Protecting your online privacy on Facebook, Google & other services

By Larry Magid

There is a commonly held belief that we have little control over our online privacy.

This column first appeared in the San Jose Mercury News -- the newspaper of Silicon Valley

This column first appeared in the San Jose Mercury News — the newspaper of Silicon Valley

And, while it’s true that there are some privacy and security risks that are beyond our control, there is a lot we can do to protect ourselves.

Let’s start with the easy stuff. You can begin by creating strong and secure passwords that are easy for you to remember and hard for others to guess. A basic principle is to make them as long as practical. My favorite technique is to make up a phrase that I can remember, like “I met Susan Smith in New York in 1995” and using the first letter of each word — capitalizing proper nouns — for ImSSiNYi#1995 and then adding two or three letters or different symbols to avoid using the same password on multiple sites.

It’s also important to understand and configure the privacy settings for each service you use. I’m going to focus on Google and Facebook because of their enormous reach, but nearly all reputable services have privacy and security controls that allow you to limit who can see what you post. You’ll find links to privacy and security information for these and other popular services including Instagram, Snapchat and LinkedIn at For other sites and apps, look for privacy in their settings section or search the web for “privacy” followed by the name of the service.

For Google, you can go to to view and control security and privacy settings for most Google services. This allows you, for example, to view the phone number and email address you can use to recover a lost password or verify your identity if Google has any reason to question whether you are the authorized user. You can also view and control what sites and apps have access to your Google data. For example, I just noticed that a service I long stopped using had access to my Google calendar and contacts, so I disabled that access.

You can also use the Google My Account page to configure 2-step verification, which adds an extra level of security by requiring you to type in a code — that’s delivered as needed via your phone — if you log on from a new device. That process, which is also available on Facebook and many other services, greatly reduces the chances of your account being hacked.

Google’s Account Setting also allow you to edit your personal information, including what others can see about you. I don’t mind sharing where I work and where I went to school but I keep other information private to protect my privacy and reduce the risk of identity theft.

I consider myself pretty savvy when it comes to privacy and security but, until I used the Privacy Checkup feature on Google’s My Account page, I had no idea I was allowing the company to “show my profile name, profile photo, and activity in shared endorsements that appear in ads.” I immediately unchecked that box. There are plenty of other checkups and settings on that page, so it’s worth exploring.


For Facebook, start by clicking on the little lock with the 3 horizontal lines near the upper right of your screen when signed-in on the web. Setting locations may be different on mobile apps. That will enable you to conduct a Privacy Checkup to determine who can see your posts, which apps can post to your profile and who can see what they post and who can see your profile information such as your phone number, email address and birthday. If you like getting birthday greetings, you can allow others to see the day itself, but you can and probably should hide the year not just to keep others from knowing your age but to thwart identity thieves who might find that information useful.

One option from the lock menu allows you to stop someone from bothering you by blocking them from seeing what you post or posting to your timeline.

It’s a good idea to periodically review your list of friends by scrolling down to down to friends on the left side of your News Feed, clicking more and then “see all friends.” You can click on the friends link to the right of their name to unfriend them. They won’t be notified you’ve done this but they might be able to figure it out if they notice that they’re no longer seeing your posts on Facebook. If you want to keep them as friends but don’t want to see everything they post, you can change them to an acquaintance and only hear about their major life events.

Another good place to look is the Activity Log, which you can access via a link on your cover photo. That will show you just about everything you’ve liked and done, and allow you to review and edit, change who can see it, or delete any of your posts.

It’s a good place to visit if you’re worried that you may have posted something that could embarrass you with a friend, an employer or anyone else who’s checking you out. The Activity Log allows you to view and remove tags. Tags are great ways to make it easy for others to see your pictures or to flag you in a post — which can be good, or bad, depending on circumstances. What’s important is that you can control it.

You should also pay attention to the “audience selector” for each of your posts. If it shows a globe or says “public,” then anyone can see it. Facebook’s access controls are “sticky,” which means that it remembers your last setting. So, if you usually post to friends only and one-day post publicly, you have to remember to change it back to friends only for subsequent posts.

Facebook also has some general privacy settings that include who can contact you, who can find you on Facebook and whether you want search engines outside of Facebook to link to your profile. You can also click on Update Info just below your cover photo to edit what Facebook knows about you and who can see it.

Admittedly, there are some privacy issues you can’t control so easily when it comes to surveillance from both companies and governments, but it’s good to at least deal with the low-hanging fruit that we can control without having to resort to more difficult or extreme measures.