Facebook is potentially insecure. As well as letting you be stalked by your ex-partners or parent, your activities and unguarded words can be visible to your current or future employer, and your personal details (like your full date of birth) can be harvested by identity thieves. The police have even posed as Facebook friends to catch careless underage students who posted photos of themselves drinking. The good news is that young people in particular are recognising Facebook’s privacy problems, and are adjusting their settings to protect their personal information.

The key to Facebook security is distinguishing different levels of “friends”: those who are your actual friends, people you just know, and those you’ve never met but have friended for some reason. And your family and workmates. Each needs different levels of access to your information, but Facebook lumps them all together. The solution is to create Lists, sort your friends into them, and different lists access to different private information. This Engadget post outlines one way to do it with three lists. I manage with just two, creating “ACTUAL friends” and “Contacts”, using the default Facebook settings for most friends. I can then make some things (like my contact details) available only to ACTUAL friends, and exclude Contacts from seeing some other categories.

So what information should you share with each group? Sophos maintain a good, conservative guide to privacy settings. It’s full of useful advice: don’t reveal your birth year—that’s what identity thieves need, yet many people even include it in their username (in the form melinda86); don’t make your phone number or email address visible to anyone—they can always mail you through Facebook if they need contact information; and disable Public Search, or your information could end up indexed by a search engine and out of your control.

Even if you’ve properly set up your own security settings, you are vulnerable to someone posting a photo of you doing something embarrassing (for example, wearing a leather tie printed with piano keys) and tagging you. You do have the option of de-tagging, and it’s not too hard to do.

It’s important to remember that all the information and media you post to Facebook is being hosted by a large, profit-making entity, who have repeatedly changed their privacy rules without warning. There is no guarantee that your personal information will not be sold, misused, or made public to the internet forever at some point in the future. If this worries you, set up your own website: one that you control.

Check out the articles on Facebook privacy at ProfHacker, noting that it’s been updated. You might also enjoy the 12 most annoying types of Facebookers and fifteen things you should never do on Facebook.