What they mean, and what you need to change.
Often, your own actions impact your privacy the most. Oversharing on social media is perhaps the best example.
Nowhere is it more common than on Facebook, where privacy settings are so complex that it’s difficult to know exactly who can see what, when, and where.
Let’s review Facebook’s privacy settings and what they imply.
Become a Patron of Ask Leo! and go ad-free!
Visit the Privacy Settings and Tools page in your Facebook Settings. Carefully review each of the available settings to ensure they’re set to the privacy level you both want and expect. Remember, though, that anyone who has access to what you share — even if limited to a trusted list of friends — can still turn around and share that information further than you might expect.
But first, a caveat
One of the issues we face with technology is change. Just about the time we have something figured out, it changes for one reason or another.
Experience shows this is particularly true for Facebook. Presumably to make things clearer and more secure, Facebook occasionally changes the options and settings they provide as well as how and where they’re configured.
It’s quite possible that what I show you today may change by the time you read this.
Since “click here, then here” type of instruction is likely to be invalidated by future changes, I’ll skip them. Instead, I’ll focus more on discussing each of the current settings.
App versus website
I recommend you make changes to your Facebook account’s privacy settings by visiting facebook.com in a web browser on a desktop or laptop. I believe that the privacy settings are clearer, easier to find, and more completely defined there than in the app.
I’m sure that most can also be adjusted by using an app on a mobile device, but this is important enough that the additional clarity and ease of access is important.
I’ll use facebook.com for the screenshots accompanying this article.
How do you use Facebook?
Before altering your privacy settings, it’s important to ask yourself, “How do I want to use Facebook?”
Do you want to be easy or difficult to find?
Do you want to share everything with the world, or just a few select friends?
How do you define “friend”? Close friends in real life? People you’ve met? People you’ve never met but correspond with? People you recognize? Anyone with a pulse?
The answers to each of these questions impact the settings you choose. If you choose the private/close friends route, you might elect to make it difficult to be found and restrict who can see what you share. On the other hand, if you’re using Facebook as part of a public persona, you might choose more public settings.
The choice is up to you. But do make it a choice rather than an accident, particularly since Facebook’s defaults tend towards more public access.
Facebook Settings
Click the downward-pointing triangle in the upper-right of the Facebook page to expose a drop-down menu of options. On that menu, click Settings & Privacy.
A different drop-down menu will appear. Ignore the Privacy items, but click on Settings.
This will bring you to the full Facebook settings collection.
Click on Privacy in the left-hand pane.
Privacy Shortcuts
The upper section contains three shortcuts: Privacy Checkup, Manage Your Profile, and Learn More with Privacy Basics.
Privacy Checkup: This walks you through most of your current settings and also includes security, app access, and advertising settings.
I’ll cover individual settings below, but if that seems too overwhelming, at least do this part. You can also return here at any time to review the settings and explanations.
Manage your profile: change what information is displayed in your profile.
Learn more with Privacy Basics: more in-depth information about how to manage your privacy on Facebook.
The rest of the privacy settings are divided into three major areas: your activity; how people find and contact you; and how you get message requests.
Privacy Settings
Your activity
This section is about what happens to the things you put on Facebook, including your posts, comments, tags, and more.
Who can see your future posts? These settings control the visibility of posts you make on Facebook from here on out. Click Edit and you’ll have access to a drop-down list of the possible options by clicking the downward-pointing triangle next to the current setting.
The settings include:
- Public: anyone, anywhere, even people without Facebook accounts
- Friends: only your Facebook friends
- Friends except: specify individual people on your Friends list who will not see posts
- Specific friends: select individual people on your Friends list who will see posts.
- Only me: allows you to post something to Facebook only for your own use
- Custom: specify specific people, groups, various lists, and more
Two important things to realize about this setting
First, you can change it for each individual post you make, but it stays at what you last set it to. So, for example, if you set it to “Friends” here on the settings page, and then set it to “Public” for a specific post you make, the setting remains “Public” until you change it back.
Second, restricting access to something less than public, while certainly a reasonable choice, does not prevent those you share it with from further sharing your post in other ways. Nothing prevents them from taking a screenshot of your post and sharing that publicly. You’ve probably seen screenshots of embarrassing public posts long after the original post has been taken down.
My approach is to leave this setting “Public” at all times and to remember it’s set this way. This serves as a reminder to me to only post things I’m comfortable with truly being public.
