How to Use Facebook Privacy Settings

Thomas Germain

Consumer Reports has no financial relationship with advertisers on this site.

Facebook often points to its privacy settings as a solution for consumers worried about how the company handles its data. To be clear, those settings mainly provide ways to safeguard your personal information from other users. Only a couple of settings affect how the platform gathers data on you. 

But the settings are still useful. Below, you'll find instructions on how to:

For the sake of simplicity, most of the instructions below are written for a computer browser, but the steps are similar for a phone browser and the mobile app. Facebook is in the process of updating the look of the website, but the instructions are essentially unchanged.

'Clear' the Data Facebook Gets From Tracking You Around the Web

Facebook collects a lot of data about you when you're not even on Facebook. Hundreds of thousands of apps, websites, and other services send the company reams of data about what you're doing on other parts of the internet—and sometimes even what you're up to in the real world.

The new "Off-Facebook Activity" menu gives you a first-time look at some of that data.

It houses the "Clear History" button, which, despite the name, doesn't actually delete anything. Instead, it "disconnects" the data from your account, preventing the company from using it for targeted ads.

But Facebook will continue to use the information for analytics reports provided to other websites and detailed performance measurements for the company's advertising clients. 

You'll also find a “Manage Future Activity” setting, which essentially lets you keep your history cleared by default. After you turn it off, other companies will keep sending Facebook information about you. But Facebook says once again the data won’t be used to target you with ads.

There's a major caveat. Turning off Future Activity disables the Facebook Login tool that lets you sign into other apps and websites using your Facebook credentials. Alternatively, you can go through a list and disable one-by-one Future Off-Facebook Activity for the services where you don't need Facebook Login.

On a computer: Click the down arrow in the top right of the Facebook home page > Settings & Privacy > Privacy Shortcuts > View or clear your Off-Facebook activity > Manage Your Off-Facebook Activity. (The steps are similar on a phone browser and in the app. Tap the icon with the three stacked lines in the top right, and find Privacy Shortcuts under Settings.)

From there, you can hit the Clear History button. To prevent the data from being used for targeted ads in the future, tap Manage Future Activity on the right-hand side, hit the Manage Future Activity button on the next screen, and then switch off the toggle. (To get here using the app, tap the three buttons in the top right of the Off-Facebook Activity screen.)

Keep Your Location to Yourself

When you use the Facebook mobile app, whether you're scrolling through your news feed, tagging a family photo on the Golden Gate Bridge, or just leaving the app idling in the background, the company can collect data about your location to use in targeting ads.

The most accurate source of location data can be controlled through your device's location services settings. Adjusting that won't stop the company from accessing your location entirely, though—Facebook has admitted it uses information such as your network connection to approximate your whereabouts for advertising purposes. But if you revoke the Facebook app's location permission, the data available to the company will be less precise.

On an iPhone: Go to the phone’s Settings > Privacy > Location Services > Facebook. Then click either "While Using the App" or "Never."

On an Android phone: Go to the phone’s Settings > Privacy > Permissions manager > Location > Facebook. Click on "Allow only while using the app" or "Deny." (These instructions may vary slightly depending on what phone you have.)

Only the newest version of Android provides the "only while using the app" option, and it isn't available on every Android phone. However, users with older Android phones can access a location setting in the Facebook app itself to get the same effect.

In the Facebook app: Tap the icon with the three lines in the top right > Settings & Privacy > Privacy Shortcuts > Manage your location settings > Location Access. Switch the toggle for Background Location to "Off."

Turn Off Facial Recognition

In 2017, Facebook introduced a privacy setting that lets users delete facial recognition data the company has collected and opt out of any systems that use the technology. Nearly 18 months later, a Consumer Reports investigation found that some users never received the setting.

The Federal Trade Commission cited our findings last July in its announcement of a multifaceted settlement against Facebook that included a $5 billion fine. The FTC's complaint against the company revealed that the setting had been missing for approximately 30 million users.

Facebook announced a fix in early September, and a company spokeswoman later confirmed that the setting was finally rolled out to all affected accounts.

