab. Click on the screen which will appear to explain what Instant Personalisation is, and at the bottom of the next page, make sure the box marked Enable instant personalisation on partner websites is unchecked.

    2.9 Advertising Settings

    Advertising is fundamentally important to social networking companies, as it is their source of revenue. There will always be advertisements on social networking sites such as Facebook, though we can make them less personal, which is the right move in terms of information security and privacy.

    Step 1. In the column on the left, select Ads.

    Facebook currently promises not to associate your name or picture with third-party advertisements, although they leave space for this to be possible in the future. It's a good idea to change these settings so that your details still remain private in case advertising rules change in the future:

    Step 2. Click Edit beside Third Party Sites.

    Step 3. Select No-one and select Save Changes.

    Figure 6: Switching off Third Party Sites

    Step 4. Social Ads. Here, Facebook encourages users to become ambassadors for products or pages they have 'liked'. This means that you could be used to advertise a page or product to your friends. If this makes you uncomfortable, it's recommended that you disable it.

    Step 5. Under Ads and friends, click Edit and select No-One from the drop-down menu.

    Figure 7: Switching off Social Ads.

    Step 6. Website and mobile app custom audiences. Facebook by default tries to pick to display targeted advertising on your tastes and interests. To get rid of this, you need to click on the Opt Out link in this paragraph.

    Figure 8: Select 'Opt Out'

    This will open a page titled Custom Audiences from your Website and Mobile App, where Facebook gives more information about its advertising policy. In the middle of the text is the Opt Out button for you to confirm.

    After a request for confirmation, you will see the result:

    Note that changes made to this setting are not recorded by Facebook, but are rather stored in your browser. Unfortunately, you must repeat this process for every browser, app and device you use to connect to Facebook.

    3. Twitter

    Twitter states in its terms of service: “This license is you authorising us to make your Tweets available to the rest of the world and to let others do the same. But what’s yours is yours – you own your content.” Moreover, Twitter reserves the right to hand over your information to governments should a request be made.

    Though Twitter is a website, many people interact with and manage Twitter via desktop and smartphone applications that are known as Twitter clients. If you use a Twitter client you should make sure it is connecting to the site securely, over an encrypted connection, see Keeping your webmail private in our guide How to keep your Internet communication private.

    Furthermore, like Facebook, many people use Twitter in conjunction with numerous other websites and applications in order to share status updates, photos, locations, links, and so forth. Using these applications pose many potential security vulnerabilities, and it is very important that the privacy settings on all other applications are made as secure as possible.

    Twitter is actively monitored by numerous governments, including the United States government. Moreover, Twitter's Terms of Service state that they will share your information in response to legal requests including governmental investigations. For more information, see Twitter's Privacy Policy and its Transparency Report.

    3.1 Basic Account Settings on Twitter

    Twitter's Basic Account Settings allow you to control how people can find your profile, what information you share and the level of security your account requires when you are using the web-browser based version of Twitter (that is to say, not a client, smartphone app, or GSM phone).

    Step 1. In order to access your account settings login to your account using Mozilla Firefox browser and click on the icon at the top right of the screen to open the options menu.

    Figure 1: Options menu

    Step 2. In the drop-down menu, choose Settings. This will open the settings page.

    Step 3. On the settings page, you have a list of pages on the left-hand side where you can click between various categories of settings.

    Figure 2: Settings categories

    The first category is basic account settings.

    Step 4. At the top of the Account Settings list, you will find the username and e-mail settings. Choose carefully whether you want to use your real name or a pseudonym as your username, and which email address you wish to associate with your profile. It may be best to set up a new e-mail address using the Tor Browser and connect to Twitter only using Tor if you wish to protect your identity.

    Figure 2: Username and email settings

    3.2 Security and Privacy Settings on Twitter

    Step 5. Click on Security and privacy in the left-hand sidebar in order to access the Security and Privacy settings page.

    Step 6. Login verifications. Here, Twitter gives you the option of sending a message to your mobile phone or smartphone any time your account is accessed. This is reccommendable if you are are also using the Twitter application on your smartphone. In this case, choose the Send login verifications to the Twitter app option.

    Note that while this may be useful in alerting you to an unauthorised attempt to access your account, associating your mobile phone to your Twitter account makes your account more easily identifiable and is not advisable if you want to use Twitter anonymously or with a pseudonym.

