For Twitter, among others, growth in popularity and usage has often been at odds with security and order.
An army of more than 80,000 sex-crazed bots recently polluted the service with spam links to porn sites. Hackers leaked the passwords of more than 32 million accounts before invading the accounts of news outlets, international brands, and politicians to show support for embattled Turkish President Recep Tayyip Erdoğan. And the United States’ own president has been using the service in ways many characterize as cyberbullying.
Social-media accounts in general provide juicy hacker targets, says Hayley Kaplan, an online-privacy expert and advocate. According to survey estimates, a fifth to two-thirds of all accounts have been accessed without the owner’s authorization.
“Just like on any other social network, you can get yourself into a lot of trouble by sharing too much [on Twitter], using it carelessly, and not knowing your settings,” says Kaplan, who helps crime victims and law enforcement employees reduce their digital footprint. “Twitter, by default, is public, and there are risks associated with that. Using some common sense and taking other precautions will help ensure that you’re being as safe as possible.”
Kaplan advises Twitter users to take five simple steps to improve their account’s privacy and security.
- Don’t trust all links
Blindly clicking links in tweets, especially if the accompanying headline is particularly inflammatory or outlandish, could compromise your account or device, Kaplan says. Fake news headlines often entice users to click malicious links, which are often laden with malware or ransomware, she adds. In May, for example, Russian hackers might have used Twitter to deliver malware to more than 10,000 employees at the U.S. Department of Defense.
While hovering over a hyperlink typically triggers the display of its actual destination, shortened URLs in tweets like this one from The New York Times often point to other shortened URLs, making it very difficult to ascertain the link’s domain.
This means you should pay closer attention to a tweet’s source. You might also want to visit a link analysis site before clicking. Although Twitter flags potentially unsafe links, submitting a shortened URL to a site like CheckShortURL will reveal to you its ultimate destination without clicking.
- Do think twice before enabling location information
Adding your location—a city, neighborhood, or even latitude and longitude—to your tweets can be dangerous for a variety of personal-safety reasons, Kaplan says. Think twice before turning on this setting, which by default is off, especially if you plan to tweet from home. If you turn the setting on, your subsequent tweets will automatically include a general location label.
To turn this setting off or check whether it’s turned on, visit Settings and Privacy, then Privacy and Safety, and uncheck the box next to Tweet location. From here, you can also remove all your previous location labels from your tweets.
- Don’t neglect your security settings
Twitter provides two optional security settings to help protect your account: log-in verification and password reset.
With log-in verification, also known as two-factor authentication, Twitter sends you an SMS message with a code to input in order to access your account each time you log into the social network. With password reset, Twitter requires you to verify additional information, such as your phone number, before submitting a request to reset your password.
You can find both of these options by visiting Settings and Privacy, then Account, then Security.
- Do review third-party applications
When using Twitter, you might come across enticing calls to install third-party applications developed to schedule tweets, run surveys, and analyze post metrics. When you connect a third-party app to your account, you grant it a number of capabilities, which range from reading your tweets and seeing whom you follow to posting tweets on your behalf, accessing your direct messages, and seeing your email address.
Because not every third-party Twitter app is necessarily what it appears to be, Kaplan recommends regularly reviewing which apps you use—and rescinding the access of others. To view and update your app settings, visit Profile and Settings, then Apps.
- Don’t tweet recklessly
If your account is public, anyone can follow you, read your tweets, and interact with you. And even if it’s private, it’s a good idea to be judicious about the content of your posts, Kaplan says.
“Don’t post any personal information,” she says. “You never know how someone might be able to use your tweets against you in the future.”
Twitter advises being wary of any communications that ask for your private contact information, personal information, or passwords. It also suggests that you ask yourself four questions about the information you share in tweets: Who am I sharing this information with? How much and what type of information am I sharing? How many people can see the information I’m sharing? And, can I trust all the people that see this information?