Skip to Main Content
PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

Master Social Media Without Sacrificing Your Privacy

Posting on social media is all about communication, whether it's chatting among friends or broadcasting to the public. Just take care that you don't give away too much information.

By Neil J. Rubenking
Updated December 13, 2022
(Photo: Emilija Manevska/Getty Images)

Keeping in touch over social media is a huge part of modern life. Heard a joke? Share it! Got a clip of your baby being adorable? By all means, share it! But as you do, make sure you know just who you’re sharing with. If your social media settings are wrong, sensitive information you thought you disclosed only to your friends could wind up going viral. Protecting your privacy on social media is important, in more ways than you may realize.

Maybe you already know this. Maybe you keep your privacy settings tuned and never overshare on social media. But how about your friends? If they’re careless about their own privacy, their heedlessness can slop over and affect you. Show them this article—post it on your wall! Maybe they’ll shape up.

How Can I Protect My Privacy Among Friends?

Social media sites like Facebook and Instagram are designed to let you share your thoughts, interests, and pictures with your friends. Unless you’re a Kardashian, you don’t want to share your every brain-blip with everyone in the world, so privacy settings are important. Maybe you feel you have nothing to hide? Consider the fact that if you don’t control access to your posts, they’re fully available to advertisers, spammers, cyber-stalkers, and other miscreants.

Unfortunately, your privacy isn't a priority for social media companies. After all, they make money by selling ads, and by selling information about their members. Proper privacy can interfere with a social media company's ability to monetize the time you spend on their site. You need to put yourself in charge of your social media privacy.

You want the Goldilocks settings—private enough to keep out the hoi polloi but not so private that you can’t share with friends. Just how you achieve that balance depends on which platform you’re using. Even on the same platform, the implementation of privacy settings can change. What you need to do is walk through the options offered by the platform and use some common sense.

The most important privacy setting is the default audience for your posts. If this is set to public, you have zero privacy. Configure it so just your friends can see what you post. You may be able to fine-tune the audience. For example, you might limit access to a subset of your friends, or exclude specific friends. These options are all typically available on a per-post basis, so if you want to defy the default for an individual post you can.

Shutting down the firehose spewing your posts out to the world is a good first step, but there’s more to consider. Who can see your friends list—just friends, friends of friends, or anybody? Who can tag you in photos or posts? If Cousin Eddie tags you as a photo of a blobfish, do you get a chance to veto the tag? Who can share your posts? That last one’s especially important if you have impulsive friends with poor security habits.

Off-Facebook Activity
(Credit: Facebook)

Your social media provider may offer privacy help. It’s a win for the company, really. Their press releases can tout their commitment to privacy, while in the back room they know that not many people will take advantage of privacy help. You can tighten your Facebook privacy using the Privacy Checkup and Off-Facebook Activity tools, for example, and Twitter’s Privacy Center offers videos on privacy.

You don't have to worry about the privacy of your Google+ account anymore, since the service shut down in 2019. However, chances are good that you interact with Google in many other ways. While you're thinking about social media, checking the privacy of your Google account couldn't hurt.

Even when you’re confident you’ve got the perfect balance of sharing and privacy, don’t rest on your laurels. Make a quick pass through the settings now and then, in case the provider has made an unexpected change.

How Can I Protect My Privacy While Broadcasting My Thoughts?

For most users, Twitter is a social broadcast medium rather than a closed network. When you post a tweet, you want people to see it. Yes, there’s a setting that limits the visibility of your tweets to people who already follow you, but that’s not a typical Twitter use case. Other settings let you control how people can find you on Twitter, who can send you DM requests, who can tag you in photos, and more. You might also consider that, given the disorder since Elon Musk's acquisition, Twitter may be a less reliable guardian guardian of your privacy than it once was. See Don't Trust Twitter: Get Out Now and Do It Right for more details.

