Reverse Character Creation: How Facebook Has the Blueprint to Your Identity | Written By: Louise Baylon

Should I quit Facebook? I am someone who enjoys character creation and customization, quite a lot actually. As an artist, I enjoy brainstorming and making up characters, visualizing how they look like, and crafting the stories that make up their identity. This fondness of mine carries on to video games as well. Most of the time I find myself enamored and engaged during character creation sections, often spending hours just on that before playing the actual game. So imagine my surprise during our previous discussion with our data privacy professor, when I learned that I have also been doing character creation (unknowingly) with my daily activities on Facebook. As well as on the rest of the internet for as long as I have been using it.

Just as how I've enjoyed making up characters and spent hours on character customization, I've also had the pleasure (not really) and the extensive amount of time spent on creating one character - and that character is me. Our professor introduced us to the four types of data that is collected from us by using Facebook. Me being the neurodivergent person that I am, I began to associate each data type with components required in a blueprint to create a character. We have explicit data (the backstory), meta data (the traits), off-Facebook data (the rumors), and third-party data (the design). With these data, which I have been unknowingly providing Facebook for about a decade now (yikes), Facebook has been slowly but surely constructing the blueprint to my identity. As a matter of fact, I wouldn't even be surprised if they can create a clone of me with the what they have right now.

Explicit Data is the information you outwardly give to Facebook. I like to think of it as 'the backstory' of the character, or in this case your own backstory. This includes things such as your full name, age, birthday, relationship status, and hometown. Such data is superficial and is to be expected to be explicitly stated when creating a character. However in this case, should things such as your full name and relationship status really be explicitly stated? As I've discussed with my previous blog regarding social media survival 101, it is easy to keep yourself from sharing explicit data by following first of the five general rules of thumb. The first rule states to never overshare, limit personal details to barebones minimum of what is necessary. That way, you'll only be sharing crumbs of your own backstory, rather than your autobiography.

I'd like to think of Meta Data as 'the traits' of your character. In definition, meta data are information that are not explicitly shared but are still collected as they may give context to other data. Things such as the date and time you posted something and from what device you used to post are considered as meta data. Similar to how you can decide that a character your creating is a nocturnal person who owns expensive things, Facebook can also identify if you're nocturnal by examining what time of day you normally post and see if you own expensive things by checking out the device you used to post. Although providing meta data is quite difficult to avoid, unless you quit Facebook entirely (as our instructor has suggested), then you may apply the third of the five rules of thumb. The third rule advices you to turn off location services, which is one way to help reduce meta data collected from you.

Off-Facebook Data are 'the rumors' of your adventures outside the lands of Facebook. How does Facebook know of your endeavors outside their site? With spies of course! Believe it or not Facebook has tons of little birds scattered around the internet and they all report back with tales of your journey in different sites. How does one know if there are little birds present? Check around the site you are currently on, if it has the 'share to Facebook' or 'log-in with Facebook' button somewhere on it then you already know your off-Facebook data is collected. But what are they collecting exactly? Well, it could be anything! What kind of content you consume, your behavior outside their site, and the such. Facebook uses this data to sell to advertisers so that they can target their ad marketing to your interests. Just searched for phone cases online? Well congrats! The next time you open Facebook, you're about three down scrolls away from seeing an ad for phone cases. Convenient? Sure. Exploitative? Absolutely. Avoidable? Highly unlikely (unless, again, you quit Facebook altogether).

As you are aware that Facebook is constructing a blueprint of your identity with the data they collect from you, don't act surprised that other sites are doing the same. Imagine the horror of knowing that these sites are doing a little group project of knowing absolutely everything that is to know about you by exchanging information with each other. This is Third-Party Data or 'the design'. Why design? Imagine each of the aforementioned sites has an image of you. Each image shows you with a single piece of clothing on. As your behavior vary from each site, each image will have a different piece of clothing on. One can be wearing a shirt, the other has pants, and another has a hat. What these sites will do is that they will collaborate by superimposing all images on top of one another until they have an image of you wearing all three clothing - the shirt, the pants, and the hat. In that way, they will have a generalized idea of your behavior online by synthesizing you behavior in different sites. How do you avoid third-party data? You can't. Unless, for the last time, you quit Facebook once and for all. I'm thinking I should do that soon too.

