Facebook Privacy and Security Settings: An Overview

Step-by-step instructions follow, if your privacy, security and safety are important to you, please be patient and read the whole thing.

A friend and I were chatting over drinks one evening and the conversation turned to Facebook, what we liked and didn’t like about it, etc. I mentioned that many people don’t realise how much of their information is out there if they don’t check their privacy and security settings regularly. She was a little taken aback by some of things about which Facebook is not quite up-frront with when you sign up. She asked if I could send her a quick e-mail outlining the main things she should do to secure her account.

Unfortunately, there is no quick way to explain all the nuances of the privacy and security settings. But, having had a few drinks and having more than a little crush on said friend ๐Ÿ˜‰ I agreed to lay down in non-technical terms the steps she should take to ensure she was only sharing what she wanted with whom she wanted.

Very shortly after, another friend commented on a post from one of her own friends that showed up in my ticker (I’m not friends with the person who made the original post nor am I a member of the group to which the post was made). I was pretty sure her intention was not to have all of her own friends see the post, but that’s exactly what happened. When I asked if she was aware that this had happened she replied, "No, thank you for telling me." This friend is not a newbie, she is intellgient and well-versed in many internet technologies. So it was then that realized most people aren’t at all aware of how Facebook default settings work and that the settings are often changed and/or reset on a regular basis. So, rather than just sending my friend (from the first paragraph) an e-mail, I decided to write an article to hopefully demystify Facebook settings for a wider audience.

I’m not a lawyer. Some of the advice and explanations in this article are my interpretation of Facebook’s policies as they are written. I strongly advise that you read the policies on your own (I’ve included links to sections where appropriate, but you should read the entire Facebook Terms and Policies documentation yourself).

This article is long because the settings are complex, I’m often asked to "just give me the skinny". Unfortunately, when it comes to internet security, privacy and safety, there is no "skinny". The only way to quickly and swiftly protect yourself is to not have any online accounts at all, and what’s the fun in that?



Why is Facebook privacy and security such an issue?

Consider the purpose of Facebook, what is Facebook’s raison d’รชtre? To connect people. If everyone put their profile and content on "lock down" those connections would be very limited. Facebook is a publicly owned company. So not only is it a business whose purpose is to make money, it has a board of directors with a responsibility to the shareholders to generate revenue so their return on investment is maximized. What? Facebook makes money, and needs to keep making money, and more money. This is done through advertising and games. Their slogan, "Facebook will always be free," is somewhat true, you don’t have to pay monitarily to be a member, but you pay by sacrificing a certain amount of information. If you’re not vigilant, you may be sacrificing more information than you realise and, worse, you may be sacrificing your friends’ information as well. All of this information helps Facebook build its network, increasing its advertising effectiveness and selling more games, thus making more money. The bottom line is, Facebook makes money off of your infomation, so it is in its best interest for you to share and connect as much as possible. For this reason, the default settings are such that connections to you, your friends, your friends’ friends, and even people with no connection to you, are easier.

Does Facebook sell my information?

Currently, no. Facebook’s current policy is to not "sell" your personal information to any third party. However, when Facebook went public all of the information in its database effectually became the property of the shareholders, so, in essence, they have already sold your information. Does that mean anyone on the board or any of the shareholders could look up your phone number or e-mail address? Of course not. But could they vote one day to sell your information to a third party or parties? Yes, they could, however it’s unlikely they will as many users would leave and it’s more profitable for them to have you as a customer then to sell your information for a one-time gain.

From Facebook’s own data use policy:

While you are allowing us to use the information we receive about you, you always own all of your information. Your trust is important to us, which is why we don’t share information we receive about you with others unless we have:

  • received your permission;
  • given you notice, such as by telling you about it in this policy; or
  • removed your name or any other personally identifying information from it.

So what does that mean? It means they will tell you before they sell your info, if indeed they decide to follow their own policy. It also means they are constantly using, selling and/or giving away your demographic info (age, gender, location, etc.) without your identification attached. It also means when they update their Terms and Conditions and you see that "I agree" button, you should actually read it before clicking "I accept" because it could very well have a new clause that says, "I give you permission to sell my information".

So doesn’t that mean my information is safe right now?

Not necessarily. Having a Facebook account means some of your information is always available. If you use Facebook apps and/or sign-in to other websites using your Facebook ID (a very common practise these days), you are voluntarily transferring your information to a third party and Facebook has no control over what they do with it. There is a section later on about apps and other websites using your Facebook info, make sure you know what you are sharing, with whom and when. The bottom line for any of this is that the information is there, you have to dig it up, read it, and understand it. Facebook spins everything to make it sound like it’s for your benefit so they can, "give you the best experience". While it’s true that the more information they have, the more personalised expereince you will have, it’s really all for their own benefit to make more money.

Security vs Privacy vs Safety

Security is about protecting your information and, to a lesser extent, your content. More on content later, let’s talk about protecting your personal information. Security on Facebook refers to people getting access to your account and/or finding out information such as your name, e-mail, phone number, credit card, etc. Ways to protect your Facebook account include browsing on a secure connection, setting secure passwords and changing them regularly, and being notified when someone (including, and hopefully only, you) logs into your account.

Privacy is about making sure you know who is seeing your information and, when possible, controlling the audience of your content. Privacy on Facebook refers to who can look you up, what information anyone can see, what information friends can see, and how people can interact with you depending on their Facebook connections with you.

Safety is about not letting the wrong people get information about you. Who the wrong people are is up to you. To give you an example, a question I get constantly is, "Why can my ex still send me Facebook messages even if I’ve blocked him/her?" Here’s why: If someone knows the e-mail address you used to sign up for Facebook and/or your Facebook e-mail (usually your name or username @facebook.com) and/or your Facebook username, they will always be able to send you a Facebook message even if you block them. The only way you can really stop the messages from coming in is to change your username to one they won’t ever guess (which you can only do once by the way), or deactivate your account and sign up with a new account using a new e-mail address and new username that they won’t be able to guess. You can, of course, also report the offending person, but it’s been my experience that most people don’t want to go down that road especially since it’s very unclear what Facebook will consider harassment and what, if anything, they will do about it anyway.

In summary, having a Facebook account at all means you are putting some of your information on the internet. I’ve done my best with this article to explain what you can do to try to maximize your control over your own privacy, security and safety.

One final note before we begin: a "post" is anything you do on Facebook. A post could be writing on your own Timeline, on a friend’s Timeline, liking, sharing or commenting, adding photos, tagging, etc. Anything you do could be considered a Post by Facebook, please keep that in mind as we talk about posts.

Let’s get started!

*NOTE: I am showing you how to set your settings in the desktop version (on your computer or laptop while viewing Facebook in a web browser). While you can change most of these settings on a mobile device using Facebook’s mobile site or the Facebook app, some of the names and locations of the settings are different. Settings changes you make using the website will take effect on the mobile site and on the app as well, so if you use this tutorial as a guide to changing your settings on the website, you don’t need to do this on your phone or tablet as well.

**NOTE: You can click on the screen grabs to get a larger view. They will open in a new window or tab, simply close the new window or tab to return to the article rather than hitting the Back button on your browser.

Getting Started

Although many of these settings can be accessed from different places within Facebook, they are almost all available in one place, so that’s where we’ll start:

  1. Go to your timeline (click on your name in the blue bar at the very top)
  2. Click "Privacy shortcuts" (the little padlock icon)
  3. From the bottom of the list, click "See More Settings"
Finding Your Facebook Settings

UPDATE: Facebook has added a cute little dinosaur to help you, DON’T BOTHER. This is the “just give me the skinny” version we talked about earlier. They are hoping you will just go through this "wizard" and not check the more advanced and subtle settings. Once you have gone through all of the settings and are comfortable with them, you can use this wizard to make quick changes to some of them later.

Finding Your Facebook Settings

General Account Settings

From the left-hand menu, click "General"


Your name is used when people search for you. It is also shown on your Timeline and it is the name that appears next to your activity (posts, comments, etc.). You can only change your name a few times.

UPDATE: It appears that you can now change your name every 60 days, but it is still unclear if Facebook will allow multiple name changes; they may still restrict the number of times you can change your name.

You can also set an "Alternative name" such as a nickname or maiden name to help your friends find you. You can set this alternate name to show in your timeline or not (if you choose to show it, it appears next to your real name; if you choose not to show it, it only appears when people are searching for you). If you don’t want to be found by your name, you can make this be an alias that people you don’t want finding you wouldn’t be able to guess. Some of my friends use very abstract references to movie characters, etc. The drawback, of course, is that people you may want to find you probably won’t be able to and even your existing friends may not know it’s you if you change your name. If you decide to change your name, you may want to message your existing friends first and let them know when you are changing it and what you are changing it to.

