So I wrote a post supporting the notion that Facebook could do some good by integrating with hospital data. That blew up on Twitter, and so much so that it eventually ended up on CNBC.
Before I go on, I must recommend the continued reporting from @chrissyfarr who broke the original story. I also recommend that you read the article on WaPo from @KirstenOstherr which provides some much needed context on why this is important. She is a professional healthcare media analyst and it shows.
Since all of this, a patient group (will update later with information on who) has reached out to me for help understanding exactly what the risks are for patients who are using Facebook, especially those who are using Facebook to connect with other patients inside patient support groups. We agreed that some specific advice might be useful to other patients and patient support group admins, so I am posting this here for anyone to reference. The first thing I should note is that I will be writing a separate guide for people who are hosting patient support groups on facebook. The damage that can be done through an single admin account on a patient group on Facebook is tremendous (the power is like raw Plutonium) and there is a difference between the advice that I would give someone who is essentially responsible for other people’s private information, versus someone who just wants to be able to share information about their healthcare condition with their friends on Facebook.
Think of it like this: a surgeon has very different hygiene protocols to follow, compared with a person who is just visiting a hospital, vs someone who is healthy and not visiting sick people.
In the same way there is a difference between how you use Facebook and the Internet generally, in a secure and private fashion if:
- You are not sharing health information online at all.
- You are a patient participating in a topical health discussion on social media
- And a person who manages a patient community on Facebook, Twitter, etc.
This post is all about #2 people. If you are #1, you might be better served with an general introduction into how to use Facebook securely. I will cover those topics here too, but I will also cover things that will only make sense to patients.
I am also going to try to be as brief as possible, because I know you have other things to do. But this is not a simple subject. And if you care about this, you need to take a second and realize that there is a lot to learn.
So I am going to leave you with checklists and pictures to speed things up. Also, please note that I intend for this post to be a work-in-progress. Feedback is welcome. But you should tell me what you think by tweeting to me.
How to get to your Facebook Settings:
Almost all of the instructions below start from the Settings page, which can be reached by clicking the drop-down in the top-right of the Facebook web interface.
The only relevant thing you can do here is to download your data. Note that once you have downloaded your data, it is possible for someone to hack your computer and steal it. I recommend that you encrypt your backup in a zip file. And then upload that file to DropBox or something like it, for safekeeping…
Security and Login
The most important lesson you can use regarding your Facebook password is to:
- Use passphrase. They are much more secure than passwords and they are easier to remember.
- Never use the same password you use for Facebook on ANY other site.
If you are the ONLY PERSON who uses your computer.
- Then you want to make it difficult for other people to even access your computer at all. You need an inactivity password (i.e. you have to login to your computer again after not using it for an hour or so).
- Then use the password management capability on your computer
If you SHARE a computer
- Try to use a different user account on your operating system than the other people using your computer.
- Do not save your facebook password or use the automatic login functionality in Facebook
- On a shared computer, you are going to have to type your password everytime you use Facebook, if you want to ensure that you are using it securely.
- When you are done using the browser erase your history and cookies.
Now you might be thinking, “I share my computer with my husband/wife/father/mother/son/friend/dog and I really trust them, there is no need for me to protect my facebook login from them”. Remember that this is a hygiene exercise. Lets say that you have a Windows computer and you have a login for yourself separate from your loved one. That is a bother, you have to switch users every time you want use Facebook. But, if your loved one accidentally visits a website with malware, their account might become infected with a virus. If you are lucky, the Windows/Whatever operating system might be able to protect your username and password information, if you are not using the same account.
There is a difference between trusting in someone else’s personal integrity, vs trusting in their browsing habits. It is very easy to download something that will try and hurt your computer on the Internet.
Here are more specific instructions on how to use the “Security and Login” settings for Facebook.
- If you are a patient on facebook, it might be possible that many, or even all, of the friends that you have on facebook also share the same medical condition as you do. You can help protect their privacy by setting “Who can see your friends list” from “Public” to “Friends”. You can find that setting under Settings->Privacy
- Also on Settings->Privacy you probably want to disable phone number based look up. There are lots of people who enter random phone numbers into Facebook and try to figure out who they belong to.
- Also on Settings->Privacy is “Do you want search engines outside of Facebook to link to your profile”. You probably want that set to “no” unless you really need people to be able to google you, and find your facebook account.
- If you are not a patient advocate, and you are using Facebook to share your health experiences primarily in order to stay connected with people you already know, I recommend that you set both your future and past posts to “Friends”, “Friends except..”, or “Specific friends”. Having your activity be public means that “bots” or scrapers, can access your information, which might not be what you want.
Apps and Websites:
- Turn off all of the apps that you are not using under Settings->Apps and Websites.
- Second, for those apps you keep, click “view and edit” and remove access to any data that you think they should not have access to. This is a good time to ask the question: “Why would an app that does X need access to data about Y”. If it does not totally make sense to you, turn it off.
- You probably do not want to allow apps to see your list of friends
- You probably do not want to let an app read your posts, or your likes, or your photos, places or videos.
- You probably do not want an app to be able to control your “pages”
There are a ton of settings under Settings->Ads. But trying to navigate those are pretty difficult. Ultimately, Advertisers pay Facebook lots of money to reach you.
Try not to click on Facebook ads. If you see an ad for something you like, just use Google to find the company instead. If you click an ad, and that ad only targeted people similar to you, it might be possible for that company to eventually figure out what your healthcare status is. If this feels like a bother to you, then you need to spend some time exploring the Settings->Ads section… which can give you some control over the types of ads you see, but does little to help advertisers from building a data model about you.
But lets say you reeaaallly need to click an ad. Well, if you are using Chrome or Firefox you can open the link in a way that passes less information to the advertiser about who you are… To do this choose “Open in Incognito Window” in the right-click menu in Chrome browsers. And in Firefox open “Open Link in New Private Window”. There is a way to browse privately on almost every modern browser.
There are good reasons to use Google Chrome and Mozilla Firefox exclusively if you want to have a more secure online experience. First, their code is subject to public inspection because they are Open Source. But also because they support browser extensions which can dramatically improve the security and privacy of your browsing. Specifically, I recommend:
Privacy Badger – a tool that keeps websites like FaceBook track your web-browsing when you are NOT on Facebook. This can sometimes make websites break, but I encourage you to try to learn how to use it, as it will substantially decrease the amount of information that you “leak” online.
HTTPS Everywhere – a tool that attempts to ensure that your connection to the web is encrypted when ever possible.
Note that both of these browser extensions are developed and maintained by the EFF, which is one of the most vocal and effective organizations for protecting your security and privacy online. Also, getting an EFF branded cover for your webcam is definitely the way the cool kids are showing they are “Cyber Woke”. Also, they have cool hoodies.
Other random stuff:
If you really value your security, get a Google Chromebook. They are difficult to hack.
Do not insert USB sticks that you “find” into your computer. Make sure you purchase USB sticks yourself from reputable vendors.