10.3 Social Media & Oversharing

Social media is the most visible part of your active digital footprint — and one of the most underestimated sources of personal data exposure. The information you share, and the audiences who can see it, shape what employers, insurers, scammers, and data brokers know about you.

What oversharing actually exposes

Location data is the most immediately dangerous category. Photos taken with smartphones embed GPS coordinates in their EXIF metadata unless location services are disabled before shooting. Posting a photo captioned "home sweet home" while geolocation is active tells anyone with basic tools your precise home address. Real-time location sharing ("Just arrived at X!") enables physical tracking.

Identity data — date of birth, hometown, school, phone number — posted publicly gives social engineers the raw material for account takeover attempts, phishing calls, and identity fraud. Equifax's 2017 breach showed that security question answers ("mother's maiden name," "first pet") are widely available from public social profiles — the answers people post about themselves freely.

Behavioural and lifestyle data — health posts, political opinions, financial comments — feeds into profiles used by insurers, employers, and political campaigns. A 2018 study by the Pew Research Center found that 51% of US adults believed social media companies were sharing their data with third parties without their knowledge.

The concept of context collapse

Sociologist danah boyd coined the term context collapse to describe what happens when content created for one audience (close friends) becomes visible to a much wider one (employer, government, strangers). A photo that is funny to your friends may be professionally damaging when viewed without context. Social media platforms are architecturally prone to context collapse — posts designed for a small circle can be shared, screenshotted, and redistributed indefinitely.

Conducting a social media privacy audit

For Facebook: use the Privacy Checkup tool (Settings → Privacy Checkup). Review who can see your posts (aim for Friends, not Public), who can see your friends list, who can look you up by email/phone, and whether your profile appears in search engines. Review tagged photos — you can require approval before tagged posts appear on your profile.

For Instagram: switch to a private account (Settings → Account Privacy) unless you have a deliberate public presence. Review tagged photos. Check connected third-party apps — many request broad permissions and retain access long after you stop using them.

For LinkedIn: review what is visible to the public versus connections — your contact information, activity feed, and connections list all have separate settings. Recruiters can see more than you might expect by default.

Practical rules for reduced exposure

Never post real-time location. Wait until you have left a venue before sharing. Review and approve tagged photos before they appear on your profile. Conduct a friends/followers audit annually — many accounts go dormant or are compromised. Disable geotagging in your phone's camera settings by default. Avoid publishing home address, phone number, or full date of birth publicly. Think before posting about others — especially children, who cannot consent.

Your takeaway

Privacy on social media is not about disappearing — it is about being deliberate. Regular audits, modest default settings, and simple habits (no real-time location, no personal identifiers publicly visible) substantially reduce exposure without requiring you to leave the platforms entirely.