Messages providing privacy warnings and purported solutions for stopping "hackers from invading your Facebook profile," seemingly circulate every time that social media network rolls out a new feature:
With the new 'FB timeline' on its way this week for EVERYONE... please do both of us a favor. Hover over my name above. In a few seconds you'll see a box that says "Subscribed". Hover over that, go to "Comments and Likes" and unclick it. That will stop my posts and yours to me from showing up on the side bar for everyone to see, but MOST IMPORTANTLY IT LIMITS HACKERS from invading our profiles. If you repost this I will do the same for you.
These messages were spread widely after the introduction of the Facebook Timeline, after the introduction of the Facebook Ticker, and again after the introduction of the Facebook Graph Search. Each time, the warnings advocated users implement a proffered solution (e.g., unclicking "Comments and Likes" under the "Subscribed" box) in order to prevent friends of your Facebook friends (who may be strangers to you) from seeing your Facebook "likes" and "comments" activities (and vice-versa) and "limit hackers from invading" your profile. As Sophos noted of the earliest such message, the proposed solution was time-consuming and didn't address the real issue of whether other people could see your activity on Facebook:
This appears to be the most commonly suggested solution on Facebook, and it's rubbish! It still doesn't stop *your* posts being broadcast. It's an illusion. This option stops you seeing when other people have broadcast a message to a wide audience. It does *not* stop your actions being broadcast by your friends!
You have to do this for every single one of your friends. Time consuming *and* it does not solve the problem — it just stops you from seeing it.
Please don't spread this advice, as it is confusing people and stopping the real problem from being fixed.
The advice offered in a second example for eliminating Facebook "eavesdropping" by friends of friends (i.e., altering the settings associated with your friends to uncheck "Comments and Likes" in the "What types of updates" area) was closer to the mark. Sophos also advised that:
The appalling enforced eavesdropping in the ticker (your friend said something to someone you've never heard of) is the result of the lax or non-existent settings of your friends, so here's the deal.
What happens is this:
1. You have "friends of friends" or "public" as the privacy setting for your posts.
2. One of your Facebook friends comments on your post, or clicks "Like".
3. As well as all the people commenting on the thread seeing what has been posted (this much is normal), Facebook also tells all *their* friends what was said.
4. Your friend's settings *cannot* stop this from happening, *your* settings can protect your friends' privacy, in this instance.
So, do this - and make your friends do it too:
* Stop using the "Friends of friends" setting. This is what is broadcasting so widely.
* If you use the "Public" setting, explain that you are doing so. Then people can decide if they want *all* of their friends to be informed of their comments.
* "Limit" all previous posts you have made via the privacy settings (unless you had "friends only" or specific lists already) - this will change everything to "friends" only and will stop people you deleted but did not block, people who sent you friend requests that you ignored, and friends of friends from seeing your activity (yes they can, if you are not on "Friends" or lists).
* Use lists to decide who you want to see things (use the privacy controls in the top right of your posts).
* Encourage your friends to restrict their setting to "friends" or custom lists too. This is the important bit.
* Inform strangers or the connecting friend when strangers show up in your feed. It is their settings that made them show up. This will illustrate to them why they also need to change their settings.
The problem is complicated to explain, but the solution is simple. If you want to stop strangers from seeing everything you do, you and your friends need to change your privacy settings to "Friends" or custom lists. That's it.
The hard part is getting your friends to do it.
If you find your friends aren't understanding the issue, forget about explaining the details and "copy and paste" this to your status:
"If you don't want your actions broadcast to everyone via the ticker/News Feed please set your privacy to 'Friends' and ask your friends to do the same. Pass it on."