Review all your posts and things you’re tagged in is just a shortcut to your Activity Log and Timeline review. This allows you to go back and view (or change) the visibility of your past actions.
Limit the audience for posts you’ve shared with friends of friends or public? This option allows you to make wholesale changes to everything you’ve shared in the past. With it, you can, for example, change all your previously public posts to be restricted to a smaller audience. I’ve never used this, nor would I recommend relying on it. There’s just no true way to truly “undo” something done publicly. Your post could have been copied, screen captured, or any number of other things taking it out of your control.
How people find and contact you
Who can send you friend requests? This has two settings: “Everyone” or “Friends of friends”. I have this set to “Friends of friends”. What you want will depend on how you use Facebook. Fortunately, unwanted friend requests are easy to ignore.
Who can see your friends list? This allows you to assign the same level of privacy as you would a post: Public, Friends, Friends except, and so on. Once again, I have mine set to Public as a reminder that any of my friends who can see the list could copy and share it publicly.
Who can look you up using the email address you provided? Possible settings are “Everyone”, “Friends of friends”, or just “Friends”. I figure if someone knows my personal email address, I don’t have a problem with them finding me on Facebook. Again, the setting you choose depends on how you use Facebook.
Who can look you up using the phone number you provided? Possible settings again are “Everyone”, “Friends of friends”, or just “Friends”. My thoughts are similar: if you know my number, it’s ok with me that you can find me on Facebook.
Do you want search engines outside of Facebook to link to your profile? Do you want people to be able to find your Facebook profile on Google or Bing or other search engines?
How you get message requests
This is all about Facebook Messenger and how messages from people who are not Facebook Friends should appear.
Potential Connections: You can opt to allow friends-of-friends to contact you directly in chat, or in the separate Message Requests area without notification, or you can specify that they be discarded.
Other People: You can indicate that Facebook and Instagram messages be sent to the Message Requests area or discarded.
Facebook Privacy Basics
Finally, as you may have noticed in the menu we started with, there’s currently an item called Privacy Basics at the bottom.
I recommend you take some time to review the information presented there.
If nothing else, the very wording of the Facebook mission is worth noting: “… make the world more open and connected.” To me, this indicates their rationale behind making your default settings as open, public, and permissive as they are.
Do this
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!
“This serves as a reminder to me to only post things I’d be comfortable with truly being public.” – Indeed. Privacy and social media are, to an extent, mutually exclusive.
I always assume that EVERYTHING I may post on Facebook, and any other social sites as well as usenet, to be public.
Then, I refine my privacy settings, but never change may basic assumption that everything is ultimately public.
A classic rule presented by Chris Pirillo is:
“Don’t tell Facebook anything you wouldn’t want the whole world to see or hear.”
You never know who might share or copy that photo of you passed out at a party. Unfortunately, anyone at that party with a phone can post that picture anywhere. So maybe a better rule of thumb is:
“Don’t do anything you wouldn’t want the whole world to see or hear.” Scary world we live in. Kind of like we need a social media version of the bible “Let them who are without sin first post a compromising photo of their friends.”
“I figure that if someone knows my personal email address, I really don’t have a problem with them finding me on Facebook. ” That makes sense in a lot of cases, but be careful. If your boss or anyone knows your Facebook email addresses, and you don’t want to allow them to see your partying history, then either block that option or use an email address for your Facebook login and alternate recovery which they don’t know.
In that case, they could simply look you up by name!
That’s one reason why I spell my name differently on Facebook.
Assume everything is public. If your partying history would be a problem, then don’t post it publicly.
I have been impersonated online, a crime in my state, and am living the nightmare results of having my name and photograph copied-and-pasted. While IP information identifies the impersonator–who posts hate speech in my name–as someone else, how would the casual reader of an online comment section know this? My name is easily misspelled by the addition of a double “L,” as in Hillary Clinton. I have begged law enforcement intervention so that I don’t pay for the prejudice and foulness I’m not the author of–and NONE of this comes from Facebook. Other sites in addition to Facebook want to make the world as open, and your identity as promiscuous, as possible. And at least in my state, Pennsylvania, no one cares.
I recommend that you shouldn’t post Anything personal information online to anyone on your Facebook page
If i visit a site in incognito mode can facebook still suggest pages i visited in incognito mode on my profile?
Yes, Facebook has no idea you’re incognito and does most of the work on their servers. Incognito mode simply means that the browser doesn’t save any browsing data on your computer: cookies, cache, history and downloads. Everything on the internet is pretty much the same, although your surfing experience will be different without cookies as your logins won’t be preserved when you close the browser.
