Privacy Basics

What Are You Giving Away?

Every time you use an app, visit a website, or sign up for a service, you hand over a piece of your personal information. Sometimes you know it — like entering your name and email address. But most of the time, data collection happens invisibly, running in the background while you scroll, tap, and browse.

Here's what's being collected about you right now, often without you realizing it:

• Location data. Your phone tracks everywhere you go via GPS — your commute, your doctor's office, your friend's house, your children's school. Apps like weather, maps, and social media request this constantly. Many keep a detailed log of your movements.
• Browsing history. Every website you visit, every search you type, every link you click — your browser and search engine record all of it. This data is used to build a profile of your interests, your health concerns, your finances, and your habits.
• Purchase history. Retailers, banks, and apps track what you buy, when you buy it, and how much you spend. This data is shared with advertisers and data brokers who compile it into a consumer profile.
• Contacts. Many apps request access to your phone's contact list. Once granted, they copy every name, number, and email address you've ever saved — including people who never agreed to share their information.
• Photos and camera. Apps that request camera access can potentially access your photo library. Your photos contain metadata (called EXIF data) that includes the exact GPS coordinates, date, and time each photo was taken.
• Messages and emails. Some services scan your messages to target ads. Even if they don't read the content, they analyze who you message, how often, and when.
• Voice recordings. Smart assistants like Siri, Alexa, and Google Assistant record audio when activated — and sometimes when you didn't intentionally trigger them. These recordings are sometimes reviewed by human contractors for "quality improvement."

The average person has over 100 online accounts. Each one holds a piece of your digital identity. Combined, they paint a stunningly detailed picture of who you are — often more accurate than what you'd share with close friends or family.

App Permissions: The First Line of Defense

Your phone has a built-in defense system that most people ignore: the permissions screen. Every time an app asks to access your camera, microphone, contacts, or location, your phone is giving you a choice. The problem is that most people tap "Allow" without thinking — often because they're in a hurry to use the app.

Here's the rule: an app should only have access to what it needs to do its job. A weather app needs your general location, but it doesn't need your contacts. A calculator doesn't need your camera. A flashlight app doesn't need your microphone. If an app is asking for permissions that don't make sense, that's a red flag.

How to Audit Your Permissions Right Now

On iPhone: Go to Settings → Privacy & Security. You'll see a list of permission categories: Location Services, Contacts, Calendars, Photos, Microphone, Camera, and more. Tap each category to see which apps have access. Revoke anything that doesn't make sense.

On Android: Go to Settings → Privacy → Permission Manager. You'll see the same kind of breakdown. Tap each permission type and review which apps have been granted access. Change anything from "Allow all the time" to "Allow only while using the app" or "Don't allow."

Browser Privacy

Your web browser is one of the most powerful surveillance tools on your device — and it works against you by default. Every search, every website, every click is tracked, logged, and often shared with advertisers. The good news: a few simple changes can dramatically reduce this.

Use a Privacy-Respecting Browser

Not all browsers are created equal. Google Chrome is the most popular browser in the world, but it's also built by the world's largest advertising company. Consider switching to:

• Firefox. Made by the nonprofit Mozilla Foundation. Open source, strong default privacy settings, and a long track record of putting users first. Available on every platform.
• Brave. Built on the same engine as Chrome (so websites look and work the same), but blocks ads and trackers by default. Very fast and privacy-focused.

Install an Ad Blocker

Online ads do more than annoy you — they track you across the internet using invisible code called "trackers." Installing an ad blocker stops most of this tracking. The gold standard is uBlock Origin. It's free, open source, trusted by millions of people, and works on Firefox, Chrome, and Edge. Just search "uBlock Origin" in your browser's extension store and click install. That's it — no configuration needed.

Simple Browser Habits

• Use private/incognito mode for sensitive searches (health questions, financial information, anything you wouldn't want in your browsing history). Note: incognito mode doesn't make you invisible online — your internet provider and employer can still see what you visit. It just prevents your browser from saving the history locally.
• Clear your cookies periodically. Cookies are small files websites store on your computer to remember you. Some are useful (keeping you logged in), but many are used to track you. Clear them every few weeks.
• Disable third-party cookies. These are cookies set by companies other than the website you're visiting — they exist purely for tracking. All major browsers now let you block them in settings.
• Consider using a separate browser for banking and sensitive sites. Use one browser (like Firefox) for everyday browsing, and a different one (like Brave) exclusively for banking, health portals, and email. This prevents tracking cookies from your everyday browsing from being associated with your most sensitive accounts.

Social Media Privacy Settings

Social media platforms are designed to maximize sharing — which means every default setting is configured to expose as much of your information as possible. When you create an account on Facebook, Instagram, TikTok, or X, your profile, your posts, your friends list, and your activity are usually public by default. Changing these settings takes just a few minutes but makes a significant difference.

