30-Second Privacy Fixes: Simple Ways to Protect Your Data
How to quickly limit location tracking, smart speaker recordings, and other data collection
Keeping up with digital privacy and security is a bit like getting regular oil changes for your car—it’s maintenance to safeguard your online life.
But fixing every privacy and security challenge at the same time would be daunting. Another approach is to take the following bite-sized steps, which you can knock out in less than a minute.
It’s an easy way to feel productive on a lazy afternoon. These tips will limit the way products and services snoop on us, feeding our personal data to big companies for targeted advertising and other uses.
Limit GPS Tracking
The apps on your smartphone don’t need to know where you are at all times, especially when you’re not looking for a traffic report, weather forecast, or dining spot.
Here’s how to limit access to your phone’s GPS data. (Apps may still use WiFi signals and other clues to infer your location, but the data is typically less precise.) While you’re at it, you can use these settings to control access to your contacts and photo library, too. Once you follow these steps, we have an even more thorough guide to protecting location data with more important details.
On an iPhone: Go to Settings > Privacy > Location Services. Tap on each app individually to control which ones get access “always,” “never,” or “while [you’re] using” the app.
On an Android phone: Go to Settings > Location > App location permissions. You can toggle location off altogether, or choose when, if ever, individual apps can access location. (The instructions may vary depending on which kind of Android device you have, but the steps are usually similar.)
Stop Your Apps From Tracking You
Apps can collect a lot more sensitive information than you might realize, and many of them share and exchange that data with other companies, such as Facebook and Google, for targeted advertising and other business purposes. This extends from simple games to very personal apps such as period trackers. However, you can use your phone’s privacy settings to help put a stop to it.
Let’s start with Apple users. Starting with iPhone operating system version iOS 14.5, you have the option to tell apps not to track you.
As you use iPhone apps, some will prompt you for permission to do tracking. Say no, and Apple throws up a technical barrier that prevents the app from collecting a special ID number used for targeted advertising. Apple policy says that if the apps try to then track you in other ways, they could get banned from the app store.
You can wait to see those prompts—or you can be proactive and tell your phone to say no automatically.
Android users have a similar consumer protection, but it’s not as powerful. You can tell your Android phone not to share its special advertising ID number. However, apps are allowed to keep tracking you using other methods.
On an iPhone: Go to Settings > Privacy > Tracking. Switch off the toggle for “Allow Apps to Request to Track.”
On an Android phone: Go to Settings > Privacy > Advanced > Ads > Delete advertising ID. (These instructions are for a Google Pixel. The steps may vary depending on which kind of Android phone you have, but they should be similar. On some devices, you may have an “Opt out of Ads Personalization” setting instead.)
Delete Alexa Recordings
Amazon, Apple, and Google have at times had humans review bits of dialogue recorded by their smart speakers to improve their voice computing technology. Some people feel like that’s a privacy intrusion.
To delete select recordings and place limits on the use of such data, you can dip into the privacy settings on your smart speaker’s mobile app. (For help with that, click on the link above.)
Amazon made things slightly easier with two newer voice commands: “Alexa, delete what I just said” and “Alexa, delete everything I said today.” Before you can use the feature, you have to activate it.
On the Alexa app: Tap the three-bar menu icon and choose Settings > Alexa Privacy > Manage Your Alexa Data. Flip the toggle switch to enable deletion by voice.
Strip Location Data From Your Photos
And when you share that picture with someone else, that information, called Exif data, typically goes along for the ride. That’s how mobile apps and storage services, such as Google Photos and iCloud Photos, know how to sort your Springsteen summer tour pictures by place and date.
To strip out the location data from photos stored on your computer, do the following.
In Windows: Right-click on the image file, then Properties > Remove Properties and Personal Information.
In macOS: Open the photo in Preview, then Tools > Show Inspector > Remove Location Info.
Try a More Private Browser
It’s an open secret that Google Chrome, one of the most widely used web browsers, collects lots of data about its users. That includes location information, search history, and details about your browsing, data that’s linked to your identity and harnessed for third-party advertising.
For an easy privacy fix, all you have to do is switch to a different browser. Popular alternatives include Firefox and DuckDuckGo’s Privacy Browser mobile app. Both promise to collect far less personal information.
There’s a caveat, though. Chrome has a reputation for being the best option to protect your security (i.e., defending against hackers) even if it infringes on your privacy along the way. If you might be a high-value target, such as a person who handles very sensitive information or, say, the CEO of a big company, security may be a bigger concern than privacy. You’ll need to weigh the trade-off for yourself.
And all browsers, including Chrome, have privacy settings you can use to limit tracking.
Enable Multifactor Authentication
Security experts say everyone should use multifactor authentication, also known as two-factor authentication, when it’s offered.
