This post comes from Bob Sullivan at partner site Credit.com.
If you are really concerned about privacy, then you probably shouldn’t use Facebook. But if you are like a billion people on the planet, you’ve decided that Facebook’s tradeoff between sharing and privacy is worth it.
That’s certainly reasonable. Plenty of non-Facebookers today complain that they miss out on a lot of social activity — from spontaneous happy hours to wedding announcements.
So if you are a Facebook user, is there a safer way to use the tool?
As a privacy expert I get this question all the time: Are there two or three things I should do to make my Facebook account safer?
Like any thoughtful technology writer, I never offer such advice without layering on the caveats, so here goes. The most irritating thing about Facebook is the way the service keeps changing its tools and its rules. I’ve doled out Facebook privacy advice before, and each time I look at what I’ve said six to 12 months earlier, I find it’s pretty out-of-date.
Frustrated by that, I went to a much better expert than I am — Graham Cluley, a longtime security researcher at Sophos who now runs his own, British-based company. Here’s what he told me:
“I wrote [privacy guides] for Sophos in the past, but gave up a few years ago as it was SO hard to keep updated. FB changes their settings so much,” he said. “They love pulling the carpet from underneath folks.”
Steered by this reality, I will not offer a lot of granular Facebook privacy advice in this column. There is a very good, very detailed instruction kit available from Sophos, but I warn you – you’ll lose half your day following its advice.
Instead, I’m going to make you aware of three Facebook paradigms that threaten to nudge you in directions you might not want to go, while offering you three steps you can take in the next 60 seconds to make yourself safer.
1. Understand your past
We tend to think of losing privacy as a single, embarrassing moment. A private message made public. A photo accidentally shared. But in truth, privacy melts slowly over time, like snow in February.
I mean this: Sure, it matters little that Facebook knows you logged in from this Starbucks or that hotel on any particular day. It matters a lot that Facebook knows you log in from the same Starbucks at 1:15 every afternoon, except on some Fridays when you are probably sneaking out of work early.
Think an employment background company won’t want to know that someday, and sell it to a potential employer? It’s not the data, it’s the Big Data, that hurts your privacy.
So it’s always revealing to see everything that Facebook knows about you in one fell swoop, and keep that in mind whenever you use the tool.
Right now: You can see most of what Facebook knows via a single click. Glance up at your cover photo or pick the settings button on the right and click on “Activity Log.” Here, you’ll see everything you’ve ever liked, all photos you’ve been tagged in, etc.
Take a minute to scroll through this collection of data about you. If you have a lot more than a minute, you can click through each item, one by one, and change the audience for these things — make some only viewable by friends, for example, or hide them from all other Facebook users.
There is a capability to delete or unlike some items, too, but don’t get too excited. Un-liking a “like” doesn’t mean Facebook removes you from its databases.
2. Don’t accidentally disclose your location
As Facebook users migrate to mobile devices, it’s becoming critical that you understand the differences among using Facebook on each platform. Facebook users generally don’t like disclosing their location to others; that became obvious when Facebook pushed its “check in here” feature hard, and users pushed back.
So Facebook has now opted for more passive location-disclosing technologies. Desktop users often see a city name next to the box where they type in updates or private messages. The city name is a pretty good context clue that you are about to tell people where you are, and you can click to avoid the disclosure.
On mobile phones, however, the clue is much more subtle, and it’s easy to accidentally reveal location data. On many devices, Facebook places a tiny arrow next to the text you are about to enter (designed to evoke a compass) that is either gray or blue. If it’s blue, you are revealing your location.
Facebook even offers the recipient of messages a handy map showing where you are. Yuck.
I’ve seen plenty of reports from users who think they’ve disabled location data in other places but discover they are enabling location on messages, suggesting this little arrow is easy to accidentally click, or its default setting is too information-sharing friendly.
Right now: Pull up a Facebook message dialog box on a mobile phone and if you see a location arrow, make sure it is gray. It should stay gray going forward, unless you accidentally brush it, so make sure you notice it each time you use the service.
Bonus right now: IPhones allow users to disable location services at the app level using the phone’s settings menu. Just go to settings/privacy/location services and make sure Facebook isn’t selected.
3. Don’t accidentally tell advertisers what you’re doing
Consumers don’t like telling corporations where they are or what they are doing, but it happens constantly. Remember, if you aren’t paying for the product, you are the product, and nowhere is that saying more true than on Facebook’s “free” service. To make money, the company needs to sell you to other companies.
Right now: Facebook has a pretty simple advertising tab that you should click on and declare your preferences. This link should get you there. Or, from the desktop app, you get there by clicking on settings and ads, then selecting “edit” next to each item.
The notices are wordy, but your best choice is simple. Just pick “No one” from the available drop-down menus. The immediate impact? Your name or likeness won’t appear in Facebook ads shown to your friends.
More on Credit.com: