Facebook is the most popular social networking site around and it seems to be a deserved popularity. It provides excellent socializing tools, games, and file sharing abilities.

However, it has also become a huge target of scammers, phishing, and privacy leaks (the curse of being popular I suppose). Not only that, but people embarass themselves and worse because they don't understand or use the privacy controls properly (and sometimes even when they do).

Read through this guide to learn some of the bad things that can happen to you and how to prevent it as much as you can.

One of the most important things you can ever do on your Facebook account is make groups so you can divide your friends. Think about it: do you want your boss, your mother, and your drinking buddies to all have the same access to the same things?

By grouping your friends into categories like Work, Family, and Friends (actual friends, though I wouldn't call it that :D), you can separate which posts, which activities, and which photos each group can see.

New list means new friend group

First, you click on the "Make new List button on the left side of the screen as shown. If you don't see it, click the "More" button and it should be right there at the bottom.

A pop-up will appear that shows you some of your friends, but the thing you're looking for is at the top where it says "Create New List". Enter a descriptive name (as far as I know, the people in the list won't be able to see the name, but just in case don't enter a name like "People I Hate"). Click on all the friends you want in that group or do a quick search by typing part of a name. Once you're sure everyone is there, then click "Create List" at the bottom.

Just enter a name and go

You're taken to a new page where you can see the activity for just that group. You're done!

Controlling your access by group

The magic customize option

Well, almost done. You still have to go and set your privacy based on the groups.

Go into your settings under Privacy > Profile. You'll see the standard list of permissions for who can see what, but check out that bottom option: "Customize…". That's the one you want.

Another popup will open giving you several advanced controls for managing who can see what. For example, if you feel obligated to "friend" your boss, but don't really want them to see the things you post to your wall, click customize in that group and you'll see something like this:

Who can see this?

Click on "Some Friends" and now you can type the names of specific friends OR the group that you created 🙂 (also note the VERY important function of being able to exclude specific people by name).

Besides making sure that only the right people see the right things, this saves time from having to constantly be adding every single friend to something. This is particularly useful when posting photos (explained next).

If you didn't know, because of Twitter and other social sites with space restrictions on posts, there are new "url shortening" services out there like "tinyurl" that instead of showing you something like this:

http://lifehacker.com/5234539/long-url-please-replaces-shortened-links-with-the-real-thing

Shows you something like this instead http://tinyurl.com/cblos7

The advantage is that you save valuable space on your tweets or blog posts, but the disadvantage is that you have no idea where you're really going. Considering that sometimes the only thing that keeps you from getting hacked is NOT going to bad websites, these shortening services present an enormous risk to your computer security.

However, if you go to the Lifehacker article linked above, you'll find an article that describes a plugin for Firefox that will replace the shortened URL with the full one (providing several different options for how they are displayed.

A side by side comparison of a typical string of tweets (short urls included) and what they look like after being expanded

To get the plugin, follow the link from the Lifehacker article, or just click here to go directly to the plugin's page.

Alternatives

If you aren't using Firefox or can't install the plugin for some reason, most shortening services have a preview function that allows you to see the URL you're going to before actually going there. To activate the preview feature, do the following:

ThinkGeek Geek Merch

I have to confess, I was really thrilled when I found out that Thinkgeek had an affiliate program. Thinkgeek is one of those really great sites that takes just one thing and does it really well. In their case, they sell geek and techno toys, shirts, and gadgets.

Check out these shirts!

Note that these are just samples of the kind of thing Thinkgeek sells, but items may go in and out of production! PLEASE don't give me grief if Thinkgeek doesn't have these particular items anymore by the time you go looking for them!

Dr. Who	It's black	Sunlight! AAAA!
I have this 🙂	Got Power?	Only sometimes

How cool is that!? And of course they have many many more. If you're not the t-shirt kind, they have TONS of neat computer toys instead:

Air Bazooka	USB Drink Warmer/Cooler	External DVD+HD+Card Reader
Foot Switch to Hide Windows	Net Cam	Lighted Mousepad with 4-Port USB Hub

And not just those. They have some really neat generic toys for around the house and for your cubicle at work. Be sure to check them out

Gattaca : Ethan Hawke
(See online!)

In the near future, your job and dating prospects are all a factor of your DNA and the quality of your genetics. Much like the risk of people hunting you down online that we have today, this shows how the essence of who you are could be used against you. Some examples:

Spoilers ahead!

