Social Media Safety

Social media platforms can pose significant security and privacy risks due to how they gather, store and use personal and private information.
Stay informed on the security and privacy risks of using social media.


Understanding the Types of Risks


Access Requests

Social media applications may request access to your phone’s data including your photos, videos, contact lists, location and device information.

Think Critically

It’s important to think critically about which apps really need access to these things, how often they are accessing them, and what they are doing with the data afterwards.

Identity Theft

  • Cybercriminals can use the personal information you have shared on social media to impersonate you to gain access to confidential information.
  • For example, someone might innocently showcase their pet online and then use said pet’s name as the answer to a security question with a financial institution.
  • Same with maiden names, grandparents' name etc.

Privacy Concerns

  • Cybercriminals often use phishing, smishing or other social engineering tactics to collect information from you.  
  • Depending on your settings, you could be sharing your personal and private information with a much larger group of individuals than you think you are.
  • This can lead to unwelcome attention, doxing, or online harassment.  

Data Leaks or Breaches

  • The apps and social media platforms you use hold a lot of your personal information, but these apps can be hacked, secured incorrectly, or contain spyware leading to your data being stolen.
  • You can check and see if your password has been leaked by using haveibeenpwned.com  

Information Sharing

  • Whenever you use an app or social media platform that is free, your data is what is being sold.
  • Some social media apps sell this data to be used on their own platform for advertisements, while others may share or sell your information to other corporations or countries without your knowledge.  

Studies have shown 1 in 3 American pet owners have used a pet’s name as a password despite posting about their pet on social media. Read more

Tips to Staying Safe

Stay Informed

  • Learn more. Before you install a new app, do a brief search to check to see if there are any privacy or security issues that have been flagged. 
  • Review the developer of the application and what country the application’s company resides in. Ask yourself, are you comfortable with that country having your personal information?  
  • Hesitate before giving permission: Stop and consider what data you are agreeing to share when you download a new app, and how often that data is being pulled. Some apps only pull information when you’re using them, while others are pulling all the time.  

Read

  • Read the privacy policy: Pay particular attention to an application’s policy along with its data collection and sharing policies. See what to look for in a privacy policy.
  • Read the Terms and Conditions: They are meant to protect the company; the Privacy policy is meant to protect you and your data.  
  • Check for where the app’s servers are located, not all jurisdictions have the same governing rules when it comes to safety, security or privacy. 
  • Use trusted sources – to reduce the likelihood of downloading apps containing spyware, it is a good idea to stick to regulated app stores like the Apple App Store or the Google Play Store.  

Remember

  • Remember that the internet never forgets. You may have deleted a post or a picture seconds after posting it, but other people still may have seen it, and a record of it will still exist on places like The Wayback Machine.
  • Keep backups of your information, and ensure you keep backup codes for Multi-factor authentication in case you lose access to your services. Keep them separate. 

FAQ

We encourage all members of our campus community to take cybersecurity seriously.

Remember to report instances of cyberbullying, online harassment, phishing, and other cybersecurity concerns to UService.

Follow us on X (formally known as Twitter) @UCalgary_IT for ongoing cybersecurity tips.

If you have questions or concerns, contact UService at it@ucalgary.ca, online through chat or by telephone at 403.210.9300. UCalgary IT is here to support you.

  • Check if the developer’s name spelled right. Is there weird spacing, or random characters in place of letters? These can be signs of an imposter.  
  • Look at reviews and ratings from the app’s users. Is the app reputable?  
  • Check the version history. Does it show a last update date? If this is missing, it can be a warning sign.
  • Is there a warning from the app store about the app? App stores issue warnings when apps are missing documentation and/or have security issues.
  • If you’re not paying for the app, then you are/your information is the product.
  • Check the app’s settings. 
  • Do they mention your data is being used for marketing and advertising purposes?  Or if it’s being shared with third parties? Do they use words like “partners,” “affiliates,” “service providers,” “third parties” or “advertisers”? 
  • If so, look at the scope of the “sharing.” Is it pieces of your data, or is it all of your data?  
  • Is the sharing legitimate? Do they have proper procedures in place on how and what they share? If a privacy policy states it uses your data for “personalized,” “targeted,” “behavioural” or “interest-based” advertising, or if they don’t make a statement about how they are or are not sharing your info, be cautious. It often means other third-party companies are being given access to your data that don’t have your best interests at heart or may not have good security measures in place to protect your data once they have it.  

