I assumed my social media accounts were locked down because I’d set them to private years ago and never touched the settings again. Then I ran a full social media privacy checkup on my own Facebook and Instagram accounts and found 47 forgotten apps still authorized since 2019, two old sessions logged in from cities I’ve never visited, and a public location tag on a photo from my kid’s school.
The real risk isn’t one leaked password — it’s the years of accumulated app permissions, forgotten sessions, and public tags that quietly pile up while you’re not looking.
Quick Answer
A social media privacy checkup means reviewing who can see your posts, revoking old connected apps, turning off precise location tagging, and enabling two-factor authentication on every account you use. Spend about 20 minutes total, start with Facebook and Instagram, and you close the biggest exposure gaps that scammers and stalkers actually exploit.
What Does a Social Media Privacy Checkup Actually Cover?
A privacy checkup isn’t one toggle. It touches four layers: post audience, third-party app access, location and tag exposure, and login protection. Skip one layer and the other three don’t matter much.
I run mine every six months alongside my Google Security Checkup, since both catch stale connected apps and old sessions.
Treat a privacy checkup as four separate layers, not one setting, or you’ll miss the gap that actually gets exploited.
How Do You Lock Down Facebook Privacy Settings?
Audience and Visibility Settings
Open Settings & Privacy > Settings > Audience and Visibility. Set “Who can see your future posts” to Friends, not Public, and run the “Limit Past Posts” tool to retroactively hide old public updates.
Timeline and Tagging Review
Under Profile and Tagging, turn on “Review posts you’re tagged in before they appear on your timeline.” This is the one setting most people skip, and it’s what let a stranger’s tagged photo of me sit in search results for months.
Pro tip: Facebook’s “Off-Facebook Activity” page, under Settings, lists every site and app that reported activity back to Facebook. Clear it and disconnect future tracking in one click.
Facebook’s audience and tagging settings decide whether a stranger can find you through someone else’s post, not just your own.
How Do You Lock Down Instagram and TikTok Privacy?
Instagram Privacy Basics
Switch your account to Private under Settings > Account Privacy, then check Settings > Story and turn off “Allow Sharing” so screenshots and replays don’t spread past your followers.
TikTok Privacy Basics
Go to Settings and Privacy > Privacy > Discoverability, set the account to Private, and turn off “Suggest your account to others.” TikTok defaults new accounts more openly than most people expect, so verify this even on an account you set up years ago.
Instagram and TikTok both bury the settings that stop your content from being screenshotted or recommended to strangers.
What Should You Check on X and LinkedIn?
Both default to public visibility, making them the easiest place to overshare. Here’s where each platform stands by default.
| Platform | Default Post Visibility | Where to Change It | Biggest Risk If Ignored |
|---|---|---|---|
| Public (new accounts) | Settings & Privacy > Audience | Old public posts stay searchable | |
| Public | Settings > Account Privacy | Strangers can DM and screenshot stories | |
| TikTok | Public | Privacy > Discoverability | Videos get recommended to strangers |
| X (Twitter) | Public | Settings > Privacy and Safety | Location and tagging exposed by default |
| Public | Settings & Privacy > Visibility | Connections list fully exposed |
On X, go to Settings and Privacy > Privacy and Safety and turn off photo tagging and precise location. On LinkedIn, turn off “Profile viewing options” under Visibility so you browse anonymously, and hide your connections list.
X and LinkedIn both leak location and network data by default, so check them even if you post there rarely.
How Do You Stop Location Sharing and Tag Exposure?
Turn off precise location for each app in your phone’s system settings, not just inside the app: iPhone is Settings > Privacy & Security > Location Services; Android is Settings > Location > App Permissions.
Also disable “Nearby Friends” style features you enabled once and forgot, since they broadcast your live location.
Troubleshooting tip: if a photo still shows a location tag after disabling Location Services, the tag was likely added manually at posting time. Edit or delete that old post directly; the system setting only affects future uploads.
Turning off location in the app isn’t enough — check your phone’s system-level permission too, and clean up old tags manually.
How Do You Audit Connected Apps and Old Logins?
Every platform hides a list of third-party apps and active sessions.
Facebook and Instagram
Go to Settings > Apps and Websites (or Accounts Center > Connected Experiences) and revoke anything unused in the last year.
Active Sessions
Under Security and Login, review “Where You’re Logged In” and log out of any device or city you don’t recognize.
While you’re there, add a passkey or app-based two-factor authentication instead of SMS codes, the exact weakness SIM swapping attacks target. A free manager like the one in my Bitwarden setup guide removes the password risk entirely, and the Electronic Frontier Foundation keeps a solid account-security reference worth bookmarking.
Old connected apps and forgotten sessions are the quiet backdoor most people never think to close.
Common Mistakes to Avoid
- Checking the app but not the phone’s location permission. Fix: review both; the app setting doesn’t override system-level access.
- Assuming “Private” hides old public posts. Fix: run “Limit Past Posts” or delete old public updates manually.
- Relying on SMS codes for two-factor authentication. Fix: switch to an authenticator app or passkey where supported.
- Never revisiting connected third-party apps. Fix: set a six-month reminder to review and revoke unused access.
- Ignoring tagging settings on other people’s posts. Fix: turn on tag review so nothing posts without your approval.
Frequently Asked Questions
How long does a full social media privacy checkup take?
About 20 minutes covering Facebook, Instagram, and one more platform you actually use. My own run took 24 minutes, including revoking nine old connected apps.
Do I need to do this on every platform I have an account on?
Focus first on platforms tied to your real name. I ignored an old MySpace-era account for years until a breach notice reminded me it still held my birthdate.
Will making my account private hurt my reach or followers?
Yes, it limits discovery, which matters if you’re building a public profile. For a personal account, that tradeoff is worth it.
Can someone find my old public posts after I go private?
Possibly, if they were indexed or screenshotted first. Run “Limit Past Posts” and search your own name to check.
What’s the single most important setting to fix first?
Two-factor authentication on your login. I’d rather a stranger see one old photo than lose the whole account to a password leak.
Conclusion
A social media privacy checkup takes less time than one scroll through your feed, and it closes the gaps that get exploited: stale app access, forgotten sessions, default public settings. Block 20 minutes this week, start with Facebook, and work down this list one platform at a time.