Facebook security and privacy hardening guide

 By default, Facebook assumes that when you sign up, you want to share a certain amount of data, establish connections and be found by others.

Claudiu Popa

This makes some sense, since it is after all a social network and it didn’t get to be the world’s largest such community by encouraging users to be paranoid about their online activities.

But over the years, Facebook has demonstrated that their definition of privacy, perception of security and their own priorities have changed significantly.

As such, many people are now preferring to manage their own accounts and control their information in a specific way: by deciding what gets shared and what doesn’t on an individual basis, rather than by accepting Facebook’s arbitrary defaults which err on the side of openness.

To make matters worse, Facebook’s application platform allows developers to access information on users and their friends in ways that are both direct and indirect (i.e. by aggregating data), leaving people to wonder exactly how risky it is to use Facebook when daily headlines describe increasing numbers of data breaches perpetrated on the system by morally corrupt individuals.

So I’ve taken it upon myself to create a security guide to Facebook that is unlike others in two significant ways: One of the reasons it’s a tad bit complicated to create such a guide is that Facebook’s pages are not consistent in their layout and appearance, so different settings that you and I would think go together are often in poorly lit back alleys of the system, where you might not stumble upon them until your personal page is already indexed by search engines or accessed by Facebook apps. Facebook is also prone to making periodic changes to its privacy and security settings either without enough prior warning to users or after complaints from the public or government agencies.

Before you procede to use the the guide, please take note of the following:

First, it is a hardening guide and not a set of tips for increasing your privacy. It aims to turn OFF all the system’s security and privacy settings to their most secure (and least open) setting, thus allowing for the individual activation of those settings when the user is good and ready to take advantage of them. 

Second, the file is available as a spreadsheet, allowing users to modify it to their heart’s content, build upon it, or just save it as a point-in-time snapshot of their settings. This is useful because as we all know, Facebook makes periodic changes to their functionality, privacy settings, security configuration and defaults, so it makes good sense to refer to this document and regain some comfort that you’re doing what you can to protect your data, while still partaking in the social networking phenomenon.

While I appreciate all comments and feedback, the reason for this format is for you to make this a living document and to customize according to your own preferences. That said, it is entirely possible – given the convoluted nature of Facebook’s configuration options – that a feature, setting or entire section is missing from this guide, so I certainly appreciate all additions and contributions.

Click on the image below to access the Facebook security and privacy hardening guide (FHG v.1.0):

For more information, visit the page entitled “Controlling How You Share”

About the author:
Claudiu Popa, CISSP, PMP, CISA, CIPP is an information security/privacy consultant and CEO of Informatica Corporation ( A published author and media resource, Claudiu passionately discusses privacy issues, security breaches, governance and all matters of risk management. Write to [email protected] or simply contribute your comments to this blog. Follow him on or connect with him on
Claudiu Popa
Claudiu Popa
Claudiu Popa is a security and privacy advisor to Canadian enterprises, associations and agencies. He is an author, speaker and lecturer. Connect with him on Twitter @datarisk, Facebook, G+ or LinkedIn.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Latest Blogs

ITB in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.