Earlier this year, AVG discontinued its PrivacyFix browser extension, which helped thousands of people monitor and manage the privacy settings on their Facebook and Google accounts. AVG says old users might still be able to use the extension, but it will no longer receive support, updates, bug fixes, or maintenance. New users may no longer download the product.
A similar tool used to scan Facebook privacy settings, ReclaimPrivacy, was also recently discontinued. The old version no longer works with Facebook.
While many people found PrivacyFix and ReclaimPrivacy useful, they did not accomplish anything everyday users could not accomplish themselves. We’ll guide you through the steps to secure your privacy on all accounts and apps in much the same way, manually.
Facebook’s privacy and security settings are actually quite thorough and granular, but they are scattered about among several different menus. On a desktop browser, start by opening Facebook and clicking the question mark icon in the top right corner. Click the “privacy shortcuts” option from the dropdown.
You’ll see three main options in another dropdown menu, possibly in addition to a “privacy checkup,” which may or may not appear.
Click “Who can see my stuff?” and change the tab under “Who can see my future posts?” to “Friends” (or “Only me”, if you prefer to use Facebook as a personal diary instead of a social network).
Next, under “Who can contact me?”, you can optionally change who is allowed to send you friend requests to “Friends of friends.”
Under the final section, “How do I stop someone from bothering me?”, you can type the names of anyone you don’t wish to contact you, such as salespeople, scammers, and harassers.
At the bottom of this menu, click “See more settings.” This will direct you to a page where you can opt to prevent people looking you up based on your email or phone number. It’s a good idea to do so to stop scammers and spammers who might have obtained your contact info through other means.
On the left sidebar, click the link that says “Security and Login” with a shield icon. The privacy settings we’re most concerned with here are two-factor authentication, App Passwords, Your Browsers and Apps, and Where You’re Logged In.
- “Choose 3 to 5 friends to contact if you get locked out” — it’s a good idea to set this up. If a hacker somehow gains access to your account, the first thing they will do is attempt to lock you out by changing the password, recovery email, and other login details. This step will prevent that from happening.
- “Where you’re logged in” — If you get a new phone or logs in on another person’s device, this list is important. It’s a log of devices that don’t require identity confirmations or send notifications when logged in. Remove any that aren’t among your current devices by clicking the three dots and selecting “log out”. If you don’t recognize a device at all, click the “Not you” option to alert Facebook.
- “Set up two-factor authentication” — Whenever logging in from a new device, a code will be sent to your phone as an extra layer of security. You will have to add a phone number if you haven’t already.
- “Get alerts about unrecognized logins” — In case your account gets hacked, this will alert you so you can respond as quickly as possible.
Now head to the “Timeline and tagging” tab on the left sidebar of this page. Change all of these settings to “Friends” when available. You may also opt to review any photos or statuses that you are tagged in before the tag appears publicly.
Onto the Public Posts tab. A follower is another Facebook member who can view your profile and posts but is not friends with you. Because I use Facebook to help promote the things I write, I left this one on. But for those of us without a public image to keep up, it’s best to turn it off.
Finally, the Apps section. This is the most overlooked part of Facebook’s privacy settings, and that’s likely intentional. Apps collect users’ personal data and use it to target advertisements, recommendations, and promotions. Advertising is Facebook’s primary source of revenue, which is likely why this is tucked away in another section separate from the user-to-user privacy settings.
Every time you authorize an account on a third-party site or app with Facebook, i.e. you log into an app with Facebook instead of creating a new account with an email and password, it ends up here. You’ll want to remove apps you don’t use and limit the permissions on the ones you do. After that, you’ll probably want to block your friends’ apps from gathering info on you as well. This is a more involved process that we’ve detailed in a separate post about modifying and removing apps.
When logged into a Google service like Gmail or Google+ on a desktop browser, navigate to myaccount.google.com. Then click “Sign-in and security.”
Here you can set up two-step authentication, a recovery email, recovery phone, and secret question. A list of any security incidents will be shown under “Recent security events.” These include password changes and logins from new devices. Under “Recently used devices”, make sure you recognize all of the phones and computers used to access your account. Remove any that don’t seem familiar or that you no longer use. Under “Security alert settings,” you can decide how Google should contact you in case of an attempted breach and less critical account activity.
In the next section, “Connected apps and sites,” you can view a full list of all the places where you’ve logged in using your Google account, along with their associated permissions. Just like Facebook, remove any that you either don’t recognize or don’t use anymore. For those you do approve of, click on them to see a more detailed list of permissions. You can click “edit list” when it appears to get rid of as many of those permissions as possible, while still keeping the app functional. Not every app lets you do this, though.
At the very bottom of this page, you can choose to toggle off apps that use less secure sign-in technology. Unless you have a particular app or apps that need to use this, it’s best to turn it off.
In the left sidebar, we can move onto the next section: Personal Info and Privacy.
In the first section, “Your personal info,” you can set things like phone number, recovery email, screen name, and birthday. Excluding the “About Me” part, none of these details are made public by default, and are only known to Google. We recommend you toggle off Location Sharing. If you click on Search Settings, you can opt out of personalized service like search history and private results. That doesn’t mean Google will stop collecting the information used to provide those services, however. The only way to do that is to stop searching with Google altogether.
Next, under Activity Controls, toggle off everything for maximum privacy. You can also delete past account activity by clicking “Manage activity,” checking all the boxes, and hitting “DELETE”. These include Youtube videos, locations, and searches.
Click the link in the next section that says “Manage ad settings”, where you can toggle off interest-based ads. Again, this doesn’t mean Google will stop collecting the information needed to provide these ads, you’ll just stop seeing them. We’re not done yet, however, as this only changes what you see on web pages owned by Google. To stop interest-based ads on other sites, scroll down and click the button that says “Control signed out ads.” This will bring you to an almost identical-looking page, where you can again toggle the switch to opt out.
Finally, the next section will be the last we cover here. Under Account Overview, click the link for your Google dashboard. This will bring up a list of every Google service your account is connected to. Disconnect any that you no longer use or don’t recognize.
PrivacyFix’s other function was to show what web sites are tracking you and stopping them from doing so. Several anti-tracking extensions are available for both Firefox and Chrome browsers, but we highly recommend Disconnect. Just install it and let it do its thing. Clicking on the icon will show you relevant stats about the website you are currently visiting.