At the start, LinkedIn was strongly focused on forming and growing your network of contacts. Someone who wanted to reach you through LinkedIn could only do so by wangling an introduction from a person who’s already in your network. That’s still the default and the best choice for most people. You can also use LinkedIn to broadcast posts, just as you do with Twitter, but a tweet generally has more impact.

Even with broadcast-type services, it’s worthwhile to step through the privacy settings. Do you want location information automatically added to every post? Do you let just anybody send you a direct message or only people to whom you’re connected?

What Not to Share on Social Media

Most social networks let you fill in a vast amount of profile information about yourself. Where you grew up, your favorite band, your high school mascot, your favorite color...you can fill in all of these and more. But you shouldn't.

The big problem lies in the vast number of websites that use simplistic security questions to verify a password reset request. They'll ask for your mother's maiden name, the town where you were born, or your pet's name. A fully fleshed-out social media profile supplies the answers to most such questions. Even if you keep your profile details private, just one security slipup could give the bad guys all those answers.

Yes, filling in profile details can make it easy for people with similar interests to find you, but it's just not worth the risk. If you haven't thought about this before, now would be a good time to check your profile and delete anything that sounds like the answer to a security question. You could even change the profile data to wrong answers. Nothing drastic will happen if you claim to be a Pastafarian living in Dnyepopetrovsk who enjoys Tuvan throat singing, and it may amuse your friends.

If you've got your privacy settings squared away, mentioning vacation or travel plans to your social media friends may not be such a bad thing, but think twice before you broadcast a tweet about your upcoming trip to Dubai. It's like putting a sign on your door, "Nobody's home—please rob me!" Really, you should think twice before ever putting anything in a post that would cause you trouble if it went public.

Are Free Games Safe to Use?

Any social network wants to be your one-stop online location. Sure, you can view and share posts and exchange private messages, but additional services like buying and selling, and joining interest groups are common. And playing games. Facebook, for example, offers a teeming marketplace of games and other connected apps. My advice—don’t touch them. These third-party apps and games gain access to your profile and posts, and their own security isn’t guaranteed. In fact, I’d advise entirely turning off the platform that allows games and apps to share your data.

Facebook offers endless choices for playing games
(Credit: Facebook)

The established social media games, Farmville-style, are relatively low-risk (though they may generate posts that annoy your friends). Simple, silly quiz games like “Which House of the Dragon Character Are You?” or “What Country Should You Live In?” can actually be more pernicious. If you click one of these and it asks for access to your account, shut it down, fast. You have no idea what data the quiz pulls, and it may not even use that data as input before identifying you as Lord Corlys Velaryon. There’s no central clearinghouse, no place to pin the blame for any misuse of your data. Just skip it!

Then there are the simple “getting to know you better” posts that get shared and reshared. Typically, one of your less-informed friends shares the post, which includes a passel of fun facts and includes a prompt to post a copy of the list, replacing the facts with your own. If you do, chances are good you’ve exposed the answers to many popular security questions. Maybe your posts are only visible to friends, but that doesn’t mean your friends will take proper care of that private information.

Social Media Quiz Scam
(Credit: Neil J. Rubenking)

To be fair, a goodly number of social media users have come to understand that these quizzes are more dangerous than fun. Some folks fill out the quiz with good advice rather than giving any personal data away. I’ve encountered versions like the one above quite a few times and shared them as well.

What Should I Do If a Stranger Contacts Me?

How many friends do you have in your social media circles? How many would you recognize if you met them on the street? It’s only human to feel that the more friends you have, the better off you are. However, accepting friend requests willy-nilly can poke holes in your carefully curated privacy.

When an apparent stranger asks to friend you, do your due diligence. Click to view the person’s profile and see how many friends you have in common. Chances are good doing so will reveal whether you have an actual connection to the person. If the wannabe friend has filled in profile data like hometown, jobs, and schooling, these items may also serve to jog your memory. But if exploration leaves you scratching your head, just say no, or ignore the request and let it age out of your notifications.

