The ultimate walkthrough guide to Facebook privacy

Facebook wants you to believe that your information is private and that it doesn’t share anything that you haven’t agreed to with third parties. However, these settings aren’t always easy to find, and they aren’t always switched on by default. Facebook’s business is to get you to share as much as possible, especially with their advertisers, so here is your handy guide to setting up Facebook so that your privacy is as tight as a duck ass.

Please note that this privacy guide may not be for you. With increased privacy, you may have to give up some functionality, including applications, which are the backdoor to your proverbial duck’s ass. Do not trust third party applications with your privacy. They see you only as +1 to their total user base. Treat Facebook themselves with that same disrespect. They do not have your best interests at heart. You would be wise to remember this fact. If anything breaks or your lose any data, don’t blame me. I accept no liability.

First of all, you should understand Facebook’s standard options with regards to privacy. They are:

  • Everyone
  • Friends of Friends
  • Only Friends
  • Customize

In the majority of cases the hardcore fuck-you-Facebook option is hidden under Customize. So for each and every case you can find in your Privacy settings, you need to choose Customize and then select Only Me. We aim to hide everything first, then after everything is tied down, we’ll choose to share the things we really want to share.

So, lets get stuck in. Go to the default Privacy screen under Account. It is split into several key areas as shown below:

Select Personal information and posts:

Set everything to Customize – Only Me.

With regards to Photo albums privacy, set each album to Customize – Only me. I actually deleted all of my photos on Facebook apart for the one single default profile photo (that you are “required” to have as a genuine photo).  I do not trust Facebook with my photos. There are better and more open and transparent photo sharing methods on the internet.

Go back to Privacy and select Contact Information:

Set everything to Customize – Only me. Add me as a friend can only be set to Friends of Friends and Send me a message should be set to Only friends. If you have been on Facebook for a while these options will probably suffice. Everyone you know is probably already a friend, or at a minimum a friend of a friend. If you really want to leave that ex-girlfriend from university find you and send you an email, then leave the Send me a message open. However, you would be wise to remember that you dumped her in the first place because she was a psycho bunny boiler!

Go back to Privacy and select Friends, tags and connections:

Set every option to Customize – Only Me. This will stop any embarrassing photos of you being tagged, any relationship blunders, and friends seeing your list of friends (you might not always want to share this).

Go back to Privacy and select Applications and Websites:

This isn’t so simple as setting everything to lock down. You have to dig around a bit. Go through one option at a time. Whilst on this screen lock down Activity on applications and games dashboards to Customize – Only Me.

Select What your friends can share about you – Edit settings:

Uncheck every single option. This stops your friends giving access to your information to third party applications. Do you hate Farmville? If any of these options are checked, then your friend that plays Farmville daily can share your information with Farmville, even if you haven’t authorised Farmville. Scrub the lot!

Go back to the Privacy and select Applications and websites. Then select Instant Personalization Pilot Program – Edit Setting:

Make sure the box is unchecked!

Go back to Privacy and select Search:

Set Facebook search results to Customize – Only friends. Uncheck Public search results.

Now the main privacy options are looking good. Now under Account go to Application settings. If you are smart (paranoid) about your privacy you will have deleted all of the applications you can. Some of Facebook’s own applications cannot be removed. However, we can lock them down.

For each application click on Edit Settings. Under the Profile tab remove the Box and Tab options, and then set the Privacy to Customize – Only Me.

Throughout this process Facebook provides a helpful tool that shows you what your profile looks like to other people. Note the Preview My Profile button shown top right whilst within the privacy settings. You can enter a friend’s name to see what your profile looks like to them. Otherwise your profile is shown as it would be seen by any non-friend from a search result or linked from a wall comment or “like”. As a side note, the actual default profile used to do the profile check is a user called Everyone.

Now you profile and information is secure (until Facebook adds a new feature). I deleted everything except for my wall. No photos, videos, links, notes, about me, work experience, current location, religious views, etc.

Now, to make Facebook somewhat a fun experience, you don’t want to leave your settings like this. Sometimes you want to update your status and allow friends to comment on it. To re-enable this, go to PrivacyPersonal information and posts:

Set Posts by me and Comments on posts to Only friends. You can optionally allow friends to write on your wall, although your mate Johnny writing “god you were drunk last night” isn’t ideal to share with all your friends. Remember that you are opening a backdoor here. If you write a status update or upload a photo that was only destined for your friends, but one of those friends has their wall shared with Everyone, then anyone can see the link to your photos or update.

So, you are finished for now. Keep checking through the privacy options every few weeks. Facebook often adds new features, and you need to tighten up the default options when they do so. They don’t do it for you!

Happy Facebooking…

Howto: Cisco VPN Client on Windows 7 64-bit – Walkthrough

Cisco haven’t released a 64-bit VPN client, and are very unlikely to do so. They are forcing people to move away from IPSEC, and in all their wisdom, will only support 64-bit machines using the Anyconnect client, which a) doesn’t support IPSEC and b) has an implied cost per licence. In essence, they feel they can force companies to invest in new hardware if more and more people get 64-bit client machines. Cisco gave in. the Cisco VPN Client Version 5.0.07 now supports Windows 7 64-bit.

The remainder here is a guide to networking through the Virtual XP Mode in Windows 7, which some may find useful, therefore I will keep it here as a guide.

However, Cisco haven’t hadn’t considered those who use Windows Vista and Windows 7 64-bit, but have no way to force the companies that they work with to upgrade their hardware (and pay out lots of money to do so). Hence, many people have been were left stranded and have resorted to third parties such as NCP and Shrew who offer paid and free VPN clients for 64-bit machines.

Today, I have finally figured out a work around that still uses the Cisco VPN Client (v5) and no extra third party software. I thought I would share the technique.

The trick is to use Windows XP Mode which is a feature that is limited to Ultimate, Professional and Premium versions of Windows 7. You still have to download the feature from Microsoft, but after installing you’ll have a virtual Windows XP installation running under Windows 7. Your machine also needs to support Virtualisation Technology. Microsoft offers a tool to check this support is available. You may need to flick the switch in your BIOS to enable it (I had to do this on my Dell Precision as it was disabled by default).

First some terminology that will help. I will refer to the HOST as the machine that is hosting the virtual system (in my case this is Windows 7 Ultimate). The GUEST is the Windows XP Mode installation.

Once you have downloaded Windows XP Mode from Microsoft and followed the installation instructions, you must then install the second download (see Microsoft download page). At the end of this process, the new Windows XP Mode virtual machine should start up. The next steps are to install some anti-virus software and install the Cisco VPN client in the guest virtual machine. Copy across any Cisco VPN profile (.pcf) files you might need. Your HOST’s disk partitions should automatically be shared to allow you to copy files between the HOST and the GUEST.

Now comes a little configuration. Our aim is to share the active VPN connection on the GUEST with the HOST. The routing will be doing a little loop through the GUEST, then tunneled through the GUEST VPN (then virtually back through the HOST and out via your router to the internet via that VPN).

Make sure you can access the internet on the GUEST and then try a VPN connection using the Cisco VPN client. If that all works, disable the windows firewall (Control Panel -> Windows Firewall)on the GUEST and continue onto the next step.

Shut down the GUEST. Open up Windows Virtual PCManage virtual machines from the start menu. Undert he Settings for that machine, switch the Networking -> Adapter 1 to your network card rather than Shared Networking (NAT) or Internal Network. N.B. NAT might still work, but I haven’t tested it.

