Ep. 11a: Social Media Snafus

Why We Can't Trust Social Media Companies


If you’re a paying subscriber, please forgive the duplicate email: this was originally intended for all of my subscribers — both paid and free — and I accidentally only sent to one group of you!


Ah, summer.

It’s that lovely time of the year when the sun comes out, the grills get fired up and another company botches their digital security.

Wait: again?!? Yup. Twice, actually, in the past week which is, honestly, both infuriating and entirely predictable. I’m speaking about the high-level security botches at two popular social media companies, so let’s jump in get everyone up to speed…

Snapchat

Snapchat is a social media platform based around the notion of messages and photos that are ephemeral, meaning they disappear. Wanna send a photo to a friend that disappears after a few minutes? What about a special message that self-destructs? If so, then Snapchat’s your jam. Users, especially millennials, flocked to the platform thinking they could communicate with one another willy-nilly (that’s a funny term isn’t it?!) and without Big Brother watching over them. Turns out, this isn’t exactly the case. This the good folks at Snapchat forgot to mention that this wasn’t actually true. In fact, because so many users were misled, the company was fined by the Federal Trade Commission (or FTC) back in 2014 for failing to disclose to its users that the company collects, stores, and transmits geolocation data.

“If a company markets privacy and security as key selling points in pitching its service to consumers, it is critical that it keep those promises. Any company that makes misrepresentations to consumers about its privacy and security practices risks FTC action.”  — FTC Chairwoman Edith Ramirez.

Also in 2014, the company got hacked, exposing 4.6 million users personal contact information. That’s million, with an “M”.

Not to be outdone, in 2016, the company exposed its own employees’ personal data: addresses, contact info, social security numbers, etc.

Insert appropriate SadFaceEmoji here. I’d insert that emoji it myself, but, like Snapchat: I’m honestly just too damn lazy to do the work myself.

Oh, snap! (Get it?!)

Then, this week, Vice revealed that “SnapLion” — one of the tools which Snap created to better work with law enforcement — was being used by people at the company who weren’t supposed to use it. This means that Snap staffers were using the tool for non-law-enforcement purposes. And that means those staffers had access to all KINDS of information about you (if you’re on the platform) or your children who I’m guessing are most certainly on the platform.

As all social media platforms do, Snap, Inc. works with law enforcement to help apprehend certain individuals. I get that and, to some extent, I’m totally fine with that. Social media platforms don’t charge me a fee to use their platform, but they do need to make a profit. Therefore, I’m the product — well, my data is anyway — so each party gets something in the equation. Sounds fair.

But not in this case.

In this case, people who don’t work with law enforcement had access to user data. That’s a big no-no and there’s no solution for users other than leaving the platform. And, honestly, I wouldn’t be surprised if you made that choice as an adult or if you now enforce that choice for your children on the platform.

However you proceed with Snapchat, just remember the “Golden Rules” of social media:

  • The cost is free because we’re the product. In exchange for a free platform, we’re providing free data about ourselves to the platform. That data is then used to market to us.

  • Some number of people at any social media company have access to all of the free data we’ve surrendered to them. These data include, but aren’t limited to: contact information, address, geo-location, computer and smartphone manufacturer, age, sexual orientation, names of our friends and family, and more. Much more.

Know that and choose wisely. If I were a parent to a teen, there’d be no social media presence allowed until college. Then: it’s up to them. But I want their childhood free from digital overseers and security breaches.

WhatsApp

WhatsApp, a social media platform founded in 2009, was purchased by Facebook in 2014 for the unGODly amount of $19 billion. That’s billion with a “B”. Yeh, I know. Clearly, Facebook saw them as a threat to their assumed world dominance and just went ahead and made it rain.

But WhatsApp, like all technologies has suffered hacks, and security breaches. In 2014, a researcher discovered a flaw in the Android WhatsApp client that “could allow another app to access and read all of a user’s chat conversations within it.” So, uh, yeh: with a flaw that huge, nothing could be worse than that.

Then, this week happened.

This week, a massive WhatsApp security breach was revealed. Get this: someone discovered a vulnerability in the messaging app — in the actual code — which allowed hackers to remotely install surveillance software onto both iOS and Android phones. And how were hackers able to spread this kind of insidious malware? By simply placing calling the smartphone in question. Even if the target user nevered pick up the called, the malicious code got installed into WhatsApp.

Wow.

The hack is thought to have been developed by NSO Group, an Israeli company best known for its spying software, Pegasus. Pegasus can not only remotely activate a phone’s microphone and camera, it can also collect location data. It is thought that Pegasus was the software the Saudi government used to track down the Washington Post journalist Jamal Khashoggi, before he was executed. So this is, literally, life and death material, folks.

Right now, there are only two solutions to the hack: completely uninstall the app or simply update it. WhatsApp has patched the security hole in the latest version of their app.

So What Now?

Security breaches, hacks, exploits, and malware are — all of them — commonplace now. Therefore, we shouldn’t just understand that fact, we should expect it and have a plan for it. Here are a few things to consider:

  1. Set your smartphone to auto-update ALL apps you’ve installed. On an iPhone/iPad, follow these directions. On an Android device, follow these directions.

  2. Uninstall social media apps from your mobile devices. Yes, I know it feels like a terrible, awful sacrifice, but, trust me: if you own a $942 iPhone or Google Pixel, then your life is pretty freakin’ great, Skippy. No complaining. Plus, you can still social on your desktop/laptop computers.

  3. If available, use social media websites, not their apps. Once you’re on a safe network (at home or work presumably), get your fix of social media on the websites provided, not via their apps. Websites offered by WhatsApp, Snapchat, Facebook, and Twitter can still give you that social media fix you so badly crave, you Junkie. Maybe.

  4. Shutdown or delete your social media accounts. If the folks that run these companies can’t guarantee that your data is safe — and they’ve proven they cannot — then don’t just give them your data, voluntarily. You can always “go old school” and continue to stay in touch with friends and family by (gasp!) making phone calls, sending emails, and even writing the occasional hand-written letter. Follow these links to delete your social media accounts:

To learn how to delete your Snapchat account, click here.
To learn how to delete your WhatsApp account, click here.
To learn how to delete your Facebook account, click here.
To learn how to delete your Twitter account, click here.


Some of you might ask, “Well, come on: isn’t there a way to make using Facebook or WhatsApp or Snapchat safer?” I get it and I’m glad you asked. It allows me the opportunity to answer:

No.

You’re the product. As such, you have no control over the operation. None. Your control is limited to: deciding whether or not to use the platforms and — if you opt to — determining what’s safe for you to share.

That’s it. And, as always, the choice is yours. I hope you’ll choose whatever is best for you and continue to…

Surf safe.


Click here for my guide to choosing a great VPN.
If you’re looking to set up a VERY secure iPhone, click here.
For a super cool way to NOT give your personal email address to everyone, click here.
Click here for a crash course on how to keep your devices updated.