In an earlier post, I presented a timeline describing the key players and events in the Facebook/Cambridge Analytica scandal, culminating with Facebook CEO Mark Zuckerberg testifying before Congress. Before we dig into part two, however, I want to reiterate something I mentioned in part one that seemed to resonate with most of you:

We can’t and shouldn’t simply blame Facebook. There are two reasons for this.

First, Facebook isn’t the only company engaged in harvesting our user data and sharing some of it with third parties. Click on any of these links from Twitter, LinkedIn, NextDoor, Google, Reddit, and Pinterest to reveal that all of these companies engage in the very same practice to some extent. Instagram, Tumblr, Flickr, WhatsApp, SnapChat, and every other “free” service does it as well. In fact, every tech product or service that we buy is provided by a company that collects and shares at least some parts of our user data, including Apple, Amazon (and AWS), Microsoft, Samsung, Netflix, Hulu, and others. Ditto for the major telcos and ISPs like AT&T, T-Mobile, Sprint, Verizon, Comcast, Cox, Charter, and HughesNet. Up until now, most consumers haven’t truly understood how much data these companies have collected on us. Thankfully, that’s starting to change.

Second, every person has the responsibility to educate, monitor, and protect themselves. We each test that responsibility with every piece of food we put into our bodies, with every news story we read and trust, and with every technology company to whom we willingly give our data. No one is forcing us to use these products, despite how pervasive they are. If we choose to use a product or service, it’s our responsibility to learn about it beforehand. If we determine it’s unhealthy and inappropriate for us and our families to use, we can and should use other products that are better for our physical, emotional, and digital health.

Until the legislative world catches up with the digital world, we’d be wise to remember that every corporation’s first responsibility is to its shareholders, not to the public.

With all of that in mind, let’s focus on how we can better restrict the various data that we share on Facebook. Please note: Everything I suggest requires a desktop or a laptop computer. Mobile devices won’t work as well (or at all) for some of these security measures. Don’t believe me? Just ask Walt Mossberg, famed technology writer for the Wall Street Journal and All Things Digital:

Step 1: Determine What You’ve Shared

Perhaps you want to know which Facebook advertisers have information about you. Perhaps you’d like a list of every application you use that ties into Facebook. Maybe you’d simply like to view your entire Facebook timeline efficiently. Well, good news, friends: We can all get this information — in about five to 10 minutes on a broadband internet connection—by downloading an archive of everything we’ve ever posted on Facebook.

That’s right: EVERYTHING.

Using a laptop or desktop computer, click this link, sign in to Facebook if prompted, and look for the download link visible to every Facebook user at the bottom of the “General” settings pane. Clicking on that link (below, at left in the red box) will prompt you to create your own downloadable Facebook archive (below, at right).

As of April 2018: Where to go in Facebook’s settings to download your entire Facebook life.

You’ll be asked to provide your Facebook password to officially start the process. Once provided, you’ll be notified twice by email. The first email lets you know that the process has begun. The second email (shown below) notifies you that your zipped archive is ready to be downloaded and provides a link. Those two emails took less than 10 minutes to be delivered to me. Your mileage may vary. For the record, my compressed archive was 904MB in size, one of the many reasons I recommend using a laptop or desktop computer for these tasks.

The email from Facebook informing you that a zipped archive of your entire Facebook world is ready for downloading.

Once you’ve downloaded your archive, double-click the .zip file to expand the files. Once expanded, you’ll find an htm page (a kind of webpage) corresponding to every status update, photo, and video you’ve ever posted on Facebook. Other pages list every person you’ve ever “poked,” every message you’ve ever sent via Messenger, and every place you’ve ever tagged. Still other pages list every Facebook friend you have (including their phone numbers), every friend request you’ve denied, and every friend you’ve removed. You’ll also find a page listing every app you’ve granted access to your Facebook data, and, of course, you’ll have access to see what advertisers know about you.