Customer data is often collected in three ways: asking for your permission, indirectly tracking you, and data matching with other systems. 

  • The "Grocery Store Loyalty" example:
    • When joining a grocery loyalty program app, the grocery store (or its associated app) might ask your permission when you register to collect your name, email and loyalty card number for the purposes of administering the loyalty card.
    • This seems reasonable to most people. However, when you download the app, the privacy settings might be automatically set up to share or track more information than they originally requested.
    • If you don’t change the default privacy settings, the store may be using the app’s features (GPS, log-in or proximity info) to indirectly collect when you shop, what you buy most often, what stores you use the most, what device you use to access the app, how long you are in the store, etc.  
    • Once the store has enough information about you, they may also be able to access other systems like their cash registers, online ordering systems, etc., to see if you returned an item, how often you order, if there are other products you might be interested in (like the company credit card or a promotional offer), etc.
    • They might also sell your information to another third-party company.  
  • How do I limit what is collected? Check your privacy settings.
  • By default, apps can be set up to track your be location, type of device, camera, GPS, or mode of transportation.
  • Some apps only access this info when you’re using it, while others access them all the time.
  • Check security and privacy settings.
  • Examples:
    • Facebook/Instagram/WhatsApp - USA, Denmark, Ireland, Singapore
    • LinkedIn - USA, Singapore
    • Pinterest - USA
    • Reddit - Cloud-based through Amazon Web Services
    • Tik Tok - USA, Ireland, Norway, Singapore, Malaysia.
    • Tumblr - USA
    • WeChat - Singapore, HongKong, Mainland China
    • X (formally known as Twitter) - USA
    • YouTube - USA, Chile, Ireland, Netherlands, Denmark, Findland, Belgium, Taiwan, Japan, Singapore
  •  
  • Yes, as much as possible you should try to only use apps that use MFA.

Avoid sharing personal information

If you wouldn't share it with a stranger on the street, don't share it online. 

Here's what to avoid sharing:

Numbers, logins, addresses

  • Phone numbers or passwords.
  • Email address, home address or work addresses.
  • Yours or your child’s school, full name or birthday.

Photos, images, applications

  • Geotagged photos:
    • Most cameras automatically attach digital information to photos including the date, time and location it was taken.
    • Not all social media applications retain this data when pictures are shared, but some do.
    • Check your privacy settings to ensure this information is turned off.  

News, updates, financials

  • Banking or financial information.
  • Exciting news about vacations, events, family updates, or large purchases.
    • Don’t give criminals knowledge of a window of opportunity to rob you and what they should take when they get there.

Read more

The Privacy Paradox

The privacy paradox explains why people’s actions are contradictory to their beliefs when they trade privacy for the convenience of modern technology.

While most people say that maintaining their privacy is important to them, they also tend to bypass terms of service (TOS) agreements without even reading them.  

Read UCalgary's Dr. Michael Adorjan, PhD (Faculty of Arts) article:  A new privacy paradox? Youth agentic practices of privacy management despite 'nothing to hide' online


Hotel price finder apps

  • Pro: Convenience, safety, shelter 
  • Con: Disclosing your GPS and other private data to that app and any third parties it uses. 

Education apps

  • Pro: Providing the best educational experience, community 
  • Con: Disclosing yours or your child’s private data 

Store/Loyalty apps

  • Pro: Convenience, rewards points, personalization 
  • Con: Disclosing your data to that app and any third-party corporations it deals with. Tracking your spending, shopping, and travel habits 

Social Media apps

  • Pro: Connection, community, convenience, personalization  
  • Con: Disclosing your data to that app and any third-party corporations it deals with 

Health-related apps

  • Pro: Timely personal health information 
  • Con: Disclosing your health and GPS data to that app and any third-party corporations it deals with including insurance companies. Tracks your daily schedule and can expose vulnerabilities in your day 

Wearable technologies

  • Pro: Timely personal health information 
  • Con: Disclosing your health and GPS data to that app and any third-party corporations it deals with including insurance companies. Tracks your daily schedule and can expose vulnerabilities in your day