Keeping your Facebook info private is getting harder and harder all the time—mostly because Facebook keeps trying to make it public. To help you out, we've created a comprehensive guide to keeping your Facebook locked down and in your control, and we're going to keep it updated whenever Facebook decides to add a new feature or change its privacy defaults...yet again.
Over the holiday, Facebook revamped its privacy settings again, in an effort to make them easier to understand. They're a little easier to manage, but can still take a lot of work to navigate. So, we've updated this guide to include all the new settings so you can keep your Facebook locked down and private.
Despite plenty of user complaints, Facebook still hasn't caught on to the "opt-in" philosophy: Most of us feel that when a service adds a new feature that affects our privacy, it should ask whether we want to enable it rather than quietly enabling it for us. Facebook adds new features to their site all the time, and many of those features share information you might not want out there. Instead of regularly scouring your Facebook settings for secret new features, we're going to constantly update this guide with all the information you need about Facebook's newest privacy-related changes, including details for how to tweak your privacy settings to keep your information safe.
First, we'll walk through the basic privacy settings that determine what you share, then look at a few lesser-known settings you'll want to tweak, and finish with a few third-party tools that will help keep your Facebook information private.
The Basic Privacy Settings: What Shows Up On Your Timeline
Your timeline is where all Facebook activity shows up: new status updates, new photos you've uplodaed or been tagged in, posts other people have tagged you in, and even the songs you're listening to on Spotify. You can control every aspect of your timeline's privacy through Facebook's main Privacy Settings page, and even make sure nothing shows up on your timeline without your consent (it may still show up on other people's pages, but not your timeline).
You can see the most basic settings by clicking the privacy icon in the top left-hand corner of any Facebook page (the one that looks like a padlock). Here, you'll see a few sections with quick settings you can set. You can tweak things here if you like, but we're going to delve into the more advanced settings, which contain more options. Click on the "See More Settings" link to get started.
Privacy: Who Can Look You Up and See Your Stuff
The first section you see in the sidebar, called Privacy Settings and Tools, dictates who can see your posts and look you up on Facebook. The settings include:
Who can see your future posts? This changes who, by default, can see your status updates. You can set it to Public, Friends, or something custom (like only one of your networks). However, this setting means almost nothing. You can decide who sees any individual post by setting it from the status box as you write, and it will not revert back to the default afterwards. That means if you make one post and set it to Public, you'll need to set it back to "Friends Only" the next time, or all your future posts will be public. The "default" setting in your privacy settings doesn't really do anything.
Review all your posts and things you're tagged in: This takes you to the Activity Log, where you'll see each and every tiny update that goes to Facebook on your profile. That could be a song you listened to on Spotify, a new photo you uploaded, or a new status your friend tagged you in. From the Activity Log, you can tweak who can see each individual update, as well as whether it shows up on your main timeline.
Limit the audience for past posts: If, in the past, you have any posts that are set to be viewable by "Friends of Friends" or the Public, you can use this option to limit all of them to Friends Only. This is a good way of starting with a "clean slate" of privacy, ensuring that none of those past posts are accidentally marked Public.
Who can look you up using your email: This is pretty self-explanatory. I usually set this to "Everyone," since the only people that know my email are people I'd probably want to be friends with.
Who can look up your timeline by name: If you want people to be able to find your profile just by searching your name, set this accordingly. Otherwise, you can lock it down by changing this to just Friends. UPDATE: This option is no longer available since the introduction of Graph Search.
Do you want search engines to link to your timeline? If you don't want your Facebook profile indexed in Google, turn this off.
Timeline and Tagging: Who Can See What Others Tag
The other main section of Facebook's privacy settings—called Timeline and Tagging—deals with the content other people post and tag you in: pictures, status updates, check-ins, and more. Here are the settings you'll want to tweak:
Who can post on your timeline? This denotes who can post on your timeline (formerly known as "write on your wall"): Friends or No One.
Review Posts friends tag you in: By turning this setting on, you'll get a notification whenever a friend tags you in a post. It won't show up on your timeline until you explicitly allow it. It'll show up on theirs still, but not your own until you review it and mark it as okay. We recommend turning this on.
Review what other people see on your timeline: If you aren't sure how your profile looks to one of your friends (or to the public), you can use this feature to view it "from their eyes" and make sure you don't have any private information showing to those you don't want it shown.
Who can see posts you've been tagged in: If someone tags you in a post and you've allowed it on your timeline, this denotes who can see it: Everyone, Friends of Friends, just Friends, or a custom setting.
