Maybe Facebook isn’t your friend after all. People are rethinking their relationship with the social media network after learning a consulting firm obtained the private data of more than 50 million Facebook users through questionable means.
The firm Cambridge Analytica reportedly used the data for political targeting, notably during Donald Trump’s 2016 presidential campaign. (It denies any wrongdoing.) You may be fine with that use of your data — or unsurprised by the news. But there are reasons to worry about social network breaches. Scammers can use similar information to, for instance, answer the security questions protecting your bank account or commit identity theft.
Mark Zuckerberg, CEO of Facebook, vowed in a company post on Wednesday to investigate apps that access lots of data, restrict third-party developers’ access to data and make it easier for users to control how apps access their data. But there are steps Facebook users can take themselves to protect themselves now.
1. Control your permissions
We asked Adam Levin, chairman and founder of CyberScout, an identity protection company, and author of “Swiped,” for tips on how to protect your Facebook data.
Facebook allows you to control how apps use your information, Levin said. Go to Facebook settings, then apps. Here you can check the permissions you grant apps to access your information, including your friend’s list and email address.
Check each apps’ permissions. They can get extensive. For example, an app I installed, Bandsintown, has access to my profile, friends list, location, likes, email and songs I listened to in other music apps. Any app that uses your Facebook login will get access to some personal data, from Candy Crush (public profile, friends list, email) to Farm Heroes (profile, friends list, email) to Spotify (profile, friends list, birthday, hometown, email).
You can also remove apps that look suspicious or that you don’t use and, under “Apps, Websites, and Plugins,” choose to disable your Facebook login for plugins, games and outside websites.
2. Check privacy settings
You can change your privacy settings to minimize how much information you expose to the world. Under privacy settings, you can control who sees your posts, who sees your friends list and whether people can find your profile using your email, phone number or a search engine. You can adjust the settings so only your friends can see your posts and only you can see your friends list.
3. Scrutinize future apps
Always be careful installing Facebook apps, Levin said. They may contain malware or misuse your data. If you do use apps, make sure they’re from companies you trust.
4. Other things to check
Here’s a potpourri of things you may want to shore up while you’re in settings.
• Security and login: Make sure you’re using a strong password and two-factor authentication to protect your account.
• Timeline and tagging: You may be careful about what you post on your own timeline, and you can control who sees that here, but your friends may not be as careful about what they post. These settings allow you to set who can see posts you’re tagged in. You may also want to activate “review,” which lets you check posts you’re tagged in before they appear on your timeline.
• Blocking: Here’s where you can get specific. Blocking allows you to control your individual interactions with people on Facebook. You can set whether specific people can see posts, invite you to join apps or attend events. You can also block apps and pages.
• Face recognition: If you don’t want Facebook to LITERALLY RECOGNIZE YOUR FACE in photos or videos, turn this off. Go to settings, Face Recognition and say “no.”
• Lock down your browser: There are several browser extensions that can protect your privacy while you’re online. A big one is an ad blocker, which not only does what it says, but can help control where your data goes while you’re browsing. Lifehacker has a good roundup of privacy extensions here.
5. Read up
How to delete Facebook
Since the Cambridge Analytica news broke, many people have reconsidered whether they want to use Facebook at all. It’s pretty easy to delete. You can just click here.
There are some caveats: You won’t be able to reactivate your account after doing this. You won’t be able to get anything you’ve uploaded either, so you may want to download a copy of your posts and photos first. (You’re given this option when you go to delete your account.) It will also take up to 90 days, according to Facebook.
Even after that, your data will still probably be out there. Other people will still have pictures of you they’ve uploaded or messages you sent them. It’s tough to put the toothpaste back in the tube.
Europe has a “Right to be forgotten” that allows people to ask Google to remove their name from search results. We don’t. Until then, users of services like Facebook can exert pressure on companies and regulators to better protect their private data, Levin said.
And we should all be more mindful of the information we put out there, Levin said.
“You have to be more alert,” he said. “You have to understand the ramifications of what you post and where you post it.”
We love being able to share pictures of our kids and update our friends about new cars or jobs, but all that information is the product social media networks sell. Cambridge Analytica may have broken some Facebook rule in obtaining your data, but Facebook already markets that data to advertisers to make money.
We all have to recognize that we are the product, Levin said, and take the proper precautions. If not, there are other, more analog ways to share, he said: “Get a journal.”
This article originally appeared on Policygenius.