Back to Tutorials
ONLINE SAFETY

Privacy Settings on Social Media

20 min read Beginner

Social media platforms are designed to encourage sharing. The more you share, the more data they collect, and the more effectively they can target you with advertising. While social media offers real benefits -- staying connected with friends and family, networking, accessing news -- the default privacy settings on most platforms are set to maximize your exposure, not protect your privacy.

This guide walks you through the key privacy settings on major social media platforms and provides general principles for protecting your personal information across any platform you use.

General Privacy Principles

Before diving into platform-specific settings, there are universal principles that apply everywhere:

1. Share the Minimum

Every piece of information you share online is a piece of information that can be harvested, leaked, or misused. Before posting anything, ask yourself: does this need to be public? Does it reveal my location, daily routine, workplace, or other sensitive details? The less you share, the less there is to exploit.

Information that seems harmless in isolation can be combined to build a detailed profile. Your birthday, hometown, pet's name, and high school mascot might each seem innocuous, but together they may answer your security questions or help someone impersonate you.

2. Review App Permissions Regularly

Social media accounts can be connected to dozens of third-party apps and services. Each connected app typically has access to some of your profile data. Over time, you may forget which apps you have authorized. Make it a habit to review and revoke access for apps you no longer use or do not recognize.

Tip: Set a calendar reminder to review your connected apps and privacy settings every three months. Platforms frequently update their settings, sometimes resetting your preferences or adding new sharing options that default to "public."

3. Limit Location Sharing

Location data is one of the most sensitive types of information you can share. It reveals where you live, work, exercise, worship, and socialize. Disable location services for social media apps unless you specifically need them, and never share real-time location updates publicly. Posting vacation photos while you are still away tells potential burglars that your home is empty.

4. Control Who Sees Your Posts

Most platforms offer granular controls for who can see your content. Take advantage of these settings. Not every post needs to be visible to the entire internet. Use friends-only settings for personal content and be selective about what you make fully public.

Facebook Privacy Settings

Facebook collects more data about its users than perhaps any other platform. Its privacy settings are extensive but can be difficult to navigate because they are spread across multiple menus.

Key Settings to Change

  • Default audience for posts: Change from "Public" to "Friends" in Settings > Privacy. This ensures that new posts are only visible to people you have accepted as friends.
  • Who can see your friends list: Set to "Only Me" or "Friends." Your friends list reveals your social network, which can be used for social engineering attacks.
  • Who can look you up by email or phone number: Set to "Friends" or "Only Me." By default, anyone with your email or phone number can find your Facebook profile.
  • Search engine indexing: Turn off "Do you want search engines outside of Facebook to link to your profile?" This prevents your Facebook profile from appearing in Google search results.
  • Face recognition: If available in your region, disable the face recognition setting to prevent Facebook from automatically identifying you in photos.
  • Timeline and tagging: Enable review features so you can approve posts and tags before they appear on your timeline.
  • Off-Facebook activity: Use the "Off-Facebook Activity" tool to see and control which websites and apps are sharing your activity data with Facebook. You can clear this history and disconnect future tracking.
Warning: Facebook frequently updates its settings and interface. The specific menu locations mentioned here may change. Use Facebook's "Privacy Checkup" tool (accessible from Settings) to walk through the most current options in a guided format.

Instagram Privacy Settings

Instagram, owned by Meta (Facebook's parent company), shares much of the same underlying data collection infrastructure. Because Instagram is a visual platform centered on sharing photos and videos, privacy considerations are particularly important.

Key Settings to Change

  • Private account: Switch to a private account so that only approved followers can see your posts, stories, and follower list. This is the single most impactful privacy setting on Instagram.
  • Activity status: Disable "Show Activity Status" to prevent others from seeing when you were last online.
  • Story sharing: Control who can share your stories as messages and whether your stories can be shared to other platforms.
  • Mentions: Restrict who can mention you in their posts and stories to "People You Follow" or "No One."
  • Comments: Filter comments and block specific words or phrases to reduce harassment and spam.
  • Location tags: Avoid tagging your location in posts, especially in real time. Remove location data from photos before uploading if possible.
  • Connected apps: Review and revoke third-party app access in Settings > Security > Apps and Websites.

Twitter/X Privacy Settings

Twitter (now X) is a platform where most content is public by default. This is by design -- Twitter is built around public conversation. However, there are important privacy controls available.

