For years, I've been writing about some of the hidden traps associated with working online, looking at writers can protect themselves. But I've also been having some fun playing the bad guy, highlighting how real bad guys might turn unsuspecting internet users into their prey.
Today, I want to look at some of the settings on Facebook, things that many of us never bothered to consider a risk.
It Start with New Accounts
When my daughter got her first Facebook account at 13, we spent a lot of time setting her up like I would any writer, securing her account.
I followed many of the practices that I recommend in my book, Hidden Traps of the Internet, namely using a dedicated email for administering social media that is NOT your general communications email). And I'm so glad I did.
It became a bit of a joke among my own friends. She had her account for all of 2 hours, and it was blocked, the system thinking she was a bot. We got back into the account, but the access lasted a grand sum total of 3 days, at which point the account was dead. The email it was connected to was redundant and could no longer be used for the purpose it was set up. Funny that. But because of the fact that I had used a dedicated email for the purpose (not her general communications), her main email address was safe.
And what did she do to get her account blocked? She liked every single post under the sun, including all the historic ones. She looked like a bot. Now, she knows to not bother. And the account that we set up as part of Round 2 is the account that she still uses today.
But during that process of setting up my daughter's account(s), I noticed a few default settings that were just asking for trouble. So, let's take the time to look at them one by one, and we're going to put on the bad guy hat while we do it.
Be advised that some of the settings have changed in recent years. So, if you are struggling to find the exact setting that I'm referring to, it's okay. But if nothing else, hopefully, you've made yourself familiar with the settings that you do have.
1) By default, anyone can send you Friends requests. AND anyone can send you a Private Message.
To build your contacts list on Facebook, you need to build your Friends list. For that to happen, they need to be able to find you. That might not seem like a bad thing, but is it?
So, you've been taking part in a discussion Group for some time, and you've really made a name for yourself in there. But there's this one person who always comments back on your posts and just gives you the heeby-jeebies in the way he interacts with you. You're happy to have the comments on your Group posts, but that's as far as you want to take the relationship.
One day, seemingly out the blue, you get the Friends request from him, and he's sending you private message after private message. Sure, you can block him, but there are actually settings that you can take advantage of to stop this sort of thing happening in the first place.
Start by changing the "Who can send you friend requests?" setting to Friends of Friends. This is the tightest you can make it. What it means is that only those who are Friends with people who you are already Friends with can send you those wonderful requests. Mr. Creepy-Group-Guy can't (unless he's a Friend of a Friend).
And be sure that you change the setting that says who can send you a private message. It should only be your Friends, unless there is a strategic reason to have it set to something else.
Note for Parents: The default setting on new accounts for "who can send Friends Requests" is Public for a reason — so you can find the account and actually have at least one Friend before you lock the account down. Upon creating an account for your teenage children (minimum age for Facebook is 13), I recommend that you Friend your child BEFORE you lock the account down to the setting of "only Friends of Friends can send Friend Requests". That way, only your Friends can find your child. Then it will snowball from there.
2) Your Friends list is publicly accessible.
The default setting on new accounts for "who can see your Friends list" is Public. I'm sorry, but I don't care who you are. No one needs to see who you're Friends with on Facebook. It's no one's business. However, it doesn't matter what your setting is, people can still see that you're Friends with someone if they haven't locked their own settings down.
Let's say that you were at some rip-roaring party and there was this guy there that was a little creepy in an almost stalker sort of way. You don't want anything to do with this guy, but he finds out that you're on Facebook. Okay, you've locked down your profile so that only Friends of Friends can send Friends request. He goes to your profile, and you've never bothered to change that particular setting from the original setup. He now knows who your friends are. No doubt one of them will be stupid enough to accept his Friends request, so now, he can send you a Friends request too.
Or, let's say that you have locked down your Friends list, such that only you can see it. But if by some fluke he is already Friends with one of your Friends. Their name will appear as a mutual Friend.
The best-case scenario with Mr. Creepy-Stalker-Guy is that he isn't already Friends with anyone you know on Facebook. However, at the party, he overhead the names of your buddies. He searches their profiles, and your best friend in all the world is not exactly internet security savvy. Their Friends list is still public, and there is your beautiful face sitting on that list. Time for Creepy-Stalker-Guy to gain access to information about you through your Friends, and your Friends are letting it happen.
Note for Parents: You can specify a special category of "Friend" as a "Parent" and have your children share their Friends list with only those listed as a "Parent" on their accounts. This is what I have done for my daughter's account. I'm the only one, besides her, who can see her Friends list. There is also an option to share your Friends list with specific people only. This would be a "Custom" setting.
3) Information in a phone directory can be used to find you.
Once upon a time, located on the corner of every street, you could find these things call payphones. Within each of these payphone boxes, there was a copy of the White Pages and the Yellow Pages (phone directories that you could use to find the numbers for the people you wanted to speak to).
