| Security Education Companion Skip to main content
Security Education Companion
A free resource for digital security educators
Planner (0)

Locking Down Social Media

Last modified October 17, 2019
  • English
Duration: 1 hour(s)

Learning Objectives

Learners will:

  • Be able to identify what information they want to protect on social media and who they want to protect it from.
  • Know the various ways that commonly used social media platforms describe important privacy settings (privacy, security, or safety settings).
  • Abstractly explain the kind of changes they need to protect that information.
  • Be able to explain why they may want to keep accounts on different platforms separate.


Instructor: Learners
1:5 (One instructor to five students)

A ratio of at least 1 trainer to 5 learners is ideal. While this module does not necessarily involve installing tools, it does involve a lot of individual questions and individual threat modeling considerations. Consider splitting learners into groups based on similar concerns or situations.

Lesson Content

Ice Breaker

“Raise your hand if you’ve used a social media platform once today. How about twice? How about three times?” Hopefully this will generate some laughs and drive home the point that it’s normal for social media platforms to be essential to people’s daily lives.


Have participants split into pairs or small groups and talk about their favorite use of social media. Examples could include: sharing pictures, organizing events, staying in touch with long-distance family and friends, participating in online communities, spreading their art/work/activism, etc.

Knowledge Share

Learning about so many different platforms with so many different settings can overwhelm your learners (and you!). Before diving into the nitty-gritty of settings tutorials and questions, be sure to go over more general concepts that apply regardless of platform or settings. This might include:

What is personally Identifying Information (PII)?
PII, sometimes called “Sensitive Personal Information” or “Potentially Identifying Information,” is information that can be used to identify a person. It might be combined with other information to figure out someone’s location, to contact them, or to gather additional information about their life. Lots of companies collect this information for many purposes, including advertising, medical documentation, or billing. While it is difficult to control the information and data that companies collect on someone, learners can take control of the information they put out into the world on social media.

"Don’t blame yourself."
Sometimes, learners can feel ashamed or embarrassed when they take the first step of identifying what they want to protect on social media. They may feel like it’s their fault, that they should have been more careful, or that they made mistakes when sharing information. As a trainer, you can reassure them that it’s not their fault. You might say something like, “I don’t want you to blame yourself for what big tech companies and social media platforms have done to your privacy.” Instead, you can help them focus on small but powerful actions they can take to reclaim their privacy.

Security and privacy “check-ups”
Facebook, Google, and other major websites offer “security check-up” features. These tutorial-style guides walk you through common privacy and security settings in plain language and are an excellent feature to take advantage of.

Privacy vs. security; safety vs. account settings
Even though every social media platform has its own unique settings, you can find some patterns.

Privacy settings tend to answer the question: “Who can see what?” Here you’ll probably find settings concerning audience defaults (“public,” “friends of friends,” “friends only,” etc.), location, in photos, contact information, tagging, and if/how people can find your profile in searches.

Security (sometimes called “safety”) settings will probably have more to do with blocking/muting other accounts, and if/how you want to be notified if there is an unauthorized attempt to authorize your account. Sometimes, you’ll find login settings—like two-factor authentication and a backup email/phone number—in this section. Other times, these login settings will be in an account settings or login settings section, along with options to change your password.

Location settings help you make sure that you don’t accidentally share where you are. Some sites will include your approximate location by default when you post things. Location information can paint a detailed picture of your habits, home, and workplace, so it’s important to turn off if it’s leaking information that you feel uncomfortable with.

Photos can share more information than meets the eye. In addition to metadata that might include the time and place a photo was taken, the image itself can provide some information. Before you post a picture, ask: Was it taken outside your home or workplace? Are there any addresses or street signs visible in it? If you post photos often at certain times of day, does it make it easy to figure out what your routines and habits might be?

Photos can also link accounts you intend to keep separate. This is a surprisingly common issue with dating sites and professional profiles. If you want to maintain your anonymity or keep a certain account’s identity separate from others, be sure to use a photo or image that you don’t use anywhere else online. To check, you can use Google reverse image-search function.

Making sure different profiles don’t get linked together
For a lot of us, it’s critical to keep different account’s identities separate. This can apply on dating websites, professional profiles, anonymous accounts, and accounts in various communities. In addition to phone numbers and pictures, other potentially linking variables to watch out for include your name (including nicknames) and your email. If you discover that one of these pieces of information is in a place you didn’t expect it, it can be easy to get scared or panic. It can be useful to think in baby steps: instead of trying to wipe all information about you off the entire Internet, just focus on specific pieces of information, where they are, and what you can do about them.

Group settings
Facebook groups are increasingly places for social action, advocacy, and other potentially sensitive activities, and group settings can be confusing. If participants are interested in learning more about group settings, refer to this guide for more information.