It's Surprisingly Easy to Be More Secure Online
PCMag Logo It's Surprisingly Easy to Be More Secure Online

Even when the request comes from someone you do know, it doesn’t hurt to double-check the profile for legitimacy. It’s easy enough to scrape someone’s picture from the web and fake up a profile. Make a quick sanity check, looking for friends in common, recent posts and photos, and anything else to verify that this really is someone you know.

Nothing for Nothing

If you’re getting something for free, you yourself are the product. Or so the saying goes. Social media sites hold immense quantities of information about you, your likes, your connections, and your very life. Just what do they know about you? In many cases, you can find out.

Downloading the personal data held by Facebook takes a little effort, in part because nobody except you should be able to get it. Everything that’s in your profile is here, naturally, along with every group you belong to (active or otherwise), pages you’ve liked, and any Music, Books, Movies, and such that you’ve named. The Friends list may be a bit daunting, as it includes every friend request you’ve accepted, rejected, or ignored, as well as those you’ve unfriended and those you follow without being a friend. The data dump also includes every post you’ve ever made, though without any included images. All photos show up in their own list. Stripped-down versions of videos, messenger conversations, events, and pokes, it goes on and on.

Twitter’s privacy settings page includes an option to download an archive of your data. LinkedIn calls it “Get a copy of your data.” For each social network you use, set aside some time to obtain and examine the archived data. It can be an eye-opener.

The Keys to the Kingdom

Takeover by a hacker is the worst thing that can happen to your social media accounts. The hacker can send false tweets or posts that seem to come from you. The consequences can include offending friends, spreading malware, or even sending the stock market into a nosedive. And if the attacker changes your password, you’ll have a challenge getting your account back. At least two of my social media friends have had to abandon their hacked profiles, warn all their friends to drop the old profile, and start fresh.

Things get even worse if you've used the same password across multiple social media sites. You can be sure that a crook who's taken over one of your social accounts will try the same credentials on other sites. You need a different, strong password for each of your social media accounts; a password manager will help you keep them straight.

A Fine Balance

The whole point of using social media is communication, whether with your tight circle of friends or with whoever wants to follow your broadcast posts. What you need to do is maintain the proper balance between sharing and over-sharing, and make sure you've got your privacy settings configured just right.

What if you just can’t square the risks to your privacy with the benefits of sharing with your friends? If, in your considered opinion, social network access just isn’t worth the risk, you can always delete your account. You won’t totally vanish. Facebook won’t pull your comments from every place you’ve left them, for example. But you will remove social media as a potential entry for attacks on your privacy.

Like What You're Reading?

Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.


Thanks for signing up!

Your subscription has been confirmed. Keep an eye on your inbox!

Sign up for other newsletters

TRENDING

About Neil J. Rubenking

Lead Analyst for Security

When the IBM PC was new, I served as the president of the San Francisco PC User Group for three years. That’s how I met PCMag’s editorial team, who brought me on board in 1986. In the years since that fateful meeting, I’ve become PCMag’s expert on security, privacy, and identity protection, putting antivirus tools, security suites, and all kinds of security software through their paces.

Before my current security gig, I supplied PCMag readers with tips and solutions on using popular applications, operating systems, and programming languages in my "User to User" and "Ask Neil" columns, which began in 1990 and ran for almost 20 years. Along the way I wrote more than 40 utility articles, as well as Delphi Programming for Dummies and six other books covering DOS, Windows, and programming. I also reviewed thousands of products of all kinds, ranging from early Sierra Online adventure games to AOL’s precursor Q-Link.

In the early 2000s I turned my focus to security and the growing antivirus industry. After years working with antivirus, I’m known throughout the security industry as an expert on evaluating antivirus tools. I serve as an advisory board member for the Anti-Malware Testing Standards Organization (AMTSO), an international nonprofit group dedicated to coordinating and improving testing of anti-malware solutions.

Read Neil J.'s full bio

Read the latest from Neil J. Rubenking