Facebook’s privacy settings can sometimes be a source of confusion for the social network’s millions of users, and in the US, nearly 13 million of them are either unaware of, or simply don’t use, the privacy controls the site offers.

In a recent study, Consumer Reports shows exactly why that figure is nothing short of disastrous, and how over-sharing publicly can be used against Facebook users.

4.8 million people have shared details about their plans for a certain day, making it publicly known when their houses are going to be empty, and 4.7 million have ‘liked’ a Facebook page related to health issues or treatments – exposing details that can be used against them by insurance companies.

Out of the 150 million Facebook users in the US, almost 9% are sharing personal information, but seem to be completely oblivious of the fact, and the lack of awareness has had its consequences. A projected 7 million households with members on Facebook have been harassed or threatened or had users log in to their accounts without permission, a 30% increase on the previous year.

While Facebook has highly customizable privacy tools, giving users control over how much information apps are allowed to see, according to the study, only 37% of them have actually put this feature to use.

Consumer Reports released some interesting figures on what kinds of personal information is being shared publicly online:

• 39.3 million identified a family member in a profile
• 20.4 million included their birth date and year in their profile
• 7.7 million “liked” a Facebook page pertaining to a religious affiliation
• 4.6 million discussed their love life on their wall
• 2.6 million discussed their recreational use of alcohol on their wall
• 2.3 million “liked” a page regarding sexual orientation

While a lot of the responsibility lays firmly on the shoulders of the users, Facebook’s own responsibility cannot be ignored.

A recent study showed that Facebook and Google’s privacy policies are more complicated, and more difficult to understand than credit card agreements and government notices.

Users are more than happy to agree to a site or application’s terms of service without ever reading them, but the study shows that once they do, it can have a negative effect. The study stated:

On average, 70 percent of respondents correctly answered comprehension questions for government notices and 68 percent of respondents provided the right answers for credit card agreements, far more than the percent of readers who correctly answered questions about Facebook’s and Google’s privacy policies.

After reading the privacy policies, 47 percent of respondents felt less comfortable with how Google collects and stores information about activity. Only 33 percent of Facebook users felt comfortable.

Consumer Reports also points to the fact that Facebook can track each time a user visits a site with a ‘Like’ button, whether or not they actually click the button, whether or not they’re logged in to their Facebook accounts, or even have a Facebook account to begin with.

Luckily, there are ways to stop it, but if 13 million US users are unaware of Facebook’s privacy settings, it’s highly likely they’re unaware of this as well.

Facebook has said that several precautions are in place, including “privacy access checks tens of billions of times a day”, and the social network plans to offer users access to “records of their past Facebook activity”, but user awareness is just as important.

Consumer Reports offers users 9 tips on how to understand privacy tools:

• Think before typing. Even if a user deletes his/her account (which takes Facebook about a month), some info can remain in Facebook’s computers for up to 90 days.
• Regularly check Facebook exposure. Each month, users should check out how their page looks to others. Review individual privacy settings if necessary.
• Protect basic information. Set the audience for profile items, such as town or employer. And users should remember: Sharing info with “friends of friends” could expose them to tens of thousands.
• Know what can’t be protected. Each user’s name and profile picture are public. To protect one’s identity, they should not use a photo, or use one that doesn’t show their face.
• “UnPublic” the wall. Set the audience for all previous wall posts to just friends.
• Turn off Tag Suggest. If users would rather not have Facebook automatically recognize their face in photos, they could disable that feature in their privacy settings. The information will be deleted.
• Block apps and sites that snoop. Unless users intercede, friends can share personal information about them with apps. To block that, they should use controls to limit the info apps can see.
• Keep wall posts from friends. Users don’t have to share every wall post with every friend. They can also keep certain people from viewing specific items in their profile.
• When all else fails, deactivate. When a user deactivates their account, Facebook retains their profile data but the account is made temporarily inaccessible. Deleting an account, on the other hand, makes it inaccessible forever. 

• Nine ways to protect yourself

  Facebook offers many privacy controls, but good luck understanding them. A new study by Siegel+Gale, New York-based consultants, finds that Facebook’s and Google’s privacy policies are tougher to comprehend than the typical bank credit card agreement or government notice.Google's widely promoted new policy was so dense that researchers "found it impossible to write an adequate question to test a reader's comprehension." Facebook’s tools were nearly as opaque. Here are tips to help you with them. For more details, read "Protect Your Privacy on Facebook."

  Think before you type. Even if you delete an account (which takes Facebook about a month), some info can remain in Facebook’s computers for up to 90 days.

  Regularly check your exposure. Each month, check out how your page looks to others. Review individual privacy settings if necessary.

  Protect basic information. Set the audience for profile items, such as your town or employer. And remember: Sharing info with “friends of friends” could expose it to tens of thousands.

  Know what you can’t protect. Your name and profile picture are public. To protect your identity, don’t use a photo, or use one that doesn’t show your face.

  “UnPublic” your wall. Set the audience for all previous wall posts to just friends.

  Turn off Tag Suggest. If you’d rather not have Facebook automatically recognize your face in photos, disable that feature in your privacy settings. The information will be deleted.

  Block apps and sites that snoop. Unless you intercede, friends can share personal information about you with apps. To block that, use controls to limit the info apps can see.

  Keep wall posts from friends. You don’t have to share every wall post with every friend. You can also keep certain people from viewing specific items in your profile.

  When all else fails, deactivate. When you deactivate your account, Facebook retains your profile data, but the account is made temporarily inaccessible. Deleting an account, on the other hand, makes it inaccessible to you forever.

  Some people are sharing too much. Our projections suggest that 4.8 million people have used Facebook to say where they planned to go on a certain day (a potential tip-off for burglars) and that 4.7 million “liked” a Facebook page about health conditions or treatments (details an insurer might use against you).

  Some don't use privacy controls. Almost 13 million users said they had never set, or didn’t know about, Facebook’s privacy tools. And 28 percent shared all, or almost all, of their wall posts with an audience wider than just their friends.

  Facebook collects more data than you may imagine. For example, did you know that Facebook gets a report every time you visit a site with a Facebook “Like” button, even if you never click the button, are not a Facebook user, or are not logged in?

  Your data is shared more widely than you may wish. Even if you have restricted your information to be seen by friends only, a friend who is using a Facebook app could allow your data to be transferred to a third party without your knowledge.

  Legal protections are spotty. U.S. online privacy laws are weaker than those of Europe and much of the world, so you have few federal rights to see and control most of the information that social networks collect about you.

  And problems are on the rise. Eleven percent of households using Facebook said they had trouble last year, ranging from someone using their log-in without permission to being harassed or threatened. That projects to 7 million households—30 percent more than last year.