Social Media Privacy Settings Every Person Should Turn On

by

We live loud, online lives. Posting a photo, sending a DM, or joining a group takes seconds — but the small settings behind those actions determine who sees, copies, or tracks what you share. Treat this guide like a quick home-security sweep for your digital life: flip these switches, lock the doors, and sleep easier.

Quick rules to live by

  • Lock public view as the default. If a setting lets you choose between “Public” and “Friends/Connections/Contacts,” pick the smaller audience by default.
  • Enable two-factor authentication (2FA) on every account that offers it. It’s the single best step to stop account takeover.
  • Check app permissions on your phone: which apps can access your microphone, camera, contacts, or location? Remove anything that’s unnecessary.
  • Run periodic privacy checkups — most major apps offer a guided checkup to review critical settings.

Facebook — tighten profile and post audiences

What to switch on:

  • Profile visibility: Limit who can see your friends list, birthday, and other profile details; make your profile photo and cover photo audiences smaller if possible.
  • Post audience: Default to “Friends” rather than “Public.” When posting, check the audience selector every time.
  • Who can find you: Restrict who can send friend requests and whether people can find you using your email or phone number.
  • Privacy Checkup: Run Facebook’s privacy checkup to review key settings in one go.

Why it matters: Facebook posts and profile fields are commonly scraped for doxxing, targeted ads, and social engineering. Reducing who sees what reduces those risks.

Instagram — small audience, big difference

What to switch on:

  • Private account: Switch from Public to Private so only approved followers see your posts.
  • Activity status: Turn off “Show Activity Status” so apps don’t broadcast when you’re online.
  • Story sharing: Prevent others from re-sharing your story as messages, and restrict who can reply to your stories.
  • Blocked accounts and restricted mode: Use “Restrict” or block to limit interactions without escalating drama.

Why it matters: Instagram is built for sharing; a private account restores control. Turning off activity status eliminates the “seen you online” stalker problem.

WhatsApp — privacy beyond end-to-end encryption

WhatsApp encrypts messages, but that’s only part of the picture. Check these:

  • Last seen / Profile photo / About: Set to “My contacts” or “Nobody” to limit strangers’ visibility.
  • Read receipts: Turn them off if you don’t want blue ticks revealing when you’ve read messages (note: turning them off also disables them for you).
  • Groups: Use “Who can add me to groups” to stop unknown people from pushing you into large group chats.
  • Two-step verification: Enable a PIN for account recovery.

Why it matters: Even with end-to-end encryption, metadata (who you message, when, and group membership) reveals a lot. These settings reduce that metadata exposure.

TikTok — protect your profile and direct messages

What to switch on:

  • Private account: Makes your content visible only to approved followers.
  • Comments and duets/stitches: Restrict who can comment, duet, or stitch with you; you can set these to “Friends” or “No one.”
  • Direct messages: Restrict who can DM you, and turn off activity status if available.

Why it matters: TikTok’s algorithm is powerful. A private account + tightened message permissions prevents unwanted attention and reduces the chance your content is repurposed without permission.

X (formerly Twitter) — control posts and calls

What to switch on:

  • Protect your posts: Make your account private so only followers can see your posts.
  • DM and call settings: Limit who can send you direct messages, and enable enhanced call privacy to hide IP/address data when audio/video calls are available. (Check your app’s “Privacy & safety” settings.)

Why it matters: X is fast and public by default. Even small pieces of info (a post, a voice call) can be amplified widely; protecting posts prevents viral sharing beyond your follower base.

LinkedIn — privacy for a professional network

What to switch on:

  • Profile viewing options: Turn on “Private mode” if you don’t want profiles to know you viewed them. Note: this may limit features like seeing who viewed your profile.
  • Profile visibility: Limit who can see your connections, and control what activity you share with your network.
  • Contact syncing: Avoid automatic upload of your entire address book unless you want LinkedIn to suggest connections.

Why it matters: LinkedIn is for professional growth, but oversharing can leak contact networks or job-hunt signals you didn’t plan to broadcast.

Email (Gmail and others) — stop account takeover and accidental leaks

What to switch on:

  • Two-factor authentication: Use SMS only as a fallback; prefer an authenticator app or hardware key. 2FA dramatically reduces the risk of unauthorized access.
  • Confidential mode (Gmail): Consider it when sending sensitive files — it can restrict forwarding, set expiration, and require passcodes. It’s helpful, but not a perfect sandbox — recipients can still capture screenshots.

Why it matters: Email is the recovery channel for many accounts. Compromise here is a typical first step in broader account takeovers.

Universal settings every person should set now

  1. Two-factor authentication (2FA) on every account that supports it. Use an authenticator app or hardware key when possible.
  2. Use a password manager to generate and store long, unique passwords — never reuse passwords across important accounts.
  3. Review app permissions on your phone monthly — camera, mic, contacts, location: remove access for apps that don’t need it.
  4. Limit location sharing in apps and on photos (turn off location metadata in your camera app if you post photos publicly).
  5. Check connected apps and third-party access under your account’s security settings; revoke access for anything you don’t actively use.
  6. Download your data, then purge what you don’t want stored forever — many platforms let you export and delete old posts, messages, or images.
  7. Enable privacy checkups where offered — they guide you through the most important toggles in under 10 minutes.

A few real stories (kept short)

  • A small-business owner who used the same password across email and social accounts lost control of their business pages in hours; 2FA restored control and stopped the attacker from locking them out.
  • An artist whose public posts included home-location tags started getting targeted messages; switching to a private account and removing location tags stopped the harassment almost overnight.

These aren’t horror stories to scare you — they’re reminders that simple settings are effective.

Closing checklist — before you post tomorrow

  • Default audience set to “Friends / Contacts / Connections” (not Public).
  • 2FA enabled for email and core social accounts.
  • App permissions and connected apps audited.
  • Location metadata off for photos you’ll post publicly.
  • Privacy checkups completed on Facebook, WhatsApp, Instagram, TikTok, X, and LinkedIn.

Final notes and sources

The recommendations here are drawn from official help pages and established tech reporting to ensure accuracy.

Key reference pages used while writing: Facebook Help, Instagram Help, WhatsApp Help, TikTok Help, X Help, LinkedIn Help, and Google/Gmail support.

Leave a Comment