I have been getting lots of questions from friends and family in the last few weeks about what is all this discussion going on about privacy issues on Facebook – and what they should be doing. Some have even fallen victim to ‘hoax’ suggestions and have been posting them on Facebook to get their friends to act.

This is a quick post to explain what is the buzz going around and what you can do about it.

What has Facebook introduced recently that has everyone in such a tizzy about privacy?

#1. Graph Search:

What is it?

– It is a feature that enables users to search Facebook in a deeper way – and give out results about what kind of, say, music or photos or apps or other kind of info you may have shared. So, for eg, if someone is searching for ‘Vada Pav in Mumbai’, it may throw up pictures of vada pav you may have put up 2 years ago or some link containing vada pav that you may have shared last month. Or if you have subscribed to an app that recommends the best roadside eateries selling vada pavs in Mumbai, that may be thrown up. Mind you, it will also give out results from the web.

Why is it ‘scary’?

-Till date, such searches were not possible. A Google search, for eg, does not throw up what you post on Facebook. Nor did a Facebook search throw up such stuff till this feature was introduced.

– All data (photos, music, links, apps) that has so far not been restricted by you to a limited audience would now, by default, be available to the public at large.

So what should I do now?

– You can still do many things to keep your data relatively private. Read on…

 # 2. Option to be ‘unsearchable’ by name has been removed:

Facebook is removing the ‘who can look up your timeline by name’ feature. (This is being done in a phased manner – so if you still see it in your account, it is only a matter of time before this is removed.)

What was this?

– When someone searched for your name using the search feature on Facebook, you could control if your name appeared in the search or not. So, for eg, if your setting in this feature was ‘friends of friends’, only friends of friends could find you in the search. Your profile did not appear in any search by the general public.

What is the implication of the removal of this feature?

– With the removal of this control, basically anyone can look up your profile. In other words, you can no longer ‘hide’ from people who don’t know you on facebook

– Therefore, this means that unknown people can land on your PUBLIC profile and browse through it.

So what should I do?

– The best way to deal with this is to restrict what is visible on your PUBLIC profile. So strangers can see only very limited stuff.

Some tips to deal with the above:

First of all, make sure you turn on all the basic privacy and security settings available on Facebook. The Facebook help centre tells you how to do this under the ‘privacy’ and ‘security’ categories (

Secondly, remember the Golden Rule: DO NOT post anything that you want to keep private. Eventually, NOTHING is ever private in the online world and you have NO CONTROL over the data that you post.

Here are some quick pointers that can help you:

For Graph Search:

– Limit the audience in all your posts to ‘friends’ – using the audience selector option available while posting. In fact, Facebook automatically uses this as your default option for all subsequent posts once you have chosen ‘friends’ as your audience in a post – until you next change the setting, that is.

  • IMP: Be aware that Facebook switches its default setting to the audience for your last post. So if you change the audience setting to ‘friends of friends’ for even one post, all your subsequent posts will automatically become ‘friends of friends’ unless you change it back to ‘friends’

-For posts that someone else tags you on (especially photos):

  • It is a good idea to first review all posts you are tagged in before they appear on your timeline. You can choose this option under ‘Timeline and Tagging’ under ‘Settings’. Once you choose this, you are alerted every time someone tags you and you can view everything under your ‘Activity Log’
  • If you don’t want a post – especially a photo – to appear on your timeline for your friends to see, choose the “Hidden from timeline” option. However, remember that the photo continues to exist – just that it doesn’t show up on YOUR timeline. And if a particular photo really bothers you, you can request Facebook to have it removed.

– Limit ‘past posts availability’ – In case you are not sure if, in the past, you have shared your posts beyond friends, you have an option under privacy settings to limit the audience of your past posts to only friends. Turning on this option automatically restricts all your past posts to only friends.

To limit what is available on your Public Profile:

– First check what is viewable by the public today. You can see this by going to the ‘what do other people see on my timeline’ option that shows up on the drop down menu for privacy shortcuts (click on the little lock icon on the top right hand corner of your Facebook page)

– You can now go to every section in your Facebook profile and adjust the settings so that minimal info is viewable to anyone who is not a friend.

– Note: Photos posted by others where you are tagged (they appear under ‘photos of you’ in the photos section) are not really in your control. The audience for these photos is determined by the tagger. All you can do is ensure it does not appear on your timeline.

– Also remember that whenever you ‘like’ or ‘comment’ on any public page or share anything posted on a public page (for eg – those cool cartoons or the many ‘thoughts’ that folks like to re-post), it is always ‘public’!

– Another suggestion is to review the actual information you have posted in sections like “About”. It may be a good idea to remove all information that is not absolutely essential to be put up. Lots of people put up their contact numbers, residence addresses, etc here. Not a good idea at all!

Posted by Shivangi Nadkarni, Co-Founder & CEO, Arrka Consulting       | @shivanginadkarn


About Shivangi

Arrka Consulting provides Consulting & Advisory Services in the areas of IT Risk. Whether you are a large organisation or an SMB or even an individual, we help address challenges that each of you face in this domain
This entry was posted in Infosec - simplified, Infosec for non-Infosec folks, Social Media Risks and tagged , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s