Keeping up with digital privacy and security is a bit like getting regular oil changes for your car—a maintenance issue to safeguard your online life.
But fixing every privacy and security challenge at the same time would be daunting. Instead, there are some bite-sized steps you can knock out in less than a minute.
It’s an easy way to feel productive on a lazy afternoon. And these tips are worthwhile because so many common products and services are designed to snoop on us.
That includes the smartphone game you play while you’re waiting for your next conference call, the mobile app that gives you a weather forecast, and the photo you share with online friends. All have the ability to reveal intimate details about your life to companies looking to collect, share, and make money off consumer data.
If you would like Consumer Reports to provide you with a more personalized action plan based on the gadgets you own and your specific concerns, check out the CR Security Planner. (It’s free to use, and we won’t use the details you share for anything other than providing you with a plan.)
Meanwhile, here are some simple ways for anyone to get started.
Turn Off Facebook Facial Recognition
Facebook says it uses facial recognition to spot fake accounts and to help people tag friends in photos, but never to target users with ads.
No matter how it’s used, the technology itself can seem intrusive, and Facebook announced a new setting in late 2017 to let people turn it off.
Almost 18 months later, a CR investigation showed that not all users had received the promised Face Recognition setting. (Our finding was cited by the Federal Trade Commission in announcing its $5 billion settlement with Facebook in 2019.) The company later rolled out a fix for all affected accounts.
To turn off the feature on all devices via your desktop, click the arrow at the top right of any Facebook page and choose Settings > Face Recognition > Edit > No.
Limit GPS Tracking
The apps on your smartphone don’t need to know where you are at all times, especially when you’re not looking for a traffic report, weather forecast, or dining hot spot.
Here’s how to limit access to your phone’s GPS data. (Apps may still use WiFi signals and other clues to infer your location, but the data is typically less precise.) While you’re at it, you can use these settings to control access to your contacts and photo library, too.
On an iPhone: Go to Settings > Privacy > Location Services. Then toggle the control off to stop GPS data from being transmitted. Or tap on each app individually to control which ones get access “always,” “never,” or “while [you’re] using” the app.
On an Android phone: Go to Settings > Google > Location. Here you can toggle location off altogether or select “App access to location” to choose when, if ever, individual apps can access location. (The instructions may vary depending on what kind of Android device you have, but the steps are usually similar.)
Stop Your Apps From Tracking You
Apps can collect a lot more sensitive information than you might realize, and many of them share and exchange that data with other companies, such as Facebook and Google, for targeted advertising and other business purposes. However, you can use your phone’s privacy settings to help put a stop to it.
Let’s start with Apple users. In the latest version of the iPhone operating system, iOS 14.5, you have the option to tell apps not to track you.
As you use iPhone apps, some will prompt you for permission to do tracking. Say no, and Apple throws up a technical barrier that prevents the app from collecting a special ID number used for targeted advertising. Apple policy says that if the apps try to turn around and track you in other ways, they could get banned from the app store.
You can wait to see those prompts—or you can be proactive and tell your phone to say no automatically.
Android users have a similar consumer protection, but it’s not as powerful. You can tell your Android phone not to share a special advertising ID number. However, apps may continue to track you using other methods.
On an iPhone: Go to Settings > Privacy > Tracking. Switch off the toggle for “Allow Apps to Request to Track.”
On an Android phone: Go to Settings > Privacy > Advanced > Ads. Switch on the toggle for “Opt out of Ads Personalization.” (These instructions are for a Google Pixel. The steps may vary depending on which kind of Android phone you have, but they should be similar.)
Delete Alexa Recordings
Amazon, Apple, and Google have at times had humans review bits of dialogue recorded by their smart speakers to improve their voice computing technology. Some people feel like that’s a privacy intrusion.
To delete select recordings and place limits on the use of such data, you have to dip into the settings on the device’s mobile app. (For help with that, click on the link above.)
Last year Amazon made things slightly easier with two new voice commands: “Alexa, delete what I just said” and “Alexa, delete everything I said today.” Before you can use the feature, you have to activate it.
On the Alexa app: Tap the three-bar menu icon and choose Settings > Alexa Privacy > Manage Your Alexa Data. Flip the toggle switch to enable deletion by voice.
Strip Location Data From Your Photos
And when you share that picture with someone else, that information, called Exif data, typically goes along for the ride. That’s how mobile apps and storage services, such as Google Photos and iCloud Photos, know how to sort your Springsteen summer tour pictures by place and date.
To strip out the location data from photos stored on your computer, do the following:
In Windows: Right click on the image file, then Properties > Remove Properties and Personal Information.
In macOS: Open the photo in Preview, then Tools > Show Inspector > Remove Location Info.
