Despite plenty of user complaints, Facebook still hasn't caught on to the "opt-in" philosophy: Most of us feel that when a service adds a new feature that affects our privacy, it should ask whether we want to enable it rather than quietly enabling it for us. Facebook adds new features all the time, and many of those features share information you might not want out there.
First, we'll walk through the basic privacy settings that determine what you share, then look at a few lesser-known settings you'll want to tweak, and finish with a few third-party tools that will help keep your Facebook information private.
The Basic Privacy Settings: What You Share
Facebook's main Privacy Settings page has a pretty good overview of what you'll want to change, and presents it in a way that's mostly easy to understand. Here's how each of the four sections work.
Connecting on Facebook
The first section of Facebook's Privacy page is the "directory". From here, you can control who can find you on Facebook and how. Click on the "View Settings" link under "Connecting on Facebook" to access those settings. You can make each category viewable by one of five different groups: everyone on Facebook, friends of your friends and anyone in your networks, just your friends and anyone in your networks, friends of your friends only, and just your friends.
If you don't want everyone seeing all your information (like where you live or where you work), you should change them here. I let anyone search for me, send me friend requests, and see my friend list, but other than that I've left everything else as "Friends of Friends". Chances are high that if someone's friending me on Facebook, I know them through someone else, so it shouldn't be hard for them to find me—everyone else I'd rather keep in the dark about who I am, where I live, and where I work.
Sharing on Facebook
You can click on the "Customize Settings" link below the table to further refine your choices. That lets you set each specific option to viewable by everyone, friends of friends, friends and your networks, Friends only, and so on. You can even set specific phone numbers or email addresses separately, which is pretty nice. I'd comb through this section no matter what you do, since there are some settings here that aren't on the main table. We'll talk more about those in the next section, "Lesser-Known Settings".
Applications and Websites
This is where you'll control which Facebook applications can access your profile, and what web sites outside of Facebook can access your account. Click on the Edit settings button to tweak them.
The rest of this page you'll probably want to lock down as much as possible. Under "Info accessible thorugh your friends", you'll want to uncheck all those boxes, so your friends' apps can't access your information (God knows what spammy applications they're using). You'll want to disable the Instant personalization feature as well, which will let sites like Pandora and Yelp use your Facebook account to give you extra "features" (also known as: spam). Lastly, unless you want your Facebook page coming up in Google results, you'll want to turn off Public search as well.
You may think the block lists are only for ex-significant others, but there are actually some good features in there. For example, not only can you block users, but you can block app invites or event invites from specific users. So, if you have a friend that you like, but they're one of those people that invites every ding-dong Facebook user to their event (you know, even if they don't live in the same state), you can block event invites from them. Similarly, if you have friends that play way too many games on Facebook, you can stop them from inviting you.
To tweak these settings, just hit "Edit Your Lists" under Block Lists. To add a friend to any of those lists, just type in their name. You can also block them from the main Facebook interface. You can block a user that wrote on your wall, ignore event invites when someone invites you to an event, or block an app that someone invites you to. So you don't always have to come back to this page to block someone.
<h3?Lesser-Known Settings You'll Want to Tweak
Apart from the more obvious settings above, Facebook has implemented a few features that aren't as well-known. Some are a bit privacy-invading, and need to be turned off, while others are good for your privacy but have to be turned on (nice job, Facebook). Here are the ones you'll want to keep an eye out for.
Turn Off Facebook Places
Facebook's Places feature allows you to "check in" to businesses and other places on a digital map, so people can see where you are. This is a huge privacy issue, and while the act of checking in is done manually (Facebook won't automatically share your location with people), it's still worth turning off entirely if you aren't going to use it. You never know when a Facebook bug might surface or when you might just hit the wrong button and share your location with everyone you know.
To turn it off, just head back into your Privacy Settings and hit the "Customize Settings" link under the table. Scroll down to "Things I Share" and set "Places I check in" to "Only Me", which will keep Facebook from sharing your location with anyone. You also might as well Disable the "Include me in 'People Here Now'" setting while you're at it, which is right below the "Places I check in" setting.
