Open Account menu (the cogwheel on the top right) and click Privacy Settings.
First, locate the Who can see my stuff section and click Edit on the Who can see your future posts line.
This will set the default setting for all new posts and photo uploads. Never use Public here - this would make all your data visible to the whole world! The most common setting is Friends.
Those who need very specific and fine-tuned access settings can select the Custom option here and specify who (or which lists) can see their posts.
The next line, Review all your posts and things you're tagged in allows viewing and hiding your whole activity so far, one by one. You can also change who can see your previous posts. Click Use Activity Log to see and control this.
To limit access of all older posts to Friends at once, click Limit Past Posts on the Limit the audience for posts you've shared with friends of friends or Public line.
Then click Limit Old Posts.
Facebook warns that this cannot be undone quickly. Click Confirm if you are sure about the change.
Click Edit on Who can send you Facebook messages line and set this to Friends or Friends of Friends. This will limit spamming.
Move down and click Edit on the Who can look you up using the email address or phone number you provided line. Set this to Friends again.
Please remember, a simple malicious script can connect your name, e-mail address and phone number on Facebook. This is a major privacy threat and information disclosure, so please use Friends here.
Next, edit one of the most important setting on Facebook - Do you want other search engines to link to your timeline. This controls whether you want to allow all major search engines (e.g. Google, Bing, Yandex, etc) to access, index and display your data publicly in search results.
Allowing this could easily reveal posts you do not want everyone to see, and taking such posts down from search engines can take several months.
Always clear the Let other search engines link to your timeline check box.
Open the Timeline and Tagging tab from the left. Click Edit on the Who can post on your timeline line and set this to Friends. This keeps friends of friends from (accidental) spamming and limits unintentional data leakages. Suppose a friend of yours posts a not-so-discreet photo of you together on your Timeline - this should not be visible to everyone or friends of friends.
Next, click Edit for Review posts friends tag you in before they appear on your timeline. This setting allows reviewing all posts containing a tag with your name before they end up on your timeline/profile (Wall). Please remember that you can still be tagged on other users' Walls, though!
Set this to Enabled.
Next, select Friends in the Who can see posts you've been tagged in on your timeline section. If you require more privacy, Friends except Aquaintances is a better bet. Those who want more control over tagged posts on their Walls/Timelines can select Custom here and specify lists or specific friends who can or cannot see the items.
Click Edit in the Who can see what others post your timeline section. This sets the default viewing permissions for all posts your friends add to your Timeline. Set this to Friends or Friends except Aquaintances.
To start using the Tag Review feature, click Edit on the Review tags people add to your own posts before the tags appear on Facebook line. Set this to Enabled to check (or reject) the tags other people try to add to your content.
After this, click Edit on the When you're tagged in a post, who do you want to add to the audience if they aren't already in it line. This controls which friends see the posts of you on other Facebook users' Timelines. Most people can set it to Friends. Those extra-private could use Only Me instead.
Verify that the Who sees tag suggestions when photos that look like you are uploaded setting is set to No one.
To block and unblock people and applications, click the Blocking tab.
First, you can add friends to your Restricted list - the selected users will see only these Timeline posts that you decide to share with Public (all Facebook users). Click the Edit List link to do that.
You can block and unblock other Facebook users by name or e-mail address in the Block users section.
The Block app invites section allows to specify hyperactive friends who tend to send invitations to using some applications way too often.
The Block event invites section allows to block friends who seem to make a compulsory invite to any party or event they''re attending to.
The Block apps section contains all applications you have blocked. For example, if you choose not to receive any friends'' Farmville update messages on your wall, this application appears here as blocked. You can unblock an application by clicking Unblock link next to its name.
Sometimes your friends or even you might accidentally reveal your private information on their Facebook-connected websites or via a Facebook applications. To prevent this from happening, open Apps tab.
Please remember that all Facebook applications are always able to reveal your name, profile picture, gender, current city, networks, friend list and pages no matter what. Additionally, any information you choose to show to Public can be revealed via Facebook applications.
You can select who will see this application's notification on your Facebook Timeline in the Posts on your behalf section. For games and other hyperactively posting apps, I strongly recommend selecting Only Me.
In This app needs section, required access rights for this app are listed and cannot be removed. You can click Remove app on the bottom to delete the application permanently if the access rights do not satisfy you.
In the This app can also section, you can delete the access rights that have a Remove link to the right (the X mark).
The When to notify you section controls when to send information pop-ups within Facebook window. Normally, The app sends you a notification is selected. The other option is Never - you can select it for apps that bother you with useless information.
You can also turn off all applications, games and Facebook-connected web sites completely by clicking the Edit link on the Use apps, plugins, games and websites on Facebook and elsewhere line. This one is your best bet for keeping your information private on Facebook and it disables all other items on the page, except for the Public Search. No applications means no information leakage through the apps! But remember, this also means no games (such as Farmville or Angry Birds) and no safety applications such as BitDefender safego...
Next, click Turn Off Platform button.
To prevent your friends from accidentally revealing too much information about you to Facebook applications or connected web sites they use, click Edit in the Apps others use section. Then clear all check boxes and click Save Changes.
Since April 2010, Facebook has a feature called Instant Personalization that allows some applications (such as Facebook Docs, Pandora and Yelp) dig personal data from your account. In addition, the approved applications can easily notify your friends about what you are doing without any confirmation. This feature is turned on for every user by default on Facebook.
Many people think this is a major privacy concern. To disable the sneaky feature, click Edit in the Instant personalization section. If an introductory video appears in a pop up, close it. You can view if safely, but don't fall for the candyman's tricks - Instant Personalization is a major privacy threat!
Clear the Enable instant personalization on partner websites check box.
Setting viewing rights for content posted from old versions of Facebook mobile app
If your smartphone has some outdated version of Facebook For Mobile app that has no support for privacy controls, it is also necessary to limit the rights for posts and photos created there. Click Edit in the Old versions of Facebook for mobile section and select Friends.
That's it for Facebook Privacy Settings. If you haven't already done so, please check Account Settings, too!