What they mean, and what you need to change.

Often, your own actions impact your privacy the most. Oversharing on social media is perhaps the best example.
Nowhere is it more common than on Facebook, where privacy settings are so complex that itâs difficult to know exactly who can see what, when, and where.
Letâs review Facebookâs privacy settings, and perhaps most importantly, what they imply.
Become a Patron of Ask Leo! and go ad-free!

Visit the Privacy Settings and Tools page in your Facebook Settings. Carefully review each of the available settings to ensure theyâre set to the privacy level you both want and expect. Remember, though, that anyone who has access to what you share â even if limited to a trusted list of friends â can still turn around and share that information further than you might expect.
But first, a caveat
One of the issues we face with technology is change. Just about the time we have something figured out, it changes for one reason or another.
Experience shows this is particularly true for Facebook. Presumably, to make things clearer and more secure, Facebook occasionally changes the options and settings they provide, as well as how and where theyâre configured.
Itâs quite possible that what I show you today may change by the time you read this.
Iâll avoid much detailed âclick here, then hereâ type of instruction, since it is most likely to be invalidated by future changes. Instead, Iâll focus more on walking through and discussing each of the current settings.
App versus website
I recommend you make changes to your Facebook accountâs privacy settings by visiting facebook.com in a web browser on a desktop or laptop PC. I believe that the privacy settings are clearer, easier to find, and more completely defined there than in the app.
Iâm sure that most can also be adjusted by using an app on a mobile device, but this is important enough that the additional clarity and ease of access is important.
Iâll use facebook.com for the screenshots accompanying this article.
How do you use Facebook?
Before altering your privacy settings, itâs important to ask yourself, âHow do I want to use Facebook?â
Do you want to be easy or difficult to find?
Do you want to share everything with the world, or just a few select friends?
How do you define âfriendâ? Close friends in real life? People youâve met? People youâve never met but correspond with? People you recognize? Anyone with a pulse?
The answers to each of these questions impact the settings you choose. If you choose the private/close friends route, you might elect to make it difficult to be found and restrict who sees whatever you share. On the other hand, if youâre someone using Facebook as part of a public persona, you might choose more public settings.
The choice is up to you. But do make it a choice rather than an accident, particularly since Facebookâs defaults tend towards more public access.
Facebook Settings
Click the downward-pointing triangle in the upper-right of the Facebook page to expose a drop-down menu of options. On that menu, click Settings & Privacy.

A different drop-down menu will appear. Ignore the âPrivacyâ items, but click on Settings.

This will bring you to the full Facebook settings collection.

Click on Privacy in the left-hand pane.

Privacy Shortcuts
The upper section contains three shortcuts: Privacy Checkup, Manage your profile, and Learn More with Privacy Basics.
Privacy Checkup: This will walk you through most of your current settings, and also include security, app access, and advertising settings along the way.

Iâll cover individual settings below, but if that seems too overwhelming, at least do this part. You can also return here at any time to review the settings and explanations.
Manage your profile: make changes about what information is displayed in your profile.
Learn more with Privacy Basics: more in-depth information about how to manage your privacy on Facebook.
The rest of the privacy settings are divided into three major areas: Your activity; How people find and contact you; and How you get message requests.
Privacy Settings
Your activity
This section is about what happens to the things you put on Facebook, including your posts, comments, tags, and more.
Who can see your future posts? These settings control the visibility of posts you make on Facebook from here on out. Click edit and youâll have access to a drop-down list of the possible options by clicking the downward-pointing triangle next to the current setting.