The goal is to block hackers from gaining access, even if they’ve acquired your password. Once you turn on a company’s MFA setting, you’ll need to provide info in addition to the password anytime you try to access the account from an unverified location or device.
Typically, the company will send you a verification code by text, or—and this is more secure—you can use an app such as Authy or a physical security key. Without the second identifier, hackers armed with a stolen password get blocked. Setting up MFA is usually easy.
As an example, for your Google account, go to your Gmail inbox or any other Google page. Then click the icon in the top right and hit “Manage Your Account” (you may need to sign in first) > Security > 2-Step Verification > Get Started.
Change Your Router Password
Your WiFi router is like the front door to your digital life, and the consequences could be dire if it’s compromised.
There are a number of steps you can take to boost your router security, and one of the most important is quick: Change the default password for your router’s settings.
This is different from the WiFi password. These administrative passwords tend to be the same across models in each brand.
If you have an extra 30 seconds, change the SSID (the name of your WiFi network), too—the default often reveals the make and model of your router, making it easier for hackers to spot vulnerabilities.
If you have a newer router, it could have an associated app, which makes it easy to change all your router settings.
Otherwise, you can access the controls from a web browser. Steps for getting there are easy, but they vary across brands.
On most Linksys and TP-Link routers, for example, type 192.168.1.1 into a web browser while you’re on the network, and then log in with the default credentials.
You can often find them on a sticker on the back of the router or in the instruction manual.
Clear Your 'Off-Facebook' Activity
Facebook tracks you even when you aren’t on Facebook. Through partnerships with hundreds of thousands of apps and websites, the company gets details about what you do all across the web.
This information can reveal a lot about you, and it’s especially valuable for advertising purposes. Facebook recently unveiled a new tool that lets you see some of that data and “clear” it from your account. Counterintuitively, Facebook doesn’t actually delete any data if you do this—but the company promises it won’t use any cleared data for targeted ads.
You can use a second setting to keep this information disconnected from your account by default so that the social media giant won’t use any new off-Facebook data to target you with ads.
In a web browser on your computer: Click the icon with your profile picture in the top right of the Facebook home page to open the menu > Settings & Privacy > Settings > Your Facebook information > Off-Facebook activity. (The steps are similar in the app.)
From there, hit the “Clear previous activity” button. After you follow the prompts, go back to the Off Facebook Activity page and hit “Disconnect future activity.”
Try a Fake Email Address
As you cruise around the internet, you’re constantly asked to give up your email address. There are plenty of reasons you might not want to if you can avoid it.
For one, advertising companies use details such as your email address as clues to tie everything you do across the web together in order to build comprehensive profiles of who you are and what you’re like.
They can also use your email address to send you spam.
Want to throw a wrench in their gears? Try a service that will generate fake email addresses you can give out instead. There are a number of options, including Sign in with Apple, a tool for Macs and iPhones, and Firefox Relay, which runs alongside the Firefox browser.
There are also a variety of services that provide temporary inboxes that self-destruct, such as 10 Minute Mail. You can use them to create a throwaway account that you need to access only one time.
Check Your Data-Breach Status
The bad news: The majority of consumers have been the victim of a data breach at a big company such as Equifax. The good news: There’s a great database you can check to see whether you’ve been included in a breach.
At Have I Been Pwned, you can check your email addresses and usernames against lists from hundreds of known breaches at companies including Adobe, LinkedIn, and Snapchat. (You’ll need to register to check the full database.) You can also sign up to get notifications if you’re affected by future breaches.
If your name pops up, change the password for the compromised account and any other site where you made the mistake of using the same password. While you’re at it, check out CR’s tips for stronger passwords. (Bonus tip: Pros pronounce “pwned” as “poned,” not “pawned.”)
Plan for the Next Steps
The tips above will all make a meaningful dent in your digital footprint, but there’s a lot you can do for more comprehensive protection. A broader privacy audit will take a bit longer than 30 seconds, but getting started is quick and easy with two programs we’ve put together at Consumer Reports.
First, take a few seconds to sign up for the 7-Day Privacy Challenge. The Challenge is a week-long email series that will give you one simple activity each day. Complete them all, and your digital life will be more private and secure, and you’ll be left with a better understanding of how your information is collected and used.
For a personalized action plan, check out the Consumer Reports Security Planner. It gives you customized tips with easy-to-follow instructions based on the gadgets you own and your specific concerns. Some steps take longer than others, but getting started is fast, and you can start with the high-priority items and come back for the rest when you have time. (Security Planner is free to use, and we won’t use the details you share for anything other than providing you with a plan.)
What Is Exif Data?
Attached to the photos you take on your phone are bits of information, such as when and where they were taken. On the “Consumer 101” TV show, host Jack Rico explains what you need to know about protecting your privacy.