Tuesday, June 19, 2012

Facebook privacy settings

There have been a lot of changes recently to the privacy settings available in Facebook.  I've been asked by a few of my friends what settings should they look at/fix?  Well, here's a quick explanation of the current Facebook privacy settings.

Default privacy setting: This is the audience for which each post will automatically be made available.  This setting can be changed in each individual post as well.
  • "Public".  With this setting, all of your posts will automatically be available to all Facebook users.  Probably not a good idea.
  • "Friends".  Only friends will automatically see your posts.  There may be instances however where friends of friends or others that are tagged in photos may also see those posts.
  • "Custom".  This allows you to more tightly control who automatically sees your posts.  You can create lists of people to see your posts, maybe a subset of your friends, or simply set the default to "Only Me".  If you use the "Only Me" setting, you are the only one ever going to see any of your posts unless you change the settings on each one once you make the post.  There are a few other handy settings in there that allow you to set up lists of specific people to hide your posts from and also a checkbox to hide the posts from friends of people you tagged.
How you connect: There are 3 settings in here that control how you connect with others.

  • Who can look you up using the email address or phone number you provided?  It appears the default setting here is "Everyone".  It would be a good idea to change this to "Friends".  This would actually be a good place for another selection choice that would even narrow the audience down even more or completely opt-out of allowing anyone to search on phone number or email address.  Until then, it may be a better idea not to even supply a phone number or external email address in the first place.
  • Who can send you friend requests?  Really not many choices here - "Everyone" or "Friends of Friends". Take your pick on whether you want friend requests or not.
  • Who can send you Facebook messages?   Spam and messages with malicious content are all over the place.  While Facebook tries to do the best they can to eliminate those messages, a lot still get through.  This is a setting that you should definitely change from the default of "Everyone" to "Friends".
Timeline and Tagging:  These settings allow you to control your timeline posts and people tagging you.
  • Who can post on your timeline?  You can change this to "No One" if you don't want anyone to post anything to your timeline.  Maybe?  See the next option.
  • Who can see what others post on your timeline?  This one allows you to customize from "Everyone" down to specific lists of individuals.  Not sure how this one actually works if you select "No One" else to post to your timeline.  Not allowing others to post to your timeline would mean there is nothing for anyone else to see.  Regardless, at least change this to "Friends"
  • Review posts friends tag you in before they appear on your timeline?  By turning this on, you have to approve all posts that have you tagged before they are published.
  • Who can see posts you've been tagged in on your timeline?  This one also lets you choose from "Everyone" down to specific lists of individuals.  At a minimum, change this to "Friends".
  • Review tags friends add to your own posts on Facebook?  Turning this on allows you to block tags that others may add to your posts.  This is a good idea to prevent a lot of people you don't really know from gaining access to your posts.  Basically, once somebody is tagged in a post, they have access to it and in most cases friends of that person also gain access.
  • Who sees tag suggestions when photos that look like you are uploaded?  If you haven't noticed, Facebook may suggest tags when you post photos that contain recognizable images of other Facebook users. The default seems to be "Friends", but it's a good idea to change this to "No One".  This helps control photos that can potentially get linked to you.
 Ads, Apps and Websites: Settings to see what types of data each installed apps supposedly need.
  • Apps you use.  This displays the apps you currently have installed on Facebook. It's a good idea to check through this list and see if any of the apps are no longer in use.  If that is the case, remove them.  There is an "Edit Settings" button that will allow you to "edit" the settings for each of the apps, but don't get too excited.  Most of the apps simply have this huge list of data they require (really?) and no means to control any of that data except by removing the app itself.
  • How people bring your info into apps they use.  This is a good one to look through.  The default used to be (maybe it still is) that all your info is automatically available to apps your friends may be running.  This is your personal info like your birthday, photos, hometown, etc.  Honestly, I can't think of a good reason to have any of the boxes checked here.  
  • Instant personalization.   This allows you to see and share personal Facebook data when going to sites like Yelp, Bing and Zynga.  Since it's not always clear how any external site will use your data, it's a good idea to uncheck the box here.
  • Public search.  This controls whether internet search engines like Google will display your timeline if somebody happens to search on your name.  Removing the check from the box means that your timeline should not appear in internet searches.
  • Ads.  There are two basic settings involved here.  The first is to possibly show your information in third party ads in the future.  While Facebook claims to not provide this info at the current time, it's curious this choice is even available.  Select "No One".  The second setting involves Facebook ads.  Select "No One" here as well.
Limit the audience for past posts:  This will allow you to change the audience for past posts you have previously made from "Friends of friends" or "Everyone" to "Friends".  It's a good way to go back and tighten up who can see your older posts instead of going to each post and changing the audience setting.

Blocked People and Apps:  This allows you to set up ignore lists for invites, apps and other interaction from Facebook users.

There are also a few other settings scattered around that you should look at:
  • Under Account settings, go to Security.   The first setting listed, "Secure Browsing"should be enabled.  This allows for the use of https by default.  What this does is provides some level of encryption between the browser and the server so the data passed back and forth is not in the clear or easily readable.
  • Control what others see on your timeline/profile.
    • If you really need people to wish you a happy birthday, just list the month and day, not the year.  Your complete birthday is widely used as a means of verification and should never be posted for all to see.
    • If you feel the need to post an email address, use either a Facebook email address or a "throw-away" address that you don't really use anywhere else.
    • Don't post your full address or phone numbers.  It is just safer to not post this stuff where you may not have complete control over who sees it.
    • Please, please, please don't post any information on Facebook or any other public web site that provides clues as to what you might use for passwords or challenge questions.  Don't make it easy for somebody to guess your passwords.
This is by no means an exhaustive list.  Settings and capabilities change from time to time, so be aware of what kind of data you are posting and who may have access to that data.