Security

The Complete Guide To Managing Your Facebook Privacy

Keeping your Facebook info private seems to be getting harder and harder all the time, since Facebook keeps trying to make it public. To help you out, we’ve created a comprehensive guide to keeping your Facebook locked down and in your control.

Despite plenty of user complaints, Facebook still hasn’t caught on to the “opt-in” philosophy: Most of us feel that when a service adds a new feature that affects our privacy, it should ask whether we want to enable it rather than quietly enabling it for us. Facebook adds new features all the time, and many of those features share information you might not want out there.

First, we’ll walk through the basic privacy settings that determine what you share, then look at a few lesser-known settings you’ll want to tweak, and finish with a few third-party tools that will help keep your Facebook information private.

The Basic Privacy Settings: What You Share

Facebook’s main Privacy Settings page has a pretty good overview of what you’ll want to change, and presents it in a way that’s mostly easy to understand. Here’s how each of the four sections work.

Connecting on Facebook

The first section of Facebook’s Privacy page is the “directory”. From here, you can control who can find you on Facebook and how. Click on the “View Settings” link under “Connecting on Facebook” to access those settings. You can make each category viewable by one of five different groups: everyone on Facebook, friends of your friends and anyone in your networks, just your friends and anyone in your networks, friends of your friends only, and just your friends.

If you don’t want everyone seeing all your information (like where you live or where you work), you should change them here. I let anyone search for me, send me friend requests, and see my friend list, but other than that I’ve left everything else as “Friends of Friends”. Chances are high that if someone’s friending me on Facebook, I know them through someone else, so it shouldn’t be hard for them to find me—everyone else I’d rather keep in the dark about who I am, where I live, and where I work.

Sharing on Facebook

This is the biggest section, which determines who can see your status updates, photos, contact information, and more. It’s pretty easy to adjust from the main Privacy page. You can set it all to “Everyone”, “Friends of Friends”, “Friends Only”, or customise your own settings. The table will provide a pretty easy-to-read overview of what your current settings are. This part’s mostly up to you, though I’ve kept most of this stuff to “Friends Only”.

You can click on the “Customize Settings” link below the table to further refine your choices. That lets you set each specific option to viewable by everyone, friends of friends, friends and your networks, Friends only, and so on. You can even set specific phone numbers or email addresses separately, which is pretty nice. I’d comb through this section no matter what you do, since there are some settings here that aren’t on the main table. We’ll talk more about those in the next section, “Lesser-Known Settings”.

Applications and Websites

This is where you’ll control which Facebook applications can access your profile, and what web sites outside of Facebook can access your account. Click on the Edit settings button to tweak them.

Frankly, I think Facebook applications are awful. With the exception of certain apps (like Twitter, the iPhoto Uploader, or other legit programs I use), I try and keep this clean. Facebook applications, on the whole, are insecure, spammy, and just downright annoying. Next to the list of “Apps You Use”, hit the “Edit Settings” button to see the full list. From there, you can remove an app by cliking the “X”, or you can hit “Edit Settings” next to an app to see what information of yours it can access and what it can do. I usually draw the line at an application posting on my wall, unless it’s something I want to post to my wall (like Twitter). Again, this will vary from person to person.

The rest of this page you’ll probably want to lock down as much as possible. Under “Info accessible thorugh your friends”, you’ll want to uncheck all those boxes, so your friends’ apps can’t access your information (God knows what spammy applications they’re using). You’ll want to disable the Instant personalization feature as well, which will let sites like Pandora and Yelp use your Facebook account to give you extra “features” (also known as: spam). Lastly, unless you want your Facebook page coming up in Google results, you’ll want to turn off Public search as well.

Block Lists

You may think the block lists are only for ex-significant others, but there are actually some good features in there. For example, not only can you block users, but you can block app invites or event invites from specific users. So, if you have a friend that you like, but they’re one of those people that invites every ding-dong Facebook user to their event (you know, even if they don’t live in the same state), you can block event invites from them. Similarly, if you have friends that play way too many games on Facebook, you can stop them from inviting you.

To tweak these settings, just hit “Edit Your Lists” under Block Lists. To add a friend to any of those lists, just type in their name. You can also block them from the main Facebook interface. You can block a user that wrote on your wall, ignore event invites when someone invites you to an event, or block an app that someone invites you to. So you don’t always have to come back to this page to block someone.

Apart from the more obvious settings above, Facebook has implemented a few features that aren’t as well-known. Some are a bit privacy-invading, and need to be turned off, while others are good for your privacy but have to be turned on (nice job, Facebook). Here are the ones you’ll want to keep an eye out for.

Turn Off Facebook Places

Facebook’s Places feature allows you to “check in” to businesses and other places on a digital map, so people can see where you are. This is a huge privacy issue, and while the act of checking in is done manually (Facebook won’t automatically share your location with people), it’s still worth turning off entirely if you aren’t going to use it. You never know when a Facebook bug might surface or when you might just hit the wrong button and share your location with everyone you know.