The concept of the payphones has pretty much died in the wake of cellphones, but the phone directories are still lingering around, except now, they're online. To make it worse, you can ask your local phone provider to add your email address and your cellphone number to your directory listings. This might seem innocent enough, until you discover that there is a setting on Facebook where complete strangers can use your email address or your phone number to find your profile.
The whole purpose of a phone directory is so you can find the contact information of people that you only have the name of. So, by keeping the "Who can look you up using..." settings on Public...
Doesn't anyone else see of problem with this, or am I just too old school?
If you honestly don't see the problem with this, I would like to direct you to a science fiction classic known as Terminator. There were only a handful of Sarah Connor's listed in the phone book, and all but one ended up dead.
To solve this particular issue, you have two separate issues to deal with. First, change the Facebook settings for "Who can look you up using..." to Friends. Unfortunately, it doesn't get any tighter than that. I wish it did, but nope. Second, contact your phone provider and have your name taken out of the online directory. Be advised that you might need to call them a few times about this. (It took me three months, and I don't know how many phone calls, to get my own details removed from the online public directory.)
4) Search engines outside of Facebook can link to your profile by default.
This particular setting is just as bad, if not worse, than allowing those to track you down via your email or phone number. You have no idea who might be searching your name (or where they are in the world). Just don't.
Note for Parents: This setting is set to No for any account for a youth under the age of 18, and can not be changed. The moment they turn 18, the setting can be switched to Yes.
5) Your posts on Facebook by default are only visible to your Friends, but what about your other platforms?
Instagram has become the next big thing among the youth. Images are so much faster, and they seem to be big on selfies. However, through Instagram, you can cross-post your messages to Facebook. In fact, there are systems that you can use (particularly through IFTTT) where you can authorize an applet to scrap almost any social media profile and cross-post it to another social media profile.
On Instagram, X, Bluesky and other similar sites, there are only two settings for account privacy: public and private. Private means that you have to approve those who follow you. Only those who follow you can see what you post. For youths, this is the setting I recommend. For writers and authors, you want your social media feeds to be public, or what is the point?
Just remember that because the public can't see it on Facebook, especially if you are cross-posting to your private feed, doesn't mean that the public still can't see it.
Note for Parents: For Instagram, there are no default settings for Private accounts for youth. This is something that you need to set yourself. But do make sure that your personal account is following your child's account. You want to be monitoring what they post.
Another Note for Parents: As a secondary hint for Instagram, have your child's account cross-post by default to their private feed on Facebook. Then, ensure that you are following your child's profile within Facebook. They used to have a See First setting, but unfortunately, that setting seems to have disappeared. Regardless, keep a close eye on what they post.
There was one time when my daughter was posting when she should have been sleeping. It's a bit suspicious when she says that she's in bed asleep and I see a post on my Facebook feed of something she's uploaded to Instagram just after midnight — and she wasn't even supposed to have her phone in her room. She lost her internet privileges for a month after that — restricted access while Daddy was sitting right next to her (talk about cramping a teenager's lifestyle).
Social media is fun — if you're smart about it!
Social media can be a fun playground, but if you honestly believe that it's filled with fairy godmothers who are going to grant your most grandiose dreams, then think again. The internet is filled with trolls who are determined to ruin it for everyone.
It's a breeding ground for spreading hate and animosity. Normal social boundaries seem to go out the window, because the monitor actually creates this imaginary boundary between yourself and the rest of the world. It's odd how some people can be the nicest people that you would ever meet in real life, but you get them on social media, where that monitor boundary exists, and they turn into monsters.
As a parent, I feel it is my duty to teach my children how to navigate the nasty world of social media safely. Because of who I am as a whole, I share whatever information I collect along the way as far and wide as I can.
Social media is still in its infancy. Sure, Facebook has been around since 2004, but that's only 15 years. We're still dealing with only the first generation of users, and trust me, we are making A LOT of mistakes along the way.
Don't be scared of social media. Don't be scared of the internet. Just learn what you can, and take the steps necessary to keep yourselves and your loved ones safe. Social media can be a rewarding experience and lots of fun, but only if you're smart about it, and do the best you can to avoid the Hidden Traps.
Hidden Traps of the Internet: Building and Protecting Your Online Platform
Building an online platform is an overwhelming and daunting task, with many pitfalls and horror stories surrounding the internet. It’s not surprising that many writers shy away from online activities, putting that online presence into the do-it-later category. But to survive in today’s publishing industry, a writer needs to be online.
This book focuses on how to build an online platform in a safe manner. Judy L Mohr (writer, editor, and writing coach) talks you through the various components of an online platform, showing you the tricks to staying safe online, carving out your own little corner of the internet while building that author platform.
Available in print and ebook.
More info →
