Facebook has found itself embroiled in yet another colossal controversy related to how its sprawling, multibillion-person social network has been abused by bad actors. This time, the culprit is Cambridge Analytica, a data analytics firm used by President Donald Trump’s campaign during the 2016 US election to target election ads on Facebook. It turns out, Cambridge Analytica misused the user data of as many as 50 million Facebook users via its affiliated behavior research firm Strategic Communication Laboratories, which violated Facebook’s terms of service by acquiring said data from a third-party app and reportedly lying about when that data was deleted and how it was used.
The announcement was made on Friday to preempt the publication this weekend of two blockbuster reports from The New York Times and The Guardian featuring claims from former Cambridge Analytica employee and whistleblower Christopher Wylie, who says the data formed the foundation of the firm’s election toolset. In a few short days, the stories have called into question the entirety of Facebook’s ad platform, the data collection practices of its API-using third-party services, and the company’s commitment to user privacy and the policing of its platform. Facebook has suspended Cambridge Analytica and Strategic Communication Laboratories. Yet the fallout from the two firms’ actions — and Facebook’s weak attempts to ensure the data was not misused — has prompted widespread condemnation from politicians and tech critics and forced Facebook to hire a digital forensics team today to investigate the situation.
So now is as good a time as ever to remind you that — beyond deleting your Facebook account for good — there are some precautions you can take to protect your privacy and make use of Facebook as a utility without compromising your personal data. No single user can prevent a company like Cambridge Analytica from lying to the public and lying to Facebook about where its data came from and how it’s using it. But you can make sure that a significant chunk of your data is never out there in the first place. Here’s where to start:
Step one: turn off location services
Location data is among the most sensitive data you can grant to a third-party app or service. With location data, companies know where you’re going, where you came from, and can even glean insights from your daily travels like where you live and work and what restaurants and other businesses you frequent. For Facebook, this data is invaluable to advertisers, and it’s also quite the pitfall for users who may not understand or realize when an app has access to this data.
While we don’t know if this type of data was among the trove Cambridge Analytica reportedly had access to, it’s still sensitive data that you should only give out when you think the core service you get in exchange is worth it. For instance, it makes sense to grant Google Maps access to your location, but it makes less sense to allow some shady third-party recommendation service to use the same data.
Location data is among the most sensitive personal information you can share online
To turn off or limit Facebook’s access to your location on iOS, head to your iPhone’s Settings app, scroll down to “Privacy” under the general tab, and tap Location Services. From there you can disable the feature entirely and toggle it on, off, and only while using a piece of software on an app-by-app basis. Scroll down to find Facebook, and switch it to either “While Using the App” or “Never.” There isn’t a good enough reason to give Facebook access to your location all the time, so make sure to never leave it set to “Always.”
On Android, head to “Account Settings,” tap “Location.” From there, you can toggle Facebook’s access from on to off.
Step two: unlink questionable third-party apps
Perhaps you, like me, have been letting third-party apps and services access your Facebook data for years without thinking twice about where that data goes or how it gets used. In the case of Cambridge Analytica, a seemingly innocuous Facebook app called “thisisyourdigitallife,” which claimed it could predict aspects of a user’s personality, was created by Cambridge psychology professor Aleksandr Kogan. The app siphoned user data from up to 270,000 people who downloaded it and signed in through Facebook. The data included where these people lived, who their friends were, and it may have also informed election ad targeting for Trump’s presidential campaign after Kogan handed the data over to Strategic Communication Laboratories, violating Facebook’s TOS in the process.
To prevent your user data from helping inform a campaign to elect someone like Donald Trump — a disturbing disclaimer that comes with using Facebook in 2018 — head over to the “Apps” section of your Facebook settings. (This is best done on desktop, but you can do it on mobile as well.) At the top of the page, you’ll see the total number of apps you’re logged into using Facebook. My count at the time of writing, and with little scrubbing over my roughly 10 years on Facebook, was 179 apps. Among the included services with access to my personal information are a number of defunct or otherwise unpopular apps like Voxer and Viber, apps I’ve heard of maybe once years ago like RebelMouse and Rafflecopter, and apps I’ve never heard of at all like Indaba Music and Jagabo. It’s an immense amount of access granted to a sea of software detritus, and it’s likely the situation is similar for you, too.