To turn it off, just head back into your Privacy Settings and hit the “Customize Settings” link under the table. Scroll down to “Things I Share” and set “Places I check in” to “Only Me”, which will keep Facebook from sharing your location with anyone. You also might as well Disable the “Include me in ‘People Here Now’” setting while you’re at it, which is right below the “Places I check in” setting.

You’ll also definitely want to go to “Things Others Share” and disable the “Friends can check me into Places” setting, which stops your friends from sharing your location from their account. By default, this should be off for most people, but it’s probably a good idea to double-check.

Turn Off Facial Recognition


Facebook has also added a feature that scans newly uploaded photos for familiar faces. If it matches your face to one of their photos, it will prompt them to tag you in it. If you’d rather not have this feature on, you’ll need to head into your Privacy Settings and once again click the “Customize Settings” link at the bottom of the table. This time, scroll down to “Things Others Share” and disable the “Suggest Photos of Me to Friends” feature.

Turn On HTTPS to Lock Down Your Private Information

With privacy-invading apps like previously mentioned Firesheep out there, it’s more important than ever to secure yourself on web sites that have personal information on them, like Facebook. HTTPS will protect you from a lot of outside attacks, especially when you’re browsing on open Wi-Fi networks.


To enable HTTPS encryption, hit “Account” in the upper-right hand corner of any Facebook page and go to “Account Settings“. Under “Account Security”, check the box that says “Browser Facebook on a secure connection (https) whenever possible”. Be sure to save. From then on, it will automatically connect to Facebook via HTTPS whenever possible. Note that Facebook applications still do not have HTTPS support (just one more reason not to use them).

Turn On Two-Factor Authentication to Keep Others from Logging Into Your Account

Of course, none of this matters if someone gets a hold of your Facebook password. If you want to make sure you’re the only one logging into your account, you can enable two-factor authentication, which will send a code to your phone every time you access your account from a new computer or device. That way, if someone gets your password and tries to log in from your computer, they won’t be able to get in unless they’ve also stolen your computer (or your phone).

To enable this feature, head to your Account Settings and scroll down to Account Security. Under “Login Approvals”, check the box that says “Require me to enter a security code sent to my phone”. That way, you’ll get a notification every time a new device tries to access your account, and if it’s you, you can plug in the code to get access.

Extensions and Tools That Enhance Your Privacy Even More

These are all great, but there are a few Facebook annoyances that you can’t fix from your account settings. Thankfully, you can pick up a few browser extensions that’ll help you out. Here are some we recommend.

Facebook Disconnect

Even if you love Facebook, it can get kind of annoying seeing that “Like” button all over the web. If you’d like to clean up the Facebook clutter on other web sites, previously mentioned Facebook Disconnect for Google Chrome will remove the Like button from most of the web sites you visit. There might still be Facebook links and icons, but it’ll remove the actual Facebook integration people build into their sites, which is usually the more obnoxious clutter.

AdBlock Plus

A lot of sites around the net, like Pandora, Yelp, or Microsoft Docs.com, will try to connect to your open Facebook accounts and use them to “enhance” your experience. This can get really annoying, especially since it does it all automatically, without asking. We disabled some of these when we turned off the Instant Personalization Program, but bugs happen, and if you’d like to keep Facebook separate from your other online accounts, you can just download AdBlock Plus for Firefox or Chrome and add the following filters:

||facebook.com^$domain=~facebook.com|~facebook.net|~fbcdn.com|~fbcdn.net

||facebook.net^$domain=~facebook.com|~facebook.net|~fbcdn.com|~fbcdn.net

||fbcdn.com^$domain=~facebook.com|~facebook.net|~fbcdn.com|~fbcdn.net

||fbcdn.net^$domain=~facebook.com|~facebook.net|~fbcdn.com|~fbcdn.net

From then on, other sites shouldn’t be able to use your currently-logged-in Facebook account to add “features” (also known as: spam) to other online services.

F.B. Purity and Better Facebook

Previously mentioned F.B. Purity is a userscript for most browsers that will hide annoying Facebook applications and news feed updates, like Farmville, Horoscopes, and other ridiculous spam. Previously mentioned Better Facebook also has this ability, but it’s much more complicated. If you just want to hide the spam, go with F.B. Purity, but if you want some serious, fine-grained control over your Facebook experience (along with quite a few extra features), Better Facebook is definitely worth a look.

While they don’t boost your privacy per se, they will get rid of a lot of the annoying spam on Facebook and, in turn, keep you from accidentally clicking on something you shouldn’t. Plus, they just provide a cleaner experience.

Internet Shame Insurance

Facebook’s privacy settings can be pretty cryptic, and while you may have gone through your privacy settings like a hawk, you can still miss things. Our own Adam Pash’s Internet Shame Insurance extension for Chrome puts Facebook privacy into plain English. Whenever you go to make a post on Facebook, it’ll tell you exactly who can see it, saving you from making any embarrassing Winer-caliber updates.

This should help keep your Facebook a little more locked down, like it was when you first signed up for it.