Facing Facebook

or, How to join Facebook without giving up all of your and your friends’ privacy.

Two years ago, I quit Facebook over my serious reservations about its pervasiveness and its methodical, ratcheting disregard for privacy.

However, it is a part of the social fabric for many people, and I was recently asked how I would approach protecting my privacy on Facebook were I to join it again.

If you're going to use Facebook, this is a guide for how to use it with your eyes open.

To write this guide, I will be setting up a new Facebook account for myself.

There are varying degrees to which you can protect your privacy, both from prying eyes of strangers on the internet, and from Facebook itself. I am looking for a happy path that preserves most of the usefulness while limiting Facebook’s ability to manipulate you, and accrue and misuse private information about you.

In short

  • Use a strong password you don’t use elsewhere.
  • Tighten your privacy settings.
  • Don’t use facebook for everything.
  • Fortify your web browser with better settings and extensions. This will improve your overall experience on the web, too.
  • Don’t install the Facebook apps on your phone/tablet.

Keep Facebook from tracking you across the web

Everytime you see a like button on a website, Facebook knows you’ve been there. Even if you don’t click it. They could conceivably some day share this intentionally or accidentally. Consider

  • Using incognito mode or a separate browser to access Facebook
  • installing a tool like Privacy badger that blocks third party trackers

See tools below for more info on setting this up.

Keep Facebook from tracking you in the real world

Facebook has a number of ways it can track where you are physically. If you want to avoid this:

  • Ask your friends not to tag you in photos nor “check you in” at events/places
  • Do the same for your friends
  • Don’t install the apps on your phone/tablet

Facebook wants to know everything about you and your friends

The first thing Facebook will ask you for when you sign up is your login info for your email account so they can log into it, download your contacts, and recommend friends.

step one: tell us your email password

My advice is to never to give Facebook this information. This compromises the privacy of your friends who aren’t even on Facebook, and your own privacy. Just press the very small “skip” button at the very bottom of that page.

I also advise against installing Facebook’s mobile application on Android, which gives Facebook carte blanche over everything on your phone. I am not sure how bad it is on iPhone.

Here’s the permissions Facebook wants on Android:

page one of screenshot of Facebook asking for literally every permissionpage two of screenshot of Facebook asking for literally every permission

Use the mobile site instead.

Privacy settings

Go to your account settings and tune the privacy settings to your liking:

At the time of this writing I would pay special attention to these settings, setting each one to “Friends” or “Only Me”


Privacy settings

Timeline and Tagging

Timeline and tagging settings


Apps settings


Ads settings

Review these settings every year on your birthday. You will know it’s your birthday because everyone on Facebook will post “Happy Birthday”. Facebook has been known to add new settings and generally make it a pain to have sane settings that remain sane.

Also review your profile (click your name in the top right) and hide your birth year and anything else you consider private. By default Facebook shows your birth year to friends of friends.


You should try to isolate your day-to-day web browsing from your Facebook use. This will help prevent Facebook from sharing your personal information with third-parties and from Facebook learning what sites you visit.


  • Use an incognito window (instructions for Chrome and Firefox)
  • or use a wrapper like Fluid App as a dedicated Facebook browser. If you use Safari as your main browser, you will need to buy Fluid Pro for full isolation. Also turn off extensions in preferences.

Additionally: Use a modern web browser, like Firefox or Chrome, and configure it to reject third party cookies. Install browser extensions that help protect your privacy like:

  • Privacy Badger blocks Facebook (and other trackers) from seeing what sites you visit.
  • HTTPS Everywhere ensures that you have an encrypted connection when possible. This is not directly relevant to your privacy on Facebook but is relevant to your privacy.

These extensions are both from the EFF, the Electronic Frontier Foundation, an organization I trust.


So you’ve joined Facebook. That doesn’t mean you need to do everything over Facebook. You can also still:

Use email

It’s more personal and more likely to be seen. Did you know that Facebook chooses what posts to show your friends? Set up a mailing list or google group. I did this when I travelled last year as an alternative to posting on Facebook. It seems more personal to have an email list that goes out to 10 real friends than posting to the void of Facebook. I used mailchimp for my one-way mailing list (replies went straight to me rather than to the list)

Complement Facebook with other online services

  • Use a different app for instant messaging
  • Coordinate get-togethers using better tools than Facebook events, like doodle
  • Start a blog. It’s easy. Try medium, or Blogger, or Tumblr.

Go offline

  • Call or text
  • Have a cup of coffee or tea with someone
  • Write a letter and put it in the mail

Thanks for reading

Writing this guide has reminded me how difficult it is to use Facebook in a privacy-conscious way. Hopefully you’ve found this guide helpful. Comments welcome by email: wayfinding@henrich.me, or twitter.

There are some good comments and suggestions on this post on Hacker News.

Aside from not using Facebook, I offer some half-joking suggestions on even more extreme ways to privacy in the following sections.

Extreme privacy mode

  • Set up and use a new email address to sign up for Facebook so it can’t be automatically associated with your friends address books.
  • Pick a new psuedonymous last name

Super extreme privacy mode

Facebook runs facial recognition on photos to suggest tags. Walk around in real life wearing facial camouflage to confound it.

facial camouflage

(image credit cvdazzle.com–used with permission1)

Consider moving to Germany, where you are covered by European data protection laws and can at least see what Facebook knows about you

  1. This photo has an interesting license requirement, namely that it may not be used on sites that use third-party trackers. This site complies with that. According to that license, you have my permission to freely reproduce this post, except for the cvdazzle image, under the creative commons by-nc-sa license.