DEMONWARE 10: The Dangers of Social Network Logins
Articles Blog

DEMONWARE 10: The Dangers of Social Network Logins


You’re on a popular website or app, and
you decide to create a new account on it. You see there’s multiple options, and for
the sake of convenience, decide to use one of the social logins. You see a quick
warning of what information this site might access, but quickly ignore it.
What happens to your data after you click, “accept”? Hi everyone, I’m Andy Wong, welcome to the latest episode of Demonware, Demonware is a show regarding the progress of my graphic novel, which shares the same name, as well as what’s in my headspace
regarding technology and society. Today I’m going to talk about social logins and your personal data. You might have heard a lot of cyber security related news
recently, regarding the use of personal data and data breaches. While this is a hot topic
in news right now, this is not anything new. These issues have been around for
years, and have received very little attention overall. I’m going to push past
all the noise, and get to the heart of the matter: your personal data ISN’T safe
and oftentimes we unintentionally spread out that same data to other places. When
you click on and accept a social login on a website or app, that data gets
copied to that service’s servers wherever they live. It’s one thing for Google,
Facebook, or Twitter to have your data, but if it lives elsewhere, you can’t
guarantee that information is secure. One part of the controversy surrounding
Cambridge Analytica and Facebook is the fact that even though Facebook deleted
Cambridge Analytica’s related app data on their end, Cambridge Analytica still
hasn’t deleted everything on their end and that data is STILL in circulation. If
you used ANY app that uses social login any time in the past, if you go into
Facebook and delete your ENTIRE account that app’s data is still living elsewhere
and there’s very little you can do about it. If a company who runs the app has a
data breach you are at risk. To give you a perspective on data breaches roughly
1.85 billion data records are lost or stolen per year. That’s 5 million records
lost or stolen every day, and 211 thousand records per hour. One of the
most notable data breaches was related to Equifax, one of the three major credit
reporting agencies in America. Last year, 143 [million] American consumers were affected by the breach: where names, Social Security numbers, birth dates, addresses, and in
some instances, driver’s license and credit card numbers were obtained by
hackers. The population of the United States is currently 325.7million people.
That means that about 43.91 [percent] of Americans were affected by the Equifax breach alone.
So, I’ve hammered the point that your data isn’t safe, but what can you do to secure
your data and minimize your risk? I’ll go over a few ways to do it. First, find out
if you are affected. The most important thing to do is to find out if you’re the
victim of any particular data breach. There’s a website called haveibeenpwned.com
(right here) and you can enter in your email address and find out if that
email and any other personal information was currently obtained in any data
breaches. You can also check on the same site, if any passwords have been used
before and have been obtained by hackers. With that information, you can go into the
affected services to re-secure your accounts and change your password or
information. Second, if possible, DON’T USE SOCIAL LOGINS. If you’re creating an
account on a website or app, you’re given the option to create a username or
account using just your email address, TAKE that option. Make sure that account
creation process actually makes you type your email address and not ask you for
your Gmail or Yahoo account. That’s not the same thing. If you HAVE to use a
social login, make sure you’re aware of what information the app is using, and if
you’re comfortable with that. Three, minimize your data trail. Reduce the amount of
public information you have about yourself online. You can still reduce the
amount of information companies have on you about deleting your accounts. On
Facebook, you can remove all the topics and pages you’ve liked, change
permissions, and under Facebook’s app settings, you can see what information
apps can access and revoke their access or just remove them altogether. And
LASTLY, secure your accounts! Out of everything, you should secure your email
accounts the most. The most important thing to do is use a very good password
or two-factor authentication. I recommend doing both. What two-factor
authentication does, is link your account to another device, like
your cell phone, and when you log in you need to do an additional authentication
step, like entering a code or using your fingerprint reader on your phone. If you
have a smartphone, setting this up as a fairly standard process and there’s no
reason not to do this. Two-factor authentication increases the
security of your account GREATLY. Regarding passwords: the longer your password,
the harder it is for someone to hack or brute force it using a breached password
list. A very easy way to have a strong password is to use a full sentence you
can remember, like “11 horses carried the cowboys the nearest rodeo!” PLEASE don’t
use that exact password though, because I just mentioned that in public.
If remembering full sentences seems to be too much, you can use a password
manager such as LastPass or 1Password. How password managers work is they give
scrambled auto-generated passwords to any email, app, or social service you link
it to, and it acts as a gatekeeper. You just use ONE password through the password
manager, and allows you to access everything else.
Now how this improves security, is it reduces all possible entry points to ONE
very secure one. And with all that, I want to note that it’s really important these
days to secure what belongs to us, our personal information and data. It’ll be
a long while before companies are held fully accountable, so we must do what we
can to secure it. I hope this all was informative and helpful. Anyways, my
questions for you this week: Have you been a victim of a data breach? And what
have you done to secure yourself? Let me know in the comments down below or you
can tweet me on Twitter here. I like to read your thoughts and jump in the
conversation. One more thing, I want to mention if you liked this episode, feel
free to check out one of my previous episodes: Episode 8 was about how
third-party cookies track you over the Internet, and Episode 6 is about dark web
patterns and how it exploits habits of the human mind. I’ll link them down in the
description down below. Anyways– create more, consume less. I’ll
see you next week.

6 thoughts on “DEMONWARE 10: The Dangers of Social Network Logins

  1. Ok when u say our personal data isn’t safe when signing up or whatever, what type of site r u visiting. All the questions ask for is your name, age, and then a username or email. Sometimes a phone number. Is that info really unsafe if leaked. Like u don’t get asked for ur home address, social security number, or if u keep ur windows unlocked when u sleep. The most personal thing any site would ask u is your city and that’s only for dating apps, so you’ll actually be able to meet the person u texted online.

  2. Really so 1.8 BILLION “data” records r stolen or lost each year. So ur saying in about 4 years, all of the worlds data has been leaked. Yes bc I know where bing fuk ow lives in China. Ik his exact address and phone number and credit card number. NOO it doesn’t work like that, and even if we did have our information lost or stolen multiple times in our lives, as I stated before it’s not even information that affects u. Oh no abu Yusuf knows my phone number, whatever shall I do.

  3. Ok I get equifax, the more serious websites. But ur video is title SOCIAL MEDIA, social media is Instagram, Facebook, Snapchat, twitter and those websites don’t ask for anything personal

  4. what's there to worry about if most of your accts online are FAKE @yahoo/@Gmail/@myEmail?

    LOL

    Idiots!

    Even this acct is FAKE…hack all you want , all you'll get is a BIG FUCKYOU.

    Learn anything yet?

    FAKE tweet tweet
    FAKE FaceBook
    FAKEevery damn thing.

    The REAL accts NEVER surf…just checks emails and ebay and alibaba and that's on a laptop.
    Besides there are FAKE IP router apps that can reroute your IP throughout the world 100x…..but it really doesn't help against the FEDS or a really stupid stubborn hacker.

    [email protected]!

    Age: 100 (easy to remember)
    Street address: 90210 Beverly Hills
    Phone Number: Give some stupid airport number.
    NO to everything else.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back To Top