The settings include:
- Public: anyone, anywhere â even people without Facebook accounts.
- Friends: only your Facebook friends.
- Friends except: allows you to specify individual people on your Friends list that will not see posts.
- Specific friends: allows you to select individual people on your Friends list that will see posts.
- Only me: allows you to post something to Facebook for your own use only.
- Custom: you can specify specific people, groups, various lists, and more.
Two important things to realize about this setting
First, you can change it for each individual post you make, but it stays at what you last set it to. So, for example, if you set it to âFriendsâ here on the settings page, and then set it to âPublicâ for a specific post you make, the setting remains âPublicâ until you change it back.
Second, restricting access to something less than public, while certainly a reasonable choice, does not prevent those you share it with from further sharing your post in other ways. Nothing prevents them from taking a screenshot of your post and sharing that publicly. Youâve probably seen screenshots of embarrassing public posts long after the original post has been taken down.
My approach is to leave this setting âPublicâ at all times and to remember itâs set this way. This serves as a reminder to me to only post things Iâm comfortable with truly being public.
Review all your posts and things youâre tagged in is just a shortcut to your Activity Log and Timeline review. This allows you to go back and view (or change) the visibility of your past actions.
Limit the audience for posts youâve shared with friends of friends or public? This tool allows you to make wholesale changes to everything youâve shared in the past. With it, you can, for example, change all your previously public posts to be restricted to a smaller audience. Iâve never used this tool, nor would I recommend relying on it. Thereâs just no true way to truly âundoâ something done publicly. Your post could have been copied, screen captured, or any number of other things taking it out of your control.
How People Find and Contact You
Who can send you friend requests? This has two settings: âEveryoneâ or âFriends of friendsâ. I have this set to âFriends of friendsâ. What you want will depend on how you use Facebook. Fortunately, unwanted friend requests are easy to ignore.
Who can see your friends list? This allows you to assign the same level of privacy as you would a post: Public, Friends, Friends except, and so on. Once again, I have mine set to Public as a reminder that any of my friends who can see the list could copy and share it publicly.
Who can look you up using the email address you provided? Possible settings are âEveryoneâ, âFriends of friendsâ, or just âFriendsâ. I figure if someone knows my personal email address, I donât have a problem with them finding me on Facebook. Again, the setting you choose depends on how you use Facebook.
Who can look you up using the phone number you provided? Possible settings again are âEveryoneâ, âFriends of friendsâ, or just âFriendsâ. My thoughts are similar: if you know my number, itâs ok with me that you can find me on Facebook.
Do you want search engines outside of Facebook to link to your profile? Do you want people to be able to find your Facebook profile on Google or Bing or other search engines?

How You Get Message Requests
This is all about Facebook Messenger and how messages from people who are not a Facebook Friend should appear.
Potential Connections: You can opt to allow friends-of-friends to contact you directly in chat, or in the separate âMessage Requestsâ area without notification, or you can specify that they be discarded.
Other People: You can indicate that Facebook and Instagram messages be sent to the âMessage Requestsâ area or discarded.
Facebook Privacy Basics
Finally, as you may have noticed in the menu we started with, thereâs currently an item called Privacy Basics at the bottom.

