All the attention being given to Facebook and Cambridge Analytica regarding their breach of public trust and exploitation of personal data is richly deserved. It has raised some fundamental questions about Internet privacy and the duties and obligations of all the service providers who collect, consume, and use individuals’ data. It is of course critically important at this juncture to have meaningful discussions about what the right thing to do is vis-à-vis online data collection and dissemination, but it should be done with open eyes. It is equally important that the general global populace becoming much better informed about what the issues really are, what limits can realistically be placed on social media platforms, and what is, frankly, possible versus impossible to achieve with respect to data management.

Social media is a primary contributor to one of the most pressing concerns of our time – the proliferation of virtual terrorism – the 21st century version of terrorism which instills fear among people who share information in cyberspace, because so little is known about where that information may end up, what unknown actors may do with it, and when.

In the US, social networks are considered to be public spaces; any information shared there is covered under the so-called ‘third-party doctrine,’ which means that users have no reasonable expectation of privacy regarding the data their service providers collect about them. Any data you post online in any format (regardless of privacy settings), or any data collected by the third parties with whom you may have an agreed-upon business relationship, is not considered private, yet many people willingly stream data and images to their ‘network’ in the mistaken belief that they are the only ones who will see or have access to it.

In 2010, Eric Schmidt of Google noted that the world produced as much information in two days as we did from the dawn of civilization until 2003. In 2014 it was estimated that each day the world creates 2.5 quintillion bytes of data, so much that 90 percent of the data in the world at that time was created in the previous two years. As of 2016, we produced as much information in 10 minutes as did the first 10,000 generations of human beings. There is no way humanly possible to monitor and protect all of that data. The more data there is, the more data breaches there will be. That is a simple fact.

Facebook admitted in 2011 (when it had ‘just’ 500 million users) that more than 600,000 of its accounts were compromised every single day. Each of those security breaches could have been used for identity theft, criminal impersonation, tax fraud, health insurance scams, or a plethora of other possible criminal offenses. According to Facebook’s 2014 annual report, up to 11 percent of its accounts were fake, meaning more than 140 million accounts at that time. That number has grown exponentially.

Facebook is in the hot seat at the moment, but the Cambridge Analytica scandal is emblematic of a much broader problem: any data we entrust to social media can be leaked to criminals, terrorists, or others. We must assume that if some of the data we have willfully granted to social media platforms has not already been leaked or hacked, it is a question of time until it will be. It is estimated that at least 40 percent of social media users have been exposed to at least one form of malware, and more than 20 percent have had their social networking or e-mail account compromised or taken over by a third-party without permission.

To better understand how simple it is for that to happen, if you happen to check your Facebook account at your local Starbucks while in the process sharing its network with 30 other people, and if one of them happens to be a hacker running a program called Firesheep, the hacker could use the plug-in to log in as you on your own Facebook account and assume your identity. Known as “sidejacking,” this happens all the time.

Cyber stalkers send unwanted e-mails, tweets and text messages, or spread rumors online. They easily obtain detailed information about their victims, such as home addresses and phone numbers. With an estimated two-thirds of college-aged students engaging in ‘sexting’ (sharing sexually explicit SMS photographs via their phones), the scope for a problem continues to grow rapidly. In January 2017, Facebook had to assess nearly 54,000 potential cases of revenge pornography and “sextortion” for the month, disabling more than 14,000 accounts related to this type of sexual abuse, with 33 of the cases reviewed involving children.

Criminals no longer wait to see if your newspaper delivery has built up on your front doorstep before they target you for a burglary. Today, either they, or the data brokers they may use, scrape information from your social media for ‘lead generation.’ Another way they target their future victims is via locational data in files posted online – the silently implanted metadata in photographs, videos and status updates shared by mobile devices, which reveal the date, time and GPS coordinates where photos and videos were taken, as well as the serial number of the phone or camera. The metadata is easily accessible by anyone who knows how to download a simple browser plug-in to access them. With any one of hundreds of free tools, your photos and videos can be made to appear on a Google Map that allows anyone to zoom in on the precise location where the picture was taken.

Social media platforms should build awareness regarding security precautions and information disclosure, so that users are encouraged to take more care and become more conscious about revealing their personal information in their profiles. Ideally, the platforms would embark on broadly-based educational campaigns and governments would do the same. Ultimately, however, it is incumbent upon social media users to do their part to take some basic precautions to protect themselves and take the question of personal cyber security more seriously. We are the first and last firewall, for it is us who decide what sites to go to and which links to click on.

Facebook and other social media platforms must do their part to make cyberspace a safer environment for its users, but we must all change our way of thinking and do our part, for virtual terrorism is not someone else’s problem – it is everyone’s problem. We should understand what is ill advised to do online and acknowledge that virtually anything we write or post in cyberspace may become public at some point in the future. The Facebook and Cambridge Analytica scandal have made the average person aware of the problem. What happens from here is up to us.

This article was originally posted in the South China Morning Post.