Keeping up with digital privacy and security is a bit like regular oil changes for your car—a maintenance issue to safeguard your online life.
But fixing every privacy and security challenge at the same time would be daunting. Instead, there are some easy, bite-sized steps you can knock out in less than a minute.
It's an easy way to feel productive on a lazy afternoon. And these tips are worthwhile because so many common products and services are designed to snoop on us.
That includes the smartphone game you play while you're waiting for your next conference call, the mobile app that gives you a weather forecast, and the photo you share with online friends. All have the ability to reveal intimate details about your life to companies looking to collect, share, and make money off consumer data.
If you want to take more control of this data collection, you're not alone.
According to a recent Consumer Reports survey, 60 percent of Americans now bar mobile apps from accessing the camera, GPS data, and contact list on their phones. And half protect their online accounts with two-factor authentication.
Here are some simple ways to get started.
Turn Off Facebook Facial Recognition
Facebook says it uses facial recognition to spot fake accounts and to help people tag friends in photos, but never to target users with ads.
No matter how it’s used, the technology itself can seem intrusive, and Facebook announced a new setting in late 2017 to let people turn it off.
Almost 18 months later, a CR investigation showed that not all users had received the promised Face Recognition setting. (Our finding was cited by the Federal Trade Commission in announcing its $5 billion settlement with Facebook this summer.) The company later rolled out a fix for all affected accounts.
To turn off the feature on all devices via your desktop, click the arrow at the top right of any Facebook page and choose Settings > Face Recognition > Edit > No.
Limit GPS Tracking
The apps on your smartphone don’t need to know where you are at all times, especially when you’re not looking for a traffic report, weather forecast, or dining hotspot.
Here’s how to limit access to your phone’s GPS data. (Apps may still use WiFi signals and other clues to infer your location, but the data is typically less precise.) While you’re at it, you can use these settings to control access to your contacts and photo library, too.
On an iPhone: Go to Settings > Privacy > Location Services. Then toggle the control off to stop GPS data from being transmitted. Or tap on each app individually to control which ones get access “always,” “never,” or “while [you’re] using” the app.
On an Android phone: Go to Settings > Google > Location and flip the toggle switch or scroll down to App-Level Permissions.
Delete Alexa Recordings
Amazon, Apple, and Google have at times had humans review bits of dialog recorded by their smart speakers to improve their voice computing technology.
To delete select recordings and place limits on the use of such data, you have to dip into the settings on the device’s mobile app. (For help with that, click on the link above.)
Amazon recently made things slightly easier with two new voice commands: “Alexa, delete what I just said” and “Alexa, delete everything I said today.” Before you can use the feature, you have to activate it.
On the Alexa app: Tap the three bars in the upper left and choose Settings > Alexa Privacy > Review Voice History > and flip the toggle switch to enable deletion by voice.
Strip Location Data From Your Photos
And when you share that picture with someone else, that information, called Exif data, typically goes along for the ride. That's how mobile apps and storage services, such as Google Photos and iCloud Photos, know how to sort your Springsteen summer tour pictures by place and date.
To strip out the location data from photos stored on your computer, do the following:
In Windows: Right click on the image file, then Properties > Remove Properties and Personal Information.
In MacOS: Open the photo in Preview, then Tools > Show Inspector > Remove Location Info.
Enable Two-Factor Authentication
Security experts say everyone should use multifactor authentication, when it’s offered, to protect important online accounts.
The goal is to block hackers from gaining access, even if they’ve acquired your password. Once you turn on a company’s 2FA setting, you’ll need to provide info in addition to the password any time you try to access the account from an unverified location or device.
Typically, the company will send you a verification code by text or via an app. Without the second identifier, hackers armed with a stolen password get blocked. Setting up 2FA is usually easy.
As an example, for your Google account, go to your Gmail inbox or any other Google page. Then click the grid icon in the top right and go to Account (you may need to sign in first) > Security > 2-Step Verification > Get Started.
