Social media app Instagram is owned by Meta and shares with Facebook many of the same risks to the safety and integrity of journalists’ work. In this fourth article of a six-part series, cybersecurity expert Ben Finn explains for Reporters Without Borders (RSF) these risks and how to best use Instagram’s features to counteract them.
Due to its popularity, Instagram provides journalists with an opportunity to reach a broader community and audience. However, Instagram also presents its own set of scams, misinformation, and security threats. It is therefore vital for journalists to act carefully and know how to navigate these risks before using the app.
Main risks
- Instagram’s Marketplace is open to third-party apps. Some independent add-ons, apps, and games available on Instagram’s App Marketplace are designed specifically for data harvesting and reselling, therefore potentially dangerous.
- Instagram’s security policies keep changing. Because Instagram changes its algorithms and features very frequently, journalists must keep up-to-date if they want to minimise the risk while using the platform.
- Instagram collects an immense amount of metadata. Instagram’s privacy policy shows that it collects more data than most other social media. Metadata can be used to track users.
- Instagram is frequently targeted by hackers. Despite commitment to security, Instagram is often the target of hacking attempts due to the large amount of user data it collects.
- Registering as a journalist may not be as protective as it seems. Instagram offers the possibility to register as a journalist, to “get important safety features that protect against harassment, hacking and other unusual account activity.” Nonetheless, journalists should weigh it carefully: being coined as a journalist on a platform that collects so much data could have an adverse effect in case Meta is forced or decides to share the data it has collected.
- Instagram can be damaging to mental health. Instagram is one of the apps most affected by harassment and abusive behaviours.
Recommendations
- Separate personal and professional accounts, but be reminded that private accounts can still be targeted for scams.
- Only use your account to promote your work if you decide to register as a journalist on Instagram, and put as little information as possible about yourself.
- Restrict or delete third-party apps with profile access in the Apps and Websites section, especially for those found in the Instagram Marketplace.
- Control ads to limit the information advertisers can use, including phone numbers.
- Do not grant permission to track a user’s activity across other apps when Instagram presents a pop-up asking for it.
- Use visibility options to control who can see and interact with an account, and see personal information like email and phone number.
- Always be careful with whom you are interacting. When an account acts suspiciously, check when and where the account was created in the “About this account” — the account may be fake, or recently created just for harming purposes.
- Regularly check device location history, to monitor suspicious logins or unrecognised activity that could reveal there has been a hacking attack on your account.
- Prevent phishing attempts by always checking in the security tab recent communications from Instagram, which will show all official emails, before responding to any messages allegedly from the company.
- Turn on two-factor authentication (2FA) and disable location tracking.
- Read Instagram’s own recommendations for built-in safety features.
- View this guide for a more detailed breakdown of Instagram’s security options.
← Read Part 1: General recommendations
← Read Part 2: TikTok
← Read Part 3: Facebook
In the next two articles, this series will go into specific detail for X (Twitter) and Weibo.
Written by Benjamin Finn. From Houston (USA), Benjamin has been in the IT field for a decade, during which his primary focus was the deployment of internal enterprise tools across large enterprises, including cybersecurity focused efforts. He has been engaged in training on proper security in the context of an oppressive nation-state, specifically in Myanmar. He has also been working with multiple groups in Taiwan to train them on proper security and safety measures.
