How to Protect Your Privacy on Social Media

Practical steps to lock down your social media privacy: settings that matter, oversharing traps, quiz scams, fake friend requests, and a night-one checklist.

How to Protect Your Privacy on Social Media

Protecting your privacy on social media comes down to three habits: control who can see what you post, share less identifying detail in the first place, and limit what the platforms and their connected apps collect behind the scenes. You do not need to delete your accounts to get there. You need about an hour of honest cleanup and a little ongoing skepticism.

This guide covers the settings worth changing on every network, the posts that quietly give away more than you intend, and the social engineering tricks that turn your own feed into a research file on you. If you only have ten minutes, skip to the checklist at the end and work through it tonight.

Start With the Settings That Actually Matter

Every platform hides its privacy controls in a slightly different spot, but the path is almost always the same: open Settings, then look for Privacy, Audience, or Privacy and Security. Several large networks also offer a guided privacy checkup that walks you through the main decisions one screen at a time. If you see that option, take it first.

Whatever the platform calls things, these are the settings that do the heavy lifting:

  • Post audience: set your default to friends or followers only, not public. You can still make individual posts public when you choose to.
  • Discoverability: turn off the option that lets anyone find your profile by searching your phone number or email address. Data brokers and scammers use this to connect accounts to real identities.
  • Friend and follower lists: set these to visible only to you. Your connections are a map of your family, coworkers, and hometown.
  • Tag review: require your approval before posts you are tagged in appear on your profile. Other people's posting habits should not decide your exposure.
  • Ad preferences: limit personalized advertising and the use of your activity from other websites and apps.

Repeat this on every network you use, including the ones you barely open. A forgotten account with public defaults leaks just as much as an active one.

What a Single Post Can Give Away

Privacy settings control who sees your posts. They do nothing about what the posts themselves reveal. Most oversharing is not one big mistake; it is a pile of small details that a patient stranger can assemble into a profile of you.

  • A photo of your new car can reveal your license plate, and often your street or driveway in the background. That is enough to tie a vehicle to a name and a neighborhood.
  • A birthday post reveals your date of birth, which is both a common security question answer and one of the details used to verify identity over the phone.
  • A vacation announcement tells everyone your home is empty and roughly how long it will stay that way.
  • School photos can reveal your child's school through a uniform, a sign, or a familiar building in the background.
  • Photos of documents such as boarding passes, event tickets, or a new license carry barcodes and numbers that are perfectly readable at full resolution.

Before you post, ask one question: could a stranger use this to find me, impersonate me, or answer a security question about me? If the answer is maybe, crop it, delay it, or skip it.

The Quiz That Knows Your First Pet's Name

Those viral quizzes and games asking for your first pet's name, your mother's maiden name, the street you grew up on, or your first car are not as innocent as they look. Those exact prompts are the classic security questions used to reset passwords at banks, email providers, and phone carriers. Some quizzes are built specifically to harvest the answers, and even the harmless ones leave your responses sitting in public comment threads indefinitely.

The fix has two parts. First, stop answering them, and say something kindly when friends share one. Second, treat security questions like passwords: give fake answers that cannot be researched, and keep them in a password manager such as Bitwarden or 1Password. A random string from a password generator makes a far better "first pet" than the real one ever will.

Friend Requests From People You Do Not Know

An unknown friend request is rarely a stranger being friendly. Fake profiles are cheap to create, and many exist purely to gather information about you and the people you are connected to. Once you accept, every friends-only setting you configured means nothing to that account, and your friend list becomes the target list for the next round of requests.

The warning signs are consistent: a recently created profile, very few posts, borrowed photos, and mutual friends who accepted the same request without thinking. Two situations deserve extra care:

  • Duplicate profiles. A request from someone you are already friends with usually means their account has been cloned. Confirm with the real person through another channel, then report the copy.
  • Fast-moving strangers. New connections who quickly steer the conversation toward money, investments, or moving the chat to a private messaging app are following a script.

Decline anything you cannot verify. A genuine acquaintance can always confirm who they are some other way.

Untangle Third-Party Apps and Sign-In Buttons

Every quiz app, game, scheduling tool, or website you connect to a social account creates a standing link between the two. That is convenient, and it is also an attack path: if any one of those services gets compromised, the connection can be abused to read your data or act as you. The more services you link, the more doors an attacker can try.

Audit the list. On most platforms it sits under Settings, then Security or Privacy, then something like Apps and Websites or Connected Apps. Remove everything you do not recognize or no longer use. Going forward, prefer creating a separate account with its own email and password instead of tapping the social sign-in button, especially for services that hold payment details or personal files.

Turn Off the Location Firehose

Location is the most sensitive thing social apps collect, and the easiest to shut off. On an iPhone, open Settings, then Privacy & Security, then Location Services, and set each social app to Never or Ask Next Time. On Android, open Settings, then Location, then app permissions, and do the same.

Two habits close the remaining gap. Post vacation and event photos after you leave, not while you are still there. And be careful when sharing original photo files outside the big platforms: most social networks strip the GPS coordinates embedded in your photos during upload, but files sent directly from your phone can still carry the exact spot where each shot was taken.

Protect the Account Itself

Audience settings do not help if someone else can simply log in as you. Most account takeovers start with a password reused from another site that later got breached, not with clever hacking.

  • Give each social account a long, unique password stored in a password manager.
  • Turn on two-factor authentication, ideally through an authenticator app rather than text messages.
  • Review the active sessions or logged-in devices list in your security settings and sign out of anything you do not recognize.
  • Run your address through our free email breach checker to see whether the email behind your accounts has appeared in known data breaches. If it has, change any password you were still reusing.

Where to Start Tonight

You do not need to do all of this at once. Here is a realistic first pass, in order:

  • Set your default post audience to friends or followers only on each network.
  • Turn off the setting that lets people find you by phone number or email.
  • Revoke access for third-party apps you no longer use.
  • Set each social app's location permission to Never or Ask Next Time.
  • Turn on two-factor authentication for the account you use most.
  • Delete or restrict old posts that show your birthday, address, license plate, or kids' school.
  • Decline any pending friend requests you cannot verify.

That is one evening of work. After that, social media privacy is mostly habit: think for a few seconds before you post, stay suspicious of strangers and quizzes, and revisit your settings a couple of times a year, because platforms love to introduce new defaults. You keep the parts of social media you enjoy while giving away far less of yourself.