Facebook says facial recognition is a useful tool for tagging friends in photos and other features such as spotting fake accounts. According to a Facebook spokesperson, the company isn't selling facial recognition data or using it for targeted ads. 

But privacy experts say there are other ways that biometric data could eventually be used. “Facebook has invested a lot in facial recognition,” says Justin Brookman, the director of consumer privacy and technology policy for Consumer Reports, “and it’s exploring ways to get a return on that investment.”

Here's how to turn Face Recognition off for good.

On a computer: Click the down arrow in the top right of the Facebook home page > Settings & Privacy > Privacy Shortcuts > Control face recognition > Edit > No.

Limit Data Collection by Facebook's 'Partners'

The Facebook Login feature is a quick and easy way to sign in to other websites and apps. But as described above, Facebook gets to collect a bit more of your personal data in exchange. It can also give the companies that provide those outside services access to account info, including your name, photo, email address, and other data visible to the public by default. 

That may include schools you attended, workplaces, Facebook comments posted on other websites, and “likes.”

After the news about Cambridge Analytica broke in 2018, Facebook withdrew this access from any third-party app that users hadn’t logged in to for 90 days, eliminating one source of illicit data collection.

“It’s a good change,” says Brookman. “However, as the Cambridge Analytica scandal showed, once a third party already has your data, it’s really hard to know what happens to it.”

It may be impossible to find and delete personal info harvested by other companies in the past, but you can see which apps are currently collecting data from your account and stop them. You will no longer be able to access these apps using your Facebook Login, so you may want to create a new login and password for each app before making changes.

On a computer: Click the down arrow in the top right of the Facebook home page > Settings & Privacy > Settings > Apps and Websites > Active > Click on the box next to the app's name > Remove.

Protect Your Account From Hackers

It's a good idea to use two-factor authentication to back up the password on any digital account that offers it. This is particularly important if you've ever used the same password on more than one account, or tend to use subpar passwords. (Consumer Reports has expert tips for creating good passwords.)

Once you turn on two-factor authentication in Facebook's settings, the company will send you a verification code—via text or app—to confirm your identity when you access your account from an unverified location, device, or browser.

“That makes it much harder for someone to breach your account with a stolen password,” says Bobby Richter, Consumer Reports' former head of privacy testing.

Facebook has misused this technology. In 2018, researchers discovered that Facebook may use phone numbers collected for two-factor authentication for advertising purposes. And more recently, security experts noticed that Facebook allows other users to look up your profile using those numbers, too.

"This kind of news erodes consumers' trust in a security system we're all starting to rely on," Richter says. "But we still recommend that you use two-factor authentication, because it's one of the best ways to protect your account."

If Facebook already has your phone number, follow the instructions below so that strangers can't use it to find your page. If you haven't given Facebook your number yet, you can use a dedicated app such as Google Authenticator or Duo Mobile for two-factor authentication instead, Richter says. They're easy to set up.  

On a computer: Go to Settings > Security and Login > Use two-factor authentication > Get Started.

Hide Your Account From Google and Other Search Engines

The default settings on Facebook permit your user profile to show up in any Google search that includes your name. But you can change the settings to make your profile less Google-able. And while you’re at it, you can also set limits on who can send you friend requests and look you up using the email address or phone number tied to your account.

On a computer: Go to Settings > Privacy > Do you want search engines outside of Facebook to link to your profile? > Edit > Click the check box on the bottom > Turn Off.

Then on the same page, select "Who can look you up using the phone number you provided?" > Only me. Then do the same for "Who can look you up using the email address you provided?"

Limit Who Sees Your Profile, Photos, and Posts

It can be fun to share the details of your life with family members and friends, but it's less amusing to serve up that data to criminals who comb Facebook pages for personal details to use in identity-theft scams. If you leave your info open to the public, anyone can discover your birthdate, mother’s maiden name, and passion for poodles.

Each time you post a new photo, video, or status update, Facebook's interface gives you the option to keep the news among your friends. You can even exclude certain pals, like, say, your boss or that nosy neighbor.

