Battening Down your Facebook Hatches

Controlling who can see your friends list is only one of many optional privacy settings.

Jan 28, 2021

Share this...

By Larry Magid
This post first appeared in the Mercury News

Last week my wife, Patti, received several emails and Facebook messages from friends who said that they had received Facebook friend requests from her. The reason they were concerned is because they were already her Facebook friend so there was no reason for a new request. Others simply accepted that friend request, perhaps thinking they had accidentally been unfriended or maybe not even being aware that they were already Facebook friends.

One of her friends sent her a screenshot of the profile from the person pretending to be her and, indeed, it looked a lot like Patti’s real profile, complete with her picture and other seemingly genuine content. Others sent private messages that they had received from the fake Patti, including some claiming that she had won $60,000 from Publisher’s Clearinghouse and that she saw her friend’s name on a list of people to also get a “cash bonus” if they “contact the agent for more inquiry.” We don’t know if any of the real Patti’s friends contacts that “agent,” but I have no doubt they would have been asked to provide personal information or money in exchange for a promise of that “cash bonus.”

Patti, a few of her friends and I reported the fake profile to Facebook which, to its credit, quickly took it down within minutes. You can do that by clicking on the 3 dots to the right of the profile and selecting “Find support or report profile.” That same menu also lets you block a user.

Facebook reporting and blocking menu

The reason this imposter was able to contact Patti’s friends was because, at the time, her friends list was public. As Facebook says on a help page, “By default, the Friends section of your profile is public, meaning everyone can see it.”  So, to prevent this from happening again, Patti clicked on settings and then Privacy to change the setting to “Friends.” Those who want even more privacy can select a more restricted audience, including “only me.”  The reason she was comfortable selecting friends is that she’s careful to only friend people she knows or has a good reason to trust.

Other privacy settings

Controlling who can see your friends list is only one of many optional privacy settings. Others include who can see your future posts, the ability to limit the audience for old posts, who can send you friend requests (everyone, friends of friends or no one), who can look you up by email address or phone number, and whether outside search engines link to your profile. You can also control who can follow or comment on your public posts.

You can change the audience of any post by pulling down the right arrow in the box just under your name

The “who can see your public posts” setting can be changed on a post-by-post basis by selecting the audience option as you’re about to post. Because I use Facebook to promote my work, I often post publicly. But I do limit some posts to only friends or, in some cases, an even smaller audience.

Facebook lets you select the audience for each post either as you post or later if you change your mind. One word of warning, though. If you change your audience selection as you post, that selection will remain in effect until you change it again. So, if you normally post to only friends and then change to public for a post you want to share with the world, your subsequent posts will be public until you change it back again.


Also pay attention to the Account Security tab which covers how to change your password, get alerts about unrecognized logins and use two-factor authentication. Setting up two-factor authentication is especially important because it makes it much more difficult for hackers to break into your account. The most common way to do this is to be sent a text message with a one-time log-in code. It won’t bother you each time you log on, just if it’s a new device or browser. You can also download a free authentication app like Authy or Google Authenticator, which adds an extra layer of security by allowing you to use your smartphone or, in some cases, computer, to validate a log-in. Although no security tools are 100% hacker-proof, these methods greatly reduce the chances of someone breaking into your account. And don’t just do this for Facebook. Many services and sites, including Gmail and Twitter, support two-factor authentication.

It’s worth exploring Facebook’s Privacy and Safety portions of Facebook’s Help Center ( for additional advice including how to unfriend or block someone. There is also advice on how to “take a break from someone” who might not be abusive but is nonetheless annoying. You can also temporarily stop seeing someone’s posts for 30 days by clicking the 3 dot menu to the right of any of their posts and selecting “Snooze.” A friend of mine did this to one of her friends during the election campaign because she wanted a break from his frequent political posts, even though she valued their friendship.

And, if you think a person has violated Facebook’s community standards, you can report any of their posts from that same menu. If you block, unfriend or snooze someone, they won’t be notified, and if you report them, they won’t be told who submitted the report. However, in some cases, the person might be able to figure it out.

Many of Facebook’s safety and privacy features are available in perhaps a different form on other social networks, so it’s a good idea to check the help sections of any service you use. has Guides and Quick-Guides ( to several services, especially those that are popular with youth.

Disclosure: Larry Magid is CEO of, which receives financial support from Facebook and other technology companies. He is also a member of Facebook’s Safety Advisory Board.

Share this...