Social Media Privacy: What You Can Control (It's Less Than You Think)

The honest starting point for any conversation about social media privacy is this: social media platforms are surveillance capitalism’s primary engine, and using them while maintaining full privacy is a contradiction. We can say that plainly without saying you should delete your accounts. The sovereign posture is not abstinence — it is informed participation. You use these platforms because they provide something you value: connection, distribution, entertainment, professional visibility. The question is whether you can reduce the extraction to a level that makes the trade-off conscious rather than blind, and the answer is yes, partially, with clear limits that are worth understanding before you start adjusting settings.

Why This Matters for Sovereignty

Zuboff’s framework in The Age of Surveillance Capitalism (2019) is most precise when applied to social media. These platforms do not merely collect data as a byproduct of providing a service. They are designed, from the infrastructure up, to maximize behavioral surplus — the data generated by your activity that exceeds what is needed to show you posts from people you follow. Every scroll, pause, click, hover, like, share, and time-spent metric feeds a prediction engine whose product is sold to advertisers. The “privacy settings” these platforms offer control a visible fraction of this machinery. They let you decide who sees your posts. They do not let you decide whether the platform itself tracks how long you looked at each post, what you almost clicked on, or which ads made you stop scrolling.

This is not paranoia. It is the published business model of every major social media company. The sovereign individual does not pretend this is not happening. They also do not pretend that deleting all social media is costless — for many people, these platforms are genuinely valuable for professional networking, staying connected with family, or building an audience for creative or business work. The proportional response is to understand clearly what the platform takes, adjust what you can, and make the trade-off with open eyes.

How It Works

Social media privacy settings operate in a narrower band than most users realize. There are three categories of data at play, and platform settings only address one of them.

The first category is content visibility — who can see your posts, your profile, your friends list. This is what most privacy settings control. You can set your posts to friends-only, hide your friends list, limit who can send you messages. These settings are real and worth configuring, but they control social visibility, not data collection. Making your posts private does not reduce the data the platform collects about your behavior on the platform.

The second category is advertising and targeting data — the behavioral profile the platform builds about you for ad delivery. Most platforms offer “ad preferences” or “ad settings” that let you adjust which categories of ads you see. These settings control the surface of your advertising experience. They do not control the underlying behavioral tracking that generates the targeting data. On Facebook, you can clear your “Off-Facebook Activity” — a record of your activity on websites and apps that share data with Meta — and opt out of future linking. This is a meaningful action. But Meta still collects that data; the opt-out prevents them from connecting it to your profile for ad targeting. The data itself does not disappear.

The third category is platform-internal behavioral data — the scroll patterns, engagement timing, content interaction sequences, and attention signals that the platform uses for both content recommendation and advertising. There are no settings for this. It is the core of the product. Asking a social media platform to stop collecting behavioral data is like asking a restaurant to stop using ingredients. The data collection is not a feature you can toggle; it is the infrastructure the service runs on.

Understanding these three categories prevents two common mistakes: believing that configuring privacy settings makes you private on the platform, and believing that since settings do not make you fully private, there is no point in configuring them. Both are wrong. Settings reduce your exposure in the first category, partially address the second, and cannot touch the third. That is still worth doing.

The Proportional Response

Start with the behavioral adjustments that cost nothing and reduce cross-platform tracking meaningfully.

First, stop using “Sign in with Google” or “Sign in with Facebook” on other websites and services. Every time you use social login, you give the platform a record of that external account and, in many cases, grant the external service access to profile data. Use email-based signups instead. This takes seconds per occurrence and eliminates a major vector for cross-platform data sharing.

Second, use social media in a dedicated browser or browser container. Firefox’s Multi-Account Containers extension lets you isolate Facebook, Instagram, Twitter, and LinkedIn into separate containers. When Facebook is in a container, its tracking cookies and scripts cannot follow you to other websites. This is one of the highest-impact, lowest-effort containment strategies available. You do not lose any functionality — you simply prevent the platform from tracking your activity outside the platform.

Third, audit and revoke third-party app connections. Over the years, you have likely granted dozens of apps and services access to your social media accounts — quizzes, games, analytics tools, cross-posting services. Each of these connections is a data pipeline. On Facebook, go to Settings > Apps and Websites. On Twitter/X, go to Settings > Security and Account Access > Apps and Sessions. On LinkedIn, go to Settings > Data Privacy > Permitted Services. Revoke anything you do not actively use. Do this quarterly.

Fourth, configure the platform-specific settings that actually matter. On Facebook/Meta: clear Off-Facebook Activity and disable future connections (Settings > Your Facebook Information > Off-Facebook Activity). On Instagram: switch to a personal account if you are using a professional account without a professional need — professional accounts share more data with Meta’s advertising partners. On all platforms: disable activity status and read receipts where available, not because they are major privacy concerns but because they contribute behavioral signals you gain nothing from sharing.

Fifth — and this is the adjustment most people resist — consider reducing time on platforms rather than trying to make time on them private. Every minute of engagement generates behavioral data. The most effective privacy tool for social media is using it less. This is not a puritan argument about screen time. It is a mathematical reality: less engagement produces less data. A deliberate approach to social media — checking it intentionally rather than reflexively, posting when you have something to share rather than scrolling for stimulation — reduces your data footprint more than any configuration change.

For Twitter/X specifically, the platform’s privacy policies have shifted significantly since its 2022 acquisition, with expanded data sharing with third parties for advertising purposes. If you use X, review the current privacy settings under Settings > Privacy and Safety, and understand that the platform’s direction of travel has been toward more data sharing, not less.

For LinkedIn, which is frequently overlooked in privacy discussions despite being one of the most extractive platforms: LinkedIn collects extensive data including browsing behavior on partner websites through its advertising network. Go to Settings > Data Privacy and review each option. Disable “connections data for ad targeting,” “profile data for ad personalization,” and the various data-sharing toggles that LinkedIn enables by default. LinkedIn’s defaults are among the most permissive of any major platform.

What to Watch For

The fundamental limitation of social media privacy is that you cannot solve a business model problem with settings. As long as these platforms are funded by behavioral advertising, they will collect behavioral data. The settings they offer you are the settings they can afford to offer — the ones that do not fundamentally compromise the revenue model. When a setting would actually reduce the data available for advertising, it either does not exist or is buried deep enough that most users never find it.

Apple’s App Tracking Transparency (ATT) framework, which requires apps to ask permission before tracking you across other apps and websites, has been the most effective external constraint on social media data collection. When ATT was introduced, Meta estimated it would cost the company $10 billion in annual advertising revenue. That number tells you more about the value of cross-app tracking than any privacy settings page ever could. If you use an iPhone, ensure that tracking permission is denied for social media apps (Settings > Privacy & Security > Tracking).

The honest posture is this: if you use social media, you are participating in an extraction economy. You can reduce the extraction through containment (browser containers, revoked permissions, ATT denials), behavioral changes (less engagement, no social login), and platform choices (favoring platforms with less extractive models). You cannot eliminate the extraction while using the platforms. The sovereign individual makes this trade-off consciously, revisits it periodically, and adjusts when the cost exceeds the value. That is not a perfect solution. It is the real one.

This article is part of the Data & Privacy series at SovereignCML.

Related reading: The Privacy Landscape: What’s Real, What’s Theater, Data Brokers: The Industry That Sells You, Your Privacy Action Plan: The 80/20 in Priority Order