Quietly, over the last year, Facebook has killed the concept of a private account.

The site has always had a love-hate relationship with privacy: it’s long offered some of the most granular controls of any social network for choosing who sees what content, letting users make posts visible on a sliding scale from “everyone” to “only me”.

That’s increasingly important for Facebook, which has seen a reduction of 21% in “original sharing”, users making posts about their own life. As people have become more aware of the downsides of sharing personal details publicly, it seems that they’ve stopped sharing altogether. Letting them have some control over who sees what they post is an important part of restoring trust.

But at the same time, it relies more on network effects than most social networks. The value of Facebook isn’t that celebrities are on it: it’s that everyone you know is on it, and is posting to boot.

So it’s perhaps unsurprising to find that gradually, the highest tier of privacy settings have been removed by Facebook. You can still hide individual posts, but your Facebook account itself is now public, whether you like it or not.

How do I know? Because my own Facebook presence has been fully exposed to the outside world with no warning or control.

I’m one of those people who says they aren’t on Facebook – the 21st Century equivalent saying you don’t have a TV (I also say I don’t have a TV). In fact, I am on Facebook, but with an account with zero friends and privacy settings ramped up to max in every way allowable (I also have a TV, but only for use with a PS4. So sue me).

I had deleted my Facebook account for good in 2014, tired of everything about the site and unwilling to put the effort in to prune old schoolfriends and weird colleagues from my friendship list.

‘Every profile on Facebook now shows up when users search for it by name, even those, like mine, with the tightest possible settings.’ Photograph: Anatolii Babii / Alamy/Alamy

A year later, I didn’t miss the site at all, but needed an account for work – to manage the Guardian’s technology page, amongst other things. So I made a new one, with accurate, but minimal info. In the end, I had to enter my real name, real email address, and real phone number, to get on the site.

Because I didn’t want to actually use the site to speak to people, I locked down my privacy settings. My profile wouldn’t show up in search unless someone was a friend of a friend (so, in practice, it wouldn’t show up at all), and no-one could add me as a friend unless they were a friend of a friend (again, in practice, a blanket block).

In October, that all changed. Facebook rolled out an update to its internal search engine, letting users search the entire network for the first time. All public posts became searchable for everyone, but private posts weren’t affected. When it made the change, though, the social network also removed a privacy setting entirely: it’s now not possible to choose to hide your profile from strangers.

Every profile on Facebook now shows up when users search for it by name, even those, like mine, with the tightest possible settings, no friends in common, no profile picture, and no content posted. Worse, if you then click on the profile, a large amount of information is still public: any page I’ve liked, any group I’ve joined, and, if I had any, every friend I have on the site.

And although I can’t be added as a friend by strangers – thanks to the requirement that they be a friend of a friend – I can be “followed” by them, letting them be notified of any future posts. That’s because, helpfully, the ability to turn off that feature isn’t under “privacy” but under a different tab – Followers.

In the meantime, Facebook has also managed to use the sparse information about me to fill my entire “suggested friends” column with people I actually know in real life, including such distant connections as my step-father’s niece (step-cousin?), the man who ran a book group I went to in 2013, and the journalist who sits behind me in the office. Despite the fact that a privacy setting means that “only friends” can look me up using the email address and phone number provided, the company still feeds the information into its matching algorithms, meaning it’s able to connect me in its own database with any other user who has uploaded their address book to the site.

There’s a name for this sort of layout: anti-patterns. Facebook can truthfully say that it does what it promises, and even offers settings that let people lock-down their own accounts, while designing the site so even internet-savvy users like me will end up exposing information we never intended to make public.

Perhaps that’s why Facebook acted so quickly to kill a story that it was using location data as part of the “find friends” feature (it initially said it was, then recanted and said that the data was only used for a short test). The company doesn’t need information given unwillingly, when so many users end up giving it unknowingly. So, not for the first time: check your Facebook settings. You may be surprised.

Update

I was expecting this: shortly after publishing this piece, a helpful comment on Twitter pointed out you can, in fact, hide friend requests. They didn’t know how to do it, though.

It turns out the option to hide who you’re friends with isn’t under “Privacy” in the settings page. Nor is it in the settings page at all. Instead you have to navigate to your own profile page – that’s reached by hitting “your posts” in the left sidebar on the homepage – then click on Friends. Once the friends tab is open, there should be two buttons: Find Friends, and Edit Privacy. Click on edit privacy, and you have two more options, letting you control who can see your friends list.

Oh: If you already have some friends, the edit privacy button disappears. Instead, you’ll see three buttons: Find Friends, Friend Requests, and a pencil icon. Click the pencil icon, and the option to Edit Privacy appears in a drop-down menu.

Simple.