    Step 7. Photo tagging. Here, Twitter allows you to control who, if anyone, can tag you in photos they upload. Since there is no option to approve or disapprove tagging in photos, it's advised that you choose the option Do not allow anyone to tag me in photos. This is particularly important in cases where you may be photographed during protests, for example, which could later be used as evidence.

    Figure 3: Tagging options

    Step 8. Tweet privacy. Here, Twitter allows you to control who can see your tweets: the public in general, or only individuals who you allow to follow you. Note that even if you choose the Protect my tweets option, they are still acessible to Twitter and therefore can still be recorded and handed over to third parties.

    Step 9. Tweet location. Here, Twitter gives you the option of adding a location to your tweets. This option is disabled by default. If sharing your location widely is appropriate in order to stay safe, then this option may be useful. However, it is generally reccommended that you leave this feature disabled as your location information can also be very useful to your adversaries.

    Step 10. Discoverability. Here, Twitter gives you the option of allowing people to find your Twitter account if they already have your e-mail address. If you wish to maintain more privacy for your twitter account, it's reccommended that you disable this option.

    Figure 4: Discoverability options

    Step 11. Personalisation and promotion. Here, Twitter gives you the option of allowing them to monitor your behaviour on Twitter and other websites and tailor the content and advertisements you see based on this, as well as sharing your data with third parties. It is reccommended that you uncheck these boxes for more privacy.

    3.3 Password settings on Twitter

    Step 12. Here, Twitter allows you to change your password. It's reccommended that you select a strong, memorable password and update it regularly. For more, see How to create and maintain strong passwords.

    Figure 5: Password options

    Note that Twitter also gives you the option of associating your mobile phone to your account for "enhanced security". While this may be useful in certain circumstances, as noted above, it is not reccommended if you wish to maintain a degree of privacy regarding your identity while using Twitter.

    Step 13. Once you have updated your password, click Save changes.

    3.4 Mobile settings on Twitter

    Step 14 You can open Twitter's mobile settings by clicking on Mobile in the menu on the left-hand side.

    Here, Twitter encourages you to download the smartphone app and also gives you the option of activiating Twitter text messaging, which allows you to tweet directly from your mobile phone. As noted above, it is not advisable to associate your Twitter account to your mobile phone if you wish to maintain a degree of privacy or anonymity while tweeting. Also, remember that text messages sent over the GSM network are not encrypted and are easily interceptable and traceable to their authors. For more, see How to use mobile phones as securely as possible.

    3.5 General Guidelines on Clients and Apps

    Twitter users can allow various third-party applications, including other social networking and photo-sharing sites to interact with their Twitter accounts, for example in order to share photos uploaded via websites such as Instagram, or TwitPic. However as mentioned in How to protect yourself and your data when using social networking sites you must be careful when integrating your profiles on different social networking sites. These third-party sites have their own terms of use, privacy policies and privacy settings which are not necessarily the same as Twitter's. Therefore, although your Twitter account may be relatively secure, your profiles on third-party app websites may be completely exposed, and if you use the same username or email address for all such websites, you could easily be tracked down. The number of such websites and apps is vast, and only a few are explored in this guide. However it is vital that you research and update your security settings on all third-party appls linked to your Twitter page. If you do not consider them secure enough, delete your profile and revoke its access to your Twitter account.

    Should you wish to revoke the access of an application to your Twitter profile:

    Step 1. Go to Settings of your account and click the Apps tab on the left-hand side.

    Figure 1: Settings menu

    Step 2. Having opened the list of apps connected to your Twitter account, select the app to which you wish to revoke access, click .

    Figure 2: A sample list of apps

    3.6 Instagram

    Instagram is a popular image-sharing smartphone application which belongs to Facebook and is often used in conjunction with Twitter. Since it is primarily a mobile application, using Instagram with Twitter already associates your account to your mobile device, which may mean a lot of information such as your location will be shared with Facebook, Instagram and Twitter, all of whom may then share it with third parties including the State. It is therefore not reccommended that you use Instagram on the same account or even device through which any kind of sensitive information may pass.

    3.7 TwitPic

    Many Twitter users make use of the website TwitPic for uploading and storing the photos which they share over Twitter. Keep in mind that TwitPic is a separate company which does not belong to Twitter and has different Terms of Use and a different Privacy Policy. In this regard, it is important to note that TwitPic does not allow users the option of hiding their profile or photos. All photos uploaded to TwitPic are public by default and this cannot be changed. If you use the same username for your Twitter and TwitPic accounts, an adversary could very easily have access to all the photos you have uploaded to TwitPic.