What a Facebook archive looks like

I highly encourage all of you to open each of these aptly named htm files, all found in the “html” folder of your download. Double-clicking each file opens it in a web browser. Start with ads.htm and apps.htm, and open each in their own window. Below, you can see what mine look like. Straight away, you can see that I have some interesting advertisers who have my personal contact info, including Airbnb (in Japanese?!), both the German and the Canadian eBay websites (go figure), and a whole bunch of crowdfunding projects.

My personal results after downloading my full and complete Facebook dossier.

Step 2: Lock Down Your Data and Access to It

If you’ve been on Facebook for more than a few years, then chances are that your privacy settings probably aren’t as tight as they should be. Here are a few quick ways to help tighten your privacy and security on the world’s largest social media platform.

Get Rid of Some Friends

Over time, many of us have collected hundreds or even thousands of Facebook friends. In theory, there’s nothing wrong with having virtual connections to as many people as possible; in practice, that means the personal data you’ve shared on Facebook is accessible by folks you might not know that well. With that in mind, here’s a friendly challenge: Click here to view all of your Facebook friends, and now…

Scroll through your Facebook friends and ask yourself just one question about each individual: Is it 100% essential for me to stay connected to this person on Facebook? If the answer is no, then unfriend them immediately.

I do a friend purge at least once a year and suggest you do the same. Given the kinds of things we share on Facebook, my recommendation is to stay connected there only with your closest friends and family. For everyone else, consider LinkedIn, a platform that’s also made for networking but is less intrusive. By the way, if you’re not sure how to unfriend someone on Facebook, here’s a short video explaining the process:

Make All Posts Private

Over the years, we’ve all shared a few posts that are — shall we say — more colorful than others. While your friends and family celebrate those colorful posts, it’s entirely possible that a company looking to potentially hire you might not. Do you want the entire world to have access to the freaky posts that the 26-year-old version of you shared publicly on Facebook? Probably not, because #BongWars #DrunkenPartySelfies #BurningManTrippingBallsWhileBikingNakedPix.

To ensure that every post you’ve ever made is rendered private, click on this link to visit Facebook’s “Privacy Settings and Tools” page. Now follow this video I’ve made to lock down all future and past posts on your Facebook timeline. That way, only your current friends can see what’s posted there:

You may notice a few other settings on the lower half of this same page. They govern who has access to your private data. Because of that, I recommend using the strictest settings for each of these. Feel free to copy what I’ve done in the red box and make similar choices on your Facebook privacy settings page.

Adopt these settings for yourself. You’ll rest easier that you did.

By the way, you’ll notice that your privacy settings force you to share your phone number and email address with others. Screw that, y’all: I don’t want every Facebook friend to have access to my personal cellphone number or email address. If they can contact me via Facebook, having my cellphone isn’t necessary. But what’s a Facebook user to do?

Lose the Phone Number (and Email)

In the previous installment in this series, “The Art of Restricting Your Personal Data,” I recommend having alternate email addresses, phone numbers, and mailing addresses. Here’s yet another reason why: Facebook shares that personal information with people we know and other entities we don’t. My recommendation: Either delete your phone numbers from Facebook entirely or use a secondary number. Clicking this link will take you to the page that allows you to add, modify, or delete any mobile phone numbers associated with your Facebook account.

I’ve chosen to delete my personal cellphone number from Facebook and instead list an alternate Google Voice number. I did that for two reasons:

  1. Calls or texts to my Google Voice number won’t bug me on my physical cellphone, because I’ve set it up that way.
  2. I need to provide at least one phone number to take advantage of setting up two-factor authentication on the Facebook platform. That’s something I strongly recommended in “Multi-Factor Authentication for the Masses” and still do now.

Adding an alternate phone number is easy: It only requires confirming a numeric code sent via text to the new number. Once that new phone number is validated, here’s the prompt you should see. Please set any new number to be shared with “Only Me” as shown in the red box. My dearest friends and family already have my direct contact information; no one else needs it.

When in doubt, set all Facebook share settings to “Only Me.”

For the same reasons, don’t give Facebook your personal email address. Facebook doesn’t need that email anyway: It only needs an email address to contact you, so provide one that you plan to keep but only check when necessary. Click here to visit the email settings page on Facebook. Set your “Primary Contact” email to something other than your personal, day-to-day email. Also, please uncheck the setting in the box I’ve shown; your Facebook friends don’t need to be able to download any of your personal information.

