How to Use Facebook Privacy Settings

These controls and techniques give users a measure of control over how Facebook collects and uses personal data

Lock with Facebook thumbs up Illustration: Consumer Reports, iStock

Facebook’s privacy settings are confusing. Take the “clear history” button: It doesn’t actually delete anything. Then there’s the facial recognition control that was missing on hundreds of millions of accounts. (Facebook later shut down the app’s facial recognition features.) It can even be hard to find the Facebook settings that do work as you’d expect. Facebook has 22 pages of settings, and many privacy controls aren’t on the page labeled “Privacy.”

It’s important for users who care about their privacy to understand the available settings—even if these controls don’t offer all the protections you might want. This guide will lead you to the most useful Facebook privacy settings, plus a few outside tools to further limit the company’s tracking.

Below, you’ll find instructions on how to:

'Clear' the Data Facebook Gets From Tracking You Around the Web

Facebook collects a lot of data about you even when you’re not on Facebook. Hundreds of thousands of apps, websites, and other services send the company reams of information about what you’re doing on other parts of the internet—and sometimes even what you’re up to in the real world.

More on Privacy

For a peek behind the curtain, the Off-Facebook Activity menu will give you a look at some of that data.

It houses the Clear History button, which, despite the name, doesn’t actually delete anything. Instead, it “disconnects” the data from your account, preventing the company from using it for targeted ads.

Facebook keeps a copy of that information—and will continue to use it for analytics reports provided to other websites and detailed performance measurements for the company’s advertising clients.

You’ll also find a setting called Manage Future Activity, which lets you keep your history cleared by default. Note that after you turn it off, other companies will keep sending Facebook information about you. But again, Facebook says that the data won’t be used to target you with ads.

There’s a major caveat. Turning off Future Activity disables the Facebook Login tool that lets you sign in to other apps and websites using your Facebook credentials. You can go through a list one by one and disable Future Off-Facebook Activity for specific services where you don’t need Facebook Login.

On a computer: Click your profile picture in the top right of the Facebook home page > Settings & privacy > Settings > Your Facebook information > Off-Facebook activity.

From there, you can click “Clear previous activity.” To prevent the data from being used for targeted ads going forward, tap “Disconnect future activity.”

Keep Your Location Data Private

When you use the Facebook mobile app, whether you’re scrolling through your news feed, tagging a family photo on the Golden Gate Bridge, or just leaving the app idling in the background, the company can collect data about your location to use for targeting ads.

The most accurate source of location data can be controlled through your device’s location services settings. Adjusting that won’t stop the company from accessing your location entirely, though. Facebook admits it uses information such as your network connection to approximate your whereabouts for advertising purposes. But if you revoke the Facebook app’s location permission, the data available to the company will be less precise.

On an Android phone: Go to the phone’s Settings > Location > App location permissions > Facebook > Select “Allow only while using the app” or “Deny.” (These instructions may vary slightly depending on what phone you have. On older phones, check for a Permissions menu.)

On an iPhone: Go to the phone’s Settings > Privacy > Location Services > Facebook. Then click either “While Using the App” or “Never.”

Only the newest version of Android provides the “Only while using the app” option. Users with older Android phones can access a location setting in the Facebook app itself to get the same effect. Find a Background Location setting in the Location menu under Privacy Shortcuts.

Limit Data Collection by Facebook's Partners

The Facebook Login feature is an easy way to sign in to other websites and apps. But as described above, Facebook gets to collect more of your personal data in exchange. It can also give the companies that provide those outside services access to account info, which can include your name, photo, email address, and other data visible to the public by default, such as your “likes” and comments.

It may be impossible to find and delete personal info harvested by other companies in the past, but you can see which apps are currently collecting data from your account and stop them. You will no longer be able to access these apps using your Facebook Login, so by default Facebook will notify the app so they have opportunity to provide you with another way to log in. (You can disable that using a check box when you remove the app.)

On a computer: Click your profile picture in the top right of the Facebook home page > Settings & privacy > Settings > Apps and Websites > See More > Click on the box next to the app’s name > Remove.

Guard Your Account From Hackers

It’s a good idea to use two-factor authentication, also called multifactor authentication, to bolster the password on any account that offers it. This is particularly important if you’ve ever used the same password on more than one account or you tend to use subpar passwords. (Consumer Reports has expert tips for creating good passwords.)