UPDATE: Facebook has recently become quite strict (in some cases) about using your real name. From their policies and guidelines they tell you it mast be your name as it would appear on your ID. This has caused great concern over people who don’t want to be found by others who may be potentially abusive as well as transgender individuals who have taken on a new name to reflect their new identity but haven’t legally changed their name. Facebook’s policy is clear and they can (and have) suspended personal pages of individuals who have a name that isn’t their legal name. Facebook suggests you create a "Page" (generally thought of as a business or commercial page) for your alternate identity. While this makes sense for drag-kings and -queens who are entertainers, it does not address Transsexual people nor people with legitimate safety concerns.

General settings: Name


Your username is used in the URL (web address) for your Facebook page. It is also the name Facebook uses for your "Facebook e-mail address". This is important because if anyone knows your username they can send you a message even if you’ve blocked them. E-mails sent to this e-mail address go to your Facebook messages inbox. You can only change this once and your current friends will see it on your timeline. So, if you want to change it to avoid getting messages from people who may know your username, first block them (see instructions later), then change your username to something they wouldn’t guess and notify your friends to please not give your username to anyone.

UPDATE: Again, Facebook has started cracking down on uernames and is saying your username must include your real name and cannot be any version of some copyrighted source. However, they seem to currently be less strict about your username than your Name. My username is "NotMrPink" which does not contain my real name, nor do I have any claim to the character’s name. So far, Facebook hasn’t made me change it.

General settings: Name


Pretty self-expanatory. The most common cause of Facebook "hacking" is sharing your password or choosing a poor password. Do you know what the most common password used on the internet is? password — I’m not even kidding! You know what the second most common one is? Some combination of the person’s name and birthdate. So, no, my password is not mcooper1972, don’t even try it. Here are the general rules for creating any password anytime for anything:

  • pick something that’s easy for you to remember, but difficult for others to guess
  • use at least one each of an uppercase letter, lowercase letter, number and special character (like !* etc.)
  • don’t use the same password for any two accounts
  • don’t save your passwords in a file on your computer or device (and if you ignore me and do this, at least don’t name the file "passwords.txt"!)

Yes, this makes it difficult for older people like myself to keep track of so many passwords, but almost any website or application you create a login for will have some sort of "I forgot my password" mechanism that will allow you to either retreive or reset your password. So the only one you really need to remember is the one for the e-mail address you used when signing up.

I’m working on a separate article on password security, I’ll link to it from here when it’s finsished.

One final note. Although it’s convenient not to have to remember your passwords, I strongly recommend you do not use the "Keep me logged in" feature that most sites (including Facebook) make available. If you stay logged in then anyone who sits down at your computer or picks up your device has immediate access to your account. Also, as you’ll see later, as you are browsing other sites, you may be inadvertently handing over information just by visiting the site while you are logged in to your Facebook account. So, better to be aware of when you are logged in and when you aren’t by managing your sessions manually and logging off every time you are done on Facebook.


Networks are essentially groups. The purpose of networks is, in theory, to lend creedance to you as being a memeber (some networks require you to be approved before becoming a member). So, if you were a part of the Microsoft network and people saw this, they would know you are an official Microsoft employee. Really, they’re just another way for you to associate with specfic people. Networks are generally your work, your school or your city. You can control what people in your networks have access to, but unless your company requires you to be a part of their network for some reason, I would simply avoid them as the default is to share all of your content with people in your networks. In other words, if I joined the "Dr G W Williams Secondary School" network, everyone in that network would see all of my information, not just my public information, by default.


If you need an explanation of this then perhaps you should just deactivate your Facebook account ๐Ÿ˜›


See comment under "Language"


While General Account Settings doesn’t sound like security, you can see there are settings in here that directly impact the security of your account. Next we will look at the specific security settings to keep your account secure from unwanted access.

Did you find this helpful? Is there something you’d like to see covered that isn’t here? Did I make a mistake or give bad information? Let me know in the comments below, feedback is appreciated!

Next article: Security Settings

This entry was posted in All Web, Web: Social Media and tagged , , , , , , . Bookmark the permalink.