Uncheck this box if you discover that it’s checked. PLEASE.

Disconnect the Apps

Over time, Facebook has made it very easy for applications of all kinds to interact with its platform. Now that we know Facebook doesn’t protect your data, we should immediately remove any nonessential applications from having access to our Facebook account.

Click here to see all the applications that currently have access to parts of your Facebook universe.

If you don’t recognize an application connected to your Facebook account, delete it immediately. For those apps you need to remain connected, restrict what you share with them. As a general rule, applications can still work without access to any of the following information: your birthday, your friend list, your location, your email address, or your timeline.

Here’s a short video that walks you through how to delete apps or, if necessary, how to restrict the data you share with them:

Change Your Birth Date

Consider this: Because every Facebook friend has access to your birth date, they also have a key piece of information that can be used to help verify your identity. Because you can’t vouch for the digital security of every Facebook friend, you should assume that anything you post or share on Facebook is available to anyone who has legitimate or stolen access to the computers and mobile devices of every Facebook friend. Your personal data can, in the hands of unethical individuals, be used to help verify your identity and unlock other, more precious data. Don’t simply share that information without understanding this. Instead, simply change the your birth date backward or forward by a day or two. You’ll still get all the Facebook love around the time of your actual birthday, but not the potential security problems that might go along with it. To change your birth date (or any other public information, for that matter), click here and follow the list of steps provided.

Stop Using Facebook as a Sign-In Service

Many websites, as a convenience, allow their members/users/customers to prove their identity by using Facebook, Google, or Twitter to log in. If you’ve never seen what this looks like, here are a few examples from some recognizable websites:

More and more websites allow you to use Facebook, Google, or Twitter to log in. Avoid this ALWAYS.

If you use Facebook (or other social media sites) for this purpose, stop doing so ASAP: It only provides those services with more data about you, making them more powerful and you more of an attractive target for advertisers. Is it a nice convenience to use Facebook to log in to other websites? Absolutely! Is it worth the convenience? Absolutely not! Instead, create a unique username and password for each website you visit. Automate the process by using a simple password manager like LastPass or 1Password, something I discuss in an earlier installment of the Firewall.

Restrict Your Ad Settings

The Facebook model is a lot like the traditional TV model: The platform is free to use for the public and supported financially by advertisers. Advertisers pay Facebook money to get its help in showing us ads. But there’s a big difference: Today’s digital version of advertising means that much of my personal information is available to companies that can now micro-target me. While there’s nothing wrong with that in principle, in practice I believe in controlling the data I share with others. Click here to view your Facebook ad settings. Now, follow along with this video I’ve made and lock down some or all of the information that you willingly give to advertisers.

Step 3: Should I Stay Or Should I Go Now?

In the end, we have only two choices when it comes to any commercial social network: We can either better secure our accounts, or we can delete them entirely. Facebook, interestingly, offers a third option: deactivating your account.

Deactivating Your Facebook Account

Deactivating your Facebook account is temporary and 100 percent reversible. Your data isn’t destroyed, but it’s left inaccessible to everyone on Facebook. I’d assume that it’s still accessible by Facebook’s staff, however, something worth knowing for those of you who are both privacy and security minded. Also worth noting, disabling your Facebook account doesn’t deactivate your Messenger account. Deactivating Messenger is also possible but requires additional steps. To deactivate your Facebook account and place a temporary freeze on your Facebook universe, here’s the link.

Reactivating your account is simple: Just log back in to Facebook.

