Consumer Reports has no financial relationship with advertisers on this site.
Consumer Reports has no financial relationship with advertisers on this site.
For years, Facebook has directed users with concerns about their personal data to the platform's privacy settings—but Facebook's settings are a source of criticism themselves. In May, we reported that a facial recognition setting announced in 2017 was still missing for some users. And in the past, privacy experts have accused the social media giant of inserting "dark patterns" into its settings that may push users to make decisions that aren't in their best interests.
A year of privacy scandals has shaken many users' confidence in Facebook. In a nationally representative survey of more than 2,000 U.S. adults, 74 percent of Facebook account holders told Consumer Reports they had altered their behavior in some way due to privacy concerns raised by the scandals. Forty-four percent said they had revised their privacy settings, and about 4 in 10 said they had cut back on social media use or been more cautious about posting, commenting, and viewing content.
Consumer advocates say the company could do much more to respect users' privacy. But while Facebook's privacy settings may not be perfect, they're still one of the only ways to control how the company handles your data. Here are nearly a dozen methods for limiting location tracking, turning off facial recognition, and more.
Most of the instructions below are for a computer browser, but the steps are similar on a phone or in the mobile app.
Keep Your Whereabouts to Yourself
When you use the Facebook mobile app, whether you're scrolling through your news feed, tagging a family photo on the Golden Gate Bridge, or just leaving the app idling in the background, the company can collect data about your location. Facebook uses that information to analyze the places you visit and target you with what it considers to be relevant ads.
If you use Facebook, there's no way to prevent the company from using signals like WiFi access points, cell towers, and other sources to determine your approximate location. But the most accurate source of location data is your device's GPS, and if you revoke the app's GPS access, the location information available to the company will be far less precise.
Here’s how to turn off GPS tracking on your phone.
On an iPhone: Go to the phone’s Settings > Privacy > Location Services > Facebook > While Using the App or Never.
On an Android phone: Go to the phone’s Settings > Apps (or Apps & Notifications) > Facebook > Permissions > Location > Off. (These instructions may vary slightly depending on what phone you have.)
Android users who want more granular location controls can utilize a new option as well. If you keep the Location permission turned on and adjust the following setting, Facebook says it will access your device's GPS only while you're using the app.
In the Facebook app: Tap the icon with the three lines in the top right > Settings & Privacy > Privacy Shortcuts > Manage your location settings > Location Access > Switch the toggle off for Background Location.
Turn Off Facial Recognition
In 2017, Facebook introduced a privacy setting that allows users to delete facial recognition data the company has collected about them and to opt out of any systems that use the technology. But nearly 18 months later, Consumer Reports has found that the Face Recognition setting is missing for some users.
Facebook says facial recognition is a useful tool for tagging friends in photos and other features such as spotting fake accounts. But privacy experts say there are other ways that biometric data could be used. According to a Facebook spokesperson, the company isn't selling facial recognition data or using it for targeted ads.
But the impact of the data collection could be far-reaching, according to Justin Brookman, the director of consumer privacy and technology policy for Consumer Reports. “Facebook has invested a lot in facial recognition,” he says, “and it’s exploring ways to get a return on that investment.”
Consumer Reports found that Facebook users who are missing the Face Recognition setting still have access to an older setting called "Tag Suggestions." After we published our article, the company told CR that the two settings actually do the same thing. When you turn off either setting, Facebook will delete the facial recognition data it has collected, and opt you out of any features that use the technology.
Here's where to find the settings.
On a computer: Click the question mark at the top right of your Facebook home page and choose Privacy Shortcuts > Control Face Recognition > Edit > No.
If you don't have the Face Recognition setting, you should still be able to turn off Tag Suggestions.
On a computer: Click on the downward arrow at the top right of your Facebook page and choose Settings > Timeline and Tagging > Select "Who sees tag suggestions when photos that look like you are uploaded?" > No One.
Limit Data Collection by Facebook's Partners
The Facebook Login feature is a quick and easy way to sign in to websites and mobile apps for services such as The New York Times, Pandora, and Yelp. But it also gives the companies that provide those services access to account info, including your name, photo, email address, and other data visible to the public by default.
That includes schools you attended, workplaces, Facebook comments posted on other websites, and “likes.”
In the wake of the Cambridge Analytica scandal in 2018, Facebook withdrew this access from any third-party app that users hadn’t logged in to for 90 days. (Sorry, Angry Birds.)
“It’s a good change,” says Brookman. “However, as the Cambridge Analytica scandal showed, once a third party already has your data, it’s really hard to know what happens to it.”
It may be impossible to find and delete personal info harvested by other companies in the past, but you can see which apps are currently collecting data from your account and stop them. You will no longer be able to access these apps using your Facebook Login, so create a new login and password for each app before making changes.
On a computer: Click on the downward arrow at the top right of your Facebook page and choose Settings > Apps and Websites > Active > Click on the box next to the app's name > Remove.
Protect Your Account From Hackers
It's a good idea to use two-factor authentication to back up the password on any digital account that offers it. This is particularly important if you've ever used the same password on more than one account, or tend to use subpar passwords. (Consumer Reports recommends you follow our expert tips for creating good passwords.)
Once you turn on two-factor authentication in Facebook's settings, the company will send you a verification code—via text or app—to confirm your identity when you access your account from an unverified location, device, or browser.
“That makes it much harder for someone to breach your account with a stolen password,” says Robert Richter, who oversees CR’s privacy testing.