Key Settings to Change

  • Protected posts: Enable "Protect your posts" to make your tweets visible only to approved followers. Note that this fundamentally changes how Twitter works for you -- your tweets cannot be retweeted, and you will not appear in public search results.
  • Discoverability: Disable "Let people who have your email address find you on Twitter" and the same for phone number.
  • Location information: Disable "Add location information to your posts" and delete any existing location data from past tweets.
  • Photo tagging: Change to "Only people you follow can tag you" or disable tagging entirely.
  • Direct messages: Control who can send you direct messages. Limit to "Only people you follow" to reduce spam and harassment.
  • Data sharing and personalization: Review Settings > Privacy and Safety > Data sharing and personalization. Disable options that share your data with Twitter's advertising partners.
  • Spaces: Be aware that Twitter Spaces (live audio conversations) are public by default and may be recorded.
Tip: Even with protected tweets, be cautious about what you share. Screenshots can be taken by approved followers and shared elsewhere. No technical privacy setting can prevent a trusted follower from manually sharing your content.

Understanding Data Brokers

Even if you lock down every social media account perfectly, your personal information may already be available through data brokers -- companies that collect, aggregate, and sell personal information about individuals.

Data brokers compile information from public records, social media profiles, purchase history, website cookies, app data, and other sources to create detailed profiles that they sell to advertisers, employers, landlords, and anyone willing to pay. A single data broker profile might include your name, address, phone number, email, age, income estimate, political affiliation, health conditions, purchasing habits, and much more.

What You Can Do About Data Brokers

  • Search for yourself: Search your name on Google and major people-search sites to see what information is publicly available about you.
  • Opt out directly: Most data brokers are legally required to honor opt-out requests. This is tedious but effective. Each broker has its own opt-out process, usually found on their website.
  • Use removal services: Several legitimate services will submit opt-out requests to data brokers on your behalf for a fee. These can save significant time if your data appears on many sites.
  • Limit future data collection: Use privacy-focused browsers and search engines, minimize the personal information you share online, and be cautious about loyalty programs and free services that collect your data.

The Right to Be Forgotten

In some jurisdictions, you have the legal right to request that organizations delete your personal data. The most well-known example is the European Union's General Data Protection Regulation (GDPR), which includes a "right to erasure" -- commonly called the "right to be forgotten."

Under GDPR and similar laws, you can request that a company:

  • Delete all personal data they hold about you
  • Stop processing your data
  • Tell you what data they have collected about you
  • Provide a copy of your data in a portable format

In the United States, privacy laws vary by state. California's CCPA/CPRA provides some similar rights for California residents. Other states are gradually adopting their own privacy legislation. Check what rights are available in your jurisdiction.

Checking What Data Platforms Have on You

Most major platforms allow you to download a copy of all the data they have collected about you. This can be eye-opening -- the amount of data is often far more extensive than people expect.

How to Download Your Data

  • Facebook/Meta: Settings > Your Information > Download Your Information. Choose the date range and data categories you want.
  • Google: Visit Google Takeout (takeout.google.com) to download data from all Google services -- Gmail, Search history, YouTube, Maps, Photos, and more.
  • Instagram: Settings > Your Activity > Download Your Information.
  • Twitter/X: Settings > Your Account > Download an Archive of Your Data.
  • TikTok: Settings > Privacy > Personalization and Data > Download Your Data.
Important: Reviewing your data download can be shocking. You may find that platforms have logged every search you have ever made, every link you have clicked, every location you have visited, and detailed advertising profiles about your interests, behaviors, and demographics. Use this knowledge to motivate better privacy practices going forward.

Practical Privacy Checklist

Here is a practical checklist you can work through to improve your social media privacy:

  1. Audit all your social media accounts -- including ones you may have forgotten about
  2. Set all accounts to the most private settings available
  3. Remove or restrict personal information from your profiles (birthday, phone number, address)
  4. Revoke access for third-party apps you no longer use
  5. Disable location services for social media apps on your phone
  6. Review and delete old posts that reveal too much personal information
  7. Download your data from each platform and review what they have collected
  8. Opt out of data broker sites that have your information
  9. Enable two-factor authentication on every social media account
  10. Use unique, strong passwords for each platform (use a password manager)
  11. Delete accounts you no longer use rather than leaving them dormant
  12. Be thoughtful about what you post going forward -- once something is online, it is very difficult to fully remove

Taking control of your social media privacy is not about becoming invisible -- it is about making conscious choices about what you share and who you share it with. In an era where personal data is one of the most valuable commodities on the planet, privacy is not paranoia. It is self-respect.

Previous: Dark Web Navigation Next: Recognizing Phishing Scams