• A girl takes a stray hair to the corner DNA lab to check out a guy she's interested in.
• Our protagonist, who's parents decided to let grow naturally in the womb instead of letting the fetus be genetically perfected, has inferior DNA. This prevents him from getting any kind of job better than cleaning toilets.
• Even though people are legally protected from DNA collection, potential applicants who don't "volunteer" a sample are considered unhirable. Though illegal, the discrimination is impossible to prove..
• Desperate people use the DNA of others to borrow identities so they can get things they otherwise couldn't.
• All police searches, checks, investigations, etc. involve checking DNA.

Basically, it's a cautionary tale of what we could become if we let our genetic data become the standard by which we're treated in society.

An advertisement is a random product pushed in your face in the hopes that it's something you'll want or something they can trick you into wanting. You'll find none of that here.

If I haven't seen a movie, I don't recommend it. If I don't use a product, I won't support it. If I don't like a website, I don't say that I do.

This site only deals in actual recommendations and endorsements and not random ads so if you're interested in something I endorse, please click the links below.

movies

Pokemon Detective Pikachu
(Learn more)

Idiocracy : Luke Wilson
(Learn more)

The Island : Ewan McGregor
(Learn more)

Minority Report : Tom Cruise
(Learn more)

Enemy of the State : Will Smith
(Learn more)

V for Vendetta (bonus features) : Natalie Portman
(Learn more)

Gattaca : Ethan Hawke
(Learn more)

books

1-2-3 Magic: Effective Discipline for Children 2-12: Thomas W. Phelan: 9781889140162: Books
(Learn more)

The Art of Deception: Controlling the Human Element of Security: Mitnick
(Learn more)

Permanent Record: Edward Snowden
(Learn more)

Unscrewed: The Consumer's Guide to Getting What You Paid For: Burley
(Learn more)

Spychips: How Government And Major Corporations Are Tracking Your Every Move: Katherine Albrecht
(Learn more)

Employees are allies, not the adversary

The Gift of Fear : Survival Signals That Protect Us from Violence: Gavin De Becker: 9780316235020: Books
(Learn more)

The Total Money Makeover: A Proven Plan for Financial Fitness: Ramsey
(Learn more)

The 5 Love Languages: The Secret to Love That Lasts: Chapman
(Learn more)

The Definitive Book of Body Language: The Hidden Meaning Behind People's Gestures and Expressions: 9780553804720: Pease
(Learn more)

Protecting the Gift: Keeping Children and Teenagers Safe (and Parents Sane): de Becker
(Learn more)

How to Complain for Fun and Profit

gaming

Horizon Zero Dawn - Complete Edition
(Learn more)

Horizon Zero Dawn - PlayStation 4 : Sony Interactive Entertainment America LLC: Video Games
(Learn more)

merch

Microsoft  Surface Pro 6 (Intel Core i5
(Learn more)

ThinkGeek Geek Merch

sites

Agifta Family Gift Registry

Newegg - Electronics store

Others

A fraud alert is a request that you have to make to the credit reporting companies (Equifax for example) to put a special flag on your report that warns retailers and credit-grantors to be more cautious when granting credit in your name.

In theory, you’re only supposed to set these when you have reason to believe you’re in imminent danger of id-theft and they expire in only 90 days. Also, because retailers can easily ignore or miss the flag, they have very poor effectiveness in combating id-theft.

His name is Todd Davis.
His SSN is 457-55-5467.
And he's making millions!

(Image used under: Fair Use doctrine)

Lifelock is that company where the CEO posted his Social Security Number with a challenge to take his identity (which someone promptly did). If you've been considering getting the service, wait. First realize what you're paying for.

If you were to go to their site and read through what they actually do, you'll find that you're not getting much for your money.

NOTE! This is for the original version of Lifelock. Due to legal settlements, they've changed their service somewhat and details are below.

1. They place fraud alerts. The problem is, fraud alerts are practically worthlesss as far as protecting you from ID theft.

2. They renew the fraud alerts every 90 days. Note that this isn't actually a separate benefit, but they sure seemed to want to have six benefits to their service instead of just five.

3. They remove your name from pre-screened credit card offers. You can do it yourself, freely, and quickly at optoutprescreen.com. Also note that this is a one-time benefit and not something that you should be paying monthly for.

4. They order your credit reports once per year which is easy for them because they can use the free annual credit report you are due by law. The bad part here is that if you wanted to use the very clever advice of getting your report from one of the companies every four months so you can keep a semi-constant tab on your credit, you can't. Lifelock blew your free coupons all at once.

5. They'll keep a list of the companies you have credit cards and such with so you can quickly call them if your wallet is stolen. The FDIC has a great guide about how to do this yourself including the advice to carry a bare-minimum of cards and information and to make your own call-down list.

6. Lastly, insurance (which some people claim you can't collect on).

The BEST way to actually prevent ID theft is with a Credit Freeze

Worst of all, the "fraud alert" features (1 and 2) that they provide have been blocked as a result of a recent lawsuit by Experian who claimed that Lifelock was abusing the fraud alert system by placing them for EVERYONE instead of just people who feel in imminent danger of ID theft.

