The internet can be an obnoxious place, and the sharing culture of social media often runs counter to security and privacy best practices. Most of us have at some point shared our birthdays, photos of our loved ones, information about where we live and come from, and other content that perhaps shouldn’t be made public online.
In a worst case scenario, information you share online could be taken advantage of to pose a threat to your security or even physical safety. The fundamentals of securing your online presence are much the same regardless of what online services you use.
Before we get on to specific actions for Twitter, Facebook and LinkedIn here’s what you should be aware of if you’re looking to better protect yourself online and make sure your information has a smaller chance of being abused.
In general you should ensure that mutual friends/followers with access to restricted accounts are people you trust. Search your post history for personal information that could be used for identity theft, to access your accounts, or to locate your physical address. If necessary, take measures to remove them en masse. Plus you can check for photos of you that others have shared on tagged, removing any tags if they are unneeded.
When it comes to protecting your physical address, this can be exposed in a number of ways. If you’re an eBay seller and have shared links via personal accounts, note that your address is generally published alongside your auctions. The same may apply to other business listings, such as records at Companies House, as well as some academic listings.
If you’re being actively threatened, it’s best to immediately restrict access, set private or, if necessary, suspend, delete, or unpublish your accounts. While doing so you should screenshot and report any threats that have been sent to you, before blocking those who are responsible.
Other steps you can take are: disabling automatic location sharing, enabling two-factor authentication to protect your accounts, back up and delete old posts wherever possible, and consider closing non-essential social media accounts that you don’t use anymore and particularly those associated with your real name and identity.
Now for some specifics.
Twitter’s security recently came under scrutiny when someone social engineered their way into the site’s admin panel, allowing them to access and post cryptocurrency scams from some of the site’s biggest verified accounts. None of the measures below can protect you if the social network itself is compromised, but they can help keep you safe from more typical threat vectors.
Within Twitter itself, make sure location tagging is off on your tweets in Settings > Privacy and safety > Location information. This can get turned back on accidentally if you re-install the mobile app, for example, so it’s worth checking every now and then.
Under Discoverability and contacts, disable email address and phone number discoverability. This will stop people looking up your account using your other personal information – something that’s crucial if you’re wishing to post anonymously.
If you tick Protect your tweets on the main Privacy and safety screen, only people who follow you will be able to see anything from your account, past or present. They also won’t be publicly searchable. Receive messages from anyone in the Direct messages section is unticked while you’re here and disable photo tagging.
Twitter is aggressively hard to work with if you want to delete many tweets or unfollow lots of people – to the point where the official recommendation is to create an entirely new account and swap usernames.
However, a number of third-party tools, such as TweetDelete and Tweepi, make it easier for you to unfollow multiple users and delete large numbers of tweets at once. Be aware that limitations to Twitter’s API mean that it may take a significant amount of time to unfollow hundreds of people or fully delete a long-lived account’s posting history.
Back your posts up before any such tools by downloading your Twitter data via your account settings and remember to revoke any such tools’ access to your account once you’ve finished with them.
Various tools also exist to export your followers. The Twlets Twitter to Excel Chrome extension is a conspicuously easy option, but you’ll have to register and, if you want to download the details of more than 1,000 followers, either subscribe or buy credits. Martin Hawksey’s Twitter-exporting Google Sheet is free but requires you to set up a developer account and create an API key.
Alternatively, create a new account and just go through everyone you’re following on your old account before deleting it or locking it.
You’ll find Facebook’s main privacy options on the settings screen. Under the security and login tab, you should enable two-factor authentication, check what devices are logged in and enable alerts for unauthorised logins if you suspect someone may try to break into your account.
Under the Privacy tab, you can set who can see your posts, including your old posts – set both to friends-only or private. You should also set your friends list visibility to Only me or Friends, disable email address and phone number based lookups and possibly restrict friend requests to only people who are already friends of your friends.
These settings also include an option to review past posts. This will take you to your Activity log, where you can see everything you’ve posted, as well as anything others have tagged you in. You can also get to the Activity log by clicking on the downward-pointing arrow at the far right of Facebook’s top toolbar, clicking Settings & privacy and then Activity log.
On Activity log, click Timeline review, then Posts. You can select them by date, shown along the left-hand navigation bar. Use the ‘…’ icon at the top right of each post to delete them one by one. However, if you use Facebook or Facebook Lite on your phone, you’ve probably received access to the Manage Activity feed, which lets you send multiple posts to a Trash bin, from which they can be recovered for 30 days before being fully deleted.
From your mobile Activity Log page, tap Manage Activity at the top. You can then filter your past posts by date and content, and use tick-boxes to select multiple posts to delete or privately archive. If you’re had your account a long time, full deletion will still be time-consuming, but it’s a good way of keeping on top of a regular deletion habit.
Also on mobile, disable location servicesto avoid inadvertently advertising your movements.
If you need to get rid of your full posting history you may still wish to use more convenient third-party tools such as the Delete All Messages for Facebook and Social Book Post Manager for Chrome. Be aware that the effectiveness of such tools is dependent on factors including Facebook not changing its API and the speed of your internet connection. As ever, back up your data before deletion and remove the tools from your browser when finished.
If you plan on closing or temporarily deactivating your account, you’ll find those options in the Your Facebook information tab, as well as an option to download a full archive of all your posts and activity on the platform – you should also take advantage of this before bulk deleting posts.
Facebook’s tools for viewing and unfriending the people are also easier to work with than Twitter’s: from your main profile page, click on your Friends tab to browse through them and click on the Friends label next to someone to produce a drop-down and click Unfriend to remove them. Sadly, we couldn’t find any functional tools to automate this process.
By its very nature, your LinkedIn CV – or any other online CV you may have – can reveal a huge amount of information about where you work, where you live and how to get in touch with yourself or your employer.
It’s a very good idea to remove any unnecessary email addresses or phone numbers, particularly those you primarily use for personal matters, and use LinkedIn’s Privacy Settings to set your profile private, choose whether or not people outside your contact network can see your name, remove any linked social media accounts and change your geographic location data. It’s also a good idea to set information such as your date of birth visible to Only Me using the edit (pencil icon) option on your main profile.
You can also close or temporarily deactivate your account. Once you’ve locked down a few basic security settings, such as restricting who can see your email address, the main thing to check is what personal information your CV might reveal.
LinkedIn is trying muscle into more conventional social networking territory. If you’ve used this and wish to delete your posts, go to Me > Posts & Activity to see your entire activity feed. Unfortunately, you’ll have to delete posts one at a time, as there are no mass deletion options here.
Information in the wild
Massive data breaches are an unfortunate fact of online life. Visit Have I Been Pwned to check whether your email addresses, passwords or other personal data have been exposed in any breaches.
As a priority, make sure you’ve changed your password for the breached services and that you haven’t reused it anywhere else. Unfortunately, there’s not much you can do about most stolen personal data except be aware of the fact that it may now be out in the wild out there.
If you’re concerned about real names, phone numbers or addresses being discussed in connection with your online handles, run the terms through a couple of search engines together. If you’re concerned about this information being published online, you can create a Google Alert to email you if it shows up.
Check your websites, those of your employer and of any academic institutions, clubs or charities you work with to ensure that they’re not sharing too much personally revealing information about you. Finally, anywhere online where you don’t need to be personally identifiable, use a pseudonym.
More great stories from WIRED
🚚 The French town that created its own Amazon
🦆 Google got rich from your data. DuckDuckGo is fighting back
😷 Which face mask should you buy? The WIRED guide
🔊 Listen to The WIRED Podcast, the week in science, technology and culture, delivered every Friday