Ignoring Facebook's privacy options--some of them fairly new and not well known--can trip up the social-networking site's users in a number of ways. Here are some that everyone who has a Facebook account should be aware of.
Note: Take a look at this Privacy Watch column for another discussion of privacy on Facebook. And if you have a Facebook account, you may have a Twitter account as well. See our companion article on avoiding Twitter disasters.
Oversharing With the Boss
The disaster: Ann played hooky from work, calling in sick, and spent the day sunbathing, updating her Facebook status on her laptop all the while. The next day, her boss confronted her with the evidence that she wasn't really ill, causing severe embarrassment and a reprimand (plus a day of docked pay).
The solution: In this day and age, professional and personal lives often become intertwined, and Facebook can be ground zero for this. You might momentarily forget that you have "friended" your boss, and that he has the same access to your ramblings on Facebook as do your real-life drinking buddies. But you can change that.
Using Facebook's Lists settings might have made the most sense for Ann. Lists, one of the newer features of Facebook, allow you to organize people into groups and then assign each group different levels of access to your information on Facebook.
Lists let you set who can see what on your profile. For example, if you've added someone as a friend but aren't sure about them, you can relegate them to a list that you name "Limited Profile," which will limit how much of your profile that person may view and interact with. You can also create lists for work, school, special projects, or anything else, but by default the lists don't change how your profile displays.
To work with Lists, click the Friends button (top bar) and +Create in the left column under Lists-or just put people on any list by using the 'Add to list' drop-down menu next to their name.
Next, you need to specify how much of your information on Facebook members of each list can see. To do this, visit the Privacy Settings page (hover over 'Settings' in the top right of the screen, and click Privacy Settings inside the box that pops up; or go to www.facebook.com/privacy), then select Profile. Here, select Customize... from the drop-down menu next to whichever section you'd like, and type the name of the list in the box under 'Except These People'. For Ann, dropping her workmates into a "work" list and dialing down that group's access to the bare minimum would have saved her a lot of trouble. Specifically, she should change the 'Status and Links' setting so as to exclude the Limited Profile list. (Note, however, that updates to your profile from third-party applications are generally not blocked by these privacy settings.)
He Knows Where You Live
The disaster: Getting far away from ex-boyfriend Bob wasn't the main reason Mary moved to Pittsburgh, but it was one of the main benefits. So when Bob showed up at her new job, she was naturally disturbed. How did he find out where she was, she asked. "It was on your Facebook profile," he replied.
The solution: All users have extremely fine-grained control over what gets on their Facebook page, but few take full advantage of these features.
The controls are found in the Privacy Settings page under 'Profile', reachable as outlined above. Here you'll find a list of ten items on your profile that you can turn on or off, each to a different group of Facebook users.
'Profile' lets you choose whether to block people from seeing anything beyond the most basic information (name and network) on your profile page, while 'Basic Info' allows viewing of gender, birthday, relationship status, and the like. 'Personal Info' opens the door a little wider-to your "about me" section, interests and favorites, and so on; 'Status and Links' controls who can see your latest status update. Most of the categories are self-explanatory (just click the question-mark icon if you need help) and can get pretty detailed. But this is also an advantage: If, like Mary, you don't want to advertise where you work, you can turn off that detail here.
Also, click Save Changes at the bottom of any Facebook settings screen, or your settings will not be updated.
What should you change these settings to, then? Facebook offers numerous choices for each category: Everyone, My Networks and Friends, Friends of Friends, Only Friends, and Customize. Everyone is self-explanatory; My Networks and Friends is less inclusive, limiting profile viewing to anyone you're friends with or with whom you share a network; Friends of Friends essentially gives you two degrees of openness instead of one; and Only Friends is exactly how it sounds.
The Customize option gives you complete command over your network settings: You can limit viewing of your profile to certain networks and, in some cases, subsets of that network. Current students, for example, can prohibit faculty or other undergrads from viewing their profile. How much to lock things down is up to you. In Mary's case, making her Profile visible to 'Only Friends' would have prevented an unpleasant surprise visit.
The Stalker Problem
The disaster: Jessica is worried about the creepy messages and Wall posts being left by some guy she doesn't know but whose friend request she accepted. She doesn't want to delete her account, but she does wish to get rid of the stranger and set her profile to be discovered only by those people she allows.
The solution: First, Jessica should add the possible stalker to a Limited Profile list, as outlined earlier. If you have a hostile stalker, you can remove and/or block them: Go to the person's profile page and then click the Remove from Friends option at the bottom of the left column.
If the person persists in friend requests, you can block the stalker altogether by going to the Privacy page and typing their name in the search box in the 'Block People' region. Standard Facebook-style search results will pop up; just click Block Person next to their name, and they won't find you in a search, or view any part of your profile.
For a stronger level of privacy and security, you can temporarily "go dark" by making your profile virtually invisible. Go to the Privacy settings page and click Search. Set the Search Visibility drop-down selection to Only Friends. This tells Facebook not to show your profile in public searches on the site.
The Search Result Content section lets you choose whether to show photos or lists of friends and links. If you don't want to be contacted at all, remove the check marks by both options.
You can also use the Public Search Listing option to allow or prevent your profile from appearing in major search engine results such as those of Google.
Too Many Pieces of Flair
The disaster: Donna has accepted one too many gifts of Star Wars figurines and cutesy buttons--and now her profile page is stuffed with enough frivolous junk to embarrass a fourth-grader. That page didn't go over well with the hiring manager at the job she was applying for. She heard through the grapevine that she didn't get the gig because he found her page and thought she wasn't serious enough to merit an offer.