Facebook has misused this technology. In 2018, researchers discovered that Facebook may use phone numbers collected for two-factor authentication for advertising purposes. And more recently, security experts noticed that Facebook allows other users to look up your profile using those numbers, too.
"This kind of news erodes consumers' trust in a security system we're all starting to rely on," Richter says. "But we still recommend that you use two-factor authentication, because it's one of the best ways to protect your account."
If Facebook already has your phone number, follow the instructions below so that strangers can't use it to find your page. If you haven't given Facebook your number yet, you can use a dedicated app such as Google Authenticator or Duo Mobile for two-factor authentication instead, Richter says. They're easy to set up.
On a computer: Go to Settings > Security and Login > Use two-factor authentication > Get Started.
Make Your Page Harder to Find
The default settings on Facebook permit your user profile to show up in any Google search that includes your name. But you can change the settings to make your profile less Google-able. And while you’re at it, you can also set limits on who can send you friend requests and look you up using the email address or phone number tied to your account.
On a computer: Go to Settings > Privacy > Do you want search engines outside of Facebook to link to your profile? > Edit > Click the check box on the bottom > Turn Off. Then on the same page, select "Who can look you up using the phone number you provided?" > Friends. Then do the same for "Who can look you up using the email address you provided?"
Limit Who Can See Your Profile Info, Photos, and Posts
It can be fun to share the details of your life with family members and friends, but it's less amusing to serve up that data to criminals who comb Facebook pages for personal details to use in identity-theft scams. If you leave your info open to the public, anyone can discover your birthdate, mother’s maiden name, and passion for poodles.
Each time you post a new photo, video, or status update, Facebook's interface gives you the option to keep the news among your friends. You can even exclude certain pals, like, say, your boss or that nosy neighbor.
It’s easy to go back to your old posts and make certain you’re not sharing telltale details with people you don’t know, and automatically change the audience so that your future posts are more private by default.
On a computer: Go to Settings > Privacy > Select "Who can see your future posts?" > Edit. Then on the same page, scroll down to Limit Past Posts.
Stop Your 'Likes' From Becoming Ads
You’ve probably seen Facebook ads that list your friends’ names: “So-and-so likes ... ” That’s because Facebook lets advertisers use your name and products you “like”—Girl Scout cookies, Starbucks coffee, Ford trucks—in ads pitched to people in your network. But just because you’re happy with your Casper bed-in-a-box mattress doesn’t mean you need to publicly endorse it. Here’s how to keep your name off those ads.
On a computer: Go to Settings > Ads > Ad Settings > Ads That Include Your Social Actions > No One.
Restrict Facebook From Tracking Your Activity on Other Websites
Facebook’s snooping doesn't stop when you leave the platform. If you’ve ever visited a website that uses Facebook services—Like and Share buttons, Facebook Login, or the company’s analytics tools—you’ve provided info on the stories you’ve read, the videos you’ve watched, even the products you’ve viewed and placed in an online shopping cart.
“If those buttons are on the page, regardless of whether you touch them or not, Facebook is collecting data,” says Casey Oppenheim, co-founder of the digital security firm Disconnect.
How do you put a stop to that data collection? Well, there’s no foolproof way to do that—particularly via Facebook’s settings. You can, however, install an ad blocking extension such as Disconnect, Ublock, or Privacy Badger on your browser to disrupt Facebook’s efforts to link your browsing history to your Facebook account.
The Mozilla Foundation, the nonprofit organization behind the Firefox browser, has designed an ad blocker specifically for this task. It’s called Facebook Container, and it uses a unique browser tab to wall the social media platform off from the rest of your online activity.
It takes only a few clicks to install the Facebook Container extension. The directions are easy to find online.
Restrict Facebook's Siblings From Tracking Your Activity
Adjusting your Facebook settings is a great first step toward protecting your privacy. But the apps on your phone and the services you use online unite to form an entire data ecosystem, and you should take the whole picture into account.
If you use the apps for Facebook-owned Instagram and WhatsApp, lock down your settings on those products, too. (And, now that you're on a roll, consider doing the same for other services like Google, or even LinkedIn.)
"There's a ton of advice about privacy out there, and it can get overwhelming," Richter says. "But the important thing is to be skeptical—keep privacy in the back of your mind when you're using digital services. Every bit of effort you take is a step in the right direction."
Perform a Little Crowd Control
As the fallout from the Cambridge Analytica scandal demonstrated, the people on your friends list can jeopardize your privacy—sometimes without even knowing it.
While Facebook closed the policy loophole that allowed that particular data leak in 2014, there are plenty of other ways friends can let you down—by posting inappropriate content, for example, or falling for scams that permit accounts to be hacked.
That’s why it’s best not to maintain Facebook “friendships” with people you don’t really know (e.g., your best friend’s sister’s tai chi instructor). Facebook doesn’t make it easy to delete large groups of friends. You have to go to your Facebook profile, select people to dismiss one at a time, hover over a drop-down menu, and choose Unfriend.
To make the process a little easier, consider using the “birthday method.” When you log in to Facebook each day, click on the globe at the top of the page, review the birthday notifications, and send out well wishes or quietly unfriend the people you’re willing to part with—in the interest of keeping your account more secure.
More from Consumer Reports:
Top pick tires for 2016
Best used cars for $25,000 and less
7 best mattresses for couples
Consumer Reports is an independent, nonprofit organization that works side by side with consumers to create a fairer, safer, and healthier world. CR does not endorse products or services, and does not accept advertising. Copyright © 2019, Consumer Reports, Inc.