You'll also definitely want to go to "Things Others Share" and disable the "Friends can check me into Places" setting, which stops your friends from sharing your location from their account. By default, this should be off for most people, but it's probably a good idea to double-check.
Turn Off Facial Recognition
Facebook has also added a feature that scans newly uploaded photos for familiar faces. If it matches your face to one of their photos, it will prompt them to tag you in it. If you'd rather not have this feature on, you'll need to head into your Privacy Settings and once again click the "Customize Settings" link at the bottom of the table. This time, scroll down to "Things Others Share" and disable the "Suggest Photos of Me to Friends" feature.
Turn On HTTPS to Lock Down Your Private Information
With privacy-invading apps like previously mentioned Firesheep out there, it's more important than ever to secure yourself on web sites that have personal information on them, like Facebook. HTTPS will protect you from a lot of outside attacks, especially when you're browsing on open Wi-Fi networks.
To enable HTTPS encryption, hit "Account" in the upper-right hand corner of any Facebook page and go to "Account Settings". Under "Account Security", check the box that says "Browser Facebook on a secure connection (https) whenever possible". Be sure to save. From then on, it will automatically connect to Facebook via HTTPS whenever possible. Note that Facebook applications still do not have HTTPS support (just one more reason not to use them).
Turn On Two-Factor Authentication to Keep Others from Logging Into Your Account
Of course, none of this matters if someone gets a hold of your Facebook password. If you want to make sure you're the only one logging into your account, you can enable two-factor authentication, which will send a code to your phone every time you access your account from a new computer or device. That way, if someone gets your password and tries to log in from your computer, they won't be able to get in unless they've also stolen your computer (or your phone).
To enable this feature, head to your Account Settings and scroll down to Account Security. Under "Login Approvals", check the box that says "Require me to enter a security code sent to my phone". That way, you'll get a notification every time a new device tries to access your account, and if it's you, you can plug in the code to get access.
Extensions and Tools That Enhance Your Privacy Even More
These are all great, but there are a few Facebook annoyances that you can't fix from your account settings. Thankfully, you can pick up a few browser extensions that'll help you out. Here are some we recommend.
Even if you love Facebook, it can get kind of annoying seeing that "Like" button all over the web. If you'd like to clean up the Facebook clutter on other web sites, previously mentioned Facebook Disconnect for Google Chrome will remove the Like button from most of the web sites you visit. There might still be Facebook links and icons, but it'll remove the actual Facebook integration people build into their sites, which is usually the more obnoxious clutter.
A lot of sites around the net, like Pandora, Yelp, or Microsoft Docs.com, will try to connect to your open Facebook accounts and use them to "enhance" your experience. This can get really annoying, especially since it does it all automatically, without asking. We disabled some of these when we turned off the Instant Personalization Program, but bugs happen, and if you'd like to keep Facebook separate from your other online accounts, you can just download AdBlock Plus for Firefox or Chrome and add the following filters:
From then on, other sites shouldn't be able to use your currently-logged-in Facebook account to add "features" (also known as: spam) to other online services.
F.B. Purity and Better Facebook
Previously mentioned F.B. Purity is a userscript for most browsers that will hide annoying Facebook applications and news feed updates, like Farmville, Horoscopes, and other ridiculous spam. Previously mentioned Better Facebook also has this ability, but it's much more complicated. If you just want to hide the spam, go with F.B. Purity, but if you want some serious, fine-grained control over your Facebook experience (along with quite a few extra features), Better Facebook is definitely worth a look.
While they don't boost your privacy per se, they will get rid of a lot of the annoying spam on Facebook and, in turn, keep you from accidentally clicking on something you shouldn't. Plus, they just provide a cleaner experience.
Internet Shame Insurance
This should help keep your Facebook a little more locked down, like it was when you first signed up for it.