A Social Media Security Model

April 25, 2011

I am often asked how I handle handle security while using social networks. This post serves as my answer in image and bullet form.

  • I make a strong, explicit distinction between private and public mediums, and I control posted content to each accordingly.

  • I only post location information to private networks, e.g. Foursquare doesn’t go to my blog or to Twitter. That’s Facebook only.

  • I limit access to private networks, i.e. unlike most people I don’t have just anyone on my Facebook. I use the house-sit/conversation rule: if I wouldn’t let them house-sit or wouldn’t enjoy prolonged conversation with them, they don’t get added to Facebook.

  • Content can move from low security to high security, but not the other way around. E.g. Twitter posts to Facebook, but Facebook doesn’t post to Twitter.

Using a system like this, combined with good account security practices regarding usernames and passwords, it’s fairly trivial to enjoy the benefits of social media without sacrificing too much security. ::