Facebook works with over 190 marketing partners that work with thousands retailers and advertisers. All of your Facebook data is shared with hundreds of data broker companies, all of which are equally vulnerable to cyber-attacks, like the one that happened to Equifax. Data brokers who bought your data from Facebook will sell it with your real life identity to whomever who is willing to pay for that. Virtually anyone could buy your personal information in the form of profile from your physical world identity. So, can you trust Facebook with your data?
Your Facebook data which these companies hold on their servers not only includes your public posts, comments, and Likes, but also your private chats, your browsing history, mobile information, and your offline activities, like purchases in physical stores.
Given the nature of the Internet which often favours the attacker, it is natural to worry about how your data is being handled insecurely, especially since data breaches of companies are in the news left and right every day.
To attempt to anonymously browse Facebook is to firstly try to block all attempts of Facebook trackers and potential hackers to steal your personal information to make profit off of you. Securing your online presence is like securing your house; you add layers of security features like locks, alarms, and CCTV cameras to give criminals more obstacles to overcome before they can get in.
The purpose is to increase the amount of time and resources it takes to break in. If a thief needs to pick several locks and find a way to disable your alarms and security cameras, chances are their attempts would be noticed and alerted (or they might just give up).
Firstly, you need to understand how Facebook tracks you. If you sign in to your account on your browsing tab and then use the same browsing session to surf the Internet, Facebook collects it all. They will know which websites you visited, for how long, what ads you clicked on, online purchases you made and so on. With every article you read with a Facebook ‘Like’ button on it, there are invisible analytics tools at bay, watching your browsing habits.
Facebook uses your assigned identification code to follow you across platforms and even on your phone. If you use Facebook apps, you give Facebook access to know what other apps you have installed on your device, and all other personal information Facebook got permission to access.
Facebook will take all your private information and match them with your credit card credentials, to link your online activities to purchases in physical and online stores.
You can at least take a few steps to take control over how much advertisers and governments can track you through your Facebook account. If you want to protect your online identity and privacy, you are going to have to change some browsing habits.
First of all, you will need to start with anonymising your Internet traffic and protecting your online privacy by blocking all Facebook trackers.
To stop Facebook from tracking you, you need to separate your browsing from your Facebook identity. You will need a separate browsing session for Facebook and everything else, and never cross-link. In order to achieve that, you need a browser that deletes all Facebook’s trackers each time you close it, so that each time you restart your browser, a new browser will start and Facebook will not have any access to the information.
One example would be to use privacy browsers like TOR or Brave for all your Internet traffic. You can also consider setting up a privacy configured browser and have a separate alternative browser for surfing the Internet and a separate one for your online identities.
However bear in mind that even if you use TOR, Facebook has trackers capable of creating a match about your identity across platforms, desktop or mobile. These trackers can activate if you connect to the clear net without TOR
Be sure to sign in to your Facebook account over TOR via Facebook’s onion link, and remember to close the session before browsing for anything else.
(Read also: TOR Over VPN & VPN Over TOR: Which is Better?)
There are plenty of add-ons to your browser which you can also download to beef up your security. For example, HTTPS Everywhere prevents major websites from making insecure connections to disclose your identity. Privacy Badger is a must to block social media plug-ins that Facebook uses to track everyone, even after they are logged out or do not have a Facebook account. Umatrix is another extension which will put you in full control of what websites can and cannot know about you. You can blacklist Facebook trackers together with Google, Twitter, Microsoft, Apple, and others.
Another step to secure your account is to use two-factor authentication (2FA). However, there is a catch.
Facebook really wants to know your real physical phone number, so that they can better confirm match of your advertising ID to your real identity. This is one reason why Facebook bought over WhatsApp; to have the biggest database of phone number registry on mobile users that can be tied with Facebook’s massive marketing database.
If you enable 2FA with your real phone number contracted to your real name, SMS messages are not secure or encrypted. If you want to take it one step further, you can enable 2FA on Facebook with a number that is not tied to your name and use it solely for verification messages and nothing else. Alternatively, use a separate email for your 2FA purposes, which brings us to the next tip.
Another good security measure is to have a separate email address just for Facebook. Your Facebook account is probably going to be the primary target for hackers. Similarly to having an anonymous phone number, if your email does not tie back to your real name, it is a plus. It is also suggested not to use this email address for anything other than confirming and securing your Facebook account. Email services like Protonmail can integrate encryption for messages you receive from Facebook. There is a lot of sensitive information in emails that Facebook sends to your inbox. A hacker could intercept them when they are in transit, and read your password recovery links, Facebook notifications, and personal information. Protonmail and Facebook’s PGP partnership offers you to enable encryption as another layer of security.
Not to toot our own horns, but using a Virtual Private Network (VPN) like BolehVPN is also a must for anyone looking to anonymise themselves on the Internet. A VPN serves the purpose of maintaining the privacy of your Internet communications. VPNs work by encrypting your Internet traffic to hide your browsing activities from any hackers looking to steal your data. When surfing using a VPN, not only does it conceal your IP address (aka. who you are on the Internet), but your Internet traffic is also directed through an encrypted tunnel, safeguarding your connection and data exchange of your emails, passwords and files.
No protection is 100% unbreakable. However, prevention is better than cure. It is best to be prepared and maximise on your cyber defences before an actual attack even happens.