Key Settings to Change on Every Platform

• Limit who can see your posts. Change your default audience from "Public" or "Everyone" to "Friends Only" (or the equivalent). Public posts can be viewed by anyone in the world, including people who might use that information against you.
• Disable location tagging. Many platforms automatically tag your posts with your current location. Turn this off. You don't want the world knowing you're on vacation (your house is empty), at a specific restaurant, or at your home address.
• Turn off facial recognition. Some platforms can automatically identify you in photos others upload. Disable this feature wherever it's offered — it erodes your ability to control where your face appears online.
• Limit ad personalization. Every major platform has an "Ad Preferences" or "Ad Settings" section. Go there and turn off as many personalization options as possible. This limits (but doesn't eliminate) how much your activity is used to target ads to you.
• Disable contact syncing. Platforms ask to "find friends" by uploading your phone contacts. Once uploaded, those contacts are stored on their servers permanently. Don't allow this.
• Review third-party app access. Over the years, you've probably authorized various apps and games to access your social media accounts. Go to your settings and revoke access for anything you no longer use or don't recognize.

Data Brokers and How to Opt Out

There is an entire industry built on collecting and selling your personal information — and most people don't know it exists. Companies called data brokers compile profiles on virtually every adult in the country. These profiles can include your full name, home address, phone number, email, age, relatives' names, estimated income, political affiliation, purchasing habits, and more.

Anyone can search for you on sites like Spokeo, WhitePages, BeenVerified, Intelius, and PeopleFinder. For a few dollars, they can pull up a detailed report. Scammers, stalkers, telemarketers, and identity thieves all use these services.

How to Remove Yourself

Each data broker has its own opt-out process (they're legally required to offer one, though they make it deliberately tedious). The general process is:

1. Search for yourself on the data broker's website to find your listing.
2. Find their opt-out or removal page (usually buried in the site footer or privacy policy).
3. Submit a removal request with your information.
4. Wait for confirmation — some remove you in days, others take weeks.
5. Check back periodically — some brokers re-add your data from public records.

Major Data Brokers to Opt Out Of

• Spokeo (spokeo.com/optout)
• WhitePages (whitepages.com/suppression-requests)
• BeenVerified (beenverified.com/faq/opt-out)
• Intelius (intelius.com/opt-out)
• PeopleFinder (peoplefinder.com/optout)

If this feels overwhelming, paid services like DeleteMe (joindeleteme.com) will handle the opt-out process across dozens of brokers for you. They typically charge around $100-$130 per year and send you regular reports showing what they've removed.

The FTC (Federal Trade Commission) maintains consumer protection resources at consumer.ftc.gov including guidance on data privacy and identity theft prevention.

VPNs: When and Why

A VPN (Virtual Private Network) is a tool that creates an encrypted tunnel between your device and the internet. When you use a VPN, your internet traffic is routed through a server run by the VPN provider before reaching its destination. This does two things:

• Encrypts your traffic. Anyone on the same network as you (like the coffee shop WiFi) can't see what websites you're visiting or intercept your data.
• Hides your IP address. Websites see the VPN server's IP address instead of yours, making it harder to track your physical location.

When You Should Use a VPN

• On public WiFi. Coffee shops, airports, hotels, libraries — any shared network where strangers could be watching traffic. This is the single most important use case for a VPN.
• When you want to prevent your ISP from tracking your browsing. Your internet service provider (Comcast, AT&T, Verizon, etc.) can see every website you visit. In the US, ISPs are legally allowed to sell your browsing data. A VPN prevents them from seeing your activity.
• When accessing sensitive information on an untrusted network. If you need to check your bank account or access work systems while traveling, a VPN adds an important layer of protection.

When You Don't Need a VPN

At home, for basic browsing on your own secure WiFi network, a VPN isn't strictly necessary. Most websites already use HTTPS encryption (look for the padlock icon in your browser). A VPN doesn't protect you from phishing, malware, or giving away your password. It's not a silver bullet — it's one tool in your toolkit.

The Free VPN Trap

There are hundreds of free VPN apps in the app stores. Most of them are worse than using no VPN at all. Why? Running a VPN service costs money — servers, bandwidth, infrastructure. If a VPN is free, they're making money some other way: selling your browsing data, injecting ads, or even installing malware. This completely defeats the purpose of using a VPN for privacy.

Trustworthy VPN Options

• ProtonVPN (Free tier). Made by the same team that created ProtonMail. Based in Switzerland with strong privacy laws. The free tier has no data caps and no ads. This is the best free VPN option available.
• Mullvad (~$5/month). Based in Sweden. Accepts anonymous payment. No account required — they assign you a random number. Widely regarded as the most privacy-focused VPN available.
• NordVPN (~$4-5/month). One of the most well-known commercial VPNs. Good performance, large server network, and regular independent security audits.