Facebook is the largest social media app in the world, and an essential tool for journalists to develop and promote their work. However, it also presents many risks for the profession (misinformation, data mining, hacking etc.). In this third article of a six-part series on social media, cybersecurity expert Ben Finn details for Reporters Without Borders (RSF) the risks of using Facebook and provides advice on how to safely and efficiently navigate it. 

One of the main appeals of Facebook, the No. 1 social media app on the planet, is the sheer size of its user base: up to 3 billion active users means many opportunities for journalists to make connections, understand social trends and behaviour, and promote their work. It is also rife with misinformation, gathers extensive data on its users, and is a frequent target for hacking. However popular and convenient Facebook is, it is vital journalists know how to use it safely.

Main risks

  • Facebook is a prime tool for spreading misinformation. Coordinated misinformation campaigns spread on Facebook have been used to undermine governments, and sell scams to the public. Information on Facebook cannot be trusted without independent research.
  • The App Marketplace is not secure. Many independently-made add-ons, apps, and games available through Facebook are not secure, or designed specifically for data harvesting and reselling.
  • Facebook’s security policies are intricate and constantly changing. Because Facebook changes its processes so frequently, journalists must keep themselves up-to-date if they want to stay secure on the platform.
  • Facebook collects an immense amount of metadata. Facebook’s privacy policy shows the data collected is greater than most social media sites. This can be used to track users.
  • Registering as a journalist may not be as protective as it seems. Facebook offers the possibility to register as a journalist, to “get important safety features that protect against harassment, hacking and other unusual account activity.” Nonetheless, journalists should weigh it carefully: being coined as a journalist on a platform that collects so much data could have an adverse effect in case Facebook is asked or decides to share the data it has collected on the registered journalists.
  • Facebook is frequently targeted by hackers. As Facebook collects significant data from its users, it is often targeted by hackers and governments who want that information for their own purposes. Facebook does have a solid security team, but breaches still happen. Any data collected by Facebook may eventually become available to malicious actors, which can compromise the security of journalists or their sources.
  • People without accounts may still be tracked by Facebook. Facebook creates shadow accounts to track the behaviour of users who are not logged in.

Recommendations

    • Always double-check information sourced from Facebook, as Facebook contains a lot of misinformation.
    • Separate personal and professional accounts, but be reminded that private accounts can still be targeted for scams.
    • Only use your account to promote your work if you decide to register as a journalist on Facebook, and put as little information as possible about yourself.
    • Restrict or delete third-party apps with profile access in the Apps and Websites section, such as those found in the Facebook Marketplace.
    • Control ads to limit the information advertisers can use, including phone numbers.
    • Use visibility options to control who can see and interact with an account, and see personal information like email and phone number.
    • Make use of comment moderation options under posts, Facebook has sophisticated auto-moderation features.
    • Turn on two-factor authentication (2FA).
    • View this guide for a more detailed breakdown of Facebook’s security options.
    • Read the additional journalist-related tips from Facebook.

← Read Part 1: General recommendations
← Read Part 2: TikTok
→ Read Part 4: Instagram
Read Part 5: X (formerly Twitter)
Read Part 6: Weibo

Written by Benjamin Finn. From Houston (USA), Benjamin has been in the IT field for a decade, during which his primary focus was the deployment of internal enterprise tools across large enterprises, including cybersecurity focused efforts. He has been engaged in training on proper security in the context of an oppressive nation-state, specifically in Myanmar. He has also been working with multiple groups in Taiwan to train them on proper security and safety measures.

2 Comments