30-Second Privacy Fixes: Simple Ways to Protect Your Data

How to quickly limit location tracking, smart speaker recordings, and other data collection

illustration of motherboard pattern with three facial recognition icons Illustration: iStock

Keeping up with digital privacy and security is a bit like getting regular oil changes for your car—maintenance to safeguard your online life.

But fixing every privacy and security challenge at the same time would be daunting. Instead, there are some bite-sized steps you can knock out in less than a minute.

It’s an easy way to feel productive on a lazy afternoon. And these tips are worthwhile because so many common products and services are designed to snoop on us, feeding our personal data to big companies for targeted advertising and other uses.

More on Privacy

Those products include the smartphone game you play while you’re waiting for a conference call, the mobile app that gives you a weather forecast, and the apps that help you take and share photos with friends. All have the ability to reveal details about your life to companies looking to collect, share, and make money on consumer data.

If you’re looking for a more personalized action plan based on the gadgets you own and your specific concerns, check out the Consumer Reports Security Planner. (It’s free to use, and we won’t use the details you share for anything other than providing you with a plan.)

Meanwhile, here are some simple ways for anyone to get started.

Limit GPS Tracking

The apps on your smartphone don’t need to know where you are at all times, especially when you’re not looking for a traffic report, weather forecast, or dining hot spot.

Here’s how to limit access to your phone’s GPS data. (Apps may still use WiFi signals and other clues to infer your location, but the data is typically less precise.) While you’re at it, you can use these settings to control access to your contacts and photo library, too.

On an iPhone: Go to Settings > Privacy > Location Services. Then toggle the control off to stop GPS data from being transmitted. Or tap on each app individually to control which ones get access “always,” “never,” or “while [you’re] using” the app.

On an Android phone: Go to Settings > Location > App location permissions. Here you can toggle location off altogether, or choose when, if ever, individual apps can access location. (The instructions may vary depending on which kind of Android device you have, but the steps are usually similar.)

Stop Your Apps From Tracking You

Apps can collect a lot more sensitive information than you might realize, and many of them share and exchange that data with other companies, such as Facebook and Google, for targeted advertising and other business purposes. However, you can use your phone’s privacy settings to help put a stop to it.

Let’s start with Apple users. In the latest version of the iPhone operating system, iOS 14.5, you have the option to tell apps not to track you.

As you use iPhone apps, some will prompt you for permission to do tracking. Say no, and Apple throws up a technical barrier that prevents the app from collecting a special ID number used for targeted advertising. Apple policy says that if the apps try to then track you in other ways, they could get banned from the app store.

You can wait to see those prompts—or you can be proactive and tell your phone to say no automatically.

Android users have a similar consumer protection, but it’s not as powerful. You can tell your Android phone not to share a special advertising ID number. However, apps may continue to track you using other methods.

On an iPhone: Go to Settings > Privacy > Tracking. Switch off the toggle for “Allow Apps to Request to Track.”

On an Android phone: Go to Settings > Privacy > Advanced > Ads > Delete advertising ID. (These instructions are for a Google Pixel. The steps may vary depending on which kind of Android phone you have, but they should be similar. On some devices, you may have an “Opt out of Ads Personalization” setting instead.)

Delete Alexa Recordings

Amazon, Apple, and Google have at times had humans review bits of dialogue recorded by their smart speakers to improve their voice computing technology. Some people feel like that’s a privacy intrusion.

To delete select recordings and place limits on the use of such data, you have to dip into the settings on the device’s mobile app. (For help with that, click on the link above.)

Last year Amazon made things slightly easier with two new voice commands: “Alexa, delete what I just said” and “Alexa, delete everything I said today.” Before you can use the feature, you have to activate it.

On the Alexa app: Tap the three-bar menu icon and choose Settings > Alexa Privacy > Manage Your Alexa Data. Flip the toggle switch to enable deletion by voice.

Strip Location Data From Your Photos

When you take a snapshot with your digital camera, including the one on your smartphone, the device captures data about where, when, and how the image was recorded.

And when you share that picture with someone else, that information, called Exif data, typically goes along for the ride. That’s how mobile apps and storage services, such as Google Photos and iCloud Photos, know how to sort your Springsteen summer tour pictures by place and date.

To strip out the location data from photos stored on your computer, do the following:

In Windows: Right click on the image file, then Properties > Remove Properties and Personal Information.

In macOS: Open the photo in Preview, then Tools > Show Inspector > Remove Location Info.

Try a More Private Browser

It’s an open secret that Google Chrome, one of the most widely used web browsers, collects an immense amount of data about its users. That includes location information, search history, and details about your browsing, data that’s linked to your identity and harnessed for third-party advertising.

For an easy privacy fix, all you have to do is switch to a different browser. Popular alternatives include Firefox and DuckDuckGo’s Privacy Browser App. Both promise to collect far less personal information.