Discussion Dates: 03/12/24 - 03/14/24 Images sourced from Microsoft Bing Image Creator.

Social Media Survival 101: How to Not Become A Victim of Doxing | Written By: Louise Baylon

In light of our discussion regarding online social networks (or OSN as I'll be referring to moving forward), I've decided to dabble into my own experiences and share some of my knowledge as a seasoned social media veteran - so to say. So far in this journey of mine to educate myself on how to handle my personal information online, I have been reflecting on new concepts presented by our instructor. I figured it might be a good change of pace if I am to reflect and share my own experiences this time!

OSNs are not easy to traverse, despite their simple interfaces and welcoming atmosphere - they are some of the most notorious places you can be on the internet. I should know, I have been through quite a number of social platforms and I have seen the ugly side of every single one. You have to keep in mind, OSNs isn't only a space where you can share your own content but it is also everyone else's and that can come with its own repercussions. Have you ever heard of the term 'doxing'? I trust that if you have been on the internet for as long as I have, if not longer, then you may have come across this term thrown around here and there. To those who are unfamiliar, the act of 'doxing someone' is to maliciously post someone's personal information out to the public without their consent or knowledge. Essentially, it is outwardly leaking someone's information to the public's eye. Now I myself have not been a victim of doxing (thankfully), but I have been a witness to it and I would like to share my few cents on the topic hoping that it may be helpful to anyone reading this. Albeit unofficial, I'd like to categorize doxing into two classifications - direct and indirect.

Direct Doxing It is what I call the textbook definition of doxing; someone leaking a person's private information to the public for whatever reason they might harbor. This type of doxing is usually performed by cybercriminals or by moderators who are tasked to snuff out cybercriminals.

One of the most common sightings for direct doxing are on online forums and chatrooms such as Twitter (also known as X) and Discord. When discussions get heated and turn into full blown arguments, it's not uncommon for someone to dox the other person out of spite. Putting ethics aside, the public rarely speaks up when it comes to doxing as it is usually done to individuals the majority agrees is problematic and who is spouting problematic nonsense to the platform. Some may see this as a form of online justice. Certain people believe that if you are bold enough to be spitting problematic content (or at least content that isn't inherently bad but they still disagree with) then you should be held accountable; it has always been a law of the land on social platforms. At first glance that belief seems to be justified, but always keep in mind that the internet is a land of unpredictable morals. If the real world is filled with garbage individuals, the internet is filled with the same garbage individuals who are given confidence to be more toxic by hiding behind usernames and anonymous identities. Even if you had done nothing wrong nor post problematic content, there will always be individuals who will dislike or disagree with your content and that is more than enough reason for them to attempt doxing you!

Indirect Doxing It is when information that should be private is shared to the public (unknowingly so) and the usual culprit - is you! It may vary from you posting a picture while on vacation with the location tagged to as simple as you liking a post.

This type of doxing is lethal as it is done unknowingly and extremely hard to avoid. OSNs pride themselves as platforms that allow people to connect with each other by sharing - keyword being share. In these platforms, you are encouraged to share more of your personal life and interests in order to connect with others who you may know personally, share the same interests, or both. And it is with this very feature that you may fall victim of doxing. There is this content creator from Tiktok (and I cannot for the life of me remember their username) who does content by finding the real names of his viewers. What happens is that someone will comment on his video saying "I bet you can't find me," and in a matter of minutes he can snuff out that person's government name. Depending on the amount of information available, he does a number of ways to snuff out the name. He opens the commentator's Tiktok account and looks for links to other social media platforms like Facebook and Instagram. From there he can look for full names which are usually found on bios or images. Sometimes when material is scarce, he checks the person's mutual friends to see if they've mentioned the name on their boards or tagged posts. He can even track unrelated accounts that contain the full name through liked posts, tagged locations, and check-ins. The point here is that by sharing, as OSNs encourage us, we are giving more and more material for strangers to find specific information about us. The Tiktoker I mentioned had no malicious intent yet he was able to find people's government names in minutes, what more if it were actual cybercriminals looking for your government name and location?