Deleting Your Facebook Account

Deleting your Facebook account is 100 percent permanent and ensures that your data is no longer available to anyone, including Facebook. Because it’s permanent, it’s worth knowing the caveats before you pull the proverbial trigger:

  1. Facebook waits a few days after you request a deletion. Why? Because logging back into Facebook during these few days auto-cancels the account deletion. Therefore, don’t log back into your account to check if it’s been deleted; instead, have a friend try to access your Facebook page from within their account.
  2. Once your account is deleted, you’ll never get anything back. By deleting your account, you’ll lose all of your friend connections, posts, photos, messages, and more. If you change your mind a month later, none of this data can be restored, so make sure this is your final decision.
  3. Have a backup for security. Maybe there’s a photo you posted some time ago that’s far too precious to lose, but you can’t find it. No worries! Just use the tip I mentioned above and download your entire Facebook account to your laptop or desktop computer so you have a backup.
  4. Be willing to wait 90 days. Facebook says it can take 90 days to fully delete your account. I’m unclear on why that would be the case, but they’ve put in writing, so know that up front.
  5. Be prepared to lose third-party accounts. Some of us use Facebook to log into Medium, Spotify, Airbnb, and other connected websites. Deleting our Facebook account can and does also damage or delete the data we keep on those other websites. For example, if you’re someone with 472 Spotify playlists who uses Facebook to login, then deleting your Facebook account will also delete your Spotify account. That’s potentially bad news, so do your research on each of your connected accounts prior to deleting your Facebook app.

If you’ve done your homework and you’re all ready, here’s the page to start the process of deleting your Facebook account. For those curious onlookers, here’s an image what it looks like when you begin:

Deleting your Facebook account comes with a few caveats.

Alternatives to Facebook for Those Seeking Privacy

The history of how we’ve shared our lives online follows the history of the technology that has made doing so possible. The advent of the telegraph, radio, telephone, and television opened new worlds for humans to share. The same is true for the internet and the tools it helped usher into common practice. At the dawn of the internet, tools like email, the bulletin board system (or BBS), IRC, AOL, and CompuServe all broke new ground and ushered in the era I’ll call Social 1.0. Thanks to Social 1.0, the following became the sound of an entire generation:

I’d define Social 2.0 as the period when websites first allowed you to search for and connect to other people, creating a virtual network of human connections. Into this category, I’d put the websites Classmates.com (1995) and SixDegrees.com (1997). On SixDegrees, you even could make your own account, upload photos, and connect to others. Neat idea!

With the arrival of Social 3.0 in the early 2000s, social networking hit the mainstream. Companies like Friendster, MySpace, Twitter, LinkedIn, Flickr, YouTube, and, of course Facebook all launched, and people from all over the world began sharing pictures, videos, text, messages, and more with one another, all online.

Social 4.0 hasn’t quite hit yet, but it’s upon us. The arrival of blockchain and its focus on decentralization has fueled the growing realization that privacy and security is a basic and foundational human right. In Social 4.0, the social networks of value — even the free ones — will feature transparency, privacy, decentralization, and the 100 percent total ownership and protection of your data. These are all things that Facebook cannot and will not guarantee, so let’s have a look at a few of tomorrow’s platforms.


MeWe is a social network based on privacy, transparency, ease-of-use, and 100 percent control of your own data. The company was founded by noted online privacy advocate Mark Weinstein and has Sir Tim Berners-Lee, the inventor of the internet, on its advisory board!

“The power to abuse the open internet has become so tempting both for government and big companies. MeWe gives the power of the internet back to the people with a platform built for collaboration and privacy.” — Sir Tim Berners-Lee, MeWe adviser

The company offers disappearing messages, no advertisements, no data tracking, and the ability to change who sees each of your posts. In the Age of Facebook, MeWe also offers something rather remarkable: a privacy bill of rights:

The company clearly works hard to deliver on those promises, and where it has chosen to locate its servers — and therefore your data — is a big indication of this. MeWe’s servers have been located in Ireland since 2016. That means all user data will be subject to the world’s best consumer-friendly privacy laws, the General Data Protection Regulation (GDPR). GDPR becomes EU law on May 25, 2018, and by leaving your data on its servers there, MeWe is voting in favor of your data protection and privacy.

