In the weeks since the Facebook privacy scandal broke, the #DeleteFacebook hashtag spiked on Twitter, Congress summoned CEO Mark Zuckerberg to testify, and the Federal Trade Commission opened an investigation into whether Facebook's actions related to Cambridge Analytica, a political consulting firm, violated a 2011 consent order.

Early reports said that about 50 million people had their profile information and "likes" harvested—without permission—by a third-party quiz app. Facebook has since raised that estimate to 87 million.

Yet the problem goes far beyond Cambridge Analytica, and Facebook acknowledged to the Washington Post that data on most of the company’s 2 billion users has probably been accessed by outsiders without permission.

All of this serves as an unsettling reminder to Facebook users of the scope of the company's data collection efforts, and the challenges in keeping all that private info secure.

There are ways to protect yourself, detailed below. But consumer advocates say more needs to be done by regulators and Facebook itself.

"The FTC has to investigate," says Jessica Rich, Consumer Reports' vice president of consumer policy and mobilization, who was one of the FTC officials charged with overseeing the agency's 2011 investigation into Facebook's privacy practices. 

"However, the problem of detailed profiling and targeting of consumers for marketing and political purposes stretches beyond Facebook,” Rich says. “We’d like to see Congress finally take action to pass a comprehensive law protecting consumer privacy."

In a statement responding to the FTC announcement, Rob Sherman, Facebook's deputy chief privacy officer, said: "We remain strongly committed to protecting people's information. We appreciate the opportunity to answer questions the FTC may have."

More on Privacy

Since the scandal broke in March, Facebook has announced a series of changes to the platform's policies and settings.

Most recently, in early April, the company announced it was placing new restrictions on the data that third-party developers can collect. First, the company said that developers would need permission to use several of the company's APIs, or application program interfaces, that let outside companies provide services to Facebook users. And, even developers with permission wouldn't be able to collect as much data.

For instance, if users let a calendar app see their Facebook Events, the app won't be able to access the guest list. Apps won't be able to see the members of a Facebook group, even if a group administrator uses the app to help post content. And apps that use Facebook Login will no longer be able to access information such as political views, relationship status, and news and video consumption.

The company has also said it would curtail its use of consumer information from outside data brokers.

In the meantime, while some Facebook users have decided to suspend or delete their accounts, many are just looking for better ways to enhance their privacy on the platform.

Here's what you can do.

Put the brakes on third-party data collection. All those mobile apps, plug-ins, games, and websites that you linked to your Facebook account via Facebook Login gather info on you, too. For a complete list, visit the Apps section in Facebook’s Settings menu. To close the door on that snooping, you can turn off Facebook Platform, the utility that houses the apps and services created by those third-party developers. Go to Settings, select Apps, and click on the box titled Apps, Websites, and Plugins. Keep in mind that you will no longer be able to access the unlinked apps and services using your Facebook Login, so you may want to create new logins and passwords before you shut off Facebook Platform.

Limit Facebook tracking with ad blockers or anti-trackers. Many online sites feature code that tells Facebook what pages you visit. They do this by embedding on your computer tiny data files known as cookies and hidden images known as web beacons that track your movements, analyzing what you watch and read. You can cut down on this by installing a blocking extension (such as Disconnect, Ublock, or Privacy Badger) on your web browser. They only take a few seconds to download and activate.

One more thing: Like most websites, CR.org also collects user data. You can get the details on our privacy policy and our approach to privacy, including our policy positions, here.

Use Firefox Container. The Mozilla Foundation, the nonprofit organization behind the Firefox browser, has released an extension called Facebook Container. In a blog post, the company explains that the browser extension "makes it harder for Facebook to track your activity on other websites via third-party cookies." To use it, download Firefox, go to the Firefox Add-ons page for Facebook Container, and click the Add to Firefox button. 

Do this, and you'll be logged out of Facebook, the documentation explains. When you navigate to Facebook the browser will open a new window. There, you can log back in and use Facebook normally. Essentially, the "container" blocks Facebook cookies and impedes communication between Facebook and other sites. You may have trouble using Facebook Login on other sites, but in exchange your privacy will be enhanced.  

Disable Location Services. By default, Facebook gathers location data and uses it for status updates and photo uploads. You can turn off location services from within the Facebook app or from a phone's own settings. On an iPhone, go to Settings > Privacy > Location Services > Facebook and choose the Never option. Android users can go to Settings > Apps & Notifications > App Permissions > Location Permissions > Facebook, and slide the bar to the Off position.

Use two-factor authentication. Turn it on, and Facebook will require a verification code whenever your account is accessed from an unverified location, computer, browser, or phone. Facebook sends the code to an email or mobile number you've designated, and you need to enter the code, along with your usual login credentials, to gain access to the account. It adds a layer of protection against unauthorized access. To activate this feature using a laptop, go to Facebook's Account Settings menu, select Security and Login, tap "Use two-factor authentication," and click on the Set Up link.

Make yourself harder to find. Using the "Who can look me up?" section of Facebook's Privacy Settings and Tools menu, you can control who can find you using your email address or phone number, and whether or not search engines can link to your profile. The Privacy Checkup tool will show you what information, such as your email address and birthday, is visible to friends and to the public.

Control who can see your posts. To do this, use the drop-down menu right next to the Post button. Choices include friends, the public, groups you belong to, and an option to build your own custom list. You can choose specific people to block (i.e. your direct superior in a workplace group you belong to.) This feature is not exclusive to statuses—photo albums can have custom viewer lists, too.

Choose who can add to your timeline. Enabling Timeline Review lets you control what’s allowed on your timeline by requiring you to approve each post. Notices asking for you to approve posts appear in the Activity Log portion of your profile page, alongside an overview of your Likes and images you’ve been tagged in.

Facebook allows users to add their friends to a group without consent; it's a sometimes problematic feature, as Mark Zuckerberg once famously experienced. While there is no way to keep this from happening, you can use the Activity Log to see if you have been added to any groups. (You can then permanently remove yourself, if you choose.)

Stop your likes from becoming advertisements. You've probably seen posts reading "So-and-so likes this" with a sponsored link and a Like Page button. While you may like a company or group in the non-Facebook sense, that doesn't mean you want to publicly endorse it. To opt out of this, go to the Ads section of the Settings menu and change the "Ads with my social actions" option to "No one." This area of Settings also allows you to control whether Facebook can target you with ads based on your online activity.