Social Media Privacy Settings: Facebook, Instagram, TikTok & More

Social media platforms are designed to maximise the amount of information users share — and the amount that is collected without active sharing. Default settings on most platforms are configured for maximum data collection, not maximum user privacy. Changing them takes time once, and meaningfully reduces your exposure.

Why social media is a privacy risk

Social media platforms collect data at several levels simultaneously:

• What you post — content, location tags, tagged photos, check-ins
• What you interact with — likes, comments, shares, time spent on each post
• What you do not post — Facebook has historically tracked content you type and then delete before posting
• Off-platform tracking — Facebook/Meta's tracking pixel is embedded on millions of third-party websites; Instagram and Facebook track your activity on other sites via their SDK
• Your social graph — who you're connected to, who you communicate with, how often

This data is used to build advertising profiles, but it is also exposed to third-party apps you authorise, potentially shared with law enforcement, and is regularly involved in data breaches.

Facebook / Meta privacy settings

Facebook has more privacy settings than any other platform — and more data collection than any other platform. Key settings to change:

• Privacy > Your Activity > Future posts: Set to "Friends" or "Only Me" rather than "Public."
• Privacy > How people find you: Disable search by phone number and email address.
• Ads > Ad preferences: Disable "Ads based on data from partners" and "Ads based on your activity on Facebook company products."
• Off-Facebook Activity: Clear your off-Facebook activity history and disable future off-platform tracking. This is buried but important — it disconnects the tracking data Facebook receives from third-party sites from your account.
• Apps and Websites: Remove all third-party app authorisations you do not actively use.
• Location: Disable location services for the Facebook app entirely.

Instagram privacy settings

• Account privacy: Consider switching to a private account if you're not using Instagram for public-facing purposes.
• Ads > Ad topics: Review and restrict ad topic categories.
• Security > Data download: Download your data to see what Instagram holds on you — the result is often surprising.
• Activity status: Disable "Show activity status" to prevent contacts from seeing when you were last active.
• Story sharing: Disable "Allow sharing to story" to prevent others from resharing your posts.

Twitter / X privacy settings

• Privacy and safety > Discoverability: Uncheck "Let others find you by your phone number" and "Let others find you by your email address."
• Privacy and safety > Data sharing and personalisation: Disable "Allow additional information sharing with business partners" and "Personalise based on your inferred identity."
• Privacy and safety > Location information: Disable "Add location information to your posts."
• Ads preferences: Opt out of interest-based advertising and disable data sharing with advertisers.

LinkedIn privacy settings

LinkedIn is frequently overlooked in privacy discussions but contains a detailed professional profile — your employment history, connections, and often your location — that is indexed by search engines and visible to people you've never met.

• Visibility > Profile viewing options: Control whether people see your name and headline when you view their profile.
• Data privacy > Third-party data use: Opt out of allowing LinkedIn to share your data with third-party companies.
• Advertising data: Disable profile-based advertising and third-party data use for ads.
• Search engine visibility: If your full profile being indexed by Google is not intentional, disable "Allow search engines to show your profile."

TikTok privacy settings

TikTok collects extensive data including your device identifiers, location, browsing and search history within the app, and behavioural data derived from what you watch and how long you watch it. Regulatory concern in multiple countries has focused on data transfers to servers in China — a risk that is genuine regardless of how individual privacy settings are configured. With that context, the in-app settings that reduce exposure:

• Privacy > Private account: Makes your profile, following list, and liked videos visible only to approved followers.
• Privacy > Personalisation and data: Opt out of personalised advertising based on activity on other platforms and device data.
• Privacy > Location: Deny location access at the operating system level — TikTok does not require location access to function.
• Privacy > Activity centre: Review and remove any third-party apps connected to your account.
• Privacy > Download data: Download your data package periodically to see what TikTok holds on you.

For users with significant concerns about TikTok's data practices, the most effective mitigation is using it on a separate device that does not share a network connection with devices holding sensitive data, or not using it at all.

Avoid "Login with Facebook / Google"

Third-party OAuth login ("Login with Facebook," "Login with Google," "Sign in with Apple") is convenient — but it creates a dependency between your social account and every service you've connected it to. If your Facebook or Google account is compromised, every site where you used that login is also compromised. It also allows the OAuth provider to log which services you use and when. Where a standalone account is offered, prefer it. Where you've already used OAuth, most services allow you to add a password and disconnect the social login from account settings.

General principles for all platforms

• Audit connected apps regularly. Every platform shows which third-party apps have been granted access. Remove any you no longer use — these permissions typically survive even if you stop using the app.
• Think before tagging locations. Real-time location tags reveal your patterns and movements. Post-event or general location is lower risk than precise, real-time check-ins.
• Review tagged photos. Tags from others can reveal your location, companions, and activities. Most platforms allow you to approve tags before they appear on your profile.
• Use two-factor authentication. Account takeover on social media is common and often leads to further attacks on connected services. See Password Best Practices for a guide to choosing the right 2FA method.
• Be selective about what you share. Settings limit who can see what you share — but the most effective privacy control is not sharing information that would be problematic if it were public.

Consider what social media is for

The most privacy-conscious approach is to use social media with a clear purpose — and not to use it where it doesn't serve that purpose. Many people maintain social media accounts out of habit rather than active decision. An account you're not actively using but have not deleted continues to hold your data, expose your connections, and potentially participate in data broker pipelines.

If you've reduced your social media use, consider downloading your data, removing connected apps, and then deactivating or deleting accounts you no longer actively need. For continued use, the settings above meaningfully reduce collection and exposure without requiring you to leave platforms you find genuinely useful.

At the device level, the Norypt Pixel Secure running GrapheneOS gives you per-app permission controls that go beyond what stock Android or iPhone offer — including the ability to block any app's network access entirely, preventing social media apps from transmitting data even when you're not actively using them.