Brenda the penguin with text that says Brenda vs Facebook, and a picture of an asteroid

Facebook is a vital organising and networking tool. It is beneficial to help people to stay connected, access support networks, and network across borders. So it’s important to understand the privacy risks and regularly review your Facebook settings as part of your ongoing digital security measures.

7 tips for Facebook harm minimisation

1. Understand what information Facebook has on you

This 2018 Guardian article uncovers in dramatic detail the level of information that Facebook retains on users. You may also wish to download the data to get a handle on how much info they have.

2. Check your privacy settings

Schedule a security check for a regular time.

3. Have a look through your friends list

Friends don’t let friends friend bad friends. Or something.

  • Are they people you know in real life and have met? And if not, are they people you have good reason to trust and you get something from the relationship?
  • Some people might like to apply the coffee/beer test… if you wouldn’t hang out with them in real life, why do they have access to some personal parts of yours?
  • Do they have a practice of friending everyone? Could they be friends with someone who is using their profile to access information about you? Some signs of a “sock puppet” or a fake facebook profile include: little to no friends, extensive privacy settings, and little information or interaction or groups of accounts that have the same friends with similar characteristics. You can do a “reverse image search” to see if their profile and activity photos are stock photos or stolen from somewhere.
  • Your friends could be exposing more information about you, than you yourself do. It’s also believed that facebook have “shadow” profiles set up on people who may not even be on facebook.  The responsibility of your data can be out of your control if your friends give access to all their contact lists – so have a look at your friends list and if people have bad habits, perhaps discuss with them, or limit their ability to impact on your life. Read more about how your friends can expose you.

4. Do not use Facebook to sign into other accounts

Instead, log into accounts using your email address. As a rule try not to put all eggs in one basket. The more connected your data is, the more an incredibly detailed map of you can be built by companies and government (this goes for Google too!). 

You can install the “Data Selfie” browser extension to track what information facebook finds about you over time.

5. Don’t do quizzes on Facebook

Why give information about yourself, which is worth money, away to people for free?

You are not just finding which Hogwarts house you are, what Game of Thrones character you will sleep with, or what cocktail describes your personality; you are allowing companies to steal personal data about you for profit.

6. Don’t use messenger

This is a whole new level of privacy and access that you are allowing Facebook to have.

Instead, use secure messaging apps such as Signal.

You can also still access facebook messages by using the old fashioned basic interface:

7, Check your phone settings

If you granted permission to read contacts during Facebook’s installation on Android before Android 4.1 (Jelly Bean), that permission also granted Facebook access to call and message logs by default. The permission structure was changed in the Android API in version 16.

Apple iOS has never allowed access to call log data by third-party apps, so this sort of data acquisition was never possible.

Facebook provides a way for users to purge collected contact data from their accounts, but it’s not clear if this deletes just contacts or if it also purges call and SMS metadata.