Try a More Private Browser
It’s an open secret that Google Chrome, one of the most widely used web browsers, collects an immense amount of data about its users. That includes location information, search history, and details about your browsing, data that’s linked to your identity and harnessed for third-party advertising.
For an easy privacy fix, all you have to do is switch to a different browser. Popular alternatives include Firefox and DuckDuckGo’s Privacy Browser App. Both promise to collect far less personal information.
There’s a caveat, though. Chrome has a reputation for being the best option to protect your security (i.e., defending against hackers) even if it infringes on your privacy along the way. If you might be a high value target, such as a person who handles highly sensitive information or, say, the CEO of a big company, security may be a bigger concern than privacy. You’ll need to weigh the trade-off for yourself.
Enable Multifactor Authentication
Security experts say everyone should use multifactor authentication, also known as two-factor authentication, when it’s offered.
The goal is to block hackers from gaining access, even if they’ve acquired your password. Once you turn on a company’s MFA setting, you’ll need to provide info in addition to the password anytime you try to access the account from an unverified location or device.
Typically, the company will send you a verification code by text, or you can use an app such as Authy. Without the second identifier, hackers armed with a stolen password get blocked. Setting up MFA is usually easy.
As an example, for your Google account, go to your Gmail inbox or any other Google page. Then click the grid icon in the top right and go to Account (you may need to sign in first) > Security > 2-Step Verification > Get Started.
Change Your Router Password
Your WiFi router is like the front door to your digital life, and the consequences could be dire if it’s compromised.
There are a number of steps you can take to boost your router security, and one of the most important is quick: Change the default password for your router’s settings.
This is different from the WiFi password. These administrative passwords tend to be the same across models in each brand.
If you have an extra 30 seconds, change the SSID (the name of your WiFi network), too—the default often reveals the make and model of your router, making it easier for hackers to spot vulnerabilities.
If you have a newer router, it could have an associated app, which makes it easy to change all your router settings.
Otherwise, you can access the controls from a web browser. Steps for getting there are easy, but they vary across brands.
On most Linksys and TP-Link routers, for example, type 192.168.1.1 into a web browser while you’re on the network, and then log in with the default credentials.
You can often find them on a sticker on the back of the router or in the instruction manual.
Clear Your 'Off-Facebook' Activity
Facebook tracks you even when you aren’t on Facebook. Through partnerships with hundreds of thousands of apps and websites, the company gets details about what you do all across the web.
This information can reveal a lot about you, and it’s especially valuable for advertising purposes. Facebook recently unveiled a new tool that lets you see some of that data and “clear” it from your account. Counterintuitively, Facebook doesn’t actually delete any data if you do this—but the company promises it won’t use any cleared data for targeted ads.
You can use a second setting to keep this information disconnected from your account by default so that the social media giant won’t use any new off-Facebook data to target you with ads.
In a web browser on your computer: Click the down arrow in the top right of the Facebook home page to open the menu > Privacy Shortcuts > View or clear out Off-Facebook activity > Manage Your Off-Facebook Activity. (The steps are similar in the app.)
From there, hit the Clear History button. Then tap Manage Future Activity on the right-hand side, hit the Manage Future Activity button on the next screen, then switch off the toggle.
Try a Temporary Email Address
As you cruise around the internet, you’re constantly asked to give up your email address. There are plenty of reasons you might not want to if you can avoid it.
For one, advertising companies use details such as your email address as clues to tie everything you do across the web together in order to build comprehensive profiles of who you are and what you’re like.
They can also use your email address to send you spam.
Want to throw a wrench in their gears? Try a temporary email address. A service called 10 Minute Mail will give you a one-time email address that self-destructs after 10 minutes. You can use it to create a throwaway account that you need to access only one time.
Check Your Data-Breach Status
The bad news: The majority of consumers have been the victim of a data breach at a big company such as Equifax. The good news: There’s a great database you can check to see whether you’ve been included in a breach.
At Have I Been Pwned, you can check your email addresses and usernames against lists from hundreds of known breaches at companies including Adobe, LinkedIn, and Snapchat. (You’ll need to register to check the full database.) You can also sign up to get notifications if you’re affected by future breaches.
If your name pops up, change the password for the compromised account and any other site where you made the mistake of using the same password. While you’re at it, check out CR’s tips for stronger passwords. (Bonus tip: Pros pronounce “pwned” as “poned,” not “pawned.”)
What Is Exif Data?
Attached to the photos you take on your phone are bits of information, such as when and where they were taken. On the “Consumer 101” TV show, host Jack Rico explains what you need to know about protecting your privacy.
Consumer Reports has no financial relationship with advertisers on this site.