5 ways to secure your Facebook profile in a post-Timeline world

With the ongoing rollout of Facebook's Timeline feature, security and privacy have never been more important to your digital life. The new layout presents all of your current and past activities on Facebook -- posts, photos, comments, likes and so on -- in a handy timeline format to anyone with access to your profile, which may include friends of friends, colleagues, executives at your company, a potential future boss ... well, you get the idea.

If you've made the jump to Timeline -- and if you haven't, you will within the next few weeks, like it or not -- you should know that Facebook has changed a few things, and there are certain settings you need to pay attention to if you're concerned about what parts of your life others can see. Here's how to lock down your profile in the post-Timeline world.

1. Limit your connections

Most key privacy settings are accessible by clicking the arrow in the upper right-hand corner of your profile screen (next to your name and the Home button). From here, select Privacy Settings in the drop-down menu.

Click on Edit Settings next to the How You Connect option to begin your profile lockdown. This section contains five privacy settings.

The first three settings govern who can look up your profile and see your contact information, who can friend you and who can send you messages. For maximum privacy, change the first and third settings to Friends, thereby preventing anyone else from looking up your profile or sending you messages.

The second setting governs who can send you Friend requests. The more secure choice is Friends of Friends, but it limits your connectivity on the world's largest social network. If you're worried about losing out on friendship opportunities, keep it set to Everyone.

The last two settings dictate who can post on your timeline and who sees those posts. Only Me is the safest option, but choosing it severely reduces the number of interactions Facebook offers. If you're seriously considering limiting your timeline posts to you and only you, it might be time to leave Facebook entirely.

Setting both of these options to Friends is relatively safe while still allowing the sharing that makes Facebook fun. And there is a way to review posts from friends before they appear on your timeline, as you'll see in the next section of the story.

2. Tailor your tags

An easily missed entry in the Privacy Settings is one innocuously labeled How Tags Work. However, it is essential to tweak the settings found here if you want to take control of your profile's privacy, as some tagging actions can be pretty invasive.

The first two settings (Timeline Review and Tag Review) are particularly useful. When you enable them, you can review posts and photos that friends tag you in, as well as the tags friends add to your own posts -- all before this information goes public. That's especially valuable if you have well-meaning friends who think tagging you in those Vegas party photos is a good idea.

The third setting, Maximum Timeline Visibility, should be set to Friends or customized for certain friend lists or networks to ensure that these tagged posts, once approved, aren't seen by everyone.

Disable the fourth setting on the list, Tag Suggestions. It makes it harder for friends to tag large quantities of photos featuring you or people that look like you. But it also takes some of your profile's privacy out of the hands of others.

The last setting on the list is seriously important: It determines whether or not friends can check you in to places. Turn it off. The only thing worse than constantly broadcasting your location is having someone else do it without your express permission.

3. Rein in app permissions

Speaking of permissions, the permission window that used to appear frequently when Facebook apps wanted to access your profile information is pretty much MIA now. Currently, apps need to ask you only once for permission. Once they do, they'll mine your profile information as often as need be, sometimes even when the app isn't being used.

Fortunately, there's a privacy fix. Unfortunately, it's not a quick one, since you'll have to tweak each app's settings individually.

In the main Privacy Settings, click on Edit Settings next to the Apps and Websites entry to bring up the Apps, Games and Websites privacy settings page. Next to "Apps you use," click on Edit Settings again to access a full list of apps running on your profile. Each app is accompanied by an Edit button, which displays the app's permissions when clicked. Each app has different permissions enabled, so you'll have to check each one individually.

Here's the bad news: Some permissions, such as sharing basic profile information with the app, cannot be altered. These are marked by the grayed-out word "Required" next to the particular permission.

Other settings, however, have the word "Remove" next to them -- click on it to remove any permission. These are the only items that can be changed, so you'll have to take a hard look at what permissions an app deems a necessity. If you don't like what you see, click "Remove app" at the top of the same page and learn to live without that app.

For the apps you do keep, it's important to control who sees the information that the apps share -- many of them are designed to broadcast your activities on your timeline and in the "ticker" on the right side of users' home pages. At the bottom of each app's permissions page is another important option entry titled "App activity privacy." Click on the drop-down menu and select Only Me to be sure your app activity isn't seen by anyone else.

Similarly, if you install any new apps, be sure to select Only Me under "Who can see activity from this app on Facebook" on the installation page.

4. Stop others from taking your information with them

The Apps, Games and Websites privacy settings also contain some other features that security hounds would be wise to disable.

Click on Edit Settings next to the entry labeled "How people bring your info to the apps they use." Other users may be able to bring your personal information with them when they use apps and websites. It's all in the interest of making things more social. It can also be invasive. Uncheck the box next to each information category listed (there are 17 of them) to prevent others from using your personal data.

Head back to the Apps, Games and Websites privacy settings and click Edit Settings for the "Instant personalization" category. This option should be turned off by default, but check to make sure. You'll first see a pop-up screen explaining the feature; when you close that, you'll be able to see whether it's enabled. If it is, disable it. This will prevent Facebook partner sites from accessing your public information to personalize your experience on their own websites.

5. Reduce your social footprint

Sharing is the whole point of Facebook, but the Timeline layout sometimes takes this to extremes, making it easy for others to see all your activity from years gone by. The good news is that you can disable Recent Activity updates, which broadcast new friendships, groups you've joined and any other changes in your basic information (such as relationship status or political views). Just click on the X next to a Recent Activity update on your timeline and select Hide Similar Activity from Timeline.

This makes the process of hiding certain activities from your past a little easier. But here's the bad news: Individual status updates or posts from, say, your less judicious days need to be removed individually by clicking the pencil icon next to each item and choosing Hide from Timeline -- a process that could take you to the end of 2012 if you've ever been very active on Facebook.

There's a limited solution, though: In the main Privacy Settings window, the second-to-last entry on the list is titled Limit the Audience for Past Posts. Click on the Manage Past Post Visibility link next to it. A window will appear giving you the option to change all past posts so that they're visible only to friends. Click Limit Old Posts to do so.

That will at least prevent anyone other than people you've friended from seeing older items on your timeline. But considering that your boss, colleagues and other acquaintances may be among your Facebook friends, it's still a good idea to review your entire timeline and remove compromising status updates, comments, links and photos. Start with the oldest items first. When you first started using Facebook, you probably had fewer contacts and might have posted and commented with less caution than you've done more recently.

As a last precaution, make sure that everything you post on Facebook moving forward is shared only with friends, specific networks or friend lists: Click the drop-down box next to your status update, comment, link or other shared content and select Friends or a group. For even more granular control over who can and can't see a post, select the Custom option.

It bears mentioning that the last and best defense against digital privacy invasions is common sense. You may want to be a bit irreverent with your Facebook friends -- and there's nothing wrong with that. But ask yourself if you'd wave that questionable photo or say that pithy comment in front of someone who could affect your future hiring prospects. If not, think twice before you post it on Facebook.

Join the CSO newsletter!

Error: Please check your email address.

More about CustometworkFacebook

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Logan Kugler

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts