Questions: Configuring Privacy Settings Across Platforms
5 questions to test your understanding
Score: 0 / 5
Question 1 Multiple Choice
A user carefully adjusts all their social media post visibility to 'Friends Only.' They then notice that ads on the platform suspiciously match items they searched for on a completely different website. Which setting did they most likely fail to adjust?
AVisibility settings — they should have set profile visibility to private, not just posts
BData collection and ad personalization settings — cross-site tracking operates independently of who sees your posts
CNotification settings — ads are triggered by notification preferences
DAccount security settings — two-factor authentication prevents ad tracking
Privacy settings operate on two distinct axes: visibility (who sees your content) and data collection (what the platform records about your behavior). Adjusting post visibility to 'Friends Only' only addresses the first axis. Cross-site tracking via embedded pixels or cookies is a data collection setting, typically buried under 'Ad Preferences' or 'Personalization.' Many users complete the visible settings and never realize a second category exists — which is exactly what the topic's key insight highlights.
Question 2 Multiple Choice
After logging into a music app using 'Continue with Google,' you later revoke that app's access in Google's connected apps settings. What happens to data the music app already collected during your use?
AIt is automatically deleted because revoking access triggers a GDPR deletion request
BGoogle notifies the app to purge your data within 30 days
CThe app retains all data it already collected; revoking access only prevents future data transfers from Google
DNothing changes — revoking access in Google has no effect on third-party apps
Revoking a connected app's access stops future data sharing from your Google account to that app, but the app retains whatever data it already received. This is a critical nuance: the damage from granting access happens at the moment of grant, not continuously. Apps often retain access indefinitely unless revoked, so the practical recommendation is to audit and revoke access to any connected apps you no longer actively use — and to review these periodically, not just once.
Question 3 True / False
Social media platform privacy settings, once configured, remain in place permanently and do not need to be revisited.
TTrue
FFalse
Answer: False
Platforms frequently update their terms of service, introduce new features, or reset certain settings to more permissive defaults after updates. A setting you configured two years ago may have been overridden by a platform change. Revisiting privacy settings periodically — at minimum once a year — is the only way to maintain ongoing control. This is distinct from a firewall you configure once; think of it more like a lease that needs periodic renewal.
Question 4 True / False
Default privacy settings on most social media platforms tend to favor maximum data sharing because broad reach and data access serve the platform's business interests, not the user's.
TTrue
FFalse
Answer: True
Platforms earn revenue through advertising, which depends on reach and detailed user data. Defaults that enable public posts, cross-site tracking, and third-party data sharing are rational from the platform's perspective: most users never change defaults, so these settings maximize the data available for targeting. Users who want more restrictive sharing must actively opt out — a design choice (not a technical necessity) that systematically tilts outcomes toward the platform.
Question 5 Short Answer
Explain why adjusting visibility settings alone (controlling who can see your posts) may not adequately protect your privacy on a social media platform.
Think about your answer, then reveal below.
Model answer: Visibility settings control who sees your content, but data collection settings control what the platform records about your behavior — including activity on other websites, location, and browsing patterns used for ad targeting. A profile that's visible only to friends can still be connected to extensive behavioral tracking. Additionally, connected third-party apps may retain access to your account data indefinitely regardless of visibility settings. Full privacy protection requires addressing both axes independently.
The two-axis framework (visibility vs. data collection) is the central insight of this topic. Users often conflate them, assuming 'private profile' means 'limited data collection.' In practice, a user with a fully private profile and public-facing posts both feed the same advertising infrastructure if data collection settings are unrestricted. The distinction matters practically because the settings that control each axis are in completely different menus and require separate review.