So the easiest way to protect yourself in this situation is to scroll to the bottom to the “Apps, Websites and Plugins” square, click edit, and turn off all third-party API access. However, maybe you use your Facebook login for a service like Airbnb or Lyft or any number of other well-meaning and otherwise ethical products. In that case, you should go through your entire app list and disable access from any questionable, defunct, or unnecessary services. You can also edit the amount of info specific apps can access and who on Facebook can see that you use the app, as well as notification settings for the software.
Step three: limit sharing settings
This is perhaps the most complicated of Facebook’s privacy and security customization options, and it involves a lot of careful calibration to make sure you have a setup that works for you. It’s best to do this on desktop, where reviewing all this information at once on a larger display is easier than that of a smartphone screen. First off, click on the downward-facing triangle next to the question mark icon in the upper right corner of facebook.com. From there, find the “Settings” option at the bottom. From here, click on “Privacy” in the lefthand column.
It’s here that you can toggle how what you share on Facebook propagates throughout the platform and who and to what extent strangers can reach out to. In this case, it’s best to change the option for “Who can see your future posts?” to “friends only.” Facebook now includes an option right below that one at the top to “limit past posts,” so that every post across your entire Facebook history will be restricted to “friends only” if it had previously been shared with either everyone or just friends of friends.
Toggling everything to “friends only” is a good option to restrict who can see your posts
Below that, you can toggle how people can find you on the platform and contact you. It’s here that you can edit settings for who can send you friends requests, who can see your friends list, and whether your profile shows up in search engines, and whether people can find you using your email address or phone number. It’s best in these cases, if you’re really trying to limit the amount of data you’ve provided, to change everything to either “Only me,” “friends,” or “friends of friends” as a last resort. You can also disable search engines outside Facebook from linking to your profile, which is a smart move.
Below the “Privacy” section is the “Timeline and Tagging” option, which controls who can post on your Facebook profile and who tag you in photos. It’s best here to limit everything to “friends” or “only me” where appropriate and to make sure you have turned on the settings for reviewing tags people add to your posts and posts that you’re tagged in before they appear on your timeline. Another lesser-known part of Facebook’s settings panel is in the same cluster of categories with privacy and timeline settings and it has the ominous name “Facial Recognition.” If you don’t want Facebook to build a profile of your face data so that it recognizes you in photos and videos other people post, turn that off, too.
Step four: remove personal info and restrict ad preferences
The final move is to edit your “About Me” section to limit the amount of total information you’re sharing with Facebook at all times, regardless of whether you’re letting any third-party apps or services access it. To do so, click on that question mark icon in the upper right corner of the page and click on “Privacy Checkup.” Go through the first step in this process until you to get step number two, where at the bottom you have the option to go to your About Page. From there, you can edit or delete all types of information you’ve shared on Facebook, from your work and education history to where you’ve lived to contact and basic info like email addresses and phone numbers.
You can, of course, keep this info intact and on Facebook, and just limit the vast majority of it to being visible only to you. But if you really want to get this info off of Facebook for good, you should remove it. Stripping out all of this info will necessarily make it harder to find you on Facebook, but again, that should be the point of this exercise if you just want to keep your profile as a way to keep in touch with old friends or, for instance, to use Facebook Messenger. You can basically strip everything out of your profile except your name, birthday, and gender, which you are able to restrict visibility of anyway.
Strip Facebook of all personal information and disable ad preferences to ensure your privacy
To ensure that your profile appears the way you want it to when viewed by both a friend or a stranger, make sure to use Facebook’s View As feature that lets you look at your profile from the perspective of another user. To find that option, tap on the three small dots next to the “View Activity Log” option overlaid on top of your cover photo, next to the edit profile box. In the drop-down menu there, you should find View As, which defaults to showing the public version of your profile with an option to look at it as a specific person up at the top of the page.
Last but certainly not least, head over to the Ad Preferences page here to remove the ability for advertisers to target ads based on your personal information. You can make it so advertisers cannot run ads informed by your relationship status or where you work, or any of the dozens of categories Facebook has automatically selected for you based on the information you’ve provided and what the company nebulously refers to as “other activity,” which ranges from classifications like “Gmail user” and “close friend of expats” to “frequent traveler.”
You can also see a total list of all the pages you like here and remove ones you don’t want to be used for advertising purposes. At the bottom of the page, you can toggle off the ability for advertisers to base ads on your use of third-party websites and apps that rely on tracking cookies to inform Facebook of products you may be looking at on Amazon and elsewhere.