So how can you avoid falling victim to doxing? Here are five general rules of thumb you must keep in mind.

Rule 1 : Never Overshare When posting something, you should consider the potential consequences it can bring. Ask yourself "can this be used to dox me?" and proceed from there. If you really want to post something, limit personal details to the barebones minimum of what is necessary.

Rule 2 : Practice Exclusivity Not everyone needs to see that you are on vacation at this specific resort or you are going out of the country. Manage who can see your posts and can visit your account - better yet set your account private! If you want to flex being able to travel to other countries or have vacations on fancy places, then flex only to those you know - strangers don't need to be informed about that.

Rule 3 : Turn Off the Tracker Make sure you disable location services and untag locations from your posts. It's more than enough that you're posting about it, no need to tell people where you're precisely located.

Rule 4 : Choose Your Friends Wisely When adding someone as a friend who can view your posts, make sure that they are trustworthy or at the very least you've spent time with them long enough to know they are safe to view your content.

Rule 5 : Clean As You Go If you are done with a certain account of yours, don't just leave it idling - never to be used again. Clear out all information when moving to a new account or better yet deactivate or delete it if possible.

I know there are more out there, but these are just five rules that I live by as someone who has been on the internet long enough to witness the dangers of doxing. I know it will be a huge adjustment if you're not the type to practice these rules, but it does a whole lot in the long run. I've been able to explore OSNs for around a decade unscathed from doxing and hopefully this article will help you do the same as well.

Discussion Dates: 03/05/24 - 03/07/24 Images sourced from Microsoft Bing Image Creator.

One Key to Unlock Them All: The Dangers of Sharing Even the Smallest of Data | Written By: Louise Baylon

"Which poses a bigger threat to lose, your money or your personal data?" A few class sessions ago, our instructor asked us that very question. Blind to the point the question was trying to make, my classmates proudly answered 'money' as it was the seemingly obvious answer. Now I will be honest, I too was naïve at the time and also answered money. I thought losing personal data didn't pose as much consequences when compared to the adverse effects of losing money. In my head, it would just be someone gaining information about me, nothing more nothing less.

Although in hindsight, I should have answered 'personal data'. Even though I did not know the reasoning as to why personal data would be the correct answer, I should have seen past what was superficial and deceivingly obvious in the question. If that had been the case, the answer wouldn't have come off as painstakingly obvious that it annoyed me how I hadn't thought of it that way. Jumping a week later to the next session, our instructor had us watch a short film. Unbeknownst to us, this very video would tie in to the question our instructor asked us a week ago. It was of an old guy trying to order pizza through a hotline. During this seemingly normal transaction, the pizzeria staff on the other end of the line would occasionally say suspiciously specific things. Things such as recommending healthy pizza topping alternatives in relation to the old guy's health records and quick delivery options based on the old guy's home address. Of course, this shocks the old guy as he would always ask every time how'd they know about his health records, home address, and the sorts. The pizzeria staff would then reply normally by stating that since he had provided his card number - they have access to the system. This bit goes on and on until the old guy becomes furious and hangs the call. The main takeaway of the short film was that it was portraying the old guy giving the staff a master key to all his personal data - with the 'system' in question being the database holding all his information and the 'card number' acting as the key. Now how does this tie in with the original question and its answer? The idea of even the simplest of information such as a card number can allow access to more than what you bargained for is the main point this question is trying to make. According to our instructor, the answer states that if you lose your money then you'll just lose money, but if you lose your personal data - then it won't be long before you'll lose your money too. In other words, it is a bigger threat to lose the key than just one of the many things the key itself is protecting.

