Years ago, in what seemed like a much more innocent time, I signed up for Facebook.
The first thing you do, as you probably already know, is to fill out a form. It’s a familiar enough exercise: name, date of birth, phone number, e-mail address. We fill out lots of forms in life, and it’s easy to just put the brain in neutral and fill in the blanks.
In retrospect, it turns out that letting Facebook know anything at all about you should be thought of much more like answering questions in the back of a police car.
I’m reminded of this every time I upload pictures of my kids, and the warm mood is cooled a little when the pictures appear with little rectangles over their faces and a note from Facebook urging me to identify them. This thing is not your friend, I think, and ignore the instruction.
Lock down your Facebook account.
As a journalist who writes about digital privacy issues but also about other things, I have a conflicted relationship with this one. It should go without saying that you should restrict your account to friends, but a really surprising number of people don’t. This has its uses if you’re a nosy reporter, but it also isn’t a great idea if you’re you.
What do strangers see? Log out of Facebook, search for yourself and have a look.
Lock down the visibility of your posts retroactively.
This is an obscure but useful feature if you have lots of posts that are set to be visible to the whole world, and you no longer want them to be. It might be annoying to go through them all to restrict them to friends one by one, but fortunately you can do it through one simple settings change:
The Electronic Frontier Foundation has a useful explainer video here.
How many friends do you need?
Another human instinct is to accept friend requests from people you have a very slight connection with. Go ahead and accept — there’s no need for hurt feelings — but consider using the pulldown menu to make them “acquaintances,” or, more harshly, “restricted,” which means that they can’t see much of anything. (Poor Owen, below, doesn’t really exist.)
It’s also a good idea to give your friends list an annual pruning.
Facebook doesn’t need a picture of your real face. It just doesn’t.
As we saw above, Facebook is very interested in facial recognition. You don’t need to be a test subject, though — your friends already know what you look like. I rotate between a yellow cactus and a drawing of a beaver brandishing a thistle. You’re only limited by your imagination.
Consider privacy extensions.
Do ads shown to you Facebook seem strangely knowledgeable about your Amazon browsing interests, or precisely what you’re keeping in your L.L. Bean shopping cart, down to colour choices? You can make it a lot dumber with the Facebook Container extension for Firefox, which isolates Facebook from anything else you might be doing online.
Consider not having Facebook on your phone.
People who used Facebook on Android phones between 2016 and 2017 were startled recently to find that their downloadable Facebook data included records of all their phone contacts and the times and durations of their calls, and who the calls were with.
In 2016, a psychiatrist reported that her patients were being recommended as Facebook friends, not only to her but also to each other, creating a nightmarish set of ethical and confidentiality issues. Facebook wouldn’t comment, but the likeliest explanation seemed to be that the cell number associated with the psychiatrist’s Facebook account was also in her patients’ phones, and that Facebook’s friend suggestions were based on that.
If you must have Facebook on your phone, turn off location sharing.
You have to share your location with driving direction services for them to work, but in that case, you’re getting something out of it. You aren’t getting anything out of sharing your location with Facebook on your phone. Here’s how to turn if off.
Shut apps out of your account.
Apps are how your data leaks out of Facebook in ways that are hard to understand or control — it’s how political research firm Cambridge Analytica ended up with the details of millions of U.S. Facebook accounts before the 2016 election there. Earlier in March, we showed you how to shut them all out.
This one is a bit contentious.
The first thing we need to point out is that Facebook’s terms of service require users to “use the name they go by in everyday life.”
In practice, the company has found that enforcing this is a complicated nightmare of cultural and gender politics. Indigenous users have been understandably offended to be told their names are fake. Tamils don’t have surnames in the Western sense, and are also offended to be told by Facebook to use their “real” names.
Transgender users often want to use names other than the ones on their ID both for personal safety reasons and for identity reasons, and have also collided with Facebook about it. And a German judge recently struck down Facebook’s real-name policy (in Germany) as violating German privacy laws.
Trolls, or authoritarian governments, target accounts run under pseudonyms by reporting them to Facebook in an effort to get them shut down.
There may be real problems with having your real name associated with your Facebook data, which can be used to infer your political opinions and personality traits.
David Carroll, a New York professor and activist, unearthed data that Cambridge Analytica held on him using British data privacy laws. The political research firm had inferred a set of political opinions from his Facebook feed (which he calls “roughly accurate”) and then cross-referenced that to voter records going back for years. In a U.S. context, this often shows party affiliation, and does in Carroll’s case.
From this, Cambridge Analytica would be able to target Carroll’s Facebook feed with custom ads tailored to his opinions, emotional state, level of motivation as a voter and many other factors.
Key to all these linkages, however, was Carroll’s Facebook account being under his real name. If he’d used a pseudonym, or a version of his real name as little like the one on his driver’s licence as possible — perhaps stretching Facebook’s terms of service a bit in the process — Cambridge Analytica would now know far less about him.
One approach is to make up a playful name that pleases you (not another person’s real name, for obvious ethical reasons) and let Facebook complain to you if it notices, bearing in mind that the process is complaint-driven.
Facebook doesn’t need to know your real birthdate.
One of my Facebook regrets is ever letting it know my real birthdate. (It was 2007, and we were far less wary about these issues than we would become.)
Your real birthdate is personally identifying information, and combined with your name can serve to identify you precisely.
The federal privacy commissioner’s office recommends challenging companies that ask for your birthdate to explain why they need it. “Don’t provide it if you don’t have to,” they advise.