In recent days, news reports on the scandal have served as an unsettling reminder to Facebook users of the scope of the social media network’s data collection efforts, not to mention the challenges inherent in keeping all that private info secure.

All told, about 50 million people had their profile information and “likes” harvested—without permission—by a third-party quiz app.

“The FTC has to investigate,” says Jessica Rich, Consumer Reports’ vice president of consumer policy and mobilization, who was one of the FTC officials charged with overseeing the agency’s 2011 investigation into Facebook’s privacy practices.

“There are multiple troubling allegations here and many ways Facebook could possibly have violated the order,” Rich says. “However, the problem of detailed profiling and targeting of consumers for marketing and political purposes stretches beyond Facebook. We’d like to see Congress finally take action to pass a comprehensive law protecting consumer privacy.”

In a statement responding to the FTC announcement, Rob Sherman, Facebook’s deputy chief privacy officer, said: “We remain strongly committed to protecting people’s information. We appreciate the opportunity to answer questions the FTC may have.”


Soon after the FTC announcement, Facebook said it was implementing changes that would make privacy settings easier to find and to use.

According to a statement issued by Sherman, the changes had been planned for months. “But the recent news underscored for us how important it is that we communicate more clearly about how we use people’s data, and how they can control their data on Facebook,” the statement says.

So far, at least, Facebook users don’t have new powers over how their data is collected and shared. The company says it’s just making some of the current settings easier to find. But in April, the company says, it will roll out a tool called Access My Information where you can select a category of data stored by Facebook, such as your search history or photos, and delete items if you wish.

Secondly, the company says it will be making changes to Download Your Information, which you already can find under the General tab of Settings. The goal is to make the feature less of a hard-to-interpret data dump and more of a useful tool.

In the meantime, some Facebook users have decided to suspend or delete their accounts. For others, though, it’s hard to imagine giving up the practice of sharing pictures and posts with friends.

If you are among that group, there are still a number of actions you can take to secure your Facebook data and limit the access the social network and others have to it. Here’s what we suggest.

Put the brakes on third-party data collection. All those mobile apps, plug-ins, games, and websites that you linked to your Facebook account via Facebook Login gather info on you, too. For a complete list, visit the Apps section in Facebook’s Settings menu. To close the door on that snooping, you can turn off Facebook Platform, the utility that houses the apps and services created by those third-party developers. Go to Settings, select Apps, and click on the box titled Apps, Websites, and Plugins. Keep in mind that you will no longer be able to access the unlinked apps and services using your Facebook Login, so you may want to create new logins and passwords before you shut off Facebook Platform.

Limit Facebook tracking with ad blockers or anti-trackers. Many online sites feature code that tells Facebook what pages you visit. They do this by embedding on your computer tiny data files known as cookies and hidden images known as web beacons that track your movements, analyzing what you watch and read. You can cut down on this by installing a blocking extension (such as Disconnect, Ublock, or Privacy Badger) on your web browser. They only take a few seconds to download and activate.

One more thing: Like most websites, also collects user data. You can get the details on our privacy policy and our approach to privacy, including our policy positions, here.

Use Firefox Container. The Mozilla Foundation, the nonprofit organization behind the Firefox browser, has released an extension called Facebook Container. In a blog post, the company explains that the browser extension “makes it harder for Facebook to track your activity on other websites via third-party cookies.” To use it, download Firefox, go to the Firefox Add-ons page for Facebook Container, and click the Add to Firefox button.

Do this, and you’ll be logged out of Facebook, the documentation explains. When you navigate to Facebook the browser will open a new window. There, you can log back in and use Facebook normally. Essentially, the “container” blocks Facebook cookies and impedes communication between Facebook and other sites. You may have trouble using Facebook Login on other sites, but in exchange your privacy will be enhanced.

Disable Location Services. By default, Facebook gathers location data and uses it for status updates and photo uploads. You can turn off location services from within the Facebook app or from a phone’s own settings. On an iPhone, go to Settings > Privacy > Location Services > Facebook and choose the Never option. Android users can go to Settings > Apps & Notifications > App Permissions > Location Permissions > Facebook, and slide the bar to the Off position.

Use two-factor authentication. Turn it on, and Facebook will require a verification code whenever your account is accessed from an unverified location, computer, browser, or phone. Facebook sends the code to an email or mobile number you’ve designated, and you need to enter the code, along with your usual login credentials, to gain access to the account. It adds a layer of protection against unauthorized access. To activate this feature using a laptop, go to Facebook’s Account Settings menu, select Security and Login, tap “Use two-factor authentication,” and click on the Set Up link.

Do you feel safe on Facebook?

Let us know in the comments below.

Make yourself harder to find. Using the “Who can look me up?” section of Facebook’s Privacy Settings and Tools menu, you can control who can find you using your email address or phone number, and whether or not search engines can link to your profile. The Privacy Checkup tool will show you what information, such as your email address and birthday, is visible to friends and to the public.

Control who can see your posts. To do this, use the drop-down menu right next to the Post button. Choices include friends, the public, groups you belong to, and an option to build your own custom list. You can choose specific people to block (i.e. your direct superior in a workplace group you belong to.) This feature is not exclusive to statuses—photo albums can have custom viewer lists, too.

Choose who can add to your timeline. Enabling Timeline Review lets you control what’s allowed on your timeline by requiring you to approve each post. Notices asking for you to approve posts appear in the Activity Logportion of your profile page, alongside an overview of your Likes and images you’ve been tagged in.

Facebook allows users to add their friends to a group without consent; it’s a sometimes problematic feature, as Mark Zuckerberg once famously experienced. While there is no way to keep this from happening, you can use the Activity Log to see if you have been added to any groups. (You can then permanently remove yourself, if you choose.)

Stop your likes from becoming advertisements. You’ve probably seen posts reading “So-and-so likes this” with a sponsored link and a Like Page button. While you may like a company or group in the non-Facebook sense, that doesn’t mean you want to publicly endorse it. To opt out of this, go to the Ads section of the Settings menu and change the “Ads with my social actions” option to “No one.” This area of Settings also allows you to control whether Facebook can target you with ads based on your online activity.