Facebook best practice Profile privacy settings
Facebook has provided users with powerful controls to protect themselves online, and it is up to individuals to check and ensure that appropriate settings are in place. Sophos has published recommendations for how to configure the settings for each of these privacy areas of Facebook.
Profile (edit)
| Option | Sophos recommends | Why? |
|---|---|---|
| Profile | "Only my friends" | By default, Facebook allows all of your networks and all of your friends to be able to view your profile. As networks can contain
hundreds of thousands of people (and you have no control over who else
joins the network), you are instantly revealing personal information to
potential identity thieves if you leave this option at its default
setting.
Sophos advises that it is sensible only to allow your profile to be viewed by your friends, so you should set this option to be: "Only my friends". |
The next options further break down who can view different parts of your profile:
| Option | Sophos recommends | Why? |
|---|---|---|
| Photos Tagged of You | "Only my friends" | Photos and videos should only be shared with friends, not with wider networks on Facebook. If photos and videos may be posted that you think may in the future be embarrassing to you, then tag this option to say only you can view them and ask yourself what can be done to prevent such material being uploaded onto the internet in future. If you are not comfortable with material appearing on your resume or job application then don't post it online. |
| Videos Tagged of You | "Only my friends" | |
| Status Updates | "Only my friends" (as a minimum) |
As you may change your status to say "Going to hospital for surgery in three days", or "On holiday down south until September 2!" (which may be useful information for criminals) it makes sense not to make your status available to anyone other than approved friends. You should not make it viewable by your networks. Non-friends do not need to know what you are doing minute-by-minute. |
| Online Status | "No one" | There is no benefit in non-friends knowing whether you are currently logged into Facebook or not. It is sensible to set this option to select "Only my friends", or if there is no conceivable reason why they need to know if you are presently online to choose "No one". |
| Friends | "Only my friends" (as a minimum) |
Only your friends should be allowed to view who your other friends are. Giving unknown members of the Facebook community access to your friends list may provide them with additional data about you, which could assist them in identity fraud - especially if your friends have not been as careful as you in securing your privacy online. |
| Wall | "Only my friends" (as a minimum) |
Personal information can be published on your wall by yourself and others, therefore it is unwise for it to be viewable by the wider Facebook community. For this reason, you should not allow networks to view your wall. |
Contact information:
Facebook allows members to control who can access their contact information. Although Facebook gives users the power to allow all networks they are members of to view their contact details, Sophos strongly advises against this. Opening up your contact information to potentially hundreds of thousands of unknown people increases the risk of identity theft.
| Option | Sophos recommends | Why? |
|---|---|---|
| IM Screen Name | "No one" | Sophos recommends that these privacy options are set to "No-one". Users who are completing their profile on Facebook should ask themselves whether it is appropriate or necessary to tell other Facebook users their contact details. Facebook allows users to opt-out of entering this personal information, and as Facebook allows friends to contact each other via Facebook it is not necessary to know someone's real address or phone number. If they really are a friend they should know where you live and what your phone number is! And if a friend really can't remember they can always contact you via Facebook and ask you. It's then up to the user to decide whether they feel comfortable sharing that information, and if their friend has a valid reason for asking. |
| Mobile phone | "No one" | |
| Land phone | "No one" | |
| Current Address | "No one" | |
| Website | "Only my friends" (as a minimum) |
The publishing of a personal website address is less of a privacy risk than revealing other contact information, providing other private information is not listed on the personal website itself. |
| Contact email address | "No one" | Users can set this privacy option to "No one". It is not necessary to know a friend's real email address via Facebook as it is possible to send a message to friends via the system itself. |
Applications in your profile:
| Option | Sophos recommends | Why? |
|---|---|---|
| Posted Items | "Only my friends" (as a minimum) |
There is no advantage in allowing people outside of your friend list to view this information, so as a minimum these options should be set to "Only my friends". |
| Groups | "Only my friends" (as a minimum) |
|
| Marketplace | "Only my friends" (as a minimum) |