Who can see what others post on your timeline: When others "write on your wall," this setting denotes who can see those posts.
Review tags add to your own posts before the tags appear on Facebook: This is similar to the aforementioned Profile Review, but works for tags other people put on your posts. So, if you post a photo and someone wants to tag themselves or others in it, turning this on lets you review those tags before they show up. Again, we recommend turning this On.
When you're tagged in a post, who do you want to add to the audience? Say a friend of yours tags you in a photo or post, but some of your friends aren't friends with that person. This allows you to add your friends to the allowed audience for that post.
Who sees tag suggestions when photos that look like you are uploaded: This is Facebook's "face recognition" feature. When someone uploads photos that look like you, Facebook will recommend they tag you in them. If you aren't comfortable with Facebook scanning and matching your face on photos, go ahead and set this to "No One."
Blocking: For People and Apps You Want to Avoid Altogether
The last section is called Blocking, and this allows you to block users from seeing you on Facebook, block certain people from inviting you to apps and events, or block certain apps altogether. If you know of any annoying friends or apps, you can add them here now. Otherwise, you can always block them from the app's page, the event invite, or any given person's profile.
Message Filtering and Friend Requests
One setting you won't find in here relates to your messages and friend requests. Go back to that small privacy icon in the top right-hand corner, click on it, and choose "Who Can Contact Me." From there, you can change two main settings:
Whose messages get filtered into your inbox: As you may know, your Facebook has two inboxes, and one of them is kind of hard to find. This setting determines how strong the filtering is that pushes messages to that second inbox. Basic Filtering will put more messages in your inbox (which makes them easier to find, but could give you more spam) while Strict Filtering makes sure that only your friends show up in your inbox. The rest will appear in your "Other" inbox.
Who can send you friend requests: This is pretty self-explanatory. If you don't want strangers friending you, setting this to "Friends of Friends" can help (ensuring that only someone with one degree of separation can send requests).
App Privacy
Your App Settings are where you'll control which Facebook applications can access your profile, and what web sites outside of Facebook can access your account. Click on the Edit settings button to tweak them.
Frankly, I think Facebook applications are awful. With the exception of certain apps (like Twitter, the iPhoto Uploader, or other legit programs I use), I try and keep this clean. Facebook applications, on the whole, are insecure, spammy, and just downright annoying. Next to the list of "Apps You Use", hit the "Edit Settings" button to see the full list. From there, you can remove an app by clicking the "X", or you can hit "Edit Settings" next to an app to see what information of yours it can access and what it can do. I usually draw the line at an application posting on my wall, unless it's something I want to post to my wall (like Twitter). Again, this will vary from person to person.
The rest of this page you'll probably want to lock down as much as possible. Under "How people bring your info to apps they use", you'll want to uncheck all those boxes, so your friends' apps can't access your information (God knows what spammy applications they're using). You'll want to disable the Instant Personalization feature as well, which will let sites like Pandora and Yelp use your Facebook account to give you extra "features" (also known as: spam). And, unless you want your Facebook page coming up in Google results, you'll want to turn off Public search as well.
Facebook Ad Settings
Lastly, you can change how ads work on Facebook by going to the Ad settings. Facebook will sometimes try to use your info in advertisements to your friends—for example, if they see an ad for a restaurant you've "liked" on Facebook, then they'll see your name under the ad. To turn this off, edit both your "Third Party Sites" and "Ads & Friends" settings here, changing both to "no one".
Your Profile Settings: What Shows Up Under "About Me"
Privacy settings related to your profile itself—that is, things like where you live, what your political views are, what your favorite music is, and so on—are all available from the "Edit Profile" page rather than the main privacy settings page. If you go to your profile, click "About", and then choose "Edit" on one of these sections, you'll be able to edit that section's settings from there.
I won't go through every single setting in your profile, but basically, it works like this: For each item, you can click the privacy icon on the left to edit who can see that item. Let's take "Current City", for example. I'd rather not everyone on Facebook know where I live, so I can just click the drop-down menu to the right of this box, and choose who can see this information. You can make it public, visible to friends only, or visible to you only. Or, like above, you can hit "custom" to make a more refined privacy decision. This setting is available for every entry in your profile, so make sure to go through the whole thing and edit each setting as you wish.
Lesser-Known Settings You'll Want to Tweak
Apart from the more obvious settings above, Facebook has implemented a few features that aren't as well-known. Some are a bit privacy-invading, and need to be turned off, while others are good for your privacy but have to be turned on (nice job, Facebook). Here are the ones you'll want to keep an eye out for.
