Most people believe they have a reasonable understanding of their social media privacy. They have set their profiles to “friends only,” they do not post their home address, and they think carefully about what photos to share. These are genuinely good practices — but they address only the surface layer of what social media platforms collect, infer, and use.
The data that social platforms derive the most value from is largely invisible: what you stop scrolling to read, which profiles you visit without engaging, how long you hover over specific types of content, the patterns in your posting times, the emotional valence of what you interact with. According to research, only 2% of global consumers trust social media companies to handle their personal information responsibly — a remarkable figure that suggests most people correctly sense that something significant is happening that they do not fully understand.
The Difference Between What You Post and What Gets Collected
There are two distinct categories of social media data worth understanding separately.
Declared data is what you actively provide: your name, birthdate, location, employer, relationship status, the posts you write, the photos you upload, the pages you follow. You have direct awareness of and some control over this data.
Behavioral data is what is passively collected through your activity: how long your eyes (via scroll position and timing) rest on each piece of content, which ads you hover near without clicking, which profiles you visit repeatedly but never engage with, what time of day you are active and from what location, how your engagement patterns change over time. This data is often more psychologically revealing than anything you actively post. Facebook’s own research, published in peer-reviewed journals, has shown that behavioral data alone is sufficient to predict personality traits, political views, and relationship status with high accuracy.
When Facebook’s advertising platform allows marketers to target users who are “likely to move soon,” “interested in specific political candidates,” or “parents of young children,” this targeting is built from behavioral data — not from information users directly provided.
What Your Photos Actually Reveal
Photos posted to social media carry several layers of information that deserve careful consideration:
Visual location information: Recognizable landmarks, street signs, business facades, home interiors, and consistent background details in multiple photos can establish where you live, work, shop, and spend time — often with enough precision that a motivated individual could identify your home address or daily route.
Photo EXIF metadata: Cameras and smartphones embed GPS coordinates, device model, and timestamp directly into photo files. Most social platforms strip this metadata when you upload, but the visual content of photos often reveals the same information through context clues.
Schedule and routine disclosure: Regular check-ins, location tags, and timestamped posts about daily activities communicate your schedule to anyone observing your profile. Multiple reports have documented burglaries planned around social media posts indicating the owner was away on vacation.
Relationship and network mapping: Tagging friends and family in photos publicly maps your social network for anyone who cares to look, including the relationships of those people and their privacy settings. If you have privacy-conscious friends who avoid posting their own photos, repeatedly tagging them in yours overrides their choice.
The Settings That Actually Provide Meaningful Protection
On Facebook: The most impactful setting is controlling who can see your friend list. A public friend list allows anyone to map your entire social network, including people who might themselves have looser privacy settings. Change this to “Only me” or “Friends” under Settings → Privacy → How People Find and Contact You → Who can see your friends list.
Also review: who can see your past posts (and use the “Limit Past Posts” tool to retroactively change visibility), whether search engines can link to your profile (Settings → Privacy → Do you want search engines outside of Facebook to link to your profile), and which apps and websites are connected to your Facebook account (Settings → Apps and Websites — revoke access for anything you no longer actively use).
On Instagram: Set your account to private (Settings → Privacy → Account Privacy → Private Account) if you want control over who follows you. Review “Activity Status” settings — by default, your recent activity is visible to people you follow, which reveals your usage patterns. Consider disabling this.
On all platforms: Conduct an annual audit of connected third-party applications. Over years of using social media, you have likely authorized dozens of quizzes, games, login integrations, and tools that retain ongoing access to your profile data. Many have not been used in years and may have been acquired by companies with different privacy practices than the original developer. Remove anything you do not actively use.
Location Services: More Exposure Than Most People Realize
Many social media apps request continuous location access — the ability to see where you are even when the app is not open. For most social platforms, this is not necessary for any core functionality. The location data is collected primarily for advertising targeting purposes.
On iPhone: Settings → Privacy & Security → Location Services → review each social app and change from “Always” to “While Using the App” or “Never.” On Android: Settings → Privacy → Permission Manager → Location → review each app individually.
Beyond the advertising concern, continuous location tracking creates a detailed log of your physical movements over time — where you sleep, where you work, what medical facilities or places of worship you visit. This data, once collected, can be subpoenaed in legal proceedings, exposed in data breaches, or sold to data brokers. The access is worth revoking for apps that do not genuinely need it.
The Harder Question About Social Media Sharing
Privacy settings address individual data points, but they do not resolve the more fundamental dynamic: social media platforms are architecturally designed to make sharing maximally easy and psychologically rewarding, because sharing increases the value of the behavioral data they collect. Every like, comment, and post is not just a social interaction — it is a data point that improves the profile used to target advertising to you.
This is not a reason to abandon social media — the connection and information access it provides are genuinely valuable, and the trade-offs are personal. But understanding the economic model helps contextualize the privacy trade-offs involved in each post. Asking “does this need to be public?” or “am I comfortable with the full audience of people I do not know seeing this?” before posting is not paranoia. It is informed use of a platform that is not entirely designed with your interests as its primary concern.
Frequently Asked Questions
Q: Can I trust Facebook’s privacy settings to actually restrict who sees my content?
A: Privacy settings on Facebook function broadly as described, but with important caveats. Content set to “Friends” is visible to your friends — and to Facebook itself, which continues to analyze it for targeting. Friends can take screenshots and share content externally. If your friend list is large and includes acquaintances, “Friends” is a larger audience than many people intend. The settings are worth using, but not as a substitute for thoughtful content decisions.
Q: What should I do about old social media accounts I no longer use?
A: Delete them if possible, rather than abandoning them. Dormant accounts continue to store your data, remain accessible to data breaches, and can potentially be hijacked if an attacker discovers the password. Most platforms have account deletion options buried in security settings. If you cannot delete an account (some platforms make this difficult), at minimum change the password to a strong unique one and revoke any connected app permissions.
Q: Is LinkedIn safer than other social media in terms of privacy?
A: LinkedIn is designed for professional visibility, so much of the data there is intentionally public. Its privacy risks are somewhat different: your professional history and connections are deliberately shared, but your activity data (who you viewed, when you were active, what content you engaged with) is collected for advertising targeting. LinkedIn is owned by Microsoft and has its own advertising ecosystem. Review Settings & Privacy → Visibility → Profile viewing options and Activity broadcasts for the settings that matter most.
