A Practical Guide: Controlling Your Data Privacy on Facebook

  • Facebook makes its security and privacy tools easier to find and alter in the wake of the Cambridge Analytica controversy.

With all the news swirling around Cambridge Analytica, a political data firm that gained access to the private information of millions of Facebook users, many people are asking what information was collected and how they can better protect themselves.  The issue of data privacy and the rights of individuals are being brought to the attention of the American public more than ever.

That’s because data is behavior. It’s core to who we are. In the wrong hands, it can be used to manipulate individuals, sway opinions, and influence decisions.

Every time you provide your email; every time you buy online; every time you download an app or provide information on social media; every time you enter a contest; you become a data point.

The human has become an endless stream of data. Businesses, marketers, researchers – almost everyone is tracking data about individual’s behavior. This data can be stored indefinitely, used to segment and classify you based on your own preferences, or even sold or shared to others.

Yet, if you asked the average American how their data is being used, most people couldn’t tell you.

Unlike many European countries, the U.S. lacks strong consumer protection laws regarding the collection and sale of consumer data. Many businesses are able to monitor their website traffic, social engagement, and other personal behavior and use or sell that valuable information for profit. This highlights the need of the consumer to be more aware of the issues and protections they can employ to keep their data private.

In our guide, we’ve made security and data privacy settings simple. Here are 8 steps to locking down your Facebook profile. If you’re more interested in either disabling or entirely deleting your account, those instructions can be found here:

Delete it or Disable it

1. Managing your Privacy Settings

If now you’re thinking “Wow. I really need to check my settings.”, we’ve got you covered. First rule of thumb: Don’t leave anything public.

Not your posts, not your email or phone number, and definitely not your friends list! The more information you leave out there in the public domain, the easier you are to target with a spear phishing email or other social engineering tactic. Also, if you don’t know or trust all your “Friends”, you should strongly consider limiting the information they can access as well.

Facebook Data Download

Does all the news surrounding Cambridge Analytica have you worried about the information that Facebook has about you?

If you want to download a complete copy of all the information available, click Settings when logged in to your Facebook account. On the General Account Settings Screen, there’s a small link: “Download a copy of your Facebook data.”

Clicking this will start a large data dump of more than 69 data fields, including your IP addresses, facial recognition data, check-ins, advertisements that you’ve clicked, religious and political views, last location, and more.

Use Mozilla Firefox + the “Facebook Container” add-on

Facebook has a habit of tracking their users’ activity across visits to other websites. Mozilla Firefox has released an add-on to their browser (available here: https://addons.mozilla.org/en-US/firefox/addon/facebook-container/) that allows users to isolate their Facebook identity from the rest of their web-browsing activity. The extension deletes your cookies and makes it harder for Facebook to track your browsing data.

2. What devices have access to your account?

Facebook allows you to see every device that is currently using and logged in to your Facebook account. A straightforward way to ensure there’s no unauthorized access is to periodically check this. In my case, I know that I’m logged in on my Mac back home in Annapolis, plus all my devices here at Summit in Millersville.

However, when I see Philadelphia (a city I’ve never been to) and Normandy (close to where I used to live) – that makes me suspicious. To ensure my security I did two things:

  1. Use this tool to log out of the suspicious sessions.
    • Click the three dots and then log out.
  2. Change my password.
    • This makes sure if my login is compromised, they can’t get back into my account.

3. Facebook Quizzes

Facebook quizzes are popular because people are curious. Everyone wants to know what TV show character, type of animal, or celebrity they’d be! The issue is, quizzes tend to share your data with the app developers directly. These developers aren’t employees of Facebook themselves and operate by a different, less regulated, set of rules. They may ask for information about your profile, friend lists, email addresses, all the posts on your timeline, and even access to your photos!

Quiz developers are essentially data farmers. They collect as much information as they can about you and sell the information to spammers, advertisers, and anyone else who will pay them for it.