Lawsuit Changes

Because of the lawsuit, they had to pull the fraud alert "feature" from their list of services. Along with some other recent changes I didn't update on, here is the complete list of Lifelock "features" as of Sept '09:

1. LifeLock Identity Alert™ – In theory they somehow monitor whenever a credit application is entered and alert you. Isn't this what credit-monitoring services do?

2. eRecon™ – They claim to monitor known criminal websites for your personal information. If they find it, they alert you and help you remove it.

   My BS-meter is blinking for two reasons. First, what known criminal websites are out there that Lifelock can get to more than anyone else? If they're public websites, a google-alert would work just as well (and it's free). If they're NOT public websites, how did Lifelock get access to them? Do they have criminal connections?

   Second, if they're known criminal websites, why haven't they been taken down? What's lifelock going to do to "resolve the problem" that the police couldn't do?

3. TrueAddress™ – Monitors change of address databases and alerts you if someone tries to change yours. I don't know how well this works or even if it works as described, but if it does, this might be the first real service that Lifelock provides that isn't easy and free to do yourself.

4. WalletLock™ – Already described this

5. Credit card offer opt-out – Already described this

6. Request your annual free credit reports – Already described this

7. 24 Hour Phone Number – As it should be.

8. $1 Million Guarantee – Sort of. Read on…

In a different class action lawsuit, the lawyers argue that despite the "1 million dollar guarantee", it's actually almost impossible to collect. The guarantee only comes into action if you can show a "defect in their service", but…

the only way fraudulent activity could result from a defect on LifeLock's behalf was if the company failed to sign its customer up for a fraud alert or add its name to an opt-list. Even if that happened, Carey said, it would be difficult for a customer to prove it was LifeLock's fault.

Other lawsuits

Lifelock also had multiple lawsuits brought by the FTC for their deceptive advertising and other BS. They first settled for $11 million in 2010, and then $100 million in 2015 for violating the terms of the first settlement. Will they ever straighten out and behave? It's hard to say, but it's also hard to imagine.

If you're tired of the crap and lies and want solid information and risk management information that will tangibly improve your defense against ID Theft, check out my Goodbye Identity Theft online course!

After the Lifelock scam was uncovered, few companies offer "only" ID Theft insurance anymore. Instead, it's a smorgasbord of supposed services and defenses to help you with the ID Theft problem. Here's what you might get for your money:

Insurance

Turns out you can make a lot of money by charging people for insurance . Who knew?

(Image used under: Fair Use doctrine)

Insurance plans are a risk equation that you'll almost always lose (or else the companies wouldn't stay in business). That's not to say that all insurance is a scam, but you need to weigh your actual risk versus the benefits. Do you really know what the conditions are for making a claim? Will you actually be able to collect? How much? Under what circumstances? According to a Forbes.com article:

The balance of the usual $5,000 to $15,000 coverage is available for legal fees to undo judgments and criminal records racked up by thieves in your name. But Federal Trade Commission statistics show that just 16% of ID theft victims suffer such problems, and only 40% report out-of-pocket costs greater than $1,000.

Even assuming your risk was as high as the fear-mongering suggests, you need to read and understand the terms of the plan before you have any assurance you're getting what you paid for. Tthe original version of LieLock's insurance plan which offered a "1 Million Dollar guarantee" (OMG!) was impossible to collect on based on their stated terms, but that didn't stop millions of people from signing up.

Dark or Deep Web Scanning

What up my fellow theives! You don't happen to be talking about any of my customers do you?

(Image used under: Fair Use doctrine)

These terms refer to the parts of the Internet that aren't reachable by search engines. Private chat channels, forums and boards that are hidden from view, and so on. It's a real thing, but not nearly as nefarious as these companies make them out to be. Sure, there's a lot of illegal and nasty stuff out there, but if was that easy to find and "monitor", why wouldn't the authorities be doing something about it?

Granted, I've not worked for these companies and don't have first-hand knowledge of what they do and don't do, but their claims sound as ludicrous as if they had said "we have undercover people in crime rings who'll make sure that they pass over your address when choosing which houses to rob. Best of all, the only way for them to monitor your information, accounts, etc. is to have all the information and access themselves putting you at even more risk of breaches or unscrupulous employees.

Other Fluff and Nonsense

I tested one such company out and it was really uncomfortable to give them access to my social and other sensitive information, but you can bet I wasn't giving them my banking login details no matter what "protection" services they were supposedly adding.