The solution: Paring down the digital clutter isn't as tough as cleaning out the garage, but it does take some effort. However, if you allowed, say, a trivial quiz to drop a box into the left column of your Info page, it's relatively easy to get rid of. Just click the pencil icon located in the top-right corner of the box and then select Remove Box.
Nondefault applications that have been added to the main column on your Info page require a little more work: Click the Applications button in the bottom left of the screen, and then click Edit Applications at the bottom of that list. On the page that appears, browse to find the application you'd like to remove. Click Edit Settings, and then click remove next to 'Info Section'. You can also remove unwanted tabs this way, by clicking remove next to 'Tab'.
Next, turn an eye toward locking down what applications-whether they appear on your page or not-are permitted to post to your account. On the Privacy Settings page, click News Feed and Wall, and you can start paring down the amount of junk that Facebook uses to automatically populate your Recent Activity. What you choose here is a matter of personal preference, and how spare you want your page to appear. Unchecking boxes on this page means fewer items on your profile. The selections are largely self-explanatory, so tweak at will.
But just removing an application box on your Profile page does not remove the app from your profile completely. To do that, you have to go behind the scenes a little. Click the Applications button at the bottom left of the page, and then click Edit Applications in the menu that pops up. Change the 'Show' drop-down to 'Authorized', and you'll see every application that you have given access to your profile. If you're like me, you'll have dozens and you won't remember most of them.
First, delete anything you no longer use (or want to use) by clicking the X, then Remove at the pop-up. For the apps you wish to keep, you can make them less chatty by clicking Edit Settings. Click Additional Permissions and uncheck Publish recent activity to my wall, and you'll no longer see updates when you play a Facebook game or send a goofy "gift" to your girlfriend.
Shoulda Been Working
The disaster: Dylan spent almost an hour playing a Flash game on a Web site when he was supposed to be working on a report for the boss. He didn't get caught-but the game posted his high score to his Facebook profile without his knowledge. The boss saw that score on his Wall, which earned Dylan a lecture about wasting company resources.
The solution: Putting aside whether he should have been playing the game, Dylan would have been better served by turning off the ability for third-party Web sites to post to his profile, a feature known as Facebook Beacon.
To disable this, visit Privacy Settings, then Applications. Click the Settings tab. Scroll down and uncheck Don't allow Beacon websites to post stories to my profile, under the Facebook Beacon header.
The Tell-Tale Heart
The disaster: Nancy broke up with her boyfriend and changed her relationship status to 'single'. Now a giant red heart is announcing her newfound availability to the world. An item in the right-hand 'Highlights' column announces the fact to all her friends. The trouble is, the thing looks like a singles ad.
The solution: It may not be instantly obvious, but you can delete anything from your Wall. Just hover over the item you want to get rid of, and you'll see a 'Remove' button suddenly appear to the right of said item. Click that button, and the item is gone for good.
Smile for the Camera
The disaster: Someone tagged Ben in a photo on Facebook, and he hates the shot, taken at a party--his eyes are closed, and he's clearly inebriated.
The solution: While you can't delete someone else's photograph (try asking nicely), it's easy to remove a tag of yourself from any picture, which will remove it from Facebook's 'View Photos of Me' pages. To do so, just find the offending picture and click remove tag next to your name in the caption. Once the tag is removed, you won't be able to be retagged on that particular photo.
You're Not an Advertisement
The disaster: Bruno was horrified to discover that his name was attached to an ad that was spammed to his friends without his permission. What gives?
The solution: "Social ads" are Facebook's term for a practice that puts your name on an ad for a product and then forwards it to your friends, without your explicit permission. As you've nothing but a headache to gain by allowing this, turn it off. Go to the Facebook Privacy Page and click News Feed and Wall, and then select the Social Ads tab. Change the selection to No one.
The disaster: Kris woke up one morning to discover that her Facebook friends had been spammed with a message, "Check out mygener.at." She didn't send the message, and is reasonably worried that her account was hacked.
Indeed, Facebook is becoming a popular target for scammers, phishers, and spammers. The method typically used involves a phishing site (often with '.at' in the URL) that looks just like Facebook and thereby tricks you into giving up your password and user name. The site then takes control of your account and begins spamming your contacts with the phishing site's URL in the hopes of obtaining even more log-ins.
The solution: Conventional security software won't help much with attacks like this--though antiphishing add-ons can help to some extent--so using common sense is our best advice. Keep your password private, and make sure the site you're visiting really is Facebook and not a malicious knock-off.
Get a Vanity Facebook URL
You wouldn't host your personal Web site on a Tripod account with a randomly generated URL. So why should you settle for a Facebook page whose URL is indicated by nothing but a numerical ID?
Memorable Web Address (apps.facebook.com/webaddress/) gives you a vanity URL that redirects to your Facebook profile (or any page or group); for example, 'http://profile.to/null' instead of 'http://www.facebook.com/profile.php?id=718386140'. If you would like to put your Facebook link on your business card or e-mail signature, this is a convenient way to de-uglify things considerably. (Of course, you can also use your favorite URL-shortening service to do a similar job, too.)
Set Facebook's E-Mail Permissions
Facebook treats what it slaps up on your Wall and what it e-mails you about separately, so you'll have to visit a different section to change what the network sends you via e-mail. You'll find these settings by clicking Settings (top-right corner) then the Notifications tab. Get ready to click, again and again: The page has more than 50 different e-mail settings for the main Facebook application alone, plus a setting for each of your add-on applications. Turn as many to 'Off' as you care to.