Facebook honcho Mark Zuckerberg famously implied during a 2010 talk that the age of privacy was over, so as you’d expect, the company is notoriously awful about oversharing (and overcollecting) your data.

To be clear, Facebook’s entire goal is to nab as much info about you as possible, and makes locking things down tricky: It changes its privacy policy often, by default, leaves crucial settings at their most open and happily uses tracking cookies (among other technology) to gather your data and infiltrate your every move. One especially insidious tidbit: Simply visiting any website that has a Facebook Like button on it — you know, virtually every site now — sends an identifiable ping back to the company’s servers, no matter whether you click it or not, or even have a Facebook account, for that matter.

Famously, an Austrian sued the company to determine what info it had stored about him, and received a 1,200-page folder — of just three years of activity. And by incorporating photo recognition, the company now has a biometric database that would make the CIA envious. (Then again, Zuckerberg and company needn’t work too hard, as users tend to happily hand out their entire profile and those of their friends to corporations in the stroke of a Like.)

You could fill a library with all the possible settings to adjust, but there are a few major ones everyone should deal with. You can start with the grandma-boss-lover rule of posting: Assume they all see whatever you put online and act accordingly. But then follow these steps to lock down your Facebook account.

1. Stop Facebook Cookies From Following You

Even if you log out of Facebook, it will persistently track your Web browsing until you quit your browser or install a browser extension that will knock out its (and others’) ability to follow your trail.