Five-minute Facebook security checkup

In just a few minutes you can tweak the social network's default privacy settings to ensure you're sharing posts and photos only with the friends you intend to share them with.

Dennis O'Reilly Former CNET contributor
Dennis O'Reilly began writing about workplace technology as an editor for Ziff-Davis' Computer Select, back when CDs were new-fangled, and IBM's PC XT was wowing the crowds at Comdex. He spent more than seven years running PC World's award-winning Here's How section, beginning in 2000. O'Reilly has written about everything from web search to PC security to Microsoft Excel customizations. Along with designing, building, and managing several different web sites, Dennis created the Travel Reference Library, a database of travel guidebook reviews that was converted to the web in 1996 and operated through 2000.
Dennis O'Reilly
5 min read

Facebook has been taking a beating in the press for its disappointing financial performance and declining stock price. But reports of the social network's death are a bit premature.

After all, a billion users is nothing to sneeze at. Even if only half that number sign into their Facebook accounts every day, as the company claims, that's a lot of eyeballs to present ads to.

I bet not even one out of 10 Facebook users has ever changed the service's default security settings, which make your profile information available for anyone to search and allow every other Facebook user to contact you.

Dangers of unfettered access hit home
Earlier this week my niece spent a couple of days getting rid of a Facebook stalker from Nigeria who was trying to get her to add him on her Skype account. (The Facebook help site explains how to report various types of abuse of the service.)

"Where in the world did he get my name?" she asked me. I pointed her to a post I wrote last year that described how to make Facebook more private. That post was an update to a story I wrote three years ago on the same subject.

Since Facebook regularly tweaks its security settings, both of those posts have become out-of-date. The five minutes (or less) it takes to complete the updated steps below can save you hours of aggravation caused by an encounter with a Facebook criminal--or even a well-intentioned but misinformed friend.

Get to know the inline audience selector
To open Facebook's privacy options, click Home in the top-right corner of any Facebook page and choose Privacy Settings. Three big buttons are labeled Public, Friends, and Custom.

The Friends option is selected by default, but this is misleading because this setting applies only to posts and photos uploaded from Facebook apps that don't have the inline audience selector, such as Facebook for BlackBerry. The audience selector appears below the status window and photos you're about to post; it retains whichever setting you used previously (probably Friends).

Facebook inline audience selector options
The inline audience selector that appears below status and photo windows you're about to post determines which Facebook users you're sharing with. Screenshot by Dennis O'Reilly/CNET

The audience selector is shown as a lock on the iPhone Facebook app and as a gear in the service's iPad app. Perhaps savvy Facebook users know about and use this setting, but just as with the service's privacy options, I'll wager a small percentage of Facebook denizens are aware of these options, and fewer still use them.

A look at Facebook's default privacy settings
Of course Facebook wants you to be easy to contact. The more friends you have, the more money Facebook makes. The fact that some of these "friends" are total strangers seems not to matter to many users.

My social networks -- personal and professional -- are limited to people I have met face-to-face, with two or three exceptions in the pro network for people I know by reputation only. You don't need to go to this extreme to restrict who can contact you on Facebook, however.

To prevent total strangers from reaching out to you on Facebook, click Edit Settings to the right of How You Connect. The default is to let everyone look you up by profile name, e-mail address, and telephone number; and to allow all users to send you friend requests and Facebook messages.

Facebook contact options
By default Facebook allows everyone to look you up by profile name, e-mail, and phone number, and to send you messages and friend requests. To restrict contacts, change the settings to Friends or Friends of Friends. Screenshot by Dennis O'Reilly/CNET

Since I'm conservative about who I wish to deal with on Facebook, I've changed these settings in my personal account to those shown in the above screen. I'm more open about being contacted via my professional social networks.

See your profile as others see it
Whether you share your Facebook information with everyone or only friends, it's a good idea to know exactly what you're sharing. The only way to know is to view your public profile. To do so, go to your profile page by clicking your name at the top of the screen, and then click View As.

To change what's on view in your profile, return to the Privacy Settings and click Edit Settings to the right of Profile and Tagging. You can share posts with everyone or just friends. More options are available for who can see what others post to your profile and posts you're tagged in.

Facebook Profile and Tagging options
Decide who can view posts others add to your profile and those you're tagged in via Facebook's Profile and Tagging options. Screenshot by Dennis O'Reilly/CNET

Even if you share only with Friends, Facebook defaults to allowing the friends of the people you tag in a post or photo to view it as well. To prevent the friends of the people you tag from seeing the posts or photos, choose Custom in the drop-down menu next to "Who can see what others post..." and "Who can see posts you've been tagged in...."

In the Custom Privacy window, uncheck "Friends of those tagged" and click Save Changes.

Facebook Custom Privacy settings
Prevent friends of the people you tag in posts or photos from viewing the material by unchecking "Friends of those tagged" in the Custom Privacy settings. Screenshot by Dennis O'Reilly/CNET

The Profile and Tagging options also let you review posts friends tag you in before they appear and to review tags friends add to your posts. This setting came in handy when my wife's niece got tag-crazy and started tagging my wife in nearly everything she posted in a misguided attempt to ensure that my wife saw her posts.

The tag-review process can quickly become tedious, however. My friends are generally judicious in their tagging, so I don't find reviews necessary. (Note that you can also block a friend's posts by clicking the down arrow in the top-right corner of the person's post and choosing one of the "unsubscribe" options.)

Review your Facebook app settings
The last three categories on the Privacy Settings page let you manage ads, apps, and sites; block access to your past posts; and block specific people and apps. The first blocking option converts all posts you've shared with the public and friends of friends to friends only (with the exception noted above for friends of the people you've tagged).

To block a person, click Manage Blocking and enter their name or e-mail address. You can also block app and event invitations from specific people or add them to your restricted list, which shows them only the posts you designate as public. The last setting allows you to prevent an app from contacting you or getting non-public information from you.

Then again, you may simply want to dispose of an app you no longer use. To delete apps, click Edit Settings next to Ads, Apps, and Websites, choose Edit Settings again next to your list of apps, and click the X to the right of the app's listing.

Select Edit to the right of the app to restrict the information the app can access, the audience for the posts the app adds to your wall, and whether the app is able to send you notifications.

I'm tempted to send instructions for limiting these app posts to all my friends who play FarmVille, Words With Friends, and every other Facebook game. You bought a cow, you spelled "cow," I'm delighted for you.

Yes, I know I can block all such posts by clicking the down arrow and choosing "hide all from FarmVille," but in a perfect social network, such posts would be opt-in, not opt-out. Who knows? I might may end up owning a virtual cow myself one of these days. I just hope I don't feel compelled to tell the world about it when I do.