And did you know that Lifelock is still listing "Lost Wallet Protection" as one of their "services"? I looked around their site and even their terms and conditions and couldn't find specifics, but if it's like what they used to offer, they would keep a list of company phone numbers for the various cards you keep in your wallet to make it easier for you to make all the calls and do all the real work if you lost your wallet.

Likewise, all these supposed benefits are loosely defined on average. Using psychologically proven words that give feelings of comfort like "guaranteed", "covered", "protected", "help", and so on, but very little information about what they actually DO, what they don't do, and how it all works. Almost as if it was more about making you feel good than actually helping.

Exercise

Exercise by Nick Youngson - Alpha Stock Images

(Image used under: Creative Commons 3.0 [SRC])

If you have been doing these lessons in order, this will look familiar from the ID Theft Monitoring lesson, but let's do it again. To really evaluate what you're paying versus what you get:

1. Log into your service and take a look around. Make some notes about what they're actually providing to you.
2. Rate each from 1 to 10 on two factors: 1) how well do you understand the feature, and 2) how valuable/important is it to you.
3. In particular pay attention to terms surrounding any insurance plan. You really should make the effort to read their actual terms and exclusions. There's no shame if you lack the interest/motivation/skill/energy to do it… they're counting on it. Just keep in mind that it's insurance is devilishly hard to collect on and unless you know the terms as well or better than they do, your chances of collecting are probably depressingly low.
4. Look through your email for messages from your monitoring service. Write down the number of emails received and, out of those, how many had important and worthwhile information.

Just like with Monitoring, hold on to your notes. Don't make any decisions on your paid services until we get to the Credit Report Freeze section!

Free credit reports? No. It's actually a monitoring service in disguise.

Unlike fraud alerts which are a complete waste of time, credit monitoring promises to alert you when there's activity on your credit file and that's exactly what they do. But what are you actually getting for the money?

• Activity alerts are trivially cheap to send – Every day I get regular activity alerts from email, banking, and social sites; often so many that I have to change my preferences to shut them up. Besides, Experian alone made about ~900 million in 2018 from their data brokering business using your data, my data, and that of hundreds of millions of others. I think they can afford it.
• Credit report activity is (relatively) rare – Unlike Facebook posts that can come 30 or more a day, credit activity happens only when I (or a thief) is doing something. In theory, your bank or landlord or other creditor could check now and then, but when researching people's experiences with monitoring online, every example people listed was of receiving alerts for their own activity only.
• And, most importantly, it doesn't do anything.

ALERT! Your care has overheated.

(Image is in the Public Domain)

Early detection systems like those in a home security system, email and device access alerts, and so on can help to show you someone is targeting you and you should take precautions. Monitoring is like that, but where the thief always has your key or password and is inside before you receive the alert. Credit activity is nearly always as a result of an approved credit transaction, not a test one, and (because fraud alerts don't work) not a blocked one.

I'm not saying monitoring your credit is pointless, but is it worth hundreds a year when you can do decent job on your own anyway? Per the FTC recommendation:

Monitor your credit reports for free. Federal law requires each of the three major credit bureaus to give you a free credit report — at your request — each year. Visit "AnnualCreditReport.com" — the only authorized website for free credit reports. If you want to monitor your reports over time, you can spread out your requests, getting one free report every four months.

Before you pay…

The type and variety of monitoring services out there is innemerable and they have varying extras like monitoring all three CRCs and addons and gimmicks etc which you will have to evaluate on your own to determine that it's worth it, but there are two reasons I don't bother:

First, the CRCs caused the ID Theft crisis and should take responsibility. Even if alerting you wasn't trivially cheap to do, the loose controls on credit information of the CRCs have made the credit-base ID Theft problem accelerate even after decades of ever-increasing regulation. It's their fault and I'll be gobsmacked if I'm going to entertain their racketeering scheme to pay them for protection.

Second, and more importantly, there's a better way and it costs nothing: credit freezes.

Spoiler alert: Credit freezes are the best defense you have, but we'll get to that in a later lesson.

Exercise

Exercise by Nick Youngson - Alpha Stock Images

(Image used under: Creative Commons 3.0 [SRC])

Do you really know what you're paying for with monitoring? If you have a monitoring service:

1. Log into your service and take a look around. Make some notes about what they're actually providing to you.
2. Rate each from 1 to 10 on two factors: 1) how well do you understand the feature, and 2) how valuable/important is it to you.
3. Take a moment to see if you have access to that same information elsewhere. For example, some banks and credit unions offer free credit scores as part of their service.
4. Look through your email for messages from your monitoring service. Write down the number of emails received and, out of those, how many had important and worthwhile information.

Don't do anything yet, but keep these notes handy for the end of this lesson after I've shown you some alternatives.