If you’re a developer or power user looking to lock down your Facebook presence, the platform’s privacy controls have evolved significantly. While Facebook still offers manual settings, programmatic access through the Graph API and browser automation provide powerful options for bulk management and automation. This guide covers both approaches to make your Facebook profile private in 2026.

Table of Contents

• Understanding Facebook’s Privacy Architecture
• Method 1 - Using the Facebook Graph API
• Method 2 - Browser Automation with Playwright
• Method 3 - Manual Settings for Maximum Privacy
• Security Hardening Beyond Privacy
• Automating Privacy Audits

Understanding Facebook’s Privacy Architecture

Facebook organizes privacy settings across several categories: profile visibility, audience selection, tagging controls, and connection visibility. The platform uses a tiered audience system: Public, Friends, Friends Except Acquaintances, Specific Friends, and Only Me. Understanding these layers is essential for developers building tools that interact with Facebook’s privacy controls.

The Facebook Graph API provides the most reliable programmatic approach for managing privacy settings. However, Facebook has restricted many privacy-related APIs, so some automation requires browser-based solutions using tools like Playwright or Selenium.

Method 1 - Using the Facebook Graph API

The Graph API remains the primary method for programmatic Facebook interactions. To access privacy settings, you’ll need a Facebook Developer account and an access token with appropriate permissions.

Step 1 - Obtain an Access Token

For personal profile management, you can use the Facebook Login flow to obtain a user access token. The minimal required permissions for privacy reading are:

permissions[]=pages_read_engagement
permissions[]=pages_manage_posts

For full privacy management, you’ll need additional permissions that Facebook now restricts. Many privacy settings require manual verification or are not available via API for personal accounts.

Step 2 - Query Current Privacy Settings

Once you have a valid token, query your profile’s privacy settings:

curl -i -X GET "https://graph.facebook.com/v21.0/me?fields=id,name,email&access_token=YOUR_ACCESS_TOKEN"

For page-level settings, you can retrieve privacy information:

curl -i -X GET "https://graph.facebook.com/v21.0/PAGE_ID?fields=privacy&access_token=YOUR_ACCESS_TOKEN"

The response includes privacy settings in JSON format:

{
  "privacy": {
    "value": "EVERYONE",
    "description": "Who can see your profile",
    "allow": "0",
    "deny": "0"
  }
}

Step 3 - Update Privacy Settings via API

For pages and posts, you can update privacy programmatically:

curl -i -X POST "https://graph.facebook.com/v21.0/PAGE_ID/privacy" \
  -d "value=EVERYONE" \
  -d "access_token=YOUR_ACCESS_TOKEN"

For personal profiles, Facebook restricts direct API modification of most privacy settings. This is where browser automation becomes necessary.

Method 2 - Browser Automation with Playwright

For managing personal profile settings that the API restricts, browser automation provides a viable alternative. The following example uses Playwright to navigate Facebook’s settings interface.

Setup and Dependencies

const { chromium } = require('playwright');

async function setFacebookPrivacy() {
  const browser = await chromium.launch({ headless: false });
  const context = await browser.newContext();
  const page = await context.newPage();

  // Navigate to Facebook login
  await page.goto('https://www.facebook.com/login');

  // Perform login (credentials should come from environment variables)
  await page.fill('#email', process.env.FB_EMAIL);
  await page.fill('#pass', process.env.FB_PASSWORD);
  await page.click('#loginbutton');

  // Wait for navigation to complete
  await page.waitForNavigation();

  // Navigate to privacy settings
  await page.goto('https://www.facebook.com/settings?tab=privacy');

  // Adjust audience for future posts
  await page.click('text=Who can see your future posts?');
  await page.click('text=Friends'); // Select friends-only

  // Limit past posts
  await page.click('text=Limit who can see past posts');
  await page.click('text=Limit Past Posts');

  await browser.close();
}

setFacebookPrivacy().catch(console.error);

This script demonstrates the core pattern: authenticate, navigate to settings, and interact with the appropriate UI elements. Facebook’s UI changes frequently, so you’ll need to inspect the current DOM structure and adjust selectors accordingly.

Method 3 - Manual Settings for Maximum Privacy

For users who prefer manual configuration, Facebook’s privacy settings are accessible through the Settings & Privacy menu. Here’s the configuration checklist for maximum privacy:

Profile Visibility Settings

Navigate to Settings > Privacy > Your Profile. Set each option according to your preferences:

• Who can see your friend list: Only Me or Friends
• Who can see the people, Pages and lists you follow: Only Me
• Who can see your birth date: Only Me (for both month/day and year)
• Who can see your contact information: Only Me for all fields

Timeline and Tagging

• Who can post on your timeline: Only Me
• Who can see what others post on your timeline: Friends
• Allow tagging by friends: Disabled or Friends only
• Review posts you’re tagged in before the post appears on your timeline: Enabled

Connection Visibility

• Who can send you friend requests: Friends of Friends
• Who can see your friend requests: No One
• Who can look you up using the email address you provided: Only Me
• Who can look you up using the phone number you provided: Only Me
• Allow search engines outside of Facebook to link to your profile: Disabled

Security Hardening Beyond Privacy

Privacy and security go hand in hand. Beyond visibility settings, enable these security features:

Two-Factor Authentication

Check if 2FA is enabled via Graph API
curl -i -X GET "https://graph.facebook.com/v21.0/me?fields=two_factor_status&access_token=YOUR_ACCESS_TOKEN"

Active Sessions Review

Regularly review and terminate unused sessions:

// Example: List active sessions via Playwright
await page.goto('https://www.facebook.com/settings?tab=security');
const sessions = await page.$$eval('.uiListHelperClearfix li',
  items => items.map(item => item.textContent));
console.log('Active sessions:', sessions);

Login Alerts

Enable login alerts to receive notifications when your account is accessed from new devices. This appears in Settings > Security and Login > Get alerts about unrecognized logins.

Automating Privacy Audits

For developers managing multiple accounts or conducting privacy audits, create a scheduled script that:

1. Logs into each account programmatically
2. Navigates to the privacy settings page
3. Captures screenshots of current configuration
4. Exports settings to a JSON report

// privacy-audit.js
const fs = require('fs');

async function auditPrivacySettings(page) {
  await page.goto('https://www.facebook.com/settings?tab=privacy');

  // Extract all privacy settings
  const settings = await page.evaluate(() => {
    const sections = document.querySelectorAll('[data-testid="settings_section"]');
    const result = {};

    sections.forEach(section => {
      const label = section.querySelector('span')?.textContent;
      const value = section.querySelector('[role="button"]')?.textContent;
      if (label && value) {
        result[label] = value;
      }
    });

    return result;
  });

  return settings;
}

// Run audit and save to file
(async () => {
  // ... browser setup ...
  const auditResults = await auditPrivacySettings(page);
  fs.writeFileSync('privacy-audit.json', JSON.stringify(auditResults, null, 2));
  // ... cleanup ...
})();

Frequently Asked Questions

How long does it take to make facebook profile private?

For a straightforward setup, expect 30 minutes to 2 hours depending on your familiarity with the tools involved. Complex configurations with custom requirements may take longer. Having your credentials and environment ready before starting saves significant time.

What are the most common mistakes to avoid?

The most frequent issues are skipping prerequisite steps, using outdated package versions, and not reading error messages carefully. Follow the steps in order, verify each one works before moving on, and check the official documentation if something behaves unexpectedly.

Do I need prior experience to follow this guide?

Basic familiarity with the relevant tools and command line is helpful but not strictly required. Each step is explained with context. If you get stuck, the official documentation for each tool covers fundamentals that may fill in knowledge gaps.

Is this approach secure enough for production?

The patterns shown here follow standard practices, but production deployments need additional hardening. Add rate limiting, input validation, proper secret management, and monitoring before going live. Consider a security review if your application handles sensitive user data.

Where can I get help if I run into issues?

Start with the official documentation for each tool mentioned. Stack Overflow and GitHub Issues are good next steps for specific error messages. Community forums and Discord servers for the relevant tools often have active members who can help with setup problems.

Related Articles

• Facebook Privacy Settings 2026 Complete Guide
• Facebook Marketplace Privacy Settings Guide
• Facebook Facial Recognition Opt Out Guide
• Facebook Data Collection: What They Track in 2026
• Facebook Location History Deletion How To Remove All Stored
• AI Coding Assistant Session Data Lifecycle Built by theluckystrike. More at zovo.one