I recommend you take some time to review the information presented there.
If nothing else, the very wording of the Facebook mission is worth noting: â⊠make the world more open and connected.â To me, this indicates their rationale behind making your default settings as open, public, and permissive as they are.
Do this
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!
âThis serves as a reminder to me to only post things Iâd be comfortable with truly being public.â â Indeed. Privacy and social media are, to an extent, mutually exclusive.
I always assume that EVERYTHING I may post on Facebook, and any other social sites as well as usenet, to be public.
Then, I refine my privacy settings, but never change may basic assumption that everything is ultimately public.
A classic rule presented by Chris Pirillo is:
âDonât tell Facebook anything you wouldnât want the whole world to see or hear.â
You never know who might share or copy that photo of you passed out at a party. Unfortunately, anyone at that party with a phone can post that picture anywhere. So maybe a better rule of thumb is:
âDonât do anything you wouldnât want the whole world to see or hear.â Scary world we live in. Kind of like we need a social media version of the bible âLet them who are without sin first post a compromising photo of their friends.â
âI figure that if someone knows my personal email address, I really donât have a problem with them finding me on Facebook. â That makes sense in a lot of cases, but be careful. If your boss or anyone knows your Facebook email addresses, and you donât want to allow them to see your partying history, then either block that option or use an email address for your Facebook login and alternate recovery which they donât know.
In that case, they could simply look you up by name!
Thatâs one reason why I spell my name differently on Facebook.
Assume everything is public. If your partying history would be a problem, then donât post it publicly.
I have been impersonated online, a crime in my state, and am living the nightmare results of having my name and photograph copied-and-pasted. While IP information identifies the impersonatorâwho posts hate speech in my nameâas someone else, how would the casual reader of an online comment section know this? My name is easily misspelled by the addition of a double âL,â as in Hillary Clinton. I have begged law enforcement intervention so that I donât pay for the prejudice and foulness Iâm not the author ofâand NONE of this comes from Facebook. Other sites in addition to Facebook want to make the world as open, and your identity as promiscuous, as possible. And at least in my state, Pennsylvania, no one cares.
I recommend that you shouldnât post Anything personal information online to anyone on your Facebook page
If i visit a site in incognito mode can facebook still suggest pages i visited in incognito mode on my profile?
Yes, Facebook has no idea youâre incognito and does most of the work on their servers. Incognito mode simply means that the browser doesnât save any browsing data on your computer: cookies, cache, history and downloads. Everything on the internet is pretty much the same, although your surfing experience will be different without cookies as your logins wonât be preserved when you close the browser.
Yes. If you logged into Facebook, then Facebook knows its you.
How does facebook suggest pages? I have suggested pages of some models and playboy girls . I never liked anything similar to that. Does suggested pages have something to do with, i dont know, cookies? But i dont visit pages like that. Could it be because most of my friend like playboy sites so facebook things iâll be interested in it too?
They have many factors. Age, other interests which might predict, and as you said, possibly pages your friends like. This is just from observation of how things seem to work. Facebookâs actual formula is a proprietary secret.
Facebook doesnât say. My assumption is that they use ALL information they have about you â your characteristics (age, sex, location, occuppation, etc) as well as your history of likes, shares, and so on, and jumble that all into an algorithm that pops out suggestions.
âHow does facebook suggest pages?â Iâm guessing the same way it suggests friends. Facebook & Google analytics eventually finds links to bring it all together and place it on your doorstep to accept or reject it. I buy & sell on Craigslist. A single inquiry to a buyer or seller eventually shows up on my FB page as a suggested friend. In a perfect world, I wouldnât mind.
Iâm both amazed and somewhat confounded at todayâs technology. Luckily, Iâve been a good boy online with nothing to bring shame or embarrassment.
Facebook is a very buggy website. I run into at least one or two bugs on Facebook every day. I wouldnât trust their privacy settings as there may be a bug which exposes publicly something you only meant for friends. The only rule I trust is: Donât share anything on social media you donât want to be seen by the entire world.
Youâd think a multi billion dollar website which spends millions on development would do better.
Itâs not buggy. It works as designed and intended. You know those infantâs toys with knobs and levers? They make the child feel good and important.
âFacebook Privacyâ. The ultimate epitome of oxymoron.
I have zero trust in Facebookâs privacy settings or security. I donât even use my real name due to the risks of working in law enforcement, even though Iâm not a police officer. Right now, Iâm part of a class action lawsuit in IL, in which they breached personal information. What little I post or comment on, I generally go back at the end of the week and delete it, including any reactions. About twice a year, I will go back and review all my activity and eliminate 99% of anything left. I have seen too many people hurt and/or their careers jeopardized by past posts, even from years ago. The risks arenât worth it. Iâm honestly not even sure what the attraction to Facebook even is at this point. It has become so political and boring, its just the same stuff routinely posted over and over and over again.
I agree that you canât trust Facebook security. Facebook is the buggiest website Iâve ever visited. Many links take you somewhere else than the link indicates. When you get a notification that someone commented on your post or comment, you often have to scroll through the entire thread and find it hidden under another comment which you have to click on to see. Thereâs no excuse for that considering how many billions of dollars Facebook is earning. It seems their entire development budget goes into figuring new ways to generate income and not a cent for fixing bugs.
With so many bugs, itâs impossible to trust that they are getting security right. The only safe way to use Facebook is not to post anything you wouldnât
want the entire world to see.
This is a good checklist, however, I would recommend everyone set their friends list to âPrivateâ instead of âPublicâ. Scammers can clone your page, and if they have access to your Friends list they can just go down the line sending them all Friend requests in your name, and a good number of those people will reflexively accept the request seeing the avatar is a picture of you (that the scammer simply duplicated from your photos), and that the name on the account is your name without noticing the missing middle initial, or âJr.â dropped off your name. This has happened to my uncle and several other of my Facebook friends. It works because sometimes people have so many friends they may not realize theyâre already Friends with you on Facebook, or they may think you lost your account and are starting over.
Then once the scammer is Friends with your Friends, he has access to their Friends lists also, and can repeat the process again and again, accumulating a massive amount of Friends. These people all see the scammer as âmutual friendsâ with people they know, so they accept his request, and on and on, and now he can send spam directly to all those peopleâs news feeds.
Everyone on Facebook should set their Friends list to âOnly Meâ for their own protection and the protection of their friends. Scammers have little incentive to clone your page in the first place if they donât have access to your Friends list.
When I get a message in Facebook saying âso and soâ wants to be friends, did âso and soâ really ask, or did Facebook climb down humanityâs tree of friends to find a common connecting branch?
Whenever I get a Facebook request from a âperson I knowâ, I go to their profile and see if Iâm still connected to them. Then I message them to tell them their account has been been spoofed.
Facebook makes suggestions, but requests can only come from specific accounts.
Iâve gotten a lot of requests from fake accounts: spoofed friendsâ accounts and random fake accounts.