    TwitPic allows other users to tag you in photos they take. This could potentially put you at risk if someone tags you in a sensitive photo, as this information will then be made public. Therefore it is recommended that you disallow other users from tagging you in their photos.

    Step 1. Login to your TwitPic account using Firefox browser and click on Settings in the menu at the top right of the screen.

    Figure 3: The TwitPic homepage menu bar

    Step 2. Under privacy, uncheck the box marked Allow others to tag my photos and click on Save Changes button.

    Figure 4: Tagging options

    If you would like to delete sensitive images from TwitPic:

    Step 3. Click Profile in the menu at the top right of the screen.

    Step 4. Click Delete beside the photo you wish to delete.

    Figure 5: Image Options

    If you would like to delete your TwitPic account.

    Step 5. Click Settings in the menu at the top right of the screen.

    Step 6. Under the Delete Account section, type the words from the "captcha" image into the box.

    Figure 6: This "captcha" image is shown before you can delete your profile

    Step 7. Click

    3.8 Smartphone Apps

    A number of Clients and Apps for interacting with Twitter are also available for smartphones such as the iPhone, Android, Blackberrys or Windows Phones. It is very important to keep in mind that smartphones have certain security issues which are inherent, and the use of these Apps or Clients on smartphones may be more insecure than using them on your computer: for example they may not connect to the Twitter server in encrypted way, leaving the content of your tweets exposed. For more information on how to reduce risk while using smartphones, see How to use smartphones as securely as possible.

    4. YouTube

    YouTube is a service, owned by Google, that allows you to upload and share video content. It has become popular among human rights defenders as a platform for carrying out campaigns and sharing evidence of human rights abuses, among other uses. YouTube is great for making your video available to its billions of users. However, if the people at Google find the content of your video objectionable, they will delete it. Google also collects users' metadata en masse, and may share it with governments, including that of the United States. Furthermore, Google may share specific information related to your videos (such as, for example, location data) with third parties, including State bodies who request it. As a result, YouTube is not always a good place to keeping your video safe. Google has also been known to give in to pressure to remove content from YouTube in order to avoid having the site blocked in a particular country. So, if you want people to see your video, put a copy of it on YouTube. Just don't put your only copy on YouTube.

    The content you post on YouTube remains yours. By posting it on YouTube, you are giving Google a license to distribute it.

    YouTube is or has been reported to be inaccessible in various countries, including:

    • China
    • Burma
    • Iran
    • Libya
    • Syria
    • Uzbekistan
    • Tunisia
    • Turkmenistan
    • Turkey

    See the traffic section of Google's Transparency Report for more details about current and past censorship and other disruptions. You might also want to check out YouTube's Terms of Service and Google's Privacy Policy

    4.1 YouTube Tips

    • Never post a video of any individual without their consent. And even with their consent, try to think of any possible repercussions before posting it.

    • When you navigate to YouTube, do so by typing "https://www.youtube.com" into your browser's address bar (or by using a bookmark to this Web address). This will ensure that the communication between your browser and YouTube is protected by Secure Socket Layer (SSL) encryption. To avoid having to do this each time you connect, we recommend using Firefox with the HTTPS Everywhere add-on.

    • For more privacy, try creating a new, anonymous Google account that you access only through the Tor Browser. If you upload videos to YouTube this way, your location and other identifying information will be hidden from Google. Unfortunately, it is sometimes difficult to watch videos on YouTube with the Tor Browser. If you find this to be the case, you might have to rely on a combination of techniques to protect your privacy. The Firefox Web browser, various security add-ons and a separate Google would be a good place to start.

    • When uploading a sensitive video from an Android device, consider using the Guardian Project's InformaCam, which gives you some control over your video's metadata and—when used in conjunction with Orbot—helps you send it through the Tor network.

    • Make use of YouTube's face-blurring option for videos in which people may not wish to be identified, such as those taken at protests. Read more here.

    • Always keep a back-up copy of any video you share via YouTube.

    • Use the private setting in order to share video with specific individuals only.