By comparison, Facebook just moved control of 1.5 billion users from its Ireland servers and into the United States, specifically to avoid protecting those users’ data come May 25. #Shameful

All companies strive to make a profit, and MeWe is no different. The company employs a “freemium” rather than an ad-based approach, however, so MeWe doesn’t have to depend on advertising dollars. Freemium means that although using MeWe’s basic features is 100 percent free, certain special features cost a bit more:

  • While all users get 8GB of free cloud storage, you can upgrade to 50GB for $4.99 per month.
  • Chatting with friends is free, but enabling Secret Chat mode costs $0.99 per month.
  • Keyboard emojis are free, but having access to custom emojis is $0.99 a packet.

To help fund the free website, MeWe also offers a paid corporate version called MeWe Pro. That platform is billed as a more secure and feature-full version of the popular Slack platform, used by many corporations for chat, file sharing, and collaboration.

I’ve signed up for MeWe and have begun using the platform. I think it’s a worthy competitor to Facebook that will only become more valuable as time passes and the value of privacy increases. More info on MeWe can be found here.


diaspora* (that’s how it’s spelled, asterisk and all) offers some very compelling features when compared to Facebook levels of control. The network doesn’t require you to use your real identity, gives you total control over and access to all your data, and provides simple ways to determine which group(s) of your contacts are permitted to view each of your posts. As with Twitter, users employ hashtags to join trending topics and use the “@” symbol to mention other specific users.

More fascinating is how the platform is run. The larger diaspora* network is built from an ever-growing number of independently hosted servers, or “pods.” Notably, these pods aren’t hosted by a corporation — as is the case with Facebook and every other commercialized social network — but rather by diaspora* community members. Joining is a simple matter of picking an available pod and signing up: Once you’re a member of diaspora*, you’ll have access to network with members of any of the other pods. The number of community-hosted pods is a great indication of how important security and decentralization are to the diaspora* network. Having a network of pods prevents any one pod operator from having access to all pods, a built-in system of checks and balances. This ensures that a Mark Zuckerberg–like CEO can’t make decisions on behalf of the entire community or relocate your data against your wishes.

It also means, however, that you’re subject to whoever is running the server that hosts your pod. diaspora* isn’t just a social network, it’s software — created by the diaspora* foundation — which is used to run that network. Like all software, updates are provided on a regular basis. If the manager of your pod doesn’t update your pod’s software, you may be missing out on features that are made available to other pods.

It’s worth noting a few caveats:

  1. There’s no requirement on diaspora* to use your real name, phone number, or email address. So even if your account were compromised, there’s nothing that needs to trace back to you personally.
  2. It’s possible that a malicious pod host can choose to compromise your data.
  3. It’s also possible to host your own diaspora* server and restrict access to just yourself or to friends and family you know. In practice, this will protect you from the threat of a malicious host.

I’ve been curious enough to sign up for a diaspora* account and enjoy some of its features. However, it’s harder to understand and use and isn’t yet as mature a product as MeWe. Still, it offers a kind of decentralized approach and totally anonymous social network platform that many users might find reassuring. They put a massive priority on privacy and data protection and say so up front:

The diaspora* foundation homepage


I briefly joined Ello way back in 2014 to see what a Facebook competitor had to offer. Tech-wise, I was impressed: The company claimed to never sell user data to any third parties, it never showed ads, and it didn’t enforce a real-name policy. I met a few new people, shared a few posts, and generally enjoyed spending time rambling around the platform. Four years later, and the company still offers the same security features, but it has pivoted: What was once a social network for everyone has become a social network for artists. There’s nothing wrong with that, of course, but if you’re not an artist, then you might feel awkward not sharing your latest photographs, drawings, recordings, or movies. Then again, it’s a great way to meet artists, so I say jump in!

Ello is free to use and, like MeWe, offers a freemium approach to earn money. There’s an Android and iOS app for mobile devices, so users can check in on the go.

Like most modern social networking platforms, you can share posts, tag others, and use hashtags to find and join trending conversations. It’s not as polished as MeWe or as intuitive as Facebook seems, but it doesn’t need to be. The artist community prides itself on being different and unique, and Ello certainly qualifies.

So that’s it for this installment, friends. Hopefully you’ve learned a thing or two about privacy and security as it relates to social networking online. If you have a tip or trick that I missed that you think would benefit the community, please post it! We all learn better when sharing. Until the next installment…

…Surf safe!