That's a good practice going forward, but it’s easy to go back to your old posts and limit the audience retroactively. That way, you can make certain you’re not sharing telltale details with people you don’t know. While you're at it, you can change the default audience so that your future posts are more private automatically.

On a computer: Go to Settings > Privacy > Who can see your future posts? > Edit. Then on the same page, hit "Limit Past Posts."

Stop Your 'Likes' From Becoming Ads

You’ve probably seen Facebook ads that list your friends’ names: “So-and-so likes . . . ” That’s because Facebook lets advertisers use your name and products you “like”—Girl Scout cookies, Starbucks coffee, Ford trucks—in ads pitched to people in your network. But just because you’re happy with your Casper bed-in-a-box mattress doesn’t mean you need to publicly endorse it. Here’s how to keep your name off those ads.

On a computer: Go to Settings > Ads > Ad Settings > Ads That Include Your Social Actions > No One.

Restrict Facebook From Tracking Your Activity on Other Websites

Facebook’s data collection doesn't stop when you leave the platform. If you’ve ever visited a website that uses Facebook services—Like and Share buttons, Facebook Login, or the company’s analytics tools—you’ve provided info on the stories you’ve read, the videos you’ve watched, and the products you’ve viewed and placed in an online shopping cart.

“If those buttons are on the page, regardless of whether you touch them, Facebook is collecting data,” says Casey Oppenheim, co-founder of the digital security firm Disconnect.

How do you put a stop to that data collection? Well, there’s no foolproof way to do that—and no way at all through Facebook’s settings. You can, however, install an ad blocking extension such as Disconnect, Ublock, or Privacy Badger on your browser to disrupt Facebook’s efforts to track you online.

The Mozilla Foundation, the nonprofit organization behind the Firefox browser, has designed an ad blocker specifically for this task. It’s called Facebook Container, and it uses a unique browser tab to wall the social media platform off from the rest of your online activity.

It takes only a few clicks to install the Facebook Container extension. The directions are easy to find online.

(Consumer Reports uses Facebook’s services, too. For details on the data we collect, consult our privacy policy.)

Protect Your Privacy On Facebook's Siblings, Too

Adjusting your Facebook settings is a great first step toward protecting your privacy. But the apps on your phone and the services you use online unite to form an entire data ecosystem, and you should take the whole picture into account.

If you use other services that Facebook owns such as Instagram and WhatsApp, lock down your settings on those products, too. (And, now that you're on a roll, consider doing the same for other services like Google, or even LinkedIn.)

"There's a ton of advice about privacy out there, and it can get overwhelming," Richter says. "But the important thing is to be skeptical—keep privacy in the back of your mind when you're using digital services. Every bit of effort you take is a step in the right direction."

Perform a Little Crowd Control

As the fallout from the Cambridge Analytica scandal demonstrated, the people on your friends list can jeopardize your privacy—sometimes without even knowing it.

While Facebook closed the policy loophole that allowed that particular data leak in 2014, there are plenty of other ways friends can let you down—by posting inappropriate content, for example, or falling for scams that permit accounts to be hacked.

That’s why it’s best not to maintain Facebook “friendships” with people you don’t really know (e.g., your best friend’s sister’s tai chi instructor). Facebook doesn’t make it easy to delete large groups of friends. You have to go to your Facebook profile, select people to dismiss one at a time, hover over a drop-down menu, and choose "Unfriend."

To make the process a little easier, consider using the “birthday method.” When you log in to Facebook, check the birthday notifications the app has sent you, and for each one decide whether to send out well wishes or to quietly unfriend people you’re willing to part with. This can help you keep your account more secure.

How Targeted Ads Work

Do you often see online ads that relate to your likes and hobbies? On the "Consumer 101" TV show, Consumer Reports expert Thomas Germain explains to host Jack Rico what targeted ads are and how they work.



More from Consumer Reports:
Top pick tires for 2016
Best used cars for $25,000 and less
7 best mattresses for couples

Consumer Reports is an independent, nonprofit organization that works side by side with consumers to create a fairer, safer, and healthier world. CR does not endorse products or services, and does not accept advertising. Copyright © 2020, Consumer Reports, Inc.