If you’re a Facebook user, you’re undoubtedly concerned about the recent (and seemingly ongoing) changes in the privacy controls the site offers. And if you’re not among the whopping 35% of users who bothered to adjust your settings, you should be. Social networking sites are increasingly providing opportunities for security incidents.
In fact, Mark Zuckerberg himself has been quoted as saying:
People have really gotten comfortable not only sharing more information and different kinds, but more openly and with more people. That social norm is just something that has evolved over time.
Whether or not you agree with Zuckerberg’s assertion, take a moment to check your privacy settings. The following tutorial shows the settings I made to ensure I controlled the information I could and reduced the information I can no longer control.
NOTE: I have invented a profile for the Lord of the Rings character Gollum to use as a humorous example for this tutorial.
Limit who you friend
First things first. You are the first and best source of security; privacy starts with your own choices about who to friend. Just because someone initiates a friend request, doesn’t mean you have to accept it (that’s why Facebook offers an “Ignore” button!). Before you click “Accept,” think about why you’re friending that person. And be confident that it is, indeed, them.
I was recently contacted by someone I barely knew in high school. When I sent a message to him explaining my security concerns with Facebook and asking how we knew each other, he promptly responded with details that only he (or a determined and creative impersonator) would know.
If you’ve already gone “friend crazy,” consider un-friending people who you don’t really intend to keep up with. It’s okay, Facebook won’t even tell the person you’ve unfriended!
If you are someone who friends people from different circles (e.g., personal and professional), you should consider setting up groups in Facebook, too. This will help you, for example, share personal information with personal contacts and not your work colleagues.
Now let’s dig in to the privacy settings.
Profile Information Settings
Your Profile Information settings control who can see the information you add to your basic Facebook profile.
Start by going to Settings, Privacy Settings in the upper right of Facebook.
Next, click on Profile Information.
Depending on the choices you made during Facebook’s last round of changes, your profile information may have defaulted to show the world your account. To see what non-friends see when they search for you on Facebook, click “Preview My Profile…“. Check this periodically as you make various changes to see the impact of your changes.
As for your Profile Information, I would recommend at the very least changing each option to “Only Friends.” This at least limits who can view your profile information to those you’ve already accepted into your network. Alternatively, you could choose “Custom” and choose only certain groups of friends.
Your Contact Information settings control who can contact you (and how) via your Facebook profile page.
Click on “Privacy Settings,” then on Contact Information.
Like the previous settings, change most of these to, at least, Only Friends. The exceptions I made here are for “Everyone” to see my website address, and the “Add Me as a Friend” and “Send me a message” links.
Applications and Websites
The Applications setting controls what your friends can share about you via applications they use.
Back at Privacy Settings, click on Applications and Websites.
In this section, you only need to adjust What your friends can share about you. Click Edit Settings.
As you can see, I am fairly restrictive about what my friends can share about me through applications they use on Facebook. Use your own judgment as to what information you want your friends to be able to share about you.
Your Search settings control what, if anything, search engines and Facebook users can see in your profile.
Back at Privacy Settings, click Search.
Again, notice how restrictive I make my settings. I only allow Friends to find me on Facebook. Ultimately, though, I can’t prevent someone from viewing my profile via one of my friends profile pages.
I also unselect the Public Search Results checkbox. Click the see preview link to see what search engines will gather about your profile if you leave the box checked.
The following image shows what a search engine would catalog about Gollum. Notice the list of friends? This information is shared by default for every user and cannot be changed. This is the main reason I chose not to activate the Public Search Results setting.
Profile Page Tweaks
Think you’re done? Not yet! Head to your profile page to fine-tune what people can see there.
On the left-hand margin, locate the Information box and click the pencil/edit icon. This will give you a list of items you can choose to show on your profile page. Note that I’ve omitted items like birthday, hometown, and political and religious views. That way, users who view my profile from my friends’ pages will only see the information I want them to see.
Scroll down and locate the Friends box. Click the edit link and uncheck the option to “Show Friend List to everyone.” This will ensure that anyone who views your profile via your friends’ profile pages will not see your friends list.
The following is what someone viewing Gollum’s profile page would see if they weren’t a friend. One way to see this for yourself is to create a fake alternate Facebook account and not friend yourself and find your profile page (unfortunately, Facebook actually frowns on creating multiple accounts).
Limit Fan Pages
In the image above, notice how the profile page shows the “Pages” Gollum is following. For this reason, I recommend you be selective about which bands/movies/products/etc. you “fan.” More and more, prospective employers are rejecting applicants based on their profiles on sites such as Facebook. What does your profile say about you?
Now that you’ve adjusted your privacy settings, it’s time to check your account settings, primarily to ensure your personal information doesn’t appear in Facebook ads.
The only settings you need to worry about here are on the Facebook Ads tab. Again, I took the conservative path on this one, setting both options to “No one.” This means that none of my personal information will show up on ads anywhere on Facebook.
Similar to my precaution about who you friend, I encourage you to limit which applications you authorize to access your account. Second only to the social engineering risks inherent in accepting friend requests, Facebook applications open you up to unnecessary security vulnerabilities. I mean, do you really want to annoy everyone with your Farmville and Mafia Wars activity?
When you land on the applications page, change the drop-down selection to “Authorized.” This will show you all of the applications you have granted access to your account. Now is a great time for you to easily axe all of the applications you don’t actually use. Simply click the X to delete that application.
For those applications that are left, you can specify the particular security settings by clicking Edit Settings.
A Pain in the A**, but “Set it and Forget It”
I realize this is an extensive list of security settings and there’s no guarantee that it won’t change next month (if it does, I’ll try and post an update). But if you’re serious about maintaining control of your personal information, take the few minutes it takes to adjust your settings. Then you can go back to posting updates, photos, and other information knowing exactly who is able to see your activity.