Discussion Dates: 02/27/24 - 02/29/24 Image sourced from Microsoft Bing Image Creator.

Recipe For Protecting Data: The Three Principles of Data Privacy and Security | Written By: Louise Baylon

Principles serve as the backbones of a system, if we are to ignore the principles in which a system is built upon - then what strength does the system itself hold? In this week's discussions with our instructor, we give light to the foundations of data privacy and security. Three principles that, in which our instructor has time and time again emphasized, must be kept at heart if one wishes to understand and practice the concept of protecting personal data. As I continue to embark on a journey of educating and be ridding myself of ignorance, I shall digest and internalize these three principles.

When preparing a meal, what is the first requirement a cook must prepare? The ingredients, of course! As one cannot bake cake without eggs, flour, and sugar, so is data privacy and security without informing or being informed, making sure that your objectives abides by the law, and that you are only collecting what's necessary. Let us go over each one. To inform or to be informed embodies the first principle, the principle of transparency. It is the right to know what your personal data will be used for when giving it to someone and the responsibility to let people know what their data is used for when you are the one collecting it. As someone who used to skip the part in surveys or account sign ups where they explicitly explain why they need the information they're asking for, I am ashamed to say that I have been very passive with exercising my rights to know. I am not sure if they intentionally make those parts a real drag to read, but my eyes usually glazes over to the next segment just from how lengthy and wordy they are. Hopefully, moving forward, I will put in a little more effort in exercising my rights and actually read what they do with my data. I've had my fair share of asking people for their personal data, especially in surveys, and I am proud to say that I do inform them of my intentions and objectives. I also never write them in unnecessarily excessive lengths to boot! Making sure that your objectives abide by the law, as the principle of legitimate purpose suggests, ensures that you don't infringe on a data subject's rights when collecting processing data. Out of the three principles, this one might be the most straightforward. If you collect data, make sure it will be used only for its specified purpose and nothing more. If I were to give out surveys, as I have in my past academic years, I must not use a responder's name to search for them on social media and stalk them (not that I have done it before, of course). Doing so infringes the responder's rights as I have used their data for another purpose outside of what I informed them. Only collecting what's necessary, stated by the principle of proportionality addresses an issue that I've been seeing for years but never noticing. We go back again to surveys, but this time I am the respondent. It has always baffled me why they need my contact number for answering a simple questionnaire or even signing on an attendance sheet for an event. I used to fear that if my answers were a bit too problematic they would contact me and confront me about it. That is a long gone thought process of mine, thankfully. Now knowing about this third principle, I can't hep but feel validated with my gut feeling that something was wrong. This principle talks about only collecting what is needed. In the aforementioned questionnaires and attendance sheets, my contact number wasn't a necessary data to be collected. The purpose of the questionnaire was for them to acquire my opinions on matters and the attendance sheet was to record my presence during the event - not one of them required a contact number to fulfill their purpose. I will be keeping my eye out for things like these in the future, that's for sure. And there we have it, the recipe for protecting data! By internalizing the three principles of data privacy and security, not only can you help yourself by exercising your right as a data subject, but also help others by practicing your responsibilities as a data collector. Data privacy and security is a system, like a cake that had too much flour or too little egg it crumbles - because a system without principles is a system that holds no strength.

Discussion Dates: 02/20/24 - 02/22/24 Image sourced from Microsoft Bing Image Creator.

Am I For Sale: My Naive Perspective on Sharing Personal Data | Written By: Louise Baylon

"In this age of information, ignorance is a choice," That line has stuck with me ever since the discussions about data privacy this week. As an individual existing in the fourth industrial revolution, wherein data is more valuable than oil, choosing to feign ignorance to the many ways in which my personal data can be exploited is as dangerous as it is easy to not care about.

