You better watch out: How to set up your Facebook privacy settings the secure way

This Christmas, gather 'round your relatives and make their Facebook profiles more secure

Enjoy this holiday preview from the writers of Yahoo Tech, which opens for real in January! See all of our holiday articles here, and like us on Facebook for more.

Over the coming days, people around the world will log in to Facebook to share photos, videos, location check-ins and status updates — OK, and maybe a political argument or two — with their friends and loved ones.

And though Facebook is a wonderful way to connect online with the people you know offline, you may end up sharing more — and with more strangers — than you might realize. Without the proper privacy settings enabled, Facebook can quickly grow to be your single biggest privacy vulnerability (three-letter government agencies excluded).

Here's how to make sure you've got your Facebook profile set up to eliminate unnecessary privacy violations.

To make effective use of Facebook, start with this basic principle: The site will ask you to share a lot of information so it can link you to friends, but you’re under no obligation to provide most of it.

For example, though Facebook will badger you for additional info, you don’t have to provide anything beyond your name, email address, birthday and gender. Everything else, from your schools and employer to your profile picture, current city and hometown, can stay blank.

Note that Facebook treats your name, profile picture, gender, username and “networks” (in practice, your schools and employers) as public information. That doesn’t mean that anybody online can see it — but with 1.19 billion active users on Facebook as of September 2013, that’s not much of a distinction.

Your choice of friends affects your privacy much more. Here, Facebook’s prompting you to import the contacts lists of Web-mail services is not that helpful — you’re better off by starting with close friends and family, as in the people you’d already trust with your house keys (whom you can designate as “Close Friends”) or at least invite over for dinner.

Facebook allows you to rank your friends by closeness — a practice that may seem cruel, but that can help minimize clutter and unwanted sharing. You should make a point of categorizing more casual friends as “Acquaintances” — and then you can easily exclude them from seeing more personal updates by making those posts visible only to the “Friends Excluding Acquaintances” in the “audience selector” menu below the big “Update Status” box.

If you're queasy about "defriending" certain friends, afraid to hurt their feelings, this is a good compromise.

Facebook’s Privacy Settings page includes a good but brief overview of how its privacy options affect sharing information, being “tagged” in posts by others, changing your settings and installing apps and games. This should be your invitation to change some key options, starting with the “See more settings” link at the bottom of the Privacy Shortcuts menu available from the lock icon at the top right corner throughout Facebook:

• Change “Who can see my stuff?” to “Friends,” not the dangerous default of “Public.” And remember that if you add “Life Events” to your profile’s Timeline — things like graduations and weddings — they will still default to public even after that change; you need to limit the visibility of each of these milestones as you add them.

• Leave “Who can send you friend requests?” to “Everyone” unless you want to limit your Facebook use to lurking.

• Change “Do you want other search engines to link to your timeline?” to “Off.” If you want to be visible to Web search engines for professional reasons, there are better ways to do it — set up a public Facebook page or try LinkedIn.

Then click the “Timeline and Tagging” link at the left and adjust these settings:

“Review posts friends tag you in before they appear on your timeline” should be set to “On.” This way, buddies with bad taste can't clutter your own profile unless you OK it first.

• Do the same for “Review tags people add to your own posts before the tags appear on Facebook?”

Most of the options under the “Apps” heading only apply if you add applications to your profile, but you should read over “Instant personalization” just so you’re not weirded out when some other site shows a box listing which Facebook friends liked something there.

Finally, the “Ads” section includes a couple of options — “Third Party Sites” and “Ads and Friends” — that limit whether friends might later on see your name and picture below an ad.

The third-party setting is a hypothetical, since Facebook doesn’t let other companies use a Facebook user’s name and picture in an ad; it’s interesting that it’s reserving that right to itself.

Unless your email inbox is utterly starved for attention, you should then turn your attention to the “Notifications” category. Here, Facebook defaults to sending you notices about way too many things on the site — the idea being that you’ll find these tidbits about friends so captivating that you’ll feel compelled to log in and see what else you missed.

Change the email notification option so you only get updates about “your account, security and privacy.” And unless you’re going to limit yourself to a small group of friends, change the “Close Friends activity” to “Off” — otherwise, you can easily be greeted at each login with dozens of alerts about what everybody’s posted.

Finally, there’s one category where it does pay to disclose a little more about yourself to Facebook: security.

Because a Facebook account is supposed to be the real you, it makes a tempting target for crooks online — as you will see soon enough when a friend shares a tale of woe about being stuck in London and needing an immediate wire transfer of cash to get home (a common Facebook scam). You don’t want to have to apologize to friends for subjecting them to that down the line.

That’s why you should give Facebook your mobile number, then enable “Login Notifications” so you get an alert by text message as well as email if it detects a login to your account from a computer you haven’t used before. Enabling “Login Approvals” will block logins from any strange computer unless they’re backed up with a code Facebook can send via text message or through its mobile apps.

I can assure you that you won’t get spammed via text message from Facebook; I added my mobile number to my account years ago and have never gotten anything of the kind.

With these settings in place, your Facebook will be a much safer place — well, except from your uncle's obnoxious political views. There's not much you can tweak in the Facebook settings to change those.