Facebook has never been particularly good at prioritizing your privacy. Your data powers its business, after all. But recent revelations that a firm called Cambridge Analytica harvested the personal information of 50 million unwitting Facebook users in 2015 has created new sense of urgency for those hoping for some modicum of control over their online life. If you ever needed a wake-up call, this is it.
The good news: Despite the repeated, public privacy lapses, Facebook does offer a fairly robust set of tools to control who knows what about you—both on the platform and around the web. The bad news: Facebook doesn't always make those settings easy to find, and they may not all offer the level of protection you want.
Fear not! Below, we'll walk you through the steps you need to take to keep advertisers, third-party apps, strangers, and Facebook itself at bay. And if after all that you still feel overly exposed? We'll show you how to walk away entirely.
Keep Apps in Check
Over the years you've used Facebook, you've probably given various apps permission to tap into its data trove. And why not? At the time it's a simple enough request, a way to share photos more easily, or find friends across the app diaspora.
In doing so, though, you're granting developers deep insight into your Facebook profile. And until Facebook tightened up permissions in 2015, you were also potentially letting them see information about your friends, as well; Cambridge Analytica scored all that data not from a hack, but because the developer of a legitimate quiz app passed it to them.
So! Time to audit which apps you've let creep on your Facebook account, and give the boot to any that don't have a very good reason for being there. That's most of them.
On a desktop—you can do this on mobile as well, but it's more streamlined on a computer—head to the downward-facing arrow in the upper-right corner of your screen, and click Privacy. (You're going to spend a lot of time here today.) Now go to Apps, and gaze upon what your wanton permissions-granting hath wrought.
OK, so maybe it's not that bad. Or maybe it is! I have friends who discovered well over a dozen apps lurking within the Logged in with Facebook pane; I only have four, but that's because I did some spring cleaning recently. Either way, you can see not only what apps are there, but how much info they're privy to. For instance: I haven't used IFTTT in years, but for some reason it has access to my Friend list, my timeline, my work history, and my birthday.
To revoke any of those permissions, go over and click the pencil. To scrap the app altogether, hit the X. You'll get a pop-up asking if you're sure. Yes, you're sure. Click Remove to make it official.
An important note here: Those developers still have whatever data about you that they've collected up to this point. You have to contact them directly to ask them to delete it, and they're under no obligation to do so. To at least make the attempt, find the app on Facebook and send them a message. If they ask for your User ID, you can find that back on the Apps page by clicking on the app in question and scrolling all the way down.
It feels like you should be done now, but you're not. From that same Apps page, go down just a smidge further to Apps, Websites, and Plugins. If you don't want Facebook bleeding into any other part of your online experience—that's games, user profiles, apps, you name it—then click Disable Platform. This could have unintended consequences, especially if you've used Facebook to login to other sites! Only one way to find out, though.
And then scroll down just one more teensy bit to Apps Others Use, where you'll see about a dozen bits of information about you, like your birthday, or if you're online, that your friends might unwittingly be sharing with apps and websites. Uncheck anything you don't want out there in the world, which is honestly probably all of it.
OK, now you're done. With apps. There's still a lot left, though.
Back to the Settings panel! This time head to Ads, which you'll find right below Apps. (The fact that neither of these falls under Security or Privacy should tell you all you need to know about Facebook's disposition here.)
Just to be clear, Facebook—along with Google, and tons of faceless ad networks—tracks your every move online, even if you don't have an account. That's the internet we're stuck with for now, and no amount of settings tweaks can fix it. What you can do, though, is take a modicum of control over what Facebook does with that information.
That pair of shoes that haunts your News Feed, even though you already bought a similar pair? Exorcise them by turning off Ads based on my use of websites and apps.
Also say no to Ads on apps and websites off the Facebook companies, which covers all the non-Facebook parts internet where the company serves up ads—which is pretty much everywhere. Then head straight down the line to Ads with your social actions, which you should only leave on in the event you want to share with the world that you accidentally clicked Like on that sponsored post from a furniture company that probably exists only on a server in Luxembourg.
And for some fun insight into what Facebook thinks you're into, click on Your Interests. There you'll find the categories that Facebook uses to tailor ads to your Liking. You can clear out any that bother you by clicking the X in the upper-righthand corner when you hover over, but mostly it's a fun lesson in how digital advertisers distill your essence. You'll also likely find at least one surprise; Facebook thinks I'm into IndyCar, which honestly, maybe, if I'd only give it a chance.
Please remember that none of this will in any way change the number of ads you see on Facebook or around the web. For that, you'll need an ad blocker.
After a decade on Facebook, you've likely picked up friends along the way you no longer recognize—not just their profile picture, their name and context. Who are all these people? Why are they Liking my baby pics? Why aren't they liking my baby pics?
To get a handle on who can see which of your posts, it's finally time to head to Settings then Privacy.