Once you turn on two-factor authentication in Facebook’s settings, the company will send you a verification code—via text or app—to confirm your identity when you access your account from an unverified location, device, or browser.

That makes it much harder for someone to breach your account with a stolen password.

But Facebook has misused this technology. After an investigation a few years ago, the company admitted it used phone numbers collected for two-factor authentication for advertising purposes.

Security experts still recommend that you use two-factor authentication, however, because it’s one of the best ways to protect your account. You don’t have to give Facebook your phone number to use two-factor authentication, either—a dedicated app such as Google Authenticator or Duo Mobile can be a more private and secure solution. It’s easy to set up.

If Facebook already has your phone number, follow the instructions in the section below so that strangers can’t use it to find your page.

On a computer: Click your profile picture in the top right of the Facebook home page > Settings & privacy > Settings > Security and Login > Set Up Two-Factor Authentication > Get Started.

Make Your Profile Harder to Find

The default settings on Facebook permit your user profile to show up in any Google search that includes your name. But you can change the settings to make your profile less Google-able. And while you’re at it, you can also set limits on who can send you friend requests and look you up using the email address or phone number tied to your account.

On a computer: Click your profile picture in the top right of the Facebook home page > Settings & privacy > Settings > Privacy > Do you want search engines outside of Facebook to link to your profile? > Edit > Click the check box on the bottom > Turn Off.

Then on the same page, select “Who can look you up using the phone number you provided?” > Only me. Do the same for “Who can look you up using the email address you provided?”

Limit Who Sees Your Photos and Posts

It can be fun to share the details of your life with family members and friends, but it’s less amusing to serve up that data to criminals who comb Facebook pages for personal details to use in identity-theft scams. If you leave your info open to the public, anyone can discover your birth date, mother’s maiden name, and passion for poodles.

Each time you post a new photo, video, or status update, Facebook’s interface gives you the option to keep the news among your friends. You can even exclude certain pals—like, say, your boss or a nosy neighbor.

That’s a good practice going forward, and it’s also easy to go back to your old posts and limit the audience retroactively. That way, you can make certain you’re not sharing telltale details with people you don’t know. While you’re at it, you can change the default audience so that your future posts are more private automatically.

On a computer: Click your profile picture in the top right of the Facebook home page > Settings & privacy > Settings > Privacy > Who can see your future posts? > Edit. Select “Friends” or another group you may have set up.

Then on the same page, click “Limit the audience for posts you’ve shared with friends of friends or Public?” Select “Limit Past Posts.”

Take Some Control Over Targeted Ads

There isn’t much you can do to keep your information away from Facebook’s marketing services. But there is a lot you can do to take some control over the kinds of ads you see (in fact, we’ve written a whole guide to controlling annoying or upsetting ads).

There are three Facebook settings worth thinking about. The first is “Data about your activity from partners.” The specifics are complicated, but the bottom line is that if you turn the setting off, Facebook says it will avoid using some of the data it gets about what you do on other companies’ websites and services for its own ads.

The second is “Ads shown off of Facebook.” Facebook doesn’t just show you ads on Facebook; the company’s ad system runs all over the internet and even in other apps. The “Ads shown off of Facebook” setting determines whether advertisers can use information based on your Facebook activity to target you on other platforms.

Finally, you’ve probably seen Facebook ads that list your friends’ names: “So-and-so likes . . . .” That’s because Facebook lets advertisers use your name and products you “like”—Girl Scout Cookies, Starbucks coffee, Ford trucks—in ads pitched to people in your network. You can turn off the “Social Interactions” setting to put a stop to it.

On a computer: Click your profile picture in the top right of the Facebook home page > Settings & privacy > Settings > Ads > On the left-hand side, select “Ad Settings” > Select “Data about your activity from partners” and turn the toggles off. Then do the same for “Ads shown off of Facebook” and “Social Interactions.”

(Facebook has recently been rolling out updates to its advertising settings. The last few instructions may be slightly different on some accounts, but they will be close enough that you should be able to find your way.)

Avoid Ads on Sensitive Subjects

You can’t turn off Facebook ads, but you can try to avoid ads on certain topics. If there’s a subject or a brand you want to avoid, you can type it into a search bar and you may be able to limit whether those ads are delivered to you. Facebook also recommends a few subjects that are commonly sensitive for some people, including alcohol, gambling, parenting, pets, politics, and weight loss. However, the company doesn’t guarantee you’ll never see ads on any of these topics, even if you turn them off.

