Facebook timeline security & privacy: steps to keep your account & identity safe

Now that Facebook’s timeline feature is in the final stages of being rolled out to all users (including, finally, to my account), it is important that everyone understands how to use the feature and, most importantly, how to secure your identity and privacy in its new context. Timeline is quite a simple feature, introduced by Facebook with the goal of putting a timeline context behind things you post and ways you interact with the site. But now it’s even easier for people to create a complete digital snapshot of your recent history, for better or worse. For example, this can make it easier for prospective employers to piece together a good idea of who you are, but is that always desirable?

It depends, specifically on which items you choose to share (and with whom). For instance, if you had a racy night out last Friday, that might be the kind of thing you’d prefer to share with only a few friends, and certainly not the sprawling list of Friends of Friends.

In this first part of a series on securing the timeline feature on Facebook, we dive into restricting data sprawl through inadvertent interaction with the feature. One caveat though: Facebook continually updates its privacy and security settings, including the help sections for each item, so in the future, some of these screens may look different. Still, the principle of attempting to share as little as possible by default, rather than as much as possible, seems like a sound approach, privacy-wise.

Diving into Timeline

First, is timeline enabled on your account? When the timeline feature suddenly appeared on my account (automatically, against my personal preference), I was presented with a notification that it would be happening, and information about when, followed by a button showing how to get more information in the timeline help section:

Facebook timeline announcement

Then, when the date arrived, I was presented with a notification that the feature was now enabled, like this:

Facebook timeline notification

Okay, so now I have it, but what to do about? First, on the Learn More page we can dig into the nuances of the service, starting with the Privacy Options link (highlighted in the red below)

Facebook privacy options

When you click that link, you are taken to a landing page where we can adjust your privacy settings, here’s the direct link in case you need that: https://www.facebook.com/help/timeline/privacy

Facebook privacy settings

First, let’s look at the options for Who can see stories on my timeline :

Timeline story visibility

Here you’ll have to start making decisions about what information to share, and with whom. It is worth noting that Facebook treats sharing items on your timeline very much like sharing them with other features; you choose what works for you. Typically, Facebook has a couple ways to controlling this for the user: you can manage groups of content by setting a default to be applied to all data within that same context; or you can use their inline contextual control menus for each item to determine piece-by-piece which items get shared, and with whom.

Since it may cause problems to make your data Public by default, you’ll have to decide if you want to share your items with Friends (+ friends of anyone tagged), only you, or some custom combination where your preference can be more granular, with the ability to restrict certain people or groups (which can be handy).

Here we’ll have to start making decisions whether to allow or protect information sharing by default. Remember, you can always increase the sharing of data, but it’s very difficult to restrict sharing once your data is sprawled out to your Friends, or their friends. Imagine taking a racy picture intended for someone you are close to and having that accidentally shared to the wrong group of people, and their friends, etc. It’s well nigh impossible to then try to restrict who has a copy of that photo going forward. It’s also a good idea to restrict Facebook photo uploads to things that wouldn’t cause hate and hurt if they seeped out into a wider audience. After all, there are many humorous websites where screenshots of allegedly private Facebook conversations and content sharing, and someone in an unintended audience grabs a screenshot and broadcasts it to the wide world. Don’t let this happen to you.

Assuming you want to take a more secure approach, you may start by ratcheting down your privacy so that only you, or very select small groups of friends may see your content. If someone legitimately gets offended that you seem to be excluding them from sharing, just add them individually to a given group. This way it’ll be easier to control your data, which over time is a far better security wise.

It’s also good to note that you have the ability to delete items from the timeline that you may not want integrated into it.

As you can see, you can also just hide it from timeline, but then it still may appear elsewhere. If there’s a reason to hide content, there’s likely a reason to delete it altogether, unless you have compelling reasons to retain it.

Also, there are controls to hide friends’ post from appearing on your timeline by default, which might be handy if your friends get a little carried away with sharing content you may not consider flattering, and/or that may become visible to those groups you’d rather not share with by default. (Consider that a prospective employer may agree with Aesop that “a man is known by the company he keeps” and draw conclusions about you based on the lewd iPhone snapshot that your best man put on your timeline.)

On the other hand, you can always just use the Report the post if it gets too far over the line and violates Facebook’s Terms, so that may be an option to keep in the back of your mind if your friends get a little too crazy.

Of course, you can review the content and then decide as well, on a case-by-case basis. Here’s a screenshot of the context menu for the timeline on an item:

It’s good to know what to look for when you’re trying to control the sprawl of your data, so keep an eye out for these context menus and you’ll have a finer degree of control.

Who can see what’s on your Timeline?

Next we look at who can see details about you on your timeline, like your hometown, birthday, or other details:

Again, you can either set these directly, or use context menus on your profile to control what information appears on your timeline, using the audience selector. It’s nice that only your friends are allowed to post on your timeline, averting a potential privacy mess if the audience were wider, especially if you don’t pay much attention to how many friends that your friends are collecting on their list.

Also, note you can turn on the Timeline Review feature. Let’s say you want to review items BEFORE they get posted to your timeline, here’s where you might enable that:

It’s nice that you get a Pending Post notification, so you’ll know when there’s content awaiting approval. Also, it’s a good idea to check your activity log periodically to note changes. Haven’t looked at yours lately? Here’s what the Activity Log is all about:

Activity log

It’s a good way to take a quick look at content from the time you set up your account to the present. It’s tough to keep up with all the content day-to-day, so this might be a quick way to roll back the years and see if there are things you’ve missed, all in one place. Here you might want to dive in and change sharing of one or more items that have reached a wider audience than you planned, and/or at least KNOW what got shared and when.

Some European Facebook users have requested a full log from Facebook of all their content and been provided with a substantial numbers of records, sometimes hundreds of pages in length, burned onto a CD and shipped to them. Getting all that data is harder for North American Facebook users, but you can submit a request for what Facebook does make readily available here. It may be a good idea to take a peek at what content they show on your profile, and adjust accordingly.

In our next Facebook security and privacy post we will look at reviewing our timeline from other people’s perspective, using a tool called View As . Until then, we hope this post will help with tuning your timeline settings to your liking.

Author , ESET

  • Jerameel

    sir, can i remove my timeline and how get back my old profile…

  • when i installed the timeline i received messages from my friends even they are not online.. is this some kind of spam??

  • Stephen Cobb

    Jacob – It is very hard to say what happened without knowing your privacy settings. I would check those settings and restrict them more.

  • Nin


    Can friends still like my posts even if I no longer allow them to post on my timeline?
    Is not allowing friends to post on timeline the same as not allowing them to write a comment?


Follow us

Copyright © 2017 ESET, All Rights Reserved.