“But I still want to know what superhero I’d be!!!”

Is it worth it? If the quiz is hosted on a 3rd party page, you may encounter malware. It’s not uncommon on clickbait sites where quizzes are generally published. 

If you really want to take that quiz and it’s hosted on Facebook itself or a reputable site that you know and trust, create a new email address that you’ll only use for spam messages. Don’t open them, don’t check this inbox, just create it and delete every email that comes into it. Then, use that e-mail to create a new Facebook account. Don’t put ANY information into this account. No pictures, no posts, no check-ins, not even your real name.

Then, take that quiz. You’ll be flattered to know you’re most like Ironman.

4.  Do Those Apps Have Too Many Permissions?

Before you play that game, do you really want to give whoever made it your email address, friends list, and information on your profile? Do you know how they’ll use it? Do you trust whoever developed this game or quiz?

Applications on Facebook, the Apple App store, and other locations are made by third parties that may, or may not, have strict privacy and security controls to keep your data safe. Some applications are specifically created with malicious intent. Back in 2016, there were claims that a 3rd party flashlight app was malicious and asked for too many permissions. Once permissions were granted, the app could turn on your phone’s microphone and record your conversations. Then it sent those conversations to a server in China.

Facebook allows for you to control the apps and games that are linked to your account, plus the information they can receive. Keep tabs on what you download and use common sense when it comes to allowing permissions. If your calculator app needs your call history, contact list, and ability to post to facebook in your name – chances are, that’s a malicious calculator!

5. Get Security Alerts

Security alerts are a quick way for you to remain up to date on who’s attempting to access your account. Sometimes these alerts will pop up if you’re using a public computer or a brand new device that you typically don’t use – but if you haven’t logged on with a unrecognized browser – then it’s time to log out and change your credentials.

6. Two-factor Authentication

Two forms of authentication are always a good idea where available. Luckily, your Facebook account makes it an option for you! It’s pretty simple, too. After you put in your password, a website will email or text you a one-time use secret code. You put that code into the website to confirm your identity, and then it lets you log in. Even if someone steals your strong, unique password, they’d ALSO need access to your email or phone (which is hopefully harder to get!)

7. Your Personal Brand

Now, let’s get a little more vain. Facebook is a place for bragging, showing off success, being argumentative and opinionated, and proving that the person who dumped you sophomore year really screwed up.

But… maybe it shouldn’t be.

Employers, law enforcement, potential dates – they all can look at your social media presence to build an idea of your life. Be careful and plan what you post. Think of Facebook like your personal marketing tool. If you post the wrong thing, you could wind up paying for it.

However, it’s not yourself you need to worry about. Think about your “Friends”. If you’re like me, you probably know a few people that you might not want posting on your timeline or tagging you in humiliating photos. You can control that.

Go to your timeline and tagging settings. Turn on Review. This allows you to review the posts you’re tagged in before they appear on your timeline and review any tags people want to include you on.

8. Malicious Links, Posts, and Messages

The challenge of social media security is that it allows a single person to spread content to a large group of people with little effort. Links to malicious websites that can install malware, steal your personal information, or cause financial harm are often shared on social media sites. It’s important to think before you click.

Facebook does a pretty good job at flagging malicious links with messages that warn you about the safety of a link before directing you to the content you click on. If you see this message, it’s usually a good idea to click cancel and avoid that content.

Keep Security Top of Mind!

Security awareness is important for anyone who has an online presence. If you found this guide helpful, please share with your friends, family, and co-workers to ensure their Facebook security!  If your business is interested in a webinar or on-site presentation in the Maryland, Washington DC, or Northern Virginia region on social media scams, please let us know.


On Key

Related Posts

Takeaways from the CMMC Rule Publication

The Department of Defense’s CMMC program has taken a giant step ahead with the publication of the CMMC Proposed Rule on December 26th in the Federal Register . This begins