Although Facebook's privacy controls might not prevent every breach, they help. Set everything you can to be accessible only to those on your friends list. If you use the controls to enable a public search, your profile picture, friends list, activities, and more will be visible online outside Facebook.
Facebook has been adding sites to its Instant Personalization feature, which automatically links your account to user-review sites such as TripAdvisor (travel), Yelp (local businesses), and Rotten Tomatoes (movies). So if you don't want to share with your Facebook friends, via TripAdvisor, which cities you've visited, turn Instant Personalization off. The onus is on you because the feature is on by default.
A staffer who connected his Facebook account to CNN (and who agreed to all terms) found in Facebook's privacy settings that using the CNN Social app gave the app access to his name, profile picture, gender, networks, user ID, list of friends, and any other information he'd shared "with everyone" via Facebook. According to Facebook, all sites and apps that you permit to access your account are privy to that information.
Some apps for other sites he'd connected to Facebook had access to even more features in his Facebook account, such as posting messages to his Wall, accessing messages in his inbox, and responding to event invitations on his behalf. Facebook's controls allowed him to block access to some of those features, but not all.
Every Facebook user should check the list of apps they use by going to Account, then Privacy Settings. Under Apps and Websites, click "Edit your settings." Click "Edit Settings" next to "Apps you use." You can then define settings for each app listed and decide what information you want to let that app access or, perhaps, whether you want to remove the app altogether.
You should also limit access to your information that is available to apps that your friends use. On the "Apps, Games and Websites" screen, next to "Info accessible through your friends" click "Edit Settings" and uncheck all the personal information, such as your birthday and family and relationships, that you want to shield from apps that your friends use. Other privacy controls also exist.
To protect the data on your phone, use a password or PIN. It's easy to do with most phones. First, go to Settings. On an iPhone, there's a choice for setting a passcode. On Android devices, look for the "Location & security" option.
Many smart-phone makers offer free security services such as over-the-air backup, remote phone locating, remote phone locking, and erasing of data and account information.
Or consider installing software such as Lookout that lets you lock the phone or erase its data remotely. To avoid having photos geotagged, turn off the phone's GPS if you can when you don't need it.
Be careful when downloading apps. Apple's iPhones can use software only from Apple's tightly controlled App Store. The market for Android apps isn't as restrictive. So download such apps only from recognized sources, such as Google's Android Market and Amazon's Appstore.
Because even apps in Google's Android Market might harbor malicious software, as happened with DroidDream, check out apps before you download them. Make sure many others have already used an app and read reviews before downloading it. And research any developer you don't know and trust.
Before downloading an app, you should also scrutinize the permissions it requests. If any seem questionable, such as a request to track your location when there's no obvious need for the app to do so, don't download the app.
"Pay attention to what apps are telling you," says Edward Felten, chief technologist for the Federal Trade Commission. "It's tempting to click through and ignore them, but you shouldn't."