Privacy on Mainstream Socials Means Cutting the Damage
Most people are not deleting every account. The goal is simpler: give these platforms less to work with.
Key points
- Turning off Off-Facebook Activity is the single best privacy move on Meta. It cuts off a large stream of third-party tracking data.
- Use a separate browser profile for each social platform. That stops easy linking between your social account and the rest of your browsing.
- TikTok's China access problem is not something a settings menu can solve. If you use it, keep it away from sensitive accounts and devices.
Each platform collects data from three places: what you post, how you act, and what other sites report about you. Meta's privacy policy spells out how much data comes from advertisers, apps, and websites running Meta pixels.
What They Want
Meta makes money by sorting you into ad segments. Better guesses mean higher prices. These companies want to infer:
- Income and financial stress, from brands, locations, travel, and spending signals
- Health conditions, from follows, searches, and medical content engagement
- Political alignment, from follows, shares, and time spent on certain posts
- Relationship and family status, from tags, photo metadataData about data, such as who contacted whom, when, from what device, and from which location. Metadata often remains exposed even when content is encrypted.Glossary →, and location overlap
- Psychological weak points, from emotional response patterns and timing
You cannot stop all of that and still use the platform. You can make the profile less accurate.
Compartmentalisation Works
The strongest move is simple: use a separate browser profile or deviceonly for social media.
Settings That Matter
Instagram / Facebook (Meta)
- Off-Facebook Activity: Settings → Your Facebook Information → Off-Facebook Activity → clear history and disable future tracking. This is the highest-impact setting on Meta. The EFF recommends it as the top privacy step on Meta platforms.
- Ad Preferences: Settings → Ads → Ad Settings → turn off personalization. Ads remain, but Meta gets fewer signals to target them.
- Location: Remove location permission. Do not check in. Do not tag places unless you mean to share routine and class signals.
- Face Recognition: If the option still exists in your region, turn it off.
- Activity Status: Turn off "Show Activity Status" so the platform does not broadcast your live usage pattern.
X (Twitter)
- Data Sharing with Business Partners: Settings → Privacy and Safety → Data Sharing and Off-X Activity → turn off every option.
- Location Data: Settings → Privacy and Safety → Location Information → turn it off and remove saved data.
- Personalised Ads: Settings → Privacy and Safety → Ads Preferences → turn them off.
- Grok Training: Settings → Privacy and Safety → Grok → turn off "Allow your posts to be used to train Grok." Public scraping still happens, but you do not need to help.
- Profile Visibility: Limit who can see your connections. Your connections list is a map of your work life.
- Data for Personalisation: Settings → Data Privacy → Data collected by LinkedIn → turn off "Use data for personalisation."
- Third-Party Data: Settings → Data Privacy → Permitted Services → review and revoke old OAuth apps.
- Activity Broadcasts: Turn off automatic sharing of job changes, education changes, and work anniversaries unless you want that public.
TikTok
- Personalised Ads: Settings → Privacy → Ads → turn them off.
- Sync Contacts and Facebook: Turn both off.
- Location: Remove location permission at the OS level.
- Usage Data: Assume the infrastructure problem remains. Internal recordings showed China-based access to US user data. No local setting changes that.
What You Cannot Turn Off
Some collection is structural. Settings do not touch it.
- Photo metadata: Strip EXIF before upload. EXIF can reveal GPS, device model, and timestamps.
- Behavioral fingerprintingA tracking method that identifies a user or device through a distinctive combination of technical attributes rather than traditional cookies or login data.Glossary →: Typing rhythm, scroll speed, cursor motion, and interaction timing can still identify you across sessions.
- Shadow profiles: Meta builds profiles on non-users too, using contact uploads and off-site tracking.
- Graph inference: Locking your profile down does not stop the platform from inferring things from your network.
A Realistic Harm Reduction Stack
| Action | Effort | Impact |
|---|---|---|
| Separate browser profile per platform | Low | High, breaks easy cross-site linking |
| Turn off Off-Facebook Activity | Low | High, cuts third-party web tracking data |
| Revoke location permissions (all apps) | Low | High, stops routine location collection |
| Use VPN for social media sessions | Medium | Medium, hides home IP from platform logs |
| Strip EXIF from photos before upload | Medium | Medium, removes GPS and device metadata |
| Use burner email for social accounts | Medium | Medium, weakens email-based account linking |
| Disable all personalised ad settings | Low | Low, reduces targeting more than collection |
| Delete account entirely | High | Highest, but often too costly socially |
What This Still Does Not Fix
No settings tweak turns Instagram, Facebook, or TikTok into private tools. They are tracking systems with social features attached. The data can still move through law enforcement requests, data brokers, insurers, and future AI models.
Damage control is about limiting what they can learn, not pretending the platform is safe. If you can stop your social account from becoming a clean record of your health, money, politics, and daily routine, that is already a win.
Cunicula receives no funding from any social media platform or data brokerA company that collects, buys, packages, and sells personal information such as names, addresses, location history, and behavioral data.Glossary →.
Follow the Money
Social media runs on surveillance. Huge ad revenue depends on collecting, scoring, and reselling behavior.
- Ad duopoly
- Meta and Google pull in hundreds of billions in ad revenue by turning behavior into targeting data.
- Data brokers
- Social graphs and profile data move downstream. Cambridge Analytica was only one visible case.
- Twitter/X
- Ownership, financing, and platform control all shape who can reach the data and for what purpose.
- State access
- Once the data exists, state access follows. Platform logs become an intelligence asset.
Frequently Asked Questions
What is the most important privacy setting to change on Facebook and Instagram?
Turn off Off-Facebook Activity. Go to Settings → Your Facebook Information → Off-Facebook Activity, clear the history, and disable future tracking. That cuts off a large stream of data Meta gets from third-party sites and apps. If you only change one setting, change that one.
Can Facebook track you even if you use a VPN?
Yes. A VPN hides your home IP, which helps, but Facebook can still track you through cookies, browser fingerprinting, behavior patterns, and Meta pixels on other sites. A VPN lowers one signal. It does not stop the rest. Use it with a separate browser profile and disabled Off-Facebook Activity if you want a real reduction.
Does TikTok send your data to China?
ByteDance staff in China were confirmed to have accessed US user data. TikTok says US data is stored domestically under Project Texas, but researchers have still reported data flows to China. No in-app privacy toggle fixes that. If TikTok matters to you, keep it off any device tied to sensitive accounts or real-name activity.
How do I stop Instagram from tracking me across other websites?
Do three things. First, disable Off-Facebook Activity in Facebook settings. Second, use Instagram in a browser profile you use for nothing else. Third, run uBlock Origin in that profile to block Meta pixels on other sites. That cuts a lot of cross-site tracking, though the app can still profile your behavior inside Instagram itself.