Turn On HTTPS to Lock Down Your Private Information
With privacy-invading apps like previously mentioned Firesheep out there, it's more important than ever to secure yourself on web sites that have personal information on them, like Facebook. HTTPS will protect you from a lot of outside attacks, especially when you're browsing on open Wi-Fi networks.
To enable HTTPS encryption, hit "Account" in the upper-right hand corner of any Facebook page and go to "Account Settings". Hit the "Security" section on the left hand side, look for "Secure Browsing", and hit Edit. Check the box that says "Browse Facebook on a secure connection (https) whenever possible" and save your changes. From then on, it will automatically connect to Facebook via HTTPS whenever possible. Note that Facebook applications still do not have HTTPS support (just one more reason not to use them).
Turn On Two-Factor Authentication to Keep Others from Logging Into Your Account
Of course, none of this matters if someone gets a hold of your Facebook password. If you want to make sure you're the only one logging into your account, you can enable two-factor authentication, which will send a code to your phone every time you access your account from a new computer or device. That way, if someone gets your password and tries to log in from your computer, they won't be able to get in unless they've also stolen your computer (or your phone).
To enable this feature, head to your Account Settings and hit "Security" in the left hand sidebar. Under "Login Approvals", check the box that says "Require me to enter a security code each time an unrecognized computer or device tries to access my account". That way, you'll get a notification every time a new device logs in as you, and if it's you, you can plug in the code to get access.
Extensions and Tools That Enhance Your Privacy Even More
These are all great, but there are a few Facebook annoyances that you can't fix from your account settings. Thankfully, you can pick up a few browser extensions that'll help you out. Here are some we recommend.
Facebook Disconnect
Even if you love Facebook, it can get kind of annoying seeing that "Like" button all over the web. If you'd like to clean up the Facebook clutter on other web sites, previously mentioned Facebook Disconnect for Google Chrome will remove the Like button from most of the web sites you visit. There might still be Facebook links and icons, but it'll remove the actual Facebook integration people build into their sites, which is usually the more obnoxious clutter.
AdBlock Plus
A lot of sites around the net, like Pandora, Yelp, or Microsoft Docs.com, will try to connect to your open Facebook accounts and use them to "enhance" your experience. This can get really annoying, especially since it does it all automatically, without asking. We disabled some of these when we turned off the Instant Personalization Program, but bugs happen, and if you'd like to keep Facebook separate from your other online accounts, you can just download AdBlock Plus for Firefox or Chrome and add the following filters:
||facebook.com^$domain=~facebook.com|~facebook.net|~fbcdn.com|~fbcdn.net ||facebook.net^$domain=~facebook.com|~facebook.net|~fbcdn.com|~fbcdn.net ||fbcdn.com^$domain=~facebook.com|~facebook.net|~fbcdn.com|~fbcdn.net ||fbcdn.net^$domain=~facebook.com|~facebook.net|~fbcdn.com|~fbcdn.net
From then on, other sites shouldn't be able to use your currently-logged-in Facebook account to add "features" (also known as: spam) to other online services.
F.B. Purity and Social Fixer
Previously mentioned F.B. Purity is a userscript for most browsers that will hide annoying Facebook applications and news feed updates, like Farmville, Horoscopes, and other ridiculous spam. Previously mentioned Social Fixer also has this ability, but it's much more complicated. If you just want to hide the spam, go with F.B. Purity, but if you want to infinitely improve your Facebook experience, Social Fixer is a great choice—and we've written up a guide on everything it can do to help you out.
While they don't boost your privacy per se, they will get rid of a lot of the annoying spam on Facebook and, in turn, keep you from accidentally clicking on something you shouldn't. Plus, they just provide a cleaner experience.
Internet Shame Insurance
Facebook's privacy settings can be pretty cryptic, and while you may have gone through your privacy settings like a hawk, you can still miss things. Our own Adam Pash's Internet Shame Insurance extension for Chrome puts Facebook privacy into plain English. Whenever you go to make a post on Facebook, it'll tell you exactly who can see it, saving you from making any embarrassing Weiner-caliber updates.
This should help keep your Facebook a little more locked down, like it was when you first signed up for it. These features are always changing, though, so we'll update the post whenever Facebook adds something new. We'll also put that info on the front page of Lifehacker as it happens, but it's a good idea to run through this guide ever few months just to make sure you've caught everything, since there is a lot of info here. Also, if we've missed anything, be sure to let us know in the comments, and we'll add it to the post.