These 11 Facebook privacy tweaks put you back in control
Death. Taxes. Facebook. The first two you can’t avoid. And the third isn’t that much easier to escape. A long history of privacy backtracking and goofs—like a longstanding vulnerability that allowed Cambridge Analytica to harvest user’s data—has fueled plenty of “Quit Facebook!” chatter. But you’ll miss a lot if you do.
“If Facebook is . . . your connection to friends and family, the place where you practice your profession or run your business, you can’t just quit,” says Gennie Gebhart, a researcher on consumer privacy and security at the Electronic Frontier Foundation. Facebook pages and groups have become de-facto websites for restaurants, bars, clubs, civic and political organizations, and nonprofits. Facebook Messenger often replaces texting and email. That’s not even getting into Facebook-owned Instagram and WhatsApp.
Even if you don’t delete Facebook, there are ways to limit the ability of the social network, other companies, and/or fellow users to get information about you. This is not an exhaustive list of what you can do—because that would be exhausting. It focuses on the steps likely to have the biggest impact. For all the website adjustments I recommend, begin by clicking the down arrow on the upper right of the screen to access Settings. Mobile tips are for the latest versions for Android and iOS.
1. Trim your “friends” list
Many Facebook settings (Privacy, Timeline, and Tagging) restrict who can see your activity. Besides the hermit-like “Only me,” the strictest option is “Friends.” Trimming the people in that group limits not only who sees your activity but who can share it with third parties, as happened with Cambridge Analytica. (Bonus: It also reduces dull posts from people you don’t care about.)
To whittle your friends list, go to the profiles of people who you’ve decided don’t make the cut, hover over “Friends” at the top of the page, and select “Unfriend.” They won’t be notified.
2. Don’t hand over your phone number
Facebook can use your phone number for two-factor authentication (2FA). With this option turned on, the service will text you a code that you enter in the site as a second “factor” (beyond your user name and password) to confirm your identity.
Facebook has also used these phone numbers for ad targeting and user-profile lookups, either or both of which you might not be comfortable with—2FA is a critical security tool, however, so tip number three describes how to use it without a phone number.
If you’ve already given Facebook your phone number, it remains in the company’s internal records unless you delete your account. But deleting it from your profile pages keeps it away from other snoops, who could use it for identity theft or harassment.
According to Facebook, you may have to delete your phone number in up to four different places on the website:
Note: Using WhatsApp requires providing a phone number, which will be shared with Facebook.
3. Turn on two-factor authentication
Instead of providing a phone number to get 2FA codes by text, use a free smartphone authenticator app to generate login codes for Facebook—and all the other sites that offer it. (I like Authy for its crisp design.)
On the website, go to Settings > Security and Login > Two-Factor Authentication to choose the app option.
For details, see “Use a mobile authenticator app” in our article “Here’s how to wrangle your passwords without going crazy.”
4. Block trackers on Facebook and other sites
Facebook has several ways to track you across the internet—for instance, tracking cookies (text files) in your browser report to Facebook where you go online. And the social media “Share” buttons on sites all over the web (including FastCompany.com) work with cookies to track Facebook users and nonusers alike.
The protection may not be perfect. You can boost your chances by running two or three blockers that you find easiest to use and least likely to “break” features of a site, like images loading. If one of them does, you can disable the blocker for that site while retaining others for backup.
Facebook’s mobile apps can also track you, but the website (including messaging) works well in a mobile browser like Focus or Ghostery. However, apps by other companies can also embed Facebook tracking code. So you can limit, but probably not eliminate, tracking on mobile.
5. Check all authorized devices
Facebook asks to confirm your identity to authorize account access the first time you log in from a new device or browser. See if hackers have impersonated you by checking which devices have been granted Facebook account access.
On the website, go to Settings > Security and Login > Where You’re Logged In, and click “See More” for the full list. Click the three dots to the right of any entry you don’t recognize (or no longer use), and select “Log out.”
To prevent future rogue account access, scroll down the same page to Setting Up Extra Security, go to Get alerts about unrecognized logins, click the Edit button, and select how Facebook alerts you of new logins. Don’t select the mobile number option (see tip number two), and delete the number if it already appears.