Yes. If you logged into Facebook, then Facebook knows its you.
How does facebook suggest pages? I have suggested pages of some models and playboy girls . I never liked anything similar to that. Does suggested pages have something to do with, i dont know, cookies? But i dont visit pages like that. Could it be because most of my friend like playboy sites so facebook things i’ll be interested in it too?
They have many factors. Age, other interests which might predict, and as you said, possibly pages your friends like. This is just from observation of how things seem to work. Facebook’s actual formula is a proprietary secret.
Facebook doesn’t say. My assumption is that they use ALL information they have about you – your characteristics (age, sex, location, occuppation, etc) as well as your history of likes, shares, and so on, and jumble that all into an algorithm that pops out suggestions.
“How does facebook suggest pages?” I’m guessing the same way it suggests friends. Facebook & Google analytics eventually finds links to bring it all together and place it on your doorstep to accept or reject it. I buy & sell on Craigslist. A single inquiry to a buyer or seller eventually shows up on my FB page as a suggested friend. In a perfect world, I wouldn’t mind.
I’m both amazed and somewhat confounded at today’s technology. Luckily, I’ve been a good boy online with nothing to bring shame or embarrassment.
Facebook is a very buggy website. I run into at least one or two bugs on Facebook every day. I wouldn’t trust their privacy settings as there may be a bug which exposes publicly something you only meant for friends. The only rule I trust is: Don’t share anything on social media you don’t want to be seen by the entire world.
You’d think a multi billion dollar website which spends millions on development would do better.
It’s not buggy. It works as designed and intended. You know those infant’s toys with knobs and levers? They make the child feel good and important.
“Facebook Privacy”. The ultimate epitome of oxymoron.
I have zero trust in Facebook’s privacy settings or security. I don’t even use my real name due to the risks of working in law enforcement, even though I’m not a police officer. Right now, I’m part of a class action lawsuit in IL, in which they breached personal information. What little I post or comment on, I generally go back at the end of the week and delete it, including any reactions. About twice a year, I will go back and review all my activity and eliminate 99% of anything left. I have seen too many people hurt and/or their careers jeopardized by past posts, even from years ago. The risks aren’t worth it. I’m honestly not even sure what the attraction to Facebook even is at this point. It has become so political and boring, its just the same stuff routinely posted over and over and over again.
I agree that you can’t trust Facebook security. Facebook is the buggiest website I’ve ever visited. Many links take you somewhere else than the link indicates. When you get a notification that someone commented on your post or comment, you often have to scroll through the entire thread and find it hidden under another comment which you have to click on to see. There’s no excuse for that considering how many billions of dollars Facebook is earning. It seems their entire development budget goes into figuring new ways to generate income and not a cent for fixing bugs.
With so many bugs, it’s impossible to trust that they are getting security right. The only safe way to use Facebook is not to post anything you wouldn’t
want the entire world to see.
This is a good checklist, however, I would recommend everyone set their friends list to ‘Private’ instead of ‘Public’. Scammers can clone your page, and if they have access to your Friends list they can just go down the line sending them all Friend requests in your name, and a good number of those people will reflexively accept the request seeing the avatar is a picture of you (that the scammer simply duplicated from your photos), and that the name on the account is your name without noticing the missing middle initial, or ‘Jr.’ dropped off your name. This has happened to my uncle and several other of my Facebook friends. It works because sometimes people have so many friends they may not realize they’re already Friends with you on Facebook, or they may think you lost your account and are starting over.
Then once the scammer is Friends with your Friends, he has access to their Friends lists also, and can repeat the process again and again, accumulating a massive amount of Friends. These people all see the scammer as ‘mutual friends’ with people they know, so they accept his request, and on and on, and now he can send spam directly to all those people’s news feeds.
Everyone on Facebook should set their Friends list to ‘Only Me’ for their own protection and the protection of their friends. Scammers have little incentive to clone your page in the first place if they don’t have access to your Friends list.
When I get a message in Facebook saying “so and so” wants to be friends, did “so and so” really ask, or did Facebook climb down humanity’s tree of friends to find a common connecting branch?
Whenever I get a Facebook request from a “person I know”, I go to their profile and see if I’m still connected to them. Then I message them to tell them their account has been been spoofed.
Facebook makes suggestions, but requests can only come from specific accounts.
I’ve gotten a lot of requests from fake accounts: spoofed friends’ accounts and random fake accounts.