There are also additional ways you can adjust your social media feed for a healthier and more pleasant experience.

On a computer: Click your profile picture in the top right of the Facebook home page > Settings & privacy > Settings > Ads > Ad Topics > Click the search bar to see some recommended selections, or search for the topic you want to avoid. Click on the topic, and select “See fewer.”

Prevent Facebook From Following You on Other Websites

As we discussed above, Facebook’s data collection doesn’t stop when you leave the platform. If you’ve ever gone to a website that uses Facebook services—Like and Share buttons, Facebook Login, or the company’s invisible analytics tools—you’ve provided info on the stories you’ve read, the videos you’ve watched, and the products you’ve looked at.

“If those buttons are on the page, regardless of whether you touch them, Facebook is collecting data,” says Casey Oppenheim, a co-founder of the digital security firm Disconnect.

Millions of websites also use Facebook’s hidden tracking “pixels” that give you no visual clue you’re being monitored. There’s no foolproof way to stop that surveillance—and no way at all through Facebook’s settings. You can, however, install an ad blocking extension such as Disconnect, uBlock, or Privacy Badger on your browser to disrupt Facebook’s efforts to track you online.

The Mozilla Foundation, the nonprofit organization behind the Firefox browser, has designed an ad blocker specifically for this task. It’s called Facebook Container, and it uses a unique browser tab to wall off the social media platform from the rest of your online activity. It takes only a few clicks to install the Facebook Container extension for Firefox.

(Consumer Reports uses Facebook’s services, too. For details on the data we collect, consult our privacy policy.)

Decide Who Can Message You

When someone you aren’t friends with tries to contact you, their messages generally get sent to a “message requests” folder.

You won’t get a notification about these messages, and Facebook lets you read them without telling the other person you’ve taken a look. That gives you a little preview before you decide to open up a dialog.

However, you can decide not to receive these messages at all. Or you can go in the other direction with some kinds of connections and have messages open up straight to a regular chat. Because the company combined the messaging platforms on Instagram and Facebook Messenger, there are also some options for communicating with Instagram followers you haven’t friended on Facebook.

Facebook allows for some fine-tuning. You can make specific choices for different categories of people, such as friends of friends.

On a browser: Click your profile picture in the top right of the Facebook home page > Settings & privacy > Settings > Privacy > Under “How you get message requests,” tap the various potential connections to choose how you want to be contacted.

Protect Your Privacy on Facebook's Sibling Products

Adjusting your Facebook settings is a great first step toward protecting your privacy. But the apps on your phone and the services you use online unite to form an entire data ecosystem, and you should take the whole picture into account.

If you use Facebook’s—or now Meta’s—Instagram and WhatsApp, lock down your settings on those products, too. (And now that you’re on a roll, consider doing the same for other services, such as Google and even LinkedIn.)

Clean Up Your Friends List

The people on your friends list can jeopardize your privacy, sometimes without even knowing it.

While Facebook closed the loophole that allowed the 2014 data leak that led to the Cambridge Analytica scandal, there are plenty of other ways friends can let you down—by posting inappropriate content, for example, or falling for scams that permit accounts to be hacked.

That’s why it’s best not to maintain Facebook “friendships” with people you don’t really know (e.g., your best friend’s sister’s yoga instructor). Facebook doesn’t make it easy to delete large groups of friends. You have to go to your Facebook profile, select people to dismiss one at a time, hover over a drop-down menu, and choose “Unfriend.”

To make the process a little easier, consider using the “birthday method.” When you log in to Facebook, check the birthday notifications the app has sent you, and for each one decide whether to send out well wishes or to quietly unfriend people you’re willing to part with. This can help you keep your account more secure.

How Targeted Ads Work

Do you often see online ads that relate to your likes and hobbies? On the “Consumer 101” TV show, Consumer Reports expert Thomas Germain explains to host Jack Rico what targeted ads are and how they work.


Headshot of CR editor Thomas Germain

Thomas Germain

I want to live in a world where consumers take advantage of technology, not the other way around. Access to reliable information is the way to make that happen, and that's why I spend my time chasing it down. When I'm off the clock, you can find me working my way through an ever-growing list of podcasts. Got a tip? Drop me an email ( thomas.germain@consumer.org) or follow me on Twitter ( @ThomasGermain) for my contact info on Signal.