Start with Who can see my posts, then click on Who can see my future posts to manage your defaults. You've got options! You can go full-on public and share with the world, or limit your circle by geography, employers, schools, groups, you name it. Whatever you pick will be your default from here on out.
Whatever you pick, immediately go to Limit the audience for posts you've shared with friends of friends or public? to make that choice retroactive. In other words, if you had a public account until now, changing your settings won't automatically make your past posts private. You have to get in a few extra clicks for that.
Skip ahead down to How People Find and Contact You, since that's thankfully pretty straightforward. Tweak all the settings to your liking. The main note here: Don't share your email or phone number unless you absolutely have to, and if you do, keep the circle as small as possible. (If you do have to share one or the other with Facebook for account purposes, you can hide them by going to your profile page, clicking Contact and Basic Info, then Edit when you mouse over the email field. From there, click on the downward arrow with two silhouettes to customize who can see it, including no one but you.)
And while we're almost done with this part, first we have to talk about tagging. If people want to tag you on Facebook, there's not much you can do about it. Sorry! But you can at least stop those embarrassing pics from showing up in your timeline. Enable the option to Review posts you're tagged in before the post appears on your timeline so you can clear anything out that you'd rather not see there.
Then, head to Timeline and Tagging in the left-hand menu. There you can limit who can post to your timeline, who can see which posts, who can see what you're tagged in, and so on. Your tolerance here will vary depending on how active a Facebook user you are and how obnoxious your friends can be, but at the very least it's helpful for setting custom audiences that exclude people—your boss, maybe, or an ex—you definitely don't want taking an active role in your Facebook experience.
To test out those changes, head to Review what other people see on your timeline, where you can see what your account looks like through the eyes of a set of people or a specific friend.
One last thing: You'll see a Face Recognition option in the left-hand menu pane as well. It has some genuine uses, like letting you know if someone is using a photo of you in their account for trolling or impersonation. But if you're fundamentally more creeped out by Facebook's algorithms hunting for your face than by potential human jerks, go ahead and switch it off.
What About Russians?
While it still sounds like the subplot to a lesser Die Hard installment, dozens of Russian propagandists really did infiltrate Facebook a few years ago. Did you follow or like one of their accounts? Find out for sure here, assuming Facebook doesn't once again upwardly revise the number. And then find a way to get that link in front of your aunt. You know which one I mean.
Is Facebook Listening To Everything I Say?
By this point, it's a trope: You have a casual conversation about umbrellas with your roommate—as one does—and a few hours later, umbrella ads flood your News Feed. Surely this means Facebook's using your smartphone's mic to eavesdrop, right?
Well, no, sorry! As we've explained here and others have investigated elsewhere, Facebook's not actually hijacking your microphone. For starters, it would be wildly impractical not only to sort through all that data, but to figure out which words meant anything.
Besides, worrying about Facebook eavesdropping distracts from the far more concerning fact that it doesn't have to. The things you and your friends do online, and where you do them, and when, and how, and from what locations, all form more than enough of a profile to inform ads that feel like Facebook isn't just listening in on your conversations, but on your private thoughts. So, please do feel better about the mic thing, but much, much worse about the state of internet tracking, targeting, and advertising at large.
If even scrolling through all of these settings tweaks has left you exhausted, much less actually implementing them, you do have a more efficient option: pulling the plug altogether.
Before you do this: First, do recognize that this won't solve all of your online ad woes. You'll still be tracked, targeted, and so on across the web, both by Facebook and other ad networks. They'll all have that much less info to work with, though! So that's something.
And second, if you do decide to go through with it, think about downloading your account first. There's no reason to lose all those photos and statuses and such. To preserve those memories offline, head to Settings > General Account Settings > Download a copy of your Facebook data and click Start my archive. Facebook will email you with a download link when it's ready, which you should pounce on since it'll expire eventually.
OK all set? Here we go. Head back to Settings again, where you'll start in General. Click on Manage Account, scroll past the grim "what happens to my social media presence when I die" bits, and click Deactivate my account. You'll need to enter your password here, look at photos of friends who will "miss" you, take a quick survey about why you're bailing, and then click Deactivate one more time.
Please note that you have not yet actually deleted your account! You've just put it in hibernation, in case you ever decide to come back. For full-on deletion—which means if you do decide to go back you'll have to start from scratch—head to this link right here. That'll put you just a password entry and a CAPTCHA away from freedom. There's a delay of a few days though, and if you sign back on in the interim, Facebook will go ahead and cancel that deletion request. So stick to your guns, don't log in, and maybe delete the Facebook app from your phone just in case.
And that's it! You're clear, at least until Facebook changes its privacy options once again. Whether you decide to stay or leave, the important thing is to take as much control over how your data gets used as possible. Sometimes that's still not a lot—but it's something.