If you or anyone you know is committing the below social media sins, it’s time to change that habit of an online lifetime. Even the most innocuous of things can cause trouble down the line, because everyone’s threat model is different. Unfortunately, people tend to realise what their threat model is when it's already too late.
With this handy list, you’ll hopefully avoid the most common mistakes which are served up to social media with a dash of eternal regret.
Don't post: credit card information
Yes, people do this. Someone is issued a new credit card. Perhaps it’s their first and they’re really excited. They want to tell the world…and they do it by posting up un-redacted shots of the front and back of the card. If they’re really unlucky, they've left bits and pieces of personal information on the same profile or elsewhere. I’m not sure why, but these posts often stay online long after hundreds of people have replied with “Delete this!”
It’s a mystery we may never get to the bottom of.
Don't post: medical information
This is quite a timely one. Various forms of medical data are very popular on social media right now, especially due to the pandemic. Got a nice health and wellbeing story? Off it goes into Twitter or Facebook. This can bring problems, however. Back in 2017 we looked at the trend of posting X-Rays to social media. Even where people thought they’d redacted everything, some details still slipped through the net.
Wind forward to 2021, and we have people posting vaccination selfies. Those are fine. However, close ups of the sheets / slips detailing patient info in relation to their vaccine are not. There’s plenty of folks posting these images up from all over the world, which is to be expected. We beg you to ask yourself if you really need to post it and, if you do, please redact most if not all the information on these cards. You really don’t need it online.
Don't post: visas and passport photos
Many immigration advice firms post to social media whenever they manage to obtain visas for their clients. That’s great! Well done. What’s not so great? Posting images of the client’s passport to social media, usually along with the visa, or other entry document.
Occasionally they’ll redact some of the data…but not all of the time. And even when name / address / D.O.B. is obscured, other elements are left visible. That could be their biometric residence permit number, or something else specific to their identity in their new country of residence. Given these are Government issued documents, it’s best not to post any of it online at all. There’s often steep fees for replacement documents, and I’m not sure if it’s any better if they need replacing due to negligence as opposed loss.
Let’s say “It’s probably worse” and resolve to never do it again.
If you’re a customer of organisations helping arrange visas and you know they have social media accounts? Feel free to keep an eye on their feeds, especially if you see they already do this. You’ll probably find yourself posted online at some point, and even with redactions applied this feels like a very uncomfortable practice.
Don't post: personal information in customer service chats
Interacting with customer service reps on Twitter is something people do 24/7. It’s often one of the fastest ways to resolve an issue, but trouble beckons when people post the inner workings of their problem. Something wrong with an order? Missing screws for your DIY table? Milk expired 3 weeks ago?
Okay, but you don’t need to post everything to go with it. Order numbers tied to public accounts, screenshots of your order summary complete with home address listed, telephone numbers, we’ve seen them all down the years.
Is your delivery driver disputing that someone was in when they rang the doorbell? It happens, but you don’t need to post up a shot of the GPS indicator from their website showing exactly where you live.
All of this information is usable to some degree by people up to no good. It could be phishing, it could be doxxing, it might be stalking. Bottom line: start from a position of total redaction and only show what you absolutely need to.
If you’re taking the conversation to direct messages? Don’t post anything sensitive in there either, and that includes things like passwords.
Don't post: vacations in real-time
Given it’s an age since anyone likely went on holiday, it’s worth dusting off one more golden oldie. If and when we’re all able to go on vacation, remember to control your travel experience ruthlessly.
We strongly suggest you post about your trip after you get back home. It may be appealing to get everything online as it takes place, but “I’m hundreds of miles away from my empty home” seems a bit dangerous to us.
This is especially the case if any of your profiles make use of geolocation, or you happily tag your home address in any geolocation service. You may as well hire someone to fly a plane over your house with a big banner that says “We’re empty for 14 days, come on in”. This isn’t a very catchy marketing slogan, but people up for a bit of burglary will love it.
Don't post: the TMI selfie
This probably isn’t what you’re expecting it to be. However.
Something we regularly see on social media is the TMI selfie. This is an entirely boring and normal photo, with one major exception lurking. That pic of your nice new sofa in the front room? There’s a letter on the shelf with your bank statement on it. The Instagram-worthy snap of your meal? You can see a reflection of confidential work information on your laptop in the mirror. Finally received that delivery you’ve been waiting on and Tweeted it out? You left the label with your address on the box.
We let our guard down in places we trust. This often proves disastrous for people who prefer to remain a little bit anonymous on social media. The TMI selfie is usually brought to light by helpful followers of whoever happens to post it. Interestingly, unlike the credit card snaps, these usually get deleted swiftly. That's definitely a good thing.
Keeping it safe on social
These are the social media sins which frequently have a negative impact on people's lives when they least expect it. By avoiding them, you're encouraging solid security and safety practices in all aspects of your life both offline and on. If you can think of others, we'd love for you to add some of your own in the comments.