Security audits are an annoying but necessary part of online life. Hacks big and small have compromised the data of countless internet users, so it's up to you to make sure social networks and apps aren't scraping more data than they should.
Facebook's latest data scandal isn't a hack in the traditional sense. User data was gathered in 2014 by a man posing as a researcher, which was allowed at the time under Facebook's rules. That man then gave the data—and information on people's friends—to analytics firm Cambridge Analytica. That ran afoul of Facebook's rules, and Facebook ordered Cambridge to destroy the data. Cambridge says the data has been deleted, whistleblowers say it still exists, and round and round we go. (Here's how to see if Cambridge has your data.)
Facebook was shocked (shocked!) that this all happened. But major tech companies make a lot of money off your info, either by mining it to sell you stuff or by selling it outright to others. The social network isn't going to change how it does business exactly.
Facebook does allow you to put some rather robust account restrictions in place. However, its tools can be hard to decipher, even if they're getting easier to find (see below). Implementing some of them may limit what you can do with Facebook; short of deleting your Facebook account, it should provide you with some peace of mind.
Editor's Note: This story was updated on April 19 with details about Facebook's updated settings.
Protecting Your Information
At your first login to Facebook sometime on or after April 19, 2018, you'll see this new greeting. It's Facebook's way of saying "yeah, we got in trouble, now we're going to pointedly tell you that you can make adjustments to your privacy settings so we don't get in trouble again."
This is all about getting you to opt-out of using Facebook logins and sharing with other apps and websites; it's not about Facebook taking care of the problem, then letting you opt back in to share only what you want. But you can force that issue with some of the steps below.
Visit Apps and Websites Settings: Active Tab
The link on your News Feed takes you to the Apps and Websites section of Facebook's settings, which used to be called only Apps. You can also get there directly by clicking App Settings, or navigate to Settings > Apps and Websites. On a smartphone, go to the hamburger menu () and under Settings, select Apps > Logged in with Facebook.
The initial tab on the Apps and Websites page is called Active, because it shows all the "most recent" (ahem) sites and apps you've logged into using Facebook. (Recent is a misnomer—I saw listings on my page for sites and apps that have been dead for a few months.) Click the checkbox next to any entry you don't actively recognize, then hit the Remove button to nix them.
What Were You Sharing?
If you're curious about what you're sharing with a specific app or website, click the View and edit link for each entry.
A pop-up window will display the information each app is accessing; here, you can change those settings if you'd like to keep it installed but restrict the information to which it has access—tell apps you don't want to share your Friends list, timeline posts, status updates, events, etc.
Facebook has removed the option to just prevent sharing those things across the board—they have to be done app by app and site by site.
What Happens When You Remove Apps Sites
Check the Expired Tab
This is for apps and websites you logged into once upon a time with Facebook, but the login has since expired. Each shows the last date and time they were accessed using Facebook credentials. Like in the Active tab, you can click the View and Edit link for each to see what was shared.
Facebook annoyingly does not have a "check all" option, so you have to click on each one individually if you want to remove them all or at least a majority. My page had well over 99 entries on it, some dating back to 2014. You'll get the same pop-up showing what happens, and same confirmation if you go through with the removal.
Check the Removed Tab
This last tab shows all the apps and websites you've removed in the past from your account. Facebook indicates on the page that you may still have access to previously shared info on those apps/sites (but you can't make privacy changes now), and that hey, "this list may not include all apps and websites you've removed"! Uh... that doesn't seem helpful.
Nuke It: Enter the Editor
Disable the Platform
... where you can click the Turn Off button. By doing so, Facebook will no longer connect to any third-party sites with your Facebook data. You won't be able to log into websites or games using Facebook (including sites that use Facebook for commenting), share with friends between apps, or do any kind of instant personalization. You'll also get kicked out of any apps you've logged into using Facebook.
If you turn it off, then turn it back on, you'll find you've been logged out of all the apps and websites you'd used. This is a good way to re-start with connecting to just the apps/sites you trust. (After I did so, I had 168 entries in the Removed tab!)
On mobile, tap the hamburger menu () and navigate to Settings and select Apps > Apps, Websites and Games and click Edit to Turn Off.
Game and App Notifications
Read the Full Data Policy
- Two-Factor Authentication: Who Has It and How to Set It Up
- 12 Tips for Staying Safe and Secure on Twitter
- How to Temporarily Disable Face ID on Your iPhone
- How to Protect Your Smart Home From Hackers
- More in SecurityWatch
- More in Security