An illustration of data and personal profile icons.

These days, the products we use have an annoying way of spying on us—from inside our cars, our homes, and our offices. That smartphone game you play in the waiting room at the doctor's office, the mobile app that gives you a weather forecast, the photo you share with online friends—all have the ability to reveal intimate details about your life.

But that doesn’t mean you can’t protect yourself.

According to a recent Consumer Reports survey, 60 percent of Americans now bar mobile apps from accessing the camera, GPS data, and contact list on their phones. And half protect their online accounts with two-factor authentication.*

Here are some simple ways to protect your personal data.

Turn Off Facebook Facial Recognition

Facebook says it uses facial recognition to spot fake accounts and to help people tag friends in photos, but never to target users with ads. No matter how it’s used, the technology itself can seem intrusive, and Facebook announced a new setting in late 2017 to let people turn it off.

More on Privacy

Nearly 18 months later, a CR investigation showed that not all users had received the promised Face Recognition setting. (Our finding was cited by the Federal Trade Commission in announcing its $5 billion settlement with Facebook this summer.)

To turn the feature off on all devices via your desktop, click the arrow at the top right of any Facebook page and choose Settings > Face Recognition > Edit > No. Don’t have that setting? This works: Go to Settings > Timeline and Tagging > Who sees tag suggestions...? > No one.

Limit GPS Tracking

The apps on your smartphone don’t need to know where you are at all times, especially when you’re not looking for a traffic report, weather forecast, or dining hotspot. Here’s how to limit access to your phone’s GPS data. (Apps may still use WiFi signals and other clues to infer your location, but the data is typically less precise.) While you’re at it, you can use these settings to control access to your contacts and photo library, too.

On an iPhone: Go to Settings > Privacy > Location Services. Then toggle the control off to stop GPS data from being transmitted. Or tap on each app individually to control which ones get access “always,” “never,” or “while [you’re] using” the app.

On an Android phone: Go to Settings > Google > Location and flip the toggle switch or scroll down to App-Level Permissions.

Delete Alexa Recordings

Amazon, Apple, and Google have at times had humans review bits of dialog recorded by their smart speakers to improve their voice computing technology. To delete select recordings and place limits on the use of such data, you have to dip into the settings on the device’s mobile app. (For help with that, click on the link above.) But Amazon recently made things slightly easier with two new voice commands: “Alexa, delete what I just said” and “Alexa, delete everything I said today.” Before you can use the feature, you have to activate it.

On the Alexa app: Tap the three bars in the upper left and choose Settings > Alexa Privacy > Review Voice History > and flip the toggle switch to enable deletion by voice.

Strip Location Data From Your Photos

When you take a snapshot with your digital camera, including the one on your smartphone, the device captures data about where, when, and how the image was recorded. And when you share that picture with someone else, that information, called Exif data, typically goes along for the ride.That's how mobile apps and storage services, such as Google Photos and iCloud Photos, know how to sort your Springsteen summer tour pictures by place and date.

To strip out the location data from photos stored on your computer, do the following:

In Windows: Right click on the image file, then Properties > Remove Properties and Personal Information.

In MacOS: Open the photo in Preview, then Tools > Show Inspector > Remove Location Info.

Enable Two-Factor Authentication

Security experts say everyone should use multifactor authentication, when it’s offered, to protect important online accounts. The goal is to block hackers from gaining access, even if they’ve acquired your password. Once you turn on a company’s 2FA setting, you’ll need to provide info in addition to the password any time you try to access the account from an unverified location or device. Typically, the company will send you a verification code by text or via an app. Without the second identifier, hackers armed with a stolen password get blocked. Setting up 2FA is usually easy.

As an example, for your Google account, go to your Gmail inbox or any other Google page. Then click the grid icon in the top right and go to Account (you may need to sign in first) > Security > 2-Step Verification > Get Started.

For more help protecting your personal data, read our stories on how to use the privacy settings on smart speakers, Facebook, Google, Instagram, and LinkedIn. You can also review 66 Ways to Protect Your Privacy.

Concerned about who's watching you? CR shares easy and effective ways to take more control of your digital privacy.

How Targeted Ads Work

Do you often see online ads that relate to your likes and hobbies? On the "Consumer 101" TV show, Consumer Reports expert Thomas Germain explains to host Jack Rico what targeted ads are and how they work.

Editor's Note: This article also appeared in the October 2019 issue of Consumer Reports magazine.

*Source: June 2019 Consumer Reports nationally representative survey of 1,004 U.S. adults. These questions were answered by those for whom each method was applicable.