    4.2 Alternatives to YouTube

    If you do not wish to associate your videos with your Google profile, there are a number of alternatives, such as Vimeo. Vimeo is frequented by a smaller community of users than YouTube. Like YouTube, it facilitates connection over SSL, and gives users numerous privacy options and control of creative commons licenses for their videos. Other similar sites may be popular in different regions, so you way wish to explore other options. Before choosing one you should consider the following points:

    1. Does it provide connection over SSL for all uses of the site, rather than just during login? Are there no problems related to encryption, such as problems related to encryption certificates?
    2. Read the End User Licence Agreement and Privacy Policy or Data Use Policy carefully. How are your content and personal data treated? With whom are they shared?
    3. What privacy options are provided for users? Can you choose to share your videos securely with a small number of individuals, or are they all public by default?
    4. If you will upload sensitive images, such as footage of a protest, does the site facilitate protection of those you have filmed, such as through face-blurring?
    5. Do you know the geographical location of the servers, under which territorial jurisdiction they fall or where the company is registered? Are you aware of how this information relates to the privacy and security of your email activity and information? Will the site's owners hand over information if they receive a governmental request to do so?

    5. Flickr

    Flickr is owned by Yahoo! and also facilitates integration with other accounts including Google and Facebook. Content posted on Flickr remains yours, to which you can attribute different creative commons licenses or copyright. You are giving Yahoo! a license to distribute your photos or videos by submitting content. Because of the diverse licensing attribution, Flickr is great both for finding pictures to be used in campaigns and as a resource for sharing images with colleagues, allies and members of your networks. However, it's highly likely that Flickr user data is gathered and monitored by a number of governments.

    For more information, take a look at Yahoo!'s Terms of Service and Flickr's Privacy Policy.

    5.1 Flickr Privacy Settings

    Step 1. In order to access the Privacy & Permissions settings on Flickr, login to you Flickr account using Mozilla Firefox browser and click the icon in the top right of the screen and choose Settings.

    Step 2. From the main settings page, select Privacy & Permissions.

    Figure 2: Flickr Privacy & Permissions settings

    Step 3. By default, Flickr allows anyone to see your pictures. If you would like more privacy, click edit on the Who can access your original image files option and choose Only you. Then click Save.

    Figure 3: Who can access your original image files

    Step 4. By default, Flickr allows people who can access your content to share it more widely on sites such as Facebook or Twitter. This would mean that, in the case of sensitive images, they could easily fall into the wrong hands. In order for only you to decide how the images are shared, it is reccommended that you disable this option. To do so, click on edit beside Allow others to share your stuff and select No, thanks. Then click Save.

    Figure 4: Allow others to share your stuff

    Step 5. By default, Flickr allows any other member to tag you in photos. This could prove dangerous, for example, should someone add tag you in a photo of a protest or other kind of civil disobedience. Therefore, it's reccommended that you select Only you to be able to tag yourself in pictures.

    Figure 5: Disable tagging by others

    Step 6. By default, Flickr shares your EXIF data - that is, the metadata from your pictures such as the make and model of your camera, the location and time at which the photo was taken, etc. -- with other users. As this information can be sensitive, it is reccommended that you do not share it.

    Figure 6: EXIF data options

    Step 7. By default, Flickr makes your pictures and public profile accessible via search engines. For more privacy and control over who can access your information and pictures, it is reccommended that you hide your profile and pictures from public searches.

    Figure 7: Public search options

    Step 8. New uploads: Flickr's default settings promote as much sharing of information and interaction as possible when you upload new content. It is reccommended that you choose more private default options, such as:

    • Disallowing others to immediately view, share or comment on your newly uploaded photos.
    • Disallowing others to view the location data or your newly uploaded photos.
    • Allowing only a restricted audience access to your newly uploaded photos.

    These settings can, of course, be changed on a per-upload basis, should you want to include EXIF data as evidence, for example.

    Figure 8: More private options for new uploads

    5.2 Alternatives to Flickr

    If you do not wish to associate your pictures with your Yahoo, Google or Facebook profiles, there may be alternatives. Other similar sites may be popular in different regions, so you way wish to explore other options. Before choosing one you should consider the following points:

    1. Does it provide connection over SSL for all uses of the site, rather than just during login? Are there no problems related to encryption, such as problems related to encryption certificates?
    2. Read the End User Licence Agreement and Privacy Policy or Data Use Policy carefully. How are your content, photos and personal data treated? With whom are they shared?
    3. What privacy options are provided for users? Can you choose to share your photos securely with a small number of individuals, or are they all public by default?
    4. If you will upload sensitive images, such as footage of a protest, does the site facilitate protection of those you have photographs, such as through face-blurring?
    5. Do you know the geographical location of the servers, under which territorial jurisdiction they fall or where the company is registered? Are you aware of how this information relates to the privacy and security of your email activity and information? Will the site's owners hand over information if they receive a governmental request to do so?