When asked 'Are you for sale?', it is common to deny the notion. I myself did so. 'No, I am not for sale!' I proudly declared internally, despite the fact that my actions for the past decade beg to differ. I've been on the internet for as long as the early 2010's. I basically grew up on the internet, all my personal endeavors have been done online, and it is incredibly embarrassing that it has taken me this long to take a step back and reflect on how I have been handling my personal data online to this day. From having multiple email addresses and accounts across different platforms over the web, I would not be surprised if most of my personal data has been recorded and exploited all around the internet. With every account I make, I willfully throw my personal data around. With every terms and conditions I skimmed and agreed with, I ignorantly allow third parties to exploit my data. Like a spider who has spun its web, I have made my mark on all sites I frequent - the ironic thing is that I find myself trapped in it. The silky threads I have left on the sites I've visited all lead back to me and it won't take long before someone takes advantage of it - in fact, I wouldn't be surprised if someone already has. 'Are you for sale?' I ask myself again, this time doubting my own response. With the way I have been behaving online, surely not. Right?... I am for sale. As much as I'd like to deny it, I am and have been for sale for quite some time. It stings to hear, sure, but it is the bitter reality. All of my choices has led me to this, no matter if it was done so willingly or out of ignorance. I am for sale and have sold myself multiple times. My name, my face, my contact number, my address, my sex, my age, my birthday, my preferences - all of it! It's not a good notion to think about. So, how can I fix it? During this week's discussions, points were made on how to protect one's data privacy through examples our instructor presented to us. One of my main takeaways was that I don't have to provide any personal information other than what's required for the transaction. On my way home after class, I was presented with a scenario in which I can practice my findings. I was out with my classmates on a convenience store when one of the employees approached us and asked if he can conduct a survey. Seeing as there is no harm to it, me and my classmates agreed. The employee asked us how much we frequent the convenience store and where we are headed afterwards. Keeping my findings in mind, I only answered with how many days in a week I visit the store and me going home afterwards. I figured I didn't have to specify the exact day and time nor my actual address, as it was completely unnecessary. I only gave the required data for the transaction. I was no short of proud with myself for successfully applying what I've learned in a real scenario and that got me thinking - if I can do that in real life scenarios, why not online as well? After arriving home that day, I browsed the internet for ways in which I can practice data privacy as I have at the convenience store earlier. The following are a few of the tips I found that are most applicable to my current behavior online.

Never Using the Same Password on Multiple Accounts I am guilty of having the same password for all my accounts across the internet, solely for the fact that it's convenient to remember. However, there is a blatant and obvious risk to it wherein if my password is leaked, then all of my accounts will be in danger of being hacked.

Making Sure There Is An 'HTTPS' On The Address Bar This is actually a trick I learned recently, prior to browsing. It is a way to verify if the site I'm currently on is secured. If there is an 'S' on 'HTTPS', then that means the data I'm sending through the site is encrypted and thus protected from third parties.

Keeping My Personal Accounts Private Aside from my professional accounts where in I publicly showcase my work, accounts that showcase my personal life should be set to private and should only been seen by people I personally know. This way, I am less susceptible to identity theft. As someone who has tons of accounts, each with different uses, I shall review and see which ones I need to set to private.

Of course these are just a few examples, but it's a start. I may not have the best track record of practicing data privacy online, but that doesn't mean it's too late for me. So I ask myself for the third time, 'Are you for sale?'. 'Unfortunately yes, but not for long,' I now respond with clear conviction. As I dive deeper into this subject, I expect myself to keep on learning and growing as I have this week. To be more aware with my data privacy and apply those new findings into how I handle my data online. Thread by thread I will untangle myself from this web I've created. In this age of information, ignorance is a choice and right now - I am choosing not to be ignorant anymore.

Discussion Dates: 02/13/24 - 02/15/24 Image sourced from Microsoft Bing Image Creator. [References] National Privacy Commission. (2023, November 24). 30 Ways to Love Yourself Online.

Foreword

Good day, this is Mr. Louise speaking. This online gazette serves to archive my thoughts and findings regarding academic matters.