Social Media Privacy Checklist: Lock Down Every Platform

Why Social Media Privacy Matters

Social media platforms are designed to encourage sharing. But every post, like, comment, and connection reveals personal information that can be used for targeted advertising, social engineering attacks, identity theft, or stalking. Data brokers scrape public social media profiles to build detailed dossiers that are sold to marketers, employers, and anyone willing to pay.

Taking 15 minutes to audit your privacy settings is one of the best investments in your digital security. This checklist covers the most important settings on every major platform.

Facebook / Meta

Facebook collects more data than almost any other platform. Here is what to change:

• Profile visibility — Settings > Privacy > "Who can see your future posts?" Set to "Friends"
• Friend list — Make it visible to "Only me" to prevent social engineering. Attackers use friend lists to impersonate mutual connections
• Search engines — Disable "Allow search engines outside of Facebook to link to your profile"
• Face recognition — Turn off in Settings > Face Recognition
• Off-Facebook activity — Clear and disconnect your off-Facebook activity history. This stops Facebook from tracking your activity on other websites
• Ad preferences — Review and remove interest categories. Disable ads based on partner data
• Two-factor authentication — Enable with an authenticator app, not SMS
• Login alerts — Enable notifications for unrecognized logins
• App passwords — Review Settings > Security > Apps and Websites and remove any apps you no longer use

Instagram

Owned by Meta, Instagram shares much of Facebook's data infrastructure.

• Private account — Settings > Privacy > Toggle "Private Account" on
• Activity status — Turn off "Show Activity Status" to hide when you are online
• Story sharing — Disable "Allow Sharing to Stories" and "Allow Sharing to Messages"
• Remove EXIF data — Use our Metadata Remover before uploading photos to strip GPS coordinates and device information
• Connected apps — Review and remove third-party apps in Settings > Security > Apps and Websites
• Download your data — Periodically download and review what Instagram has collected
• Close friends list — Use close friends for personal stories instead of sharing with all followers

Twitter / X

• Protected tweets — Enable to require approval for new followers
• Discoverability — Disable "Let others find you by email" and "by phone number"
• Location — Turn off "Add location to your tweets" and delete location history
• Data sharing — Settings > Privacy > Disable "Personalized ads" and "Off-Twitter activity"
• Direct messages — Disable "Allow message requests from everyone"
• Two-factor authentication — Use an authenticator app
• Connected apps — Review and remove third-party apps that have access to your account

TikTok

• Private account — Settings > Privacy > Toggle on private account
• Suggest your account — Turn off all discovery options (phone contacts, Facebook friends, people who open your links)
• Who can send you messages — Set to "No one" or "Friends"
• Who can duet/stitch — Set to "Friends" or "No one"
• Download your data — Review what TikTok has collected regularly
• Ad personalization — Disable personalized ads in privacy settings
• Comments — Restrict who can comment to "Friends" or use keyword filters

LinkedIn

• Profile viewing mode — Settings > Visibility > Choose "Private mode"
• Email visibility — Make your email visible only to connections
• Activity broadcasts — Turn off "Share profile updates with your network" when job hunting to avoid alerting your current employer
• Data privacy — Review advertising preferences and turn off data sharing with third parties
• Two-factor authentication — Enable in Settings > Sign In & Security
• Profile discoverability — Control whether your profile appears in search engines

The Social Engineering Threat

Social media oversharing is the number one enabler of social engineering attacks. Attackers piece together information from your profiles to craft convincing phishing emails, impersonate you, or answer your security questions. Details that seem harmless — your pet's name, your high school, your mother's maiden name — are often the exact answers to common security questions.

Before posting anything, consider: could an attacker use this information to compromise my accounts or impersonate me?

General Tips for All Platforms

• Audit permissions quarterly — Platforms change settings and add new data collection features regularly. Set a calendar reminder
• Use strong, unique passwords for each platform and store them in a password manager
• Think before posting — Once online, content is essentially permanent. Screenshots exist even if you delete a post
• Review tagged photos — Enable approval for tags before they appear on your profile
• Limit personal info — Never include your phone number, address, or birthday in public profiles
• Use different email addresses — Consider using email aliases for social media accounts to limit cross-platform tracking
• Verify file safety — Use our hash generator to verify the integrity of any files downloaded through social media links

Your social media privacy is not a one-time setup. Make it a habit to review these settings every few months, especially after platform updates that often reset or add new privacy options.