Social media privacy settings

Why: Reusing passwords is the #1 cause of account takeovers; a manager ensures unique, complex keys for every platform.

How:

• Download a trusted open-source tool like Bitwarden or Proton Pass.
• Generate a strong Master Password (at least 15 characters, no personal info).
• Import existing passwords and identify duplicates to change them.

Done when: All social media logins are stored in the manager with unique, 16+ character passwords.

Why: SMS-based 2FA is vulnerable to SIM-swapping; app-based TOTP (Time-based One-Time Password) is significantly more secure.

How:

• Install a privacy-respecting app like 2FAS, Aegis (Android), or Ente Auth.
• Go to Security settings on each platform and select 'Authenticator App' as the primary method.
• Scan the QR code and save the backup recovery codes in your password manager.

Done when: 2FA is active on all accounts and backup codes are securely stored.

Why: Passkeys are the 2025 standard for phishing-resistant logins, replacing passwords with biometric or hardware-backed keys.

How:

• Check 'Security' settings on Google, Meta, and X for 'Passkeys' support.
• Follow the prompts to link your device (FaceID, TouchID, or Windows Hello).
• Use your password manager to store the passkey for cross-device access.

Done when: You can log into your main accounts without a password using biometrics.

Why: Knowing which of your accounts were part of a data leak allows you to proactively secure them before they are exploited.

How:

• Visit haveibeenpwned.com and enter all current and old email addresses.
• Review the list of breaches and identify which services leaked your data.
• Immediately change passwords for any service listed that you still use.

Done when: You have a list of compromised accounts and have updated their credentials.

Why: Seeing what a stranger or employer sees is the first step to removing unwanted public information.

How:

• Open an Incognito/Private window.
• Search "[Your Full Name]" and variations (e.g., with your city or employer).
• Check the first 3 pages of results and the 'Images' tab for old profiles or photos.

Done when: You have identified specific URLs or images that need to be deleted or hidden.

Why: Data brokers scrape social media to sell your home address and phone number to marketers and scammers.

How:

• Identify sites like Whitepages, Spokeo, or BeenVerified that list your info.
• Use their manual 'Opt-out' forms (usually found in the footer).
• Alternatively, use a generic template to send GDPR/CCPA deletion requests.

Done when: Opt-out requests have been submitted to at least 3 major data broker sites.

Why: By default, Meta uses your public posts and photos to train its generative AI models.

How:

• Navigate to Settings & Privacy > Privacy Center.
• Select AI at Meta and look for the 'Object' or 'Objection Request' link.
• Fill out the form stating you do not want your data used for AI training (mention privacy concerns).

Done when: Objection form submitted and confirmation email received.

Why: A public account allows anyone to scrape your photos and location history.

How:

• Go to Settings and activity > Account privacy.
• Toggle Private account to ON.
• Review your 'Followers' list and remove any accounts you don't recognize.

Done when: Only approved followers can see your content.

Why: Facebook tracks your behavior on other websites and apps to build a shadow profile.

How:

• Go to Settings > Your Information > Off-Facebook Activity.
• Select Disconnect Future Activity.
• Click Clear Previous Activity to delete the existing history Meta has stored.

Done when: Future tracking is disabled and history is cleared.

Why: This 2025 feature allows Meta to scan your local photos for AI suggestions even if you don't post them.

How:

• Open Facebook Settings > Media.
• Find Camera Roll Cloud Processing (or similar AI photo settings).
• Ensure the toggle is OFF (Gray).

Done when: Meta no longer has access to unposted photos in your device gallery.

Why: X uses your posts and interactions to train its 'Grok' AI by default.

How:

• Go to Settings and privacy > Privacy and safety.
• Scroll to Data sharing and personalization > Grok.
• Uncheck the box that allows X to use your data for training.

Done when: The Grok training toggle is disabled.

Why: Public tweets are indexed by search engines and AI scrapers instantly.

How:

• Navigate to Settings > Privacy and safety > Audience and tagging.
• Enable Protect your posts.
• Disable Photo tagging to prevent others from linking your face to their posts.

Done when: A lock icon appears next to your profile name.

Why: LinkedIn uses your professional content to improve its AI writing and suggestion tools.

How:

• Click your profile icon > Settings & Privacy.
• Go to Data Privacy > Data for Generative AI Improvement.
• Toggle the switch to Off.

Done when: LinkedIn will no longer use your data for future AI model training.

Why: By default, people are notified when you view their profile, which can reveal your interests or intentions.

How:

• Go to Settings > Visibility > Profile viewing options.
• Select Private mode (Anonymous LinkedIn Member).
• Note: This may disable your ability to see who viewed your profile unless you have Premium.

Done when: You can browse profiles without being identified.

Why: TikTok's data collection is extensive; a private account limits who can see your activity and videos.

How:

• Go to Settings and privacy > Privacy.
• Toggle Private account to ON.
• Disable Suggest your account to others to stop TikTok from promoting your profile to contacts.

Done when: Your profile is hidden from the general public and recommendation algorithm.

Why: Google is the central hub for most users; securing it protects your search history, location, and YouTube data.

How:

• Visit myaccount.google.com/privacycheckup.
• Disable Web & App Activity and Location History (Timeline).
• Set 'Auto-delete' for activity older than 3 months.

Done when: All steps in the Google Privacy Checkup are completed and tracking is minimized.

Why: Many apps maintain access to your social media data years after you stop using them.

How:

• In each platform (FB, IG, Google, X), find the Apps and Websites or Connected Apps menu.
• Remove any app you haven't used in the last 6 months.
• Pay special attention to old 'Quiz' apps or 'Login with...' services.

Done when: Only essential, currently used apps have access to your accounts.

Why: Privacy settings are frequently reset or changed by platforms during updates.

How:

• Create a recurring calendar event every 3 months titled "Digital Privacy Audit".
• During the audit, re-check AI opt-outs and 2FA status.
• Review your 'Friends/Followers' list for any suspicious accounts.

Done when: A recurring reminder is set in your calendar.