Change Your Router Password
Your WiFi router is like the front door to your digital life, and the consequences could be dire if it's compromised.
There are a number of steps you can take to boost your router security, and one of the most important is quick: Change the default password for your router's settings.
This is different from the WiFi password. These administrative passwords tend to be the same across models in each brand, and they can often be found with a simple Google search.
If you have an extra 30 seconds, change the SSID (the name of your WiFi network) too—the default often reveals the make and model of your router, making it easier for hackers to spot vulnerabilities.
You can make the changes from your router's security settings, which you can typically access from a web browser or your router's phone app.
Steps for getting there are easy, but they vary across brands.
On most Linksys and TP-Link routers, for example, type 192.168.1.1 into a web browser while you're on the network, and then log in with the default credentials.
You can often find them on a sticker on the back of the router, or in the instruction manual.
Clear Your 'Off-Facebook' Activity
Facebook tracks you, even when you aren't on Facebook. Through partnerships with hundreds of thousands of apps and websites, the company gets details about what you do all across the web.
This information can reveal a lot about you, and it's especially valuable for advertising purposes. Facebook recently unveiled a new tool that lets you see some of that data and "clear" it from your account. Counterintuitively, Facebook doesn't actually delete any data if you do this—but the company promises it won't use any cleared data for targeted ads.
You can use a second setting to keep this information disconnected from your account by default so that the social media giant won't use any new off-Facebook data to target you with ads.
In a web browser: On a computer: Click the question mark icon in the top right of the Facebook home page > Privacy Shortcuts > View or clear out Off-Facebook activity > Manage Your Off-Facebook Activity. (The steps are similar in the app.)
From there, hit the Clear History button. Then tap Manage Future Activity on the right-hand side, hit the Manage Future Activity button on the next screen, then switch off the toggle.
Try a Temporary Email Address
As you cruise around the internet, you're constantly asked to give up your email address. There are plenty of reasons why you might not want to if you can avoid it.
For one, advertising companies use details such as your email address as clues to tie everything you do across the web together, in order to build comprehensive profiles of who you are and what you're like.
They can also use your email address to send you spam.
Want to throw a wrench in their gears? Try a temporary email address. A service called 10minutemail.com will give you a one-time email address that self-destructs after 10 minutes. You can use it to create a throwaway account that you need to access only one time.
Check Your Data-Breach Status
The bad news: The majority of consumers have been the victim of a data breach at a big company such as Equifax. The good news: There's a great database you can check to see whether you've been included in a breach.
At haveibeenpwned.com, you can check your email addresses and usernames against lists from hundreds of known breaches at companies including Adobe, LinkedIn, and Snapchat. (You'll need to register to check the full database.) You can also sign up to get notifications if you're affected by future breaches.
If your name pops up, change the password for the compromised account and any other site where you made the mistake of using the same password. While you're at it, check out CR's tips for stronger passwords. (Bonus tip: Pros pronounce “pwned” as “poned,” not “pawned.”)
For more help protecting your personal data, read our stories on how to use the privacy settings on smart speakers, Facebook, Google, Instagram, and LinkedIn. You can also review 66 Ways to Protect Your Privacy.
Concerned about who's watching you? CR shares easy and effective ways to take more control of your digital privacy.
How Targeted Ads Work
Do you often see online ads that relate to your likes and hobbies? On the "Consumer 101" TV show, Consumer Reports expert Thomas Germain explains to host Jack Rico what targeted ads are and how they work.
Editor's Note: This article also appeared in the October 2019 issue of Consumer Reports magazine.
*Source: June 2019 Consumer Reports nationally representative survey of 1,004 U.S. adults. These questions were answered by those for whom each method was applicable.
Consumer Reports has no financial relationship with advertisers on this site.
Consumer Reports is an independent, nonprofit organization that works side by side with consumers to create a fairer, safer, and healthier world. CR does not endorse products or services, and does not accept advertising. Copyright © 2020, Consumer Reports, Inc.