How to lock down your Facebook


While working in Tech Support I often received calls from people who were being stalked and were convinced there must be some kind of tracking software on their machine as their stalker seemed to know intimate details about them.

One woman complained her husband had known about a new man she had been seeing. A man told me his ex wife had known about a recent visit to a Railway Museum. Another girl complained to me her ex boyfriend seemed to know her new phone number.

In every case we were able to find out that there was no bug, or keylogger. The information was already available to anyone with a Facebook account.

Aside from worrying invasions of their own into your privacy Facebook by default does not protect your confidential information as well as it might. Your name is linked to public search engines. People can search for you using your e-mail address and telephone number.

Over the years, I have become so alarmed about how much can be discovered about people online, I regularly archive my account, delete it and create a new one every few months. This can be a bit of a nuisance for your friends however who have to add you as a new friend each time.

If you choose to delete your account permanently, Facebook will give you a 14 day grace period to change your mind, during which you can log in and stop the deletion. The website warns it may take up to 90 days to delete everything.

For those people who like me aren’t ready to abandon Facebook altogether, then there are some important steps you can take to make sure that your account is fully locked down.

Have a dedicated e-mail address for Facebook

If your account is ever hacked and you use the same e-mail address for Facebook as you do for online banking and so on, simply changing your password may not help. You do not necessarily have to create an entirely new e-mail address for this purposes, using an e-mail alias is fine. Many major providers like Gmail will allow you to create an alias for your account so your original identity is hidden.

Use a fake name if possible

Facebook has a fairly strict policy about anyone using anything other than their legal name. Their website states:

‘Facebook is a community where people use their authentic identities. We require people to provide the name they use in real life; that way, you always know who you’re connecting with. This helps keep our community safe.’

They also add:

‘Pretending to be anything or anyone isn’t allowed.’

This has had some bizarre and occasionally funny consequences, such as for this poor woman who happens to share a name with Kate Middleton, the Duchess of Cambridge and was booted off the site for being an Impostor.

It’s not quite as funny for those who are victims of stalking or those who come from cultures whose names don’t marry up with US naming conventions. The controversy has become so strong that there’s even a dedicated Wikipedia page for it.

In practice, thousands of people regularly roleplay as comic book characters, people from the Twilight film series or the Harry Potterverse. The risk in creating an account like this is that anyone can report you for not being a real person.

My own experience from roleplaying as a comic book character has shown that Facebook doesn’t seem to mind you using a different surname, provided they have a real cellphone number on file for you.

Make sure your number is visible to confirmed friends only.

By default anyone can find you using your telephone number. Log into the desktop version of the website and click on Settings > Privacy.

You’ll see a setting saying ‘Who can look you up using the phone number you provided?’. Choose ‘Friends’.

While you’re here you may wish to do the same for your e-mail address.

Stop Search Engines outside Facebook from linking to your profile

Again by default, anyone typing ‘Your name + your location’ into Google is likely to come across your Facebook account. If your account is properly locked down then they should only be able to see your name, current profile picture and current timeline picture but you can’t be too careful.

Choose the option saying, ‘Do you want to search engines outside of Facebook to  link to your profile?’ Choose ‘No.’ Facebook warns that if you only recently enabled this feature then some search engines like Google may still link to some of your content, another good reason to delete your account every few months!

Limit Visibility of Past and Future posts

By default anyone on Facebook, even those who you haven’t confirmed as friends can see your public posts. In the first instance it’s a good idea to head over to Settings > Privacy and under the section ‘Limit The Audience for Old Posts on Your Timeline’, click ‘Limit Posts’.

Bear in mind this action cannot be undone. It simply means though that there’s less likely that the profile picture of you swilling tequila while wearing a pirate hat will probably not be found by the next prospective employer who searches for you.

You can also choose when making a post to make it visible to the public or your friends only. As of 2016, Facebook will remember your preferences but it can’t hurt to check the icon.

If you choose ‘more options’ you can choose to show a post to all of your friends except people you specify.

xl_choose audience-650-80

Enable Tag review…

This is especially popular for those people pulling a sickie so their friend won’t tag them in a photo visiting the local brewery when they’re supposed to be laid up with the flu.

Going to Settings > Timeline and Tagging will allow you choose to approve posts to your Timeline before they appear.

In case your backstabbing friends decides to tag you in a post on your own timeline, you can also choose to approve all tags before they appear.

Use an anonymous cover photo and profile picture

Your current profile picture and Facebook cover photo are visible to everyone. If you don’t want people shallowly adding you just for your looks then you may wish to use a generic photo for your profile picture. You can still upload photos of yourself to your timeline that will only be visible to your friends.

If you do choose to use photos from the internet, bear in mind if you use a picture of the Eiffel Tower for your profile picture, working out what city you’re in will be easier than playing Where’s Waldo with a magnifying glass.

Friends can still add you on Facebook if you give them the link to your username e.g

You can find this by going to Settings > General. Write it down and request that people add you there. Alternatively just have them search for your name while you’re there and point out which account is yours! Of course this method won’t be very effective if you have a rare name, in which case you should consider using an alias.

Turn off location services

The main issue I have with this is not that the phone shares your location (it’s usually possible for people to work this out anyway) but that it often gets the location wrong. You can disable this in the Settings for your Messenger app on your mobile device. The steps to go through to do this differ from device to device though so you’ll need to google this one.

If you’re familiar with the Tor browser, you can also connect to Facebook over the dark web which will mask your real location at all times.

Install browser extensions to disable tracking and ads

By default Facebook is able to track your browsing habits and will display ads on every page. There are a few browser add-ons which will reduce this by the factor of “quite a bit”.

Which ones you use are a matter of personal preference. The most popular adblocker is AdblockPlus although as it still lets some adds through I prefer UBlock Origin.

Two of the most popular extensions for prevent tracking cookies are Ghostery and my personal favourite, Disconnect.

Note that these extensions aren’t just helpful for Facebook. For instance AdblockPlus will prevent Youtube from showing pesky 30 second ads before you play a video. It’s best to have only one Adblocker and one Tracker blocker only to avoid them interfering with one another.

Remember it’s not foolproof

Facebook shouldn’t be trusted if you have extremely private data to protect. There are plenty of Messaging apps which encrypt your communications without storing them on a central server like Facebook does like ChatSecure, which also uses Off the Record Messaging. You can also send photos and videos int the mail or exchange them in person.






Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s