Pinterest.com security – step by step how-to

General

11

I recently signed up for Pinterest.com, a hip, trendy pin board style website that allows beefed up sharing of your interests with friends via a large visual bulletin board style forum where fans of a particular subject can post what they find compelling, and want to share. Then other friends can weigh in on the subject “pinned”, thereby creating a crowd-ranked list of what folks in that sector are talking about, with the more popular, relevant, and timely pins rising toward the top. The service is heavily integrated with other social media venues, specifically Facebook and Twitter. In fact, you’ll need your account information from one of them to sign up. This means much of the personalized information you may already have on Facebook, for example, might be used to form a composite of what you might also be interested in on Pinterest.

Is it popular? The numbers have been going crazy lately. Who knew? Other than some half-starved startup team somewhere who hit it big, the idea is sickly engaging and addictive, likely because the site is all about you and what others following your same interests find, well, interesting. I also thought Twitter was a hard sell, but now, well, the numbers speak for themselves on that crazy 140 character status update app that's also addictive and successful.

Here in this article we dive into Pinterest.com, show you what's involved in signing up, securing your profile and feeling your way around the world of Pinterest, with an eye toward your own privacy, security, and best practices.

One thing to note: If you're in a hurry and just click through the default options without an eye for security, privacy, and the possible spread of personal information (either semi-automatically or inadvertently aided by unwitting friends), you may end up with more than you bargained for. Allowing your information to be shared with nearly everyone by default might cause heartache down the road, so locking things down a bit seems like a good stance to take.

Let’s Get Started

If you haven't signed up already, it's tougher than it looks. First, you have to sign up for a waiting list to be invited, or better yet, get someone on the service already to invite you. This hearkens back to the early days of gmail, which was pretty successful as well, despite the curious process.

Once you’ve received your invite, continue the process like:

pinterest creating account 1

I opted in this test to sign up using Facebook, so when you click the Facebook link, you are directed to the Facebook login on behalf of Pinterest.com, like:

pinterest login through facebook

Once you login, you are faced with the option to go back to Pinterest, or fine tune your Facebook interface settings. Notice the default selection is to share with friends.

pinterest friend sharing default

Note the notification that says by default this app will share “other activity” on Facebook. That seems like a very broad term for information sharing. If you are more privacy/security conscious, it may be a good idea to restrict the visibility like:

update friend preferences

I changed it to look like this:

reduce sharing to

When you are finished customizing your Facebook sharing settings, select the “Go to App” button and it will take you back to the Pinterest.com signup page to continue the process of creating an account there.

create pinterest account

Since there really isn’t a way to sign up without a Facebook or Twitter account as well, it would be difficult to totally isolate the information flow from those sources. Your best bet is to review your account settings in Facebook, and make sure you’re only sharing what you intend to share, as default permissions tend to be set more lenient than security/privacy fans might prefer.

Now you’ll have a chance to tell Pinterest.com what interests you might have:

define likes

This will continue to build a profile of what/who you might be interested in following.

You now have a chance to create your own Boards:

create your own boards

On the same screen it will highlight those who you may be already following. Next there is a screen where you can customize your tastes, again building the profile the service will target for specific interests:

create your first pinboard

Once you enter your interests, the next time you visit, you’ll see more subjects presented that relate to these preferences.

You now have an option to integrate Pinterest preferences with your browser, for another level of integration:

pin to browser

Now let’s look at some of the settings you might choose to adjust. You have access the settings under the menu shown below:

user settings

On the settings page you will see options to control how Pinterest.com integrates with Facebook/Twitter:

link to facebook

Notice that they are set to integrate by default. For those who want more privacy/security, it may be wise to disable the buttons above, thereby segregating the services a bit more. Notice how tightly the sharing may be integrated, including a feature to tap into your Facebook Friends yet another way.

Summary:

While Pinterest grabs market share and your friends become familiar with the service, expect more fine-tuned controls to be available. Being aware of these settings may help you have a more secure profile and sharing stance while using the service. It also may prevent sharing more information than you planned on, both now and in the future.

What else to watch for:

As with many websites that soar to popularity, we are already seeing scams like fake apps bundled with borderline or outright malicious functionality that users could download for smartphones like Android. The folks at gottabemobile.com point out an app, purportedly for using Pinterest on Android, was not an app at all, but a platform for scams. Many users would simply click through the installation prompts, only to find out later they’ve gotten more than they bargained for.

As Pinterest.com continues to catch on, expect more scams that try to do things like tricking users into revealing credentials through fake notifications, spam texts to your mobile devices, efforts at phishing and other emerging scams. As Pinterest.com grows, we will revisit this in a security series about the platform, helping to keep users safe online.

Author Cameron Camp, ESET

  • Jonny Barton

    Very good article on Pinterest.com and it's security. Worth a quick read!!!!

  • foraminut

    It would be *really* helpful for the public, while you are hyping/describing Pinterest, to let people know that the Pinterest EULA is REALLY broad; if you upload *anything* to Pinterest, that image becomes the property of Pinterest, for whatever use it determines. This is so amazing, but no one seems to know it.  See the recent article in the Boston Business Journal.

    • David Harley

      Marguerite: I guess you’re referring to this? http://www.bizjournals.com/boston/blog/startups/2012/02/pinterest-copyright-issues.html?page=all. A point worth making, but it’s _never_ safe to assume that a social media site doesn’t lay claim to your content. Effectively, your data is their commodity, and that’s usually reflected in the EULA.

    • David Harley

      By the way, I don’t think anyone here is interested in “hyping” Pinterest. We’re looking at it specifically because we have an interest in any security issues it has. (I haven’t looked at it at all myself, so can’t comment on specifics.)

  • Mary Lou

    I am brand new and suddenly my home board is filled with images from Facebook friends that I didn't select. (They aren't objectionable, I just don't want all of this "stuff" there.   I want a cleaner board.  Is there a way to "Unfollow" people until I can get a handle on how this works and just create my boards? Thanks.

  • JoAnne Bottoms

    I was following this man on Pinterest, and I accidentally unfollowed him. I do not remember his name, but I would recognize his face, I think. How can I search and retrieve this info…image search for Pinterest?

  • foraminut

    Hi, David,  I just was reading back through this because I was cautioning another about Pinterest's EULA, and got back here. Please accept my apologies for using the word 'hyping' — I had not seen your response to me before today, and my choice of words was unfortunate and inaccurate. Yours is obviously a website inquiring into matters security, and I should not have written in a manner that suggested otherwise. In retrospect, I think that I meant that your discussion may have advanced public interest in Pinterest indirectly (due to the number of people who read your site), but that's not what I said.

    • David Harley

      Hi, Marguerite. Not a problem. :) As I said before, your point is worth making, and the issue goes far beyond Pinterest. Just one of the problematical aspects of social media…

  • Jean

    What is the connection between Pinterest and Oasap?  Thanks Jean

    • David Harley

      I think Oasap, about whom I know nothing, have a Pinterest page, if that’s the right term (I don’t use Pinterest, either). I wouldn’t know if they have any further connection.

Follow Us

Sign up to our newsletter

The latest security news direct to your inbox

26 articles related to:
Hot Topic
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.