Facebook Security Best Practices

Applications, Games and Websites

Facebook provides users with powerful controls to protect themselves online, but it's up to you to check that appropriate settings are in place. Facebook makes a point in its guide to privacy that they "do not give — and have never given — anyone's data or personally identifiable information to advertisers."

Facebook does, however, allow third-party applications to access information that you make public. And any information you share with friends can be shared to applications as well—if you allow it. As noted below, we recommend that you do not.

Privacy settings: Applications, games and websites

Option Sophos recommends Why?
What you're using Remove any applications you're no longer using or are unfamiliar with Facebook gives you an easy way to remove applications from your profile, and remember applications from games to quizzes to website giveaways. You'd be surprised how quickly the list of applications you're using can grow! Remove any that don't look familiar or that you're no longer using. Any application you use can access your information and provide a way for it to be leaked or stolen. Reduce this risk by reducing the number of applications you use.
Game and application activity "Friends Only" at a minimum, consider making a custom group This option is more of an etiquette issue than anything else. If you have a group of friends that you play games with, consider creating a custom group just for them so only they can see your game-related posts and requests.
Info accessible through your friends Uncheck everything Checking any option on this list allows an application that a friend uses — one that you might not even use — to access that information about you. In general, the less you have under your control, the more vulnerable your information.
Instant personalization Make sure it is unchecked This is an opt-in option to have Facebook partner websites (like Yelp, Pandora and Microsoft Docs) pull your Facebook information and enable greater customization and sharing options. Though these sites are 'trusted partners' of Facebook, they add a layer of risk to your information. Double-check this page and ensure instant personalization is not checked.
Public search Make sure it is unchecked We recommend you disable this option. If it is enabled then search engines can index your information in addition to letting people find you on Facebook using an external search engine. There's no benefit to this, as you will only be linking up with people who are on Facebook. And remember, once your profile has been indexed by a search engine, you lose control over that information and how long it can be seen.