Facebook Privacy: How to Secure Your Profile from the Social Graph

April 23, 2010 - By Justin E. Gehrke

One of yesterday’s big tech stories was Facebook’s unveiling of the its Social Graph concept. While CEO Mark Zuckerberg may have gone to great lengths to emphasize the benefits of connecting all of the dots on the internet, privacy and security experts almost immediately began cautioning that the changes could be detrimental in terms of user privacy.

As has been the custom in past updates, the social media giant illogically turns on new options by default and advises the user, via an attractive graphic, that they have the choice to “Understand your privacy” and read the details of the change. Even then, the wording is ambiguous, at best. How good or bad are the changes? In the interest of objectivity, it’s still too early to form an educated opinion. In light of the significant changes, though, it is a good time to review some simple steps that every Facebook user should consider, when determining what and how much information they share.

First of all, let’s preface this with the caveat that the suggested settings shown herein are pretty close to maximum Facebook security. They represent the configuration options that users can make to share the least amount of information possible. While not hard, it will take a few minutes to navigate to and fro, in Facebook’s menu hierarchy. If the goal is to have 8,750 friends, around the planet, read no further. Without a doubt these suggestions are for people who value their privacy and don’t want their every Facebook move subject to market analysis. Each of the images will open in a new window, to give you a clear view of the actions described.

Account > Privacy Settings:

On this screen, their are five sub-menus. Users should go through each one and verify each item. Remember, Facebook changes things and turns them “on” by default. You might be surprised what you find. Below, we go through each of the sub-menu items.

Account > Privacy Settings > Profile Information:

On this screen, the privacy conscious can make it easy. Set everything to “Only Friends”. Why? Do you tell strangers on the street or your friend’s friends your birthday, where you live, the names of your children, and finish things off by showing them all of our family photo albums? No, you probably don’t, or at least we hope you don’t. Keep your information within your circle of friends. Also, it’s a good idea to uncheck “Friends can post to my Wall”. It’s like letting someone speak for you, to everyone you know. Not necessary.

Account > Privacy Settings > Contact Information:

This screen is similar to the Profile Information one, above. The goal is the same. Share only information with “Only Friends”. To be even safer, don’t even fill in the fields for phone numbers, hometown, etc. They’re optional. If the person is really your friend, they’ll already have the information. If they don’t they could send you a message on Facebook and ask you for it. No need to publish this kind of stuff when you don’t have to do so. Another good idea is to use a unique email address for Facebook that you will not give to anyone else, register on a website, etc. This way, you can be certain that any message you receive there, to include unwanted and SPAM ones, was generated from Facebook or using your Facebook profile information.

Account > Privacy Settings > Applications and Websites:

Here, again, we have several sub-menus that need to be reviewed and tweaked. Here, you can block applications and check your ignored friends (which might indicate that someone in this scenario isn’t really a very good friend). Here we see the new “Instant Personalization” option Facebook referred to on the home screen. Wow, they made it really easy to find, right? If you don’t plan on “Liking” websites or going to ones just because someone else “Likes” them, uncheck the box. You’re not going to miss out on anything, yet. Also, it’s a really good idea to set who can view your activity in games and applications to “Only Me.” Why? If you’re “Friends” with your boss or coworker, do you want them to see all the time you spend tending vegetables on your farm, while sitting in your cubicle after lunch?

It’s also a good idea to edit the settings of “What your friends can share about you,” on the next screen (accessed via “Edit Settings” from the above screen). Here’s the why behind this one. Your friends should not be able to share your life’s story with anyone else. Think your friends all have enough common sense not to do it? Think again. Everyone has lapses in good judgment. You don’t want it to be with your information. In the example below, we’ve restricted the information that can be shared to our website and our “About me” bio.

Account > Privacy Settings > Search:

Accessed from the “Privacy Settings” menu, here we only have a couple options. It’s time for a decision. Do you want people to be able to search for and find you on Facebook. If you don’t need it, restrict it to “Only Friends”. Even if you choose to leave it set to “Friends of Friends” or “Everyone,” you should at least consider unchecking “Allow” for “Public Search Results”. What’s the difference. People have to be logged in to Facebook to do the first one. They don’t need to be logged in to do the second one.

That pretty much takes care of the “Privacy Settings,” so we can move on to the “My Account” settings.

Account > My Account > Facebook Ads:

Facebook ads are likely part of the inspiration behind the “Social Graph” concept. This one isn’t a huge privacy issue, but if someone is your friend, don’t they know what you like and dislike, for the most part? It’s a good idea to change the setting to “No one” or, at a minimum, “Only friends”.

The last area we’ll take a look at is the Application Settings, to see what we allow and how much we allow it to do.

Account > Application Settings:

This is where we can see what connected apps can do, with our information. You should change the view to show “Allowed to Post” and “Authorized,” since these are the ones that have the potential to share more than you might want. Once you can see the full list, review each and every application. If you don’t use it anymore, get rid of it. If you use, make sure that things like “Access my data when I’m not using the application” and “Publish recent activity to my wall” are unchecked, whenever possible.

In Summary:

Again, the suggested configuration verification and changes listed above do not constitute every possible measure you can take to secure your Facebook profile. They are intended to give you a good foundation of privacy and information security. Even if you implement each and every one, you should periodically review them again, to make sure that newly connected applications haven’t allowed unwanted sharing, based on Facebook’s “Fail-Open” policies. Have a tip not mentioned here? Post it as a comment to let us know and help others, too.

Facebook’s intentions are not evil. They are diligently trying to make the web a better place, through increased opportunities for social interaction. That’s a good thing. Convenience and enjoyment should never make us forget about safety and security, though. Hopefully this information helps a few, interested people tighten things down and better understand the complex hierarchy of permissions that is Facebook. Once you’re done, you can breathe easy and get back to Farmville or finish that bank heist you need have pending in Mafia Wars.