X
Business

Lockdown or Death for your FaceBook Profile: An Advanced User Guide to Social Networking Privacy (UPDATED)

If you're sick and tired of FaceBook's continual encroachment on your privacy, here's how to lock it down like a SuperMax prison or give it the Death Penalty.
Written by Jason Perlow, Senior Contributing Writer
profile-lockdown-zd.jpg

If you're sick and tired of FaceBook's continual encroachment on your privacy, here's how to lock it down like a SuperMax prison or give it the Death Penalty.

[UPDATE: FaceBook has made a number of alterations to their Privacy Settings since this article was first published. I've updated the Gallery as well as the videos to reflect these new changes. Additionally, I have re-structured this article so that those of you with simpler profiles can ignore the Centralized Updates/Fan Page stuff which is posted towards the end of the article.]

I finally decided after all of FaceBook's continual invasions on my personal privacy by sharing data to people and services which I don't want -- and by being completely irresponsible and untrustworthy in terms of computer security -- that it was time to lock down my profile and minimize my exposure, while still allowing select people to interact with me on my User Profile.

With FaceBook, this is a very difficult thing to be able to balance, and I'm still not 100 percent sure that I wouldn't be served by destroying my profile and leaving the service altogether, but I believe that for the time being, I've been able to create some sort of "miserable medium" that I can tolerate.

Why I Put This Guide Together

FaceBook is an extremely complicated and confusing online service to use, with lots of settings that are needed to secure a profile and prevent undesired dissemination of information. Because I no longer trust the service whatsoever, I've created a "How-To" for the advanced user for locking down their profile and minimizing their risk

Keep in mind that this "Lockdown" I created is an extremely draconian method -- nobody will be able to share your information or your statuses, you will not have any personally identifying information unless you absolutely choose to, and only the most essential applications will be authorized.

Also Read: Contemplating FaceBook Hara-Kiri

Also See: Locking down your FaceBook account step-by-step (Gallery)

For those of you who only maintain a simple FaceBook profile, just go through Step 1 and Step 2.

If you're fed up with FaceBook altogether, go through Step 3 to remove your FaceBook profile completely.

For Advanced Users:

The user for which I have in mind for "Advanced" is someone who is extremely concerned about their personal privacy and security, but also may wish to have people contact them via a brand or a business or some other following they maintain.

In this case I created this "Secure FaceBook Systems Architecture" to suit my own personal needs, in order to be able to interact with essential friends and business contacts in my personal profile, but also to allow anyone to interact with me in relation to my two blogs, Tech Broiler and Off The Broiler.

This requires groups of people to be compartmentalized and thus two separate profiles have to be maintained: Your secure personal profile, and also a Public Fan Page.

Additionally, this method also provides the ability for centralized Status Updates to both the personal profile and the Fan Page via Twitter, using automatic RSS synchronization.

I have added optional "Advanced" sections at the end of this guide which show you how to do this.

Step 1: Kill Your Excess Friends

Here's the part of the exercise which might be most difficult for you. The only way we can control the spread of information is to reduce the number of people who have access to it. That means killing off FaceBook friends.

Before I started this exercise, I had over 1200 friends on FaceBook. Most of these people were folks who followed my blogs and magazine writing over the years, who didn't interact on my wall or never posted a reply to any of my status updates. So I felt no remorse about deleting all of these people off my profile.

In the hierarchy of who I believe one should retain as friends on FaceBook, I believe it starts with Family, then "Real Life" friends, then close personal contacts and acquaintances, and then POSSIBLY business associates.

However, in the case of business associates, unless they are also business friends, you should probably be using a different networking tool, such as LinkedIn, which is an excellent service for this purpose and I highly recommend it.

In my opinion, the total of people who should have access to your personal profile should not exceed 250-300 people on the high end, and if possible it should be smaller than that.

I'm still in the process of determining who should have access to my profile, so I don't know what my "sweet spot" is yet, but I suspect that the 302 friends I now have at the time of this writing will probably be reduced further.

To start removing friends you don't want, click on the upper right hand side on the Account menu and select "Edit Friends". You'll then see an alphabetical list of all the  people you have friended. To the right of the name of the person you want to eliminate, click on the "X" and choose "Remove Connection".

Step 2: Lockdown

Lockdown from my perspective means that we are going to set every single security option to the most restrictive level possible and giving people extremely limited visibility into your personal information.

You could certainly deviate from this, such as continuing to allow certain applications such as games to run, and opening up certain fields, but be aware that any hole you leave open could result in an unfortunate situation such as a personal embarrassment or even worse, stalking or identity theft.

You may ask, "Why so restrictive? Aren't these people that you're giving access to your profile your real friends?"

If indeed these people are your real friends, family and close acquaintances, they probably already know what your phone numbers are, where you live, what you like to watch on TV, what your favorite sports teams are, et cetera.

Who we're really concerned about is someone getting access to your information who we DON'T consider a friend, and that includes FaceBook's management who we have established are willing to expose your information to third parties and have maintained very loose and variable definitions of personal privacy, not to mention that its founder and CEO may very well lack basic ethical behavior.

FaceBook profiles contain a large amount of data, so for the purposes of brevity in the article text, we've included screenshots and the effective rights settings in a gallery that I think you should use in order to ensure your privacy and user security.

Also See: Lock Down Your FaceBook Profile in 20 Minutes (Videos)

However, here are the essential steps you need to take for the actual Lockdown:

Profile Data Elimination/Obfuscation

1) Edit your profile Basic Information tab to remove all identifying personal information,  Your Bio should contain only a very basic summary of who you are or what you absolutely feel safe and secure about being potentially exposed, and a URL link to your Fan Page. I used the following text:

I write technology articles for CBS Interactive's ZDNet Tech Broiler blog. I also write about food and technology for my personal blog, OffTheBroiler.com, which I started in 2006.

I am also known for founding the food website eGullet.com and I have been writing for various technology publications since the mid-1990s.

Please join my Fan Page if you are interested in following my exploits:

http://www.facebook.com/techbroiler

If you feel you have been de-friended in error, shoot me a message.

2) Remove all Relationships from your Profile data. That means your wife, your children, your parents, your other filial connections, et cetera. Your family already knows you're related to them and anyone close to you probably already knows already too.

3) Delete all Likes and Interests from your Profile data.

4) Delete all Education and Work entries from your Profile data.

5) Delete all Contact Information from your Profile data with the exception of email addresses and your web sites. For City/Town, use bogus data. I chose the Icelandic ice sheet where the Eyjafjallajokull volcano is.

Application Elimination

On the upper right of the screen, click on Account, select Application Settings, and filter under "Authorized". Remove every single non-essential 3rd-party application. If you've engaged in a lot of quizzes and games with your friends in the past, you may have a very large amount.

You will only need Ads and Pages, Events, Gifts, Groups. Links, Notes, Photos and  RSS Graffiti (if you are doing the advanced steps)

Additionally, you can permit any mobile clients that you use on your Smartphone or MID device to interact with FaceBook.

Privacy Settings Lockdown

This is where things get hairy, as there are a lot of settings and screens involved. Again, please look at the Gallery which shows the effective permission settings that we think give you the highest level of privacy and a minimal level of information exposure needed for basic social networking.

You could loosen some of these up, but you should make the assumption that if you loosen them,  FaceBook will expose the data generated from these fields to someone who you don't want to see them.

FaceBook Privacy is categorized under the following areas: Basic Directory Information, Sharing on Facebook, Applications and Websites, Blocklists. Most of these areas have multiple fields which you can set who gets to see what. The most restrictive level is to choose Custom for each of these fields and to set it to Only Me, which is how we set the majority of the fields.

Step 3: The Death Penalty

You may find all of this Lockdown is too much work for too little gain, and that FaceBook is too much of a time sink or a risk to your personal privacy. Fair enough, you want to kill your FaceBook account.

Consider me your Doctor Kevorkian.

Here's what you'll want to do with your personal profile:

1) Remove all groups and fan pages from your account.

2) Expunge all personal information from the profile, per the Profile Data Elimination/Obfuscation section.

3) Delete all of friends with the exception of the people who meet the "Real friend" criteria per the Kill Your Excess Friends section above.

4) Delete all your Wall messages. This could take some time, but the data contained in here could be potentially very damaging if FaceBook keeps it and exposes it without your consent.

4) Send out a farewell to your friends via the internal messaging system. Here's the text that a friend of mine used recently that deleted his account just a few weeks ago:

"After numerous privacy violations, constant spam, applications that try to take over my account, and continual unwanted changes in the service, I've decided to delete my Facebook account. I'm letting everyone know that if you still want to keep in touch, here's my information:"

He then gave out the following personal information: eMail Address, Phone Number and his  Instant Messenger IDs.

5) After sending out your farewell, deactivate the Wall, give it a few days to receive any remaining internal FaceBook messages, and then delete all of your remaining friends.

6) Follow these instructions on Wikihow.com on How to Permanently Delete a FaceBook Account.

Advanced: Centralized Updates via Twitter

Because some of us have the need to propagate updates to two different sets of people, you will need to maintain a secure profile of "Core" friends and business contacts, and also your "Public" Fan Page.

To do this, you'll need a Twitter account. Obviously, anything entered in Twitter is going to be a public update, so you should never use Twitter for anything that is of a private nature or something you don't want forwarded on.

My attitude towards this is if it isn't game for Twitter, I probably also don't want it posted in my private FaceBook profile or my Fan Page. If something is really important and of a sensitive nature, I expect people to have common sense and to call people individually on the phone, or use traditional forms of electronic communication, such as an e-Mail or a private FaceBook message.

If you think that you've got something to say that doesn't belong on Twitter but can stay within your "Inner Circle" on FaceBook on your profile status, you can enter it into FaceBook directly. Got it? Great.

If you have a Twitter account already, good. If not, go to Twitter.com, sign up, and get one.  Once you've signed up, you'll need the RSS feed for your update stream.

In my case, mine is located on http://www.twitter.com/jperlow, and if I click on the "RSS feed of jperlow's tweets" link on the middle-right hand side of the page, I get this URL:

http://twitter.com/statuses/user_timeline/4400681.rss

Your unique RSS feed will have a different number at the end, but copy this into a text file and save this for later, you'll need it.

If you're new to Twitter, you can enter status updates directly from the Twitter website, or you can use any number of Twitter clients for your smartphone, mobile Internet device or or your PC.

On the PC for Windows/Mac/Linux, I recommend TweetDeck or Seesmic. On the iPhone and iPad, I like to use Twittelator. On Android, my preference is for Twidroid. On RIM devices I used to use Twitter for BlackBerry.

Advanced: Collect your Blog RSS Feeds

If you don't blog or have a website that issues updates, you can ignore this step. However, I suspect many people who do blog or maintain a website with dynamic content are looking to send their  web updates to their FaceBook profile and/or Fan Page will want to follow along.

I maintain two separate blogs, Off The Broiler, which is my food website, and Tech Broiler, which is the blog you are currently reading. Each of these blogs has its own RSS feed which contains the links and story summary for each entry in a serialized, syndicated format.

Depending on which blog and web browser software you use, your RSS icon will either show up directly to the right of the URL of the web browser when you're viewing your blog's home page or it will be in your administrative settings.

For WordPress.com blogs, the URL is

http://blogname.wordpress.com/feed

For Blogspot, use

http://blogname.blogspot.com/rss.xml

and for TypePad.com use

http://blogname.typepad.com/blogname/rss.xml

Once you've collected your RSS feel URLs for each of your blogs or web sites that you want to send into your status updates, paste them into your text file along with your Twitter RSS feed.

Advanced: Twitter Publish via Google FeedBurner

Now that you have your RSS feeds collected, you'll want to create secondary feeds on Google's free Feedburner service for "pushing" those updates to Twitter.

As in the illustration above, you'll need to create a new feed using the copied RSS URL for each blog that you captured earlier.

After you create each feed, you'll want to enable the "Socializer" service on Feedburner for each feed you want to push out to Twitter.

As in the screen shot above, for each feed that you'll be sending to Twitter, you'll want to click on "Publicize" on the top navigation bar and select "Socialize" from the left hand menu. You'll need to enter your Twitter credentials. Once this has been completed, every time you publish a new blog post, the status including the title and the link to the post will be sent into Twitter.

Google will automatically use its http://goo.gl URL shortening in each Tweet, so this is completely "Set it and forget it".

Advanced: Create your Fan Page on FaceBook and activate RSS Twitter Syndication

Log into FaceBook, and enter the following URL into your browser:

http://www.facebook.com/pages/create.php

You see a landing page similar to the one above. Here you'll be asked for what type of page this is. In my case, I chose Website and typed in the name in which I'd like the fan page to appear in FaceBook's search index. Click on "Create Official" page, and then you're done. More detailed levels of how you can set Wall permissions for your Fan Page can be found in the Gallery accompanying this post.

Next, you'll need to edit your fan page and add at least one application to it, RSS Graffiti, as per the above screen shot. This is what will be used to pull all of your consolidated Status Updates out of Twitter. On my fan page I've also added Discussion Boards so that anyone can have a topic-based discussion thread in addition to commenting on the statuses.

In the RSS Graffiti configuration screen, you'll want to set it so that it points to the RSS feed from Twitter that you captured earlier, for both your personal profile as well as for your fan page, and to use "Status Update" format. Additionally, in lieu of a Fan Page, you could also use this to dump your status reports to a Group which you maintain.

After you've set up your Twitter status update syndication, you should claim a short URL for your Fan Page so you can post it on your main User Profile and anywhere else you'd like to display it. Once Fans "Like" your page, they'll get Status Updates on their news feed from you just as if they had friended you.

My new Jason Perlow fanpage will allow me to interact with my Blog readers without having to go though any friending overhead.

I hope this tutorial is helpful to everyone, and if I left out any other steps or settings/changes that might be useful, Talk Back and Let Me Know.

Editorial standards