6. Turn off and wipe location tracking
The Facebook mobile app, Messenger, Instagram, WhatsApp, and Facebook Local may all be recording your location—intimate information as unique as a fingerprint. You can turn off access in your phone’s app permission settings.
In Android, go to Settings > Apps & Notifications. In iOS, go to Settings > Privacy > Location Services. Then scroll to and click on each Facebook-family app to change permissions. (You may have to re-enable location services to tag a post, such an Instagram photo.)
7. Don’t fork over your contacts
This protects your friends and acquaintances from having their data sucked into Facebook. (To better understand what’s happening, see this ACLU post.)
If you’ve already given Facebook access to contacts, at least prevent it from getting more from Facebook, Messenger, or Instagram. (As for WhatsApp, Facebook tells Fast Company that, “WhatsApp contacts are not shared to Facebook, and we have no plans to do so.” But WhatsApp works without uploading contacts, anyway.)
Start with the main Facebook mobile app. Turning off sharing here has the added benefit of deleting contacts that you have previously uploaded, according to Facebook. Tap the three-horizontal-lines icon on the upper right (Android) or the lower right (iPhone), scroll to and tap Settings, scroll to Media and Contacts, tap Upload contacts, and turn it off.
For the Messenger apps, tap the two-silhouette icon at the bottom center of the screen, then tap the add friend (single silhouette with “+” sign) icon in the upper right, and tap Sync Contacts (Android) or Upload Contacts (iPhone) to make sure it’s not enabled.
You can also disable contacts access for Instagram and WhatsApp on iPhones and for all Facebook apps on Android in the phone’s operating system. In Android, go to Settings > Apps & Notifications, select each app, and tap Permissions. In iOS, go to Settings and scroll down to and click on each app to make sure access to contacts is not enabled.
8. Turn off face recognition
Facebook studies users’ faces to enable features like making it easier to identify and tag someone in a photo and video. This feature is not on by default, but if you have enabled it, consider shutting it off to protect yourself from anything else Facebook may do with the information.
On the website, go to Settings > Face Recognition Settings and select “no.”
In the app, tap the three-horizontal-lines icon on the upper right on Android or lower right on iPhones, scroll to Settings and Privacy > Privacy Shortcuts, and in the Privacy section, tap Control face recognition.
9. Use Secret Conversations in Messenger
Even if you think you have nothing to hide, why not keep your private conversations private? Messenger allows encrypted chats, using technology that’s similar to that of the well-regarded (but far less widely used) Signal app.
To enable encryption, start a new conversation and toggle the lock icon (Android) or click the word “Secret” (iOS) at the top right of the screen.
You can also set encrypted messages to disappear Snapchat style. In Secret Conversations in Android or iOS, click the timer icon in the text-entry field to set the expiration time ranging from five seconds to one day.
(Note: By default, WhatsApp encrypts your messages and phone calls.)
10. Scrub your profile
Deleting personal info from your profile page—such as your home address and email—could protect you from other people, such as potential harassers. Facebook claims that most information you zap will be deleted from its internal records, too. The exceptions are birthdays (which it needs to verify you are at least 13 years old), as well as phone numbers and email addresses (which the company says are “critical for account security purposes”).
11. Remove connected apps and sites
Facebook lets third-party apps such as Gamest gather information such as your name, profile picture, locale (country and language), birthday, email address, and friends list. The same is true for external services like Spotify that let you sign up by linking to your Facebook account.
If you’ve already linked apps or sites to Facebook—you may have done it more often than you remember—you can disconnect any you aren’t using, or which don’t really need access to Facebook. On the Facebook website, go to Settings > Apps and Websites. Under “Active Apps and Websites,” click the checkbox next to any you’d like to disconnect, and click the “Remove” button. (Apps may retain data you’ve given them, though app makers may allow you to request deletion.)
If you’d like to prevent yourself from linking apps or sites in the future, you can turn off the capability. On the same settings page, scroll to Apps, Websites and Games, and click Edit to turn off the feature. This also blocks requests from friends to sign up for Facebook games they play.