Social media privacy settings

{{whyLabel}}: Reusing passwords is the #1 cause of account takeovers; a manager ensures unique, complex keys for every platform.

{{howLabel}}:

• Download a trusted open-source tool like Bitwarden or Proton Pass.
• Generate a strong Master Password (at least 15 characters, no personal info).
• Import existing passwords and identify duplicates to change them.

{{doneWhenLabel}}: All social media logins are stored in the manager with unique, 16+ character passwords.

{{whyLabel}}: SMS-based 2FA is vulnerable to SIM-swapping; app-based TOTP (Time-based One-Time Password) is significantly more secure.

{{howLabel}}:

• Install a privacy-respecting app like 2FAS, Aegis (Android), or Ente Auth.
• Go to Security settings on each platform and select 'Authenticator App' as the primary method.
• Scan the QR code and save the backup recovery codes in your password manager.

{{doneWhenLabel}}: 2FA is active on all accounts and backup codes are securely stored.

{{whyLabel}}: Passkeys are the 2025 standard for phishing-resistant logins, replacing passwords with biometric or hardware-backed keys.

{{howLabel}}:

• Check 'Security' settings on Google, Meta, and X for 'Passkeys' support.
• Follow the prompts to link your device (FaceID, TouchID, or Windows Hello).
• Use your password manager to store the passkey for cross-device access.

{{doneWhenLabel}}: You can log into your main accounts without a password using biometrics.

{{whyLabel}}: Knowing which of your accounts were part of a data leak allows you to proactively secure them before they are exploited.

{{howLabel}}:

• Visit haveibeenpwned.com and enter all current and old email addresses.
• Review the list of breaches and identify which services leaked your data.
• Immediately change passwords for any service listed that you still use.

{{doneWhenLabel}}: You have a list of compromised accounts and have updated their credentials.

{{whyLabel}}: Seeing what a stranger or employer sees is the first step to removing unwanted public information.

{{howLabel}}:

• Open an Incognito/Private window.
• Search "[Your Full Name]" and variations (e.g., with your city or employer).
• Check the first 3 pages of results and the 'Images' tab for old profiles or photos.

{{doneWhenLabel}}: You have identified specific URLs or images that need to be deleted or hidden.

{{whyLabel}}: Data brokers scrape social media to sell your home address and phone number to marketers and scammers.

{{howLabel}}:

• Identify sites like Whitepages, Spokeo, or BeenVerified that list your info.
• Use their manual 'Opt-out' forms (usually found in the footer).
• Alternatively, use a generic template to send GDPR/CCPA deletion requests.

{{doneWhenLabel}}: Opt-out requests have been submitted to at least 3 major data broker sites.

{{whyLabel}}: By default, Meta uses your public posts and photos to train its generative AI models.

{{howLabel}}:

• Navigate to Settings & Privacy > Privacy Center.
• Select AI at Meta and look for the 'Object' or 'Objection Request' link.
• Fill out the form stating you do not want your data used for AI training (mention privacy concerns).

{{doneWhenLabel}}: Objection form submitted and confirmation email received.

{{whyLabel}}: A public account allows anyone to scrape your photos and location history.

{{howLabel}}:

• Go to Settings and activity > Account privacy.
• Toggle Private account to ON.
• Review your 'Followers' list and remove any accounts you don't recognize.

{{doneWhenLabel}}: Only approved followers can see your content.

{{whyLabel}}: Facebook tracks your behavior on other websites and apps to build a shadow profile.

{{howLabel}}:

• Go to Settings > Your Information > Off-Facebook Activity.
• Select Disconnect Future Activity.
• Click Clear Previous Activity to delete the existing history Meta has stored.

{{doneWhenLabel}}: Future tracking is disabled and history is cleared.

{{whyLabel}}: This 2025 feature allows Meta to scan your local photos for AI suggestions even if you don't post them.

{{howLabel}}:

• Open Facebook Settings > Media.
• Find Camera Roll Cloud Processing (or similar AI photo settings).
• Ensure the toggle is OFF (Gray).

{{doneWhenLabel}}: Meta no longer has access to unposted photos in your device gallery.

{{whyLabel}}: X uses your posts and interactions to train its 'Grok' AI by default.

{{howLabel}}:

• Go to Settings and privacy > Privacy and safety.
• Scroll to Data sharing and personalization > Grok.
• Uncheck the box that allows X to use your data for training.

{{doneWhenLabel}}: The Grok training toggle is disabled.

{{whyLabel}}: Public tweets are indexed by search engines and AI scrapers instantly.

{{howLabel}}:

• Navigate to Settings > Privacy and safety > Audience and tagging.
• Enable Protect your posts.
• Disable Photo tagging to prevent others from linking your face to their posts.

{{doneWhenLabel}}: A lock icon appears next to your profile name.

{{whyLabel}}: LinkedIn uses your professional content to improve its AI writing and suggestion tools.

{{howLabel}}:

• Click your profile icon > Settings & Privacy.
• Go to Data Privacy > Data for Generative AI Improvement.
• Toggle the switch to Off.

{{doneWhenLabel}}: LinkedIn will no longer use your data for future AI model training.

{{whyLabel}}: By default, people are notified when you view their profile, which can reveal your interests or intentions.

{{howLabel}}:

• Go to Settings > Visibility > Profile viewing options.
• Select Private mode (Anonymous LinkedIn Member).
• Note: This may disable your ability to see who viewed your profile unless you have Premium.

{{doneWhenLabel}}: You can browse profiles without being identified.

{{whyLabel}}: TikTok's data collection is extensive; a private account limits who can see your activity and videos.

{{howLabel}}:

• Go to Settings and privacy > Privacy.
• Toggle Private account to ON.
• Disable Suggest your account to others to stop TikTok from promoting your profile to contacts.

{{doneWhenLabel}}: Your profile is hidden from the general public and recommendation algorithm.

{{whyLabel}}: Google is the central hub for most users; securing it protects your search history, location, and YouTube data.

{{howLabel}}:

• Visit myaccount.google.com/privacycheckup.
• Disable Web & App Activity and Location History (Timeline).
• Set 'Auto-delete' for activity older than 3 months.

{{doneWhenLabel}}: All steps in the Google Privacy Checkup are completed and tracking is minimized.

{{whyLabel}}: Many apps maintain access to your social media data years after you stop using them.

{{howLabel}}:

• In each platform (FB, IG, Google, X), find the Apps and Websites or Connected Apps menu.
• Remove any app you haven't used in the last 6 months.
• Pay special attention to old 'Quiz' apps or 'Login with...' services.

{{doneWhenLabel}}: Only essential, currently used apps have access to your accounts.

{{whyLabel}}: Privacy settings are frequently reset or changed by platforms during updates.

{{howLabel}}:

• Create a recurring calendar event every 3 months titled "Digital Privacy Audit".
• During the audit, re-check AI opt-outs and 2FA status.
• Review your 'Friends/Followers' list for any suspicious accounts.

{{doneWhenLabel}}: A recurring reminder is set in your calendar.