Now we need to share the GUEST VPN connection. We will enable Internet Connection Sharing on the VPN Connection in the GUEST. Go to Control Panel -> Network Connections (switch to Classic View if you can’t see that) and you will most likely see Local Area Connection 2, Cisco Systems VPN Adapter. Feel free to rename to connection to Cisco VPN Connection. Right click on the connection and click Properties. Click on the Advanced tab and make sure that the Allow other network users to connect through this computer’s internet connection is ticked, as well as the other checkbox below it (not essential). You will receive a long worded warning. Click to continue and accept the change. The warning is simply that Internet Connection Sharing (ICS) will alter your IP Address to the default of 192.168.0.1, which we will be changing in a minute anyway.

Now we need to setup some static IP addresses on both the GUEST and HOST. Usually your router will be giving out IP addresses using DHCP, but we don’t want that because we need to add a static route in a minute. If you can exclude a portion of your network IP range to static addressing. Most modern routers allow you to set the DHCP address range. I often exclude the first 50 IP addresses to be safe.

Now select the GUESTs main connection Local Area Connection and right click and select Properties. Scroll down on the items and select Internet Protocol (TCP/IP). Click on the Properties button. You need to know the values to put in here. The easiest way to do this is to find out the IP address you have now on the HOST. The easiest way to do this is to open a command window (Start -> Search Programs -> Type “cmd.exe” and click to select the program). Type at the command prompt “ipconfig /all“. You’ll see your current IP address, gateway and DNS settings. You’ll need all of these, so make a note of them.

Switch back to the GUEST and enter in the IP address you want. e.g. 192.168.1.31, the network mask of 255.255.255.0 and the gateway IP address you just wrote down. Try the internet connection and VPN again. They should still work. Your GUEST is now ready to share its VPN connection.

Now we need the HOST to know to route through the GUEST for the VPN connection. To do this, we will setup another static IP address for the HOST. Follow the same process as on the GUEST to set the IP address. E.g. 192.168.1.30. Note that in Windows 7, you’ll find the Network connections in a slightly different place. You’ll need Control Panel -> (View By -> Small Icons) -> Network and Sharing Centre (oooh) -> Change Adapter Settings (left hand side) and right click on Local Area Connection. Scroll down the items to Internet Protocol version 4 (TCP/IPv4) and select it, then click Properties. The resulting dialog box is more or less the same as Windows XP.

Now lets check we can ping the GUEST from the HOST. They should now both be on the same subnet. With the command window that is still open on the HOST, type “ping 192.168.1.31 (or your GUEST IP address). If you have Windows Firewall enabled on the GUEST, this WON’T work!

Now, we need to add the route. We want to add a persistent route from your HOST through your GUEST, for those routes that the VPN connections support. Usually, these routes fall under certain restricted ranges (the 192.168 range is one of these). If your VPN IP address range is a 192.168 range, then you’ll need some extra tweaking). usually the ranges will be in the 10.0.x.x or 172.30.x.x ranges. Mine falls under the 172.30.x.x range.

Using the already open command window I enter the following to add my static (persistent -p) route:

It should say OK! Then you can use route print to see the new route in the routing table. If you screwed up and need to delete the route, type route delete 172.30.1.0 (i.e. your target range).

On the GUEST machine, with the VPN connected, ping one of the machines connected to the VPN, i.e. ping myserver. Notice the IP address to which this corresponds to. Move over to the HOST and ping that IP address (you can’t ping it by name, because the DNS requests aren’t going via the VPN). If you can see a response from the server, you are now accessing your VPN connection via the HOST. Congratulations, the hardest part is now over.

To make it easier to connect, Microsoft has built in some cool, application shortcuts into Windows XP Mode. On the HOST follow All Programs -> Windows Virtual PC -> Windows XP Mode Applications -> Cisco Systems VPN Client -> VPN Client (Windows XP Mode). right click on that last application and Pin to Start Menu. You’ll now have a VPN Client (Windows XP Mode) in your start menu.

Close down the guest (full shutdown). Now double click the start menu item, and you’ll see the usual Cisco VPN client, running virtually, but transparently in Windows 7!