Privacy Settings
Facebook Best Practices:
Contact Information
In many cases, the option to not show information to anyone—to select "Only Me," in other words—is not plainly visible. To make something visible to "Only Me," you have to select "Customize" from the drop-down menu and then choose "Only Me" from the pop-up window that appears.
That said, for maximum security we recommend that you do not enter any of the below contact information other than your required primary email address.
Privacy Settings: Contact Information
| Option | Sophos recommends | Why? |
|---|---|---|
| IM Screen Name | "Only Me"—though it's best to not enter this information at all | Users completing their profile on Facebook should ask themselves whether it is appropriate or necessary to tell other Facebook users their contact details. Facebook allows users to opt-out of entering this personal information, and as Facebook allows friends to contact each other via Facebook it's not necessary to know someone's real address or phone number. If they really are a friend they should know where you live and what your phone number is! And if a friend really can't remember they can always contact you via Facebook and ask you. It's then up to the user to decide whether they feel comfortable sharing that information, and if their friend has a valid reason for asking. |
| Mobile Phone | ||
| Other Phone | ||
| Current Address | ||
| Hometown | ||
| Website | "Only Friends" (at most) | Publishing your personal website address is less of a privacy risk than revealing other contact information, providing other private information is not listed on the personal website itself. |
| Add me as a friend | "Friends of Friends" | As soon as you accept a friend request, your new friend has access to a wealth of information about you that they could potentially exploit. Make sure the people you add as friends are trustworthy and that you can verify their identity. |
| Send me a message | "Only Friends" | Accepting a message from someone you do not know or trust leaves users vulnerable to socially engineered scams as well as basic phishing. Don't leave yourself open to this kind of attack— disable messages from people you don't already know. |
| Email address | "Only Me" | It is not necessary to know a friend's real email address via Facebook as it is possible to send a message to friends via the system itself. |