There’s a caveat, though. Chrome has a reputation for being the best option to protect your security (i.e., defending against hackers) even if it infringes on your privacy along the way. If you might be a high value target, such as a person who handles very sensitive information or, say, the CEO of a big company, security may be a bigger concern than privacy. You’ll need to weigh the trade-off for yourself.

Enable Multifactor Authentication

Security experts say everyone should use multifactor authentication, also known as two-factor authentication, when it’s offered.

The goal is to block hackers from gaining access, even if they’ve acquired your password. Once you turn on a company’s MFA setting, you’ll need to provide info in addition to the password anytime you try to access the account from an unverified location or device.

Typically, the company will send you a verification code by text, or you can use an app such as Authy. Without the second identifier, hackers armed with a stolen password get blocked. Setting up MFA is usually easy.

As an example, for your Google account, go to your Gmail inbox or any other Google page. Then click the grid icon in the top right and go to Account (you may need to sign in first) > Security > 2-Step Verification > Get Started.

Change Your Router Password

Your WiFi router is like the front door to your digital life, and the consequences could be dire if it’s compromised.

There are a number of steps you can take to boost your router security, and one of the most important is quick: Change the default password for your router’s settings.

This is different from the WiFi password. These administrative passwords tend to be the same across models in each brand.

If you have an extra 30 seconds, change the SSID (the name of your WiFi network), too—the default often reveals the make and model of your router, making it easier for hackers to spot vulnerabilities.

If you have a newer router, it could have an associated app, which makes it easy to change all your router settings.

Otherwise, you can access the controls from a web browser. Steps for getting there are easy, but they vary across brands.

On most Linksys and TP-Link routers, for example, type 192.168.1.1 into a web browser while you’re on the network, and then log in with the default credentials.

You can often find them on a sticker on the back of the router or in the instruction manual.

Clear Your 'Off-Facebook' Activity

Facebook tracks you even when you aren’t on Facebook. Through partnerships with hundreds of thousands of apps and websites, the company gets details about what you do all across the web.

This information can reveal a lot about you, and it’s especially valuable for advertising purposes. Facebook recently unveiled a new tool that lets you see some of that data and “clear” it from your account. Counterintuitively, Facebook doesn’t actually delete any data if you do this—but the company promises it won’t use any cleared data for targeted ads.

You can use a second setting to keep this information disconnected from your account by default so that the social media giant won’t use any new off-Facebook data to target you with ads.

In a web browser on your computer: Click the down arrow in the top right of the Facebook home page to open the menu > Privacy Shortcuts > View or clear out Off-Facebook activity > Manage Your Off-Facebook Activity. (The steps are similar in the app.)

From there, hit the Clear History button. Then tap Manage Future Activity on the right-hand side, hit the Manage Future Activity button on the next screen, then switch off the toggle.

Try a Fake Email Address

As you cruise around the internet, you’re constantly asked to give up your email address. There are plenty of reasons you might not want to if you can avoid it.

For one, advertising companies use details such as your email address as clues to tie everything you do across the web together in order to build comprehensive profiles of who you are and what you’re like.

They can also use your email address to send you spam.

Want to throw a wrench in their gears? Try a service that will generate fake email addresses you can give out instead. There are a number of options, including Sign in with Apple, a tool for Macs and iPhones, and Firefox Relay, which runs alongside the Firefox browser.

There are also a variety of services that provide temporary inboxes that self-destruct, such as 10 Minute Mail. You can use them to create a throwaway account that you need to access only one time.

Check Your Data-Breach Status

The bad news: The majority of consumers have been the victim of a data breach at a big company such as Equifax. The good news: There’s a great database you can check to see whether you’ve been included in a breach.

At Have I Been Pwned, you can check your email addresses and usernames against lists from hundreds of known breaches at companies including Adobe, LinkedIn, and Snapchat. (You’ll need to register to check the full database.) You can also sign up to get notifications if you’re affected by future breaches.

If your name pops up, change the password for the compromised account and any other site where you made the mistake of using the same password. While you’re at it, check out CR’s tips for stronger passwords. (Bonus tip: Pros pronounce “pwned” as “poned,” not “pawned.”)

For more help protecting your personal data, read our articles on how to use the privacy settings on smart speakers, Facebook, Google, Instagram, and LinkedIn.

What Is Exif Data?

Attached to the photos you take on your phone are bits of information, such as when and where they were taken. On the “Consumer 101” TV show, host Jack Rico explains what you need to know about protecting your privacy.


Headshot image of Electronics editor Thomas Germain

Thomas Germain

I want to live in a world where consumers take advantage of technology, not the other way around. Access to reliable information is the way to make that happen, and that's why I spend my time chasing it down. When I'm off the clock, you can find me working my way through an ever-growing list of podcasts. Got a tip? Drop me an email ( thomas.germain@consumer.org) or follow